1.17.6
September 25, 2024
CHANGES:
- core: Bump Go version to 1.22.7
- secrets/ldap: Update vault-plugin-secrets-openldap to v0.13.1 [GH-28478]
- secrets/ssh: Add a flag,
allow_empty_principalsto allow keys or certs to apply to any user/principal. [GH-28466]
IMPROVEMENTS:
- audit: Internal implementation changes to the audit subsystem which improve relability. [GH-28286]
- ui: Remove deprecated
current_billing_periodfrom dashboard activity log request [GH-27559]
BUG FIXES:
- auth/aws: Fixed potential panic after step-down and the queue has not repopulated. [GH-28330]
- auth/cert: During certificate validation, OCSP requests are debug logged even if Vault's log level is above DEBUG. [GH-28450]
- auth/cert: ocsp_ca_certificates field was not honored when validating OCSP responses signed by a CA that did not issue the certificate. [GH-28309]
- auth: Updated error handling for missing login credentials in AppRole and UserPass auth methods to return a 400 error instead of a 500 error. [GH-28441]
- core: Fixed an issue where maximum request duration timeout was not being added to all requests containing strings sys/monitor and sys/events. With this change, timeout is now added to all requests except monitor and events endpoint. [GH-28230]
- proxy/cache (enterprise): Fixed a data race that could occur while tracking capabilities in Proxy's static secret cache. [GH-28494]
- secrets-sync (enterprise): Secondary nodes in a cluster now properly check activation-flags values.
- secrets-sync (enterprise): Validate corresponding GitHub app parameters
app_nameandinstallation_idare set