github hashicorp/vault v1.18.2

one day ago

1.18.2

November 21, 2024

SECURITY:

  • raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e

CHANGES:

  • auth/azure: Update plugin to v0.19.2 [GH-28848]
  • core/ha (enterprise): Failed attempts to become a performance standby node are now using an exponential backoff instead of a
    10 second delay in between retries. The backoff starts at 2s and increases by a factor of two until reaching
    the maximum of 16s. This should make unsealing of the node faster in some cases.
  • login (enterprise): Return a 500 error during logins when performance standby nodes make failed gRPC requests to the active node. [GH-28807]

FEATURES:

  • Product Usage Reporting: Added product usage reporting, which collects anonymous, numerical, non-sensitive data about Vault secrets usage, and adds it to the existing utilization reports. See the [docs] for more info [GH-28858]

IMPROVEMENTS:

  • secret/pki: Introduce a new value always_enforce_err within leaf_not_after_behavior to force the error in all circumstances such as CA issuance and ACME requests if requested TTL values are beyond the issuer's NotAfter. [GH-28907]
  • secrets-sync (enterprise): No longer attempt to unsync a random UUID secret name in GCP upon destination creation.
  • ui: Adds navigation for LDAP hierarchical roles [GH-28824]
  • website/docs: changed outdated reference to consul-helm repository to consul-k8s repository. [GH-28825]

BUG FIXES:

  • auth/ldap: Fixed an issue where debug level logging was not emitted. [GH-28881]
  • core: Improved an internal helper function that sanitizes paths by adding a check for leading backslashes
    in addition to the existing check for leading slashes. [GH-28878]
  • secret/pki: Fix a bug that prevents PKI issuer field enable_aia_url_templating
    to be set to false. [GH-28832]
  • secrets-sync (enterprise): Fixed issue where secret-key granularity destinations could sometimes cause a panic when loading a sync status.
  • secrets/aws: Fix issue with static credentials not rotating after restart or leadership change. [GH-28775]
  • secrets/ssh: Return the flag allow_empty_principals in the read role api when key_type is "ca" [GH-28901]
  • secrets/transform (enterprise): Fix nil panic when accessing a partially setup database store.
  • secrets/transit: Fix a race in which responses from the key update api could contain results from another subsequent update [GH-28839]
  • ui: Fixes rendering issues of LDAP dynamic and static roles with the same name [GH-28824]

Don't miss a new vault release

NewReleases is sending notifications on new releases.