1.18.3
December 18, 2024
CHANGES:
- secrets/openldap: Update plugin to v0.14.4 [GH-29131]
- secrets/pki: Enforce the issuer constraint extensions (extended key usage, name constraints, issuer name) when issuing or signing leaf certificates. For more information see PKI considerations [GH-29045]
IMPROVEMENTS:
- auth/okta: update to okta sdk v5 from v2. Transitively updates go-jose dependency to >=3.0.3 to resolve GO-2024-2631. See https://github.com/okta/okta-sdk-golang/blob/master/MIGRATING.md for details on changes. [GH-28121]
- core: Added new
enable_post_unseal_traceandpost_unseal_trace_directoryconfig options to generate Go traces during the post-unseal step for debug purposes. [GH-28895] - sdk: Add Vault build date to system view plugin environment response [GH-29082]
- ui: Replace KVv2 json secret details view with Hds::CodeBlock component allowing users to search the full secret height. [GH-28808]
BUG FIXES:
- autosnapshots (enterprise): Fix an issue where snapshot size metrics were not reported for cloud-based storage.
- core/metrics: Fix unlocked mounts read for usage reporting. [GH-29091]
- core/seal (enterprise): Fix problem with nodes unable to join Raft clusters with Seal High Availability enabled. [GH-29117]
- core: fix bug in seal unwrapper that caused high storage latency in Vault CE. For every storage read request, the
seal unwrapper was performing the read twice, and would also issue an unnecessary storage write. [GH-29050] - secret/db: Update static role rotation to generate a new password after 2 failed attempts. [GH-28989]
- ui: Allow users to search the full json object within the json code-editor edit/create view. [GH-28808]
- ui: Decode
connection_urlto fix database connection updates (i.e. editing connection config, deleting roles) failing when urls include template variables. [GH-29114] - vault/diagnose: Fix time to expiration reporting within the TLS verification to not be a month off. [GH-29128]