github hashicorp/vault v1.7.2
on GitHub

latest releases: v1.18.1, v1.18.0, v1.17.6...
3 years ago

1.7.2

May 20th, 2021

SECURITY:

  • Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token
    leases and dynamic secret leases with a zero-second TTL, causing them to be
    treated as non-expiring, and never revoked. This issue affects Vault and Vault
    Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and
    1.7.2 (CVE-2021-32923).

CHANGES:

  • agent: Update to use IAM Service Account Credentials endpoint for signing JWTs
    when using GCP Auto-Auth method [GH-11473]
  • auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for
    signing JWTs [GH-11494]

IMPROVEMENTS:

  • api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [GH-11445]
  • auth/aws: Underlying error included in validation failure message. [GH-11638]
  • http: Add optional HTTP response headers for hostname and raft node ID [GH-11289]
  • secrets/aws: add ability to provide a role session name when generating STS credentials [GH-11345]
  • secrets/database/mongodb: Add ability to customize SocketTimeout, ConnectTimeout, and ServerSelectionTimeout [GH-11600]
  • secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [GH-11600]

BUG FIXES:

  • agent/cert: Fix issue where the API client on agent was not honoring certificate
    information from the auto-auth config map on renewals or retries. [GH-11576]
  • agent: Fixed agent templating to use configured tls servername values [GH-11288]
  • core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [GH-11596]
  • core: correct logic for renewal of leases nearing their expiration time. [GH-11650]
  • identity: Use correct mount accessor when refreshing external group memberships. [GH-11506]
  • replication: Fix panic trying to update walState during identity group invalidation. [GH-1865]
  • secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [GH-11451]
  • secrets/database: Fixed minor race condition when rotate-root is called [GH-11600]
  • secrets/database: Fixes issue for V4 database interface where SetCredentials wasn't falling back to using RotateRootCredentials if SetCredentials is Unimplemented [GH-11585]
  • secrets/keymgmt (enterprise): Fixes audit logging for the read key response.
  • storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [GH-11247]
  • ui: Fix entity group membership and metadata not showing [GH-11641]
  • ui: Fix text link URL on database roles list [GH-11597]
Check out latest releases or
releases around hashicorp/vault v1.7.2

Don't miss a new vault release

NewReleases is sending notifications on new releases.

Get notifications