Vault v0.11.4 Release Notes
Release Date: 2018-10-23 // over 5 years ago-
๐ CHANGES:
- core: HA lock file is no longer copied during
operator migrate
[GH-5503]. We've categorized this as a change, but generally this can be considered just a bug fix, and no action is needed.
๐ FEATURES:
- Transit Key Trimming: Keys in transit secret engine can now be trimmed to remove older unused key versions
- Web UI support for KV Version 2: Browse, delete, undelete and destroy individual secret versions in the UI
- Azure Existing Service Principal Support: Credentials can now be generated against an existing service principal
๐ IMPROVEMENTS:
- core: Add last WAL in leader/health output for easier debugging [GH-5523]
- identity: Identity names will now be handled case insensitively by default. This includes names of entities, aliases and groups [GH-5404]
- secrets/aws: Added role-option max_sts_ttl to cap TTL for AWS STS credentials [GH-5500]
- secret/database: Allow Cassandra user to be non-superuser so long as it has role creation permissions [GH-5402]
- secret/radius: Allow setting the NAS Identifier value in the generated packet [GH-5465]
- secret/ssh: Allow usage of JSON arrays when setting zero addresses [GH-5528]
- secret/transit: Allow trimming unused keys [GH-5388]
- ui: Support KVv2 [GH-5547], [GH-5563]
- ui: Allow viewing and updating Vault license via the UI
- ui: Onboarding will now display your progress through the chosen tutorials
- ui: Dynamic secret backends obfuscate sensitive data by default and visibility is toggleable
๐ BUG FIXES:
- agent: Fix potential hang during agent shutdown [GH-5026]
- auth/ldap: Fix listing of users/groups that contain slashes [GH-5537]
- core: Fix memory leak during some expiration calls [GH-5505]
- core: Fix generate-root operations requiring empty
otp
to be provided instead of an empty body [GH-5495] - identity: Remove lookup check during alias removal from entity [GH-5524]
- secret/pki: Fix TTL/MaxTTL check when using
sign-verbatim
[GH-5549] - secret/pki: Fix regression in 0.11.2+ causing the NotBefore value of generated certificates to be set to the Unix epoch if the role value was not set, instead of using the default of 30 seconds [GH-5481]
- storage/mysql: Use
varbinary
instead ofvarchar
when creating HA tables [GH-5529]
- core: HA lock file is no longer copied during