Vault v1.3.2 Release Notes
Release Date: 2020-01-22 // over 4 years ago-
🔒 SECURITY:
- When deleting a namespace on Vault Enterprise, in certain circumstances, the deletion process will fail to revoke dynamic secrets for a mount in that namespace. This will leave any dynamic secrets in remote systems alive and will fail to clean them up. This vulnerability, CVE-2020-7220, affects Vault Enterprise 0.11.0 and newer.
👌 IMPROVEMENTS:
- auth/aws: Add aws metadata to identity alias [GH-7985]
- auth/kubernetes: Allow both names and namespaces to be set to "*" [GH-78]
🐛 BUG FIXES:
- auth/azure: Fix Azure compute client to use correct base URL [GH-8072]
- 🔧 auth/ldap: Fix renewal of tokens without configured policies that are generated by an LDAP login [GH-8072]
- 🔧 auth/okta: Fix renewal of tokens without configured policies that are generated by an Okta login [GH-8072]
- core: Fix seal migration error when attempting to migrate from auto unseal to shamir [GH-8172]
- core: Fix seal migration config issue when migrating from auto unseal to auto unseal [GH-8172]
- 🔌 plugin: Fix issue where a plugin unwrap request potentially used an expired token [GH-8058]
- 🐎 replication: Fix issue where a forwarded request from a performance/standby node could run into a timeout
- secrets/database: Fix issue where a manual static role rotation could potentially panic [GH-8098]
- secrets/database: Fix issue where a manual root credential rotation request is not forwarded to the primary node [GH-8125]
- secrets/database: Fix issue where a manual static role rotation request is not forwarded to the primary node [GH-8126]
- secrets/database/mysql: Fix issue where special characters for a MySQL password were encoded [GH-8040]
- 💻 ui: Fix deleting namespaces [GH-8132]
- 💻 ui: Fix Error handler on kv-secret edit and kv-secret view pages [GH-8133]
- 💻 ui: Fix OIDC callback to check storage [GH-7929].
- 💻 ui: Change
.box-radioheight to min-height to prevent overflow issues [GH-8065]