Vault v1.4.1 Release Notes
Release Date: 2020-04-30 // almost 4 years ago-
๐ CHANGES:
- auth/aws: The default set of metadata fields added in 1.4.1 has been changed to
account_id
andauth_type
[GH-8783] - storage/raft: Disallow
ha_storage
to be specified ifraft
is set as thestorage
type. [GH-8707]
๐ IMPROVEMENTS:
- ๐ auth/aws: The set of metadata stored during login is now configurable [GH-8783]
- ๐ auth/aws: Improve region selection to avoid errors seen if the account hasn't enabled some newer AWS regions [GH-8679]
- ๐ auth/azure: Enable login from Azure VMs with user-assigned identities [GH-33]
- ๐ auth/gcp: The set of metadata stored during login is now configurable [GH-92]
- ๐ง auth/gcp: The type of alias name used during login is now configurable [GH-95]
- auth/ldap: Improve error messages during LDAP operation failures [GH-8740]
- identity: Add a batch delete API for identity entities [GH-8785]
- ๐ identity: Improve performance of logins when no group updates are needed [GH-8795]
- metrics: Add
vault.identity.num_entities
metric [GH-8816] - secrets/kv: Allow
delete-version-after
to be reset to 0 via the CLI [GH-8635] - secrets/rabbitmq: Improve error handling and reporting [GH-8619]
- ๐ป ui: Provide One Time Password during Operation Token generation process [GH-8630]
๐ BUG FIXES:
- auth/okta: Fix MFA regression (introduced in GH-8143) from 1.4.0 [GH-8807]
- auth/userpass: Fix upgrade value for
token_bound_cidrs
being ignored due to incorrect key provided [GH-8826] - ๐ config/seal: Fix segfault when seal block is removed [GH-8517]
- ๐ core: Fix an issue where users attempting to build Vault could receive Go module checksum errors [GH-8770]
- ๐ core: Fix blocked requests if a SIGHUP is issued during a long-running request has the state lock held.
Also fixes deadlock that can happen if
vault debug
with the config target is ran during this time. [GH-8755] - core: Always rewrite the .vault-token file as part of a
vault login
to ensure permissions and ownership are set correctly [GH-8867] - database/mongodb: Fix context deadline error that may result due to retry attempts on failed commands [GH-8863]
- ๐ฆ http: Fix superflous call messages from the http package on logs caused by missing returns after
respondError
calls [GH-8796] - namespace (enterprise): Fix namespace listing to return
key_info
when a scoping namespace is also provided. - seal/gcpkms: Fix panic that could occur if all seal parameters were provided via environment variables [GH-8840]
- ๐ storage/raft: Fix memory allocation and incorrect metadata tracking issues with snapshots [GH-8793]
- storage/raft: Fix panic that could occur if
disable_clustering
was set to true on Raft storage cluster [GH-8784] - storage/raft: Handle errors returned from the API during snapshot operations [GH-8861]
- sys/wrapping: Allow unwrapping of wrapping tokens which contain nil data [GH-8714]
- auth/aws: The default set of metadata fields added in 1.4.1 has been changed to