Vault v1.4.1 Release Notes

Release Date: 2020-04-30 // almost 4 years ago
  • ๐Ÿ”„ CHANGES:

    • auth/aws: The default set of metadata fields added in 1.4.1 has been changed to account_id and auth_type [GH-8783]
    • storage/raft: Disallow ha_storage to be specified if raft is set as the storage type. [GH-8707]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ“‡ auth/aws: The set of metadata stored during login is now configurable [GH-8783]
    • ๐Ÿ‘€ auth/aws: Improve region selection to avoid errors seen if the account hasn't enabled some newer AWS regions [GH-8679]
    • ๐Ÿ”Œ auth/azure: Enable login from Azure VMs with user-assigned identities [GH-33]
    • ๐Ÿ“‡ auth/gcp: The set of metadata stored during login is now configurable [GH-92]
    • ๐Ÿ”ง auth/gcp: The type of alias name used during login is now configurable [GH-95]
    • auth/ldap: Improve error messages during LDAP operation failures [GH-8740]
    • identity: Add a batch delete API for identity entities [GH-8785]
    • ๐ŸŽ identity: Improve performance of logins when no group updates are needed [GH-8795]
    • metrics: Add vault.identity.num_entities metric [GH-8816]
    • secrets/kv: Allow delete-version-after to be reset to 0 via the CLI [GH-8635]
    • secrets/rabbitmq: Improve error handling and reporting [GH-8619]
    • ๐Ÿ’ป ui: Provide One Time Password during Operation Token generation process [GH-8630]

    ๐Ÿ› BUG FIXES:

    • auth/okta: Fix MFA regression (introduced in GH-8143) from 1.4.0 [GH-8807]
    • auth/userpass: Fix upgrade value for token_bound_cidrs being ignored due to incorrect key provided [GH-8826]
    • ๐Ÿšš config/seal: Fix segfault when seal block is removed [GH-8517]
    • ๐Ÿ— core: Fix an issue where users attempting to build Vault could receive Go module checksum errors [GH-8770]
    • ๐Ÿ”’ core: Fix blocked requests if a SIGHUP is issued during a long-running request has the state lock held. Also fixes deadlock that can happen if vault debug with the config target is ran during this time. [GH-8755]
    • core: Always rewrite the .vault-token file as part of a vault login to ensure permissions and ownership are set correctly [GH-8867]
    • database/mongodb: Fix context deadline error that may result due to retry attempts on failed commands [GH-8863]
    • ๐Ÿ“ฆ http: Fix superflous call messages from the http package on logs caused by missing returns after respondError calls [GH-8796]
    • namespace (enterprise): Fix namespace listing to return key_info when a scoping namespace is also provided.
    • seal/gcpkms: Fix panic that could occur if all seal parameters were provided via environment variables [GH-8840]
    • ๐Ÿ“‡ storage/raft: Fix memory allocation and incorrect metadata tracking issues with snapshots [GH-8793]
    • storage/raft: Fix panic that could occur if disable_clustering was set to true on Raft storage cluster [GH-8784]
    • storage/raft: Handle errors returned from the API during snapshot operations [GH-8861]
    • sys/wrapping: Allow unwrapping of wrapping tokens which contain nil data [GH-8714]