Vault v1.4.7 Release Notes
-
September 24th, 2020
๐ SECURITY:
- โฑ Batch Token Expiry: We addressed an issue where batch token leases could outlive their TTL because we were not scheduling the expiration time correctly. This vulnerability affects Vault OSS and Vault Enterprise 1.0 and newer and is fixed in 1.4.7 and 1.5.4 (CVE-2020-25816).
๐ IMPROVEMENTS:
- ๐ secret/azure: Use write-ahead-logs to cleanup any orphaned Service Principals [GH-9773]
๐ BUG FIXES:
- replication (enterprise): Don't stop replication if old filter path evaluation fails