Vault v1.8.4 Release Notes
-
6 October 2021
🔒 SECURITY:
- 🔀 core/identity: A Vault user with write permission to an entity alias ID sharing a mount accessor with another user may acquire this other user’s policies by merging their identities. This vulnerability, CVE-2021-41802, was fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
👌 IMPROVEMENTS:
- ⚡️ core: Update Oracle Cloud library to enable seal integration with the uk-gov-london-1 region [GH-12724]
🐛 BUG FIXES:
- core: Fix a deadlock on HA leadership transfer [GH-12691]
- ⚡️ database/postgres: Update postgres library (github.com/lib/pq) to properly remove terminated TLS connections from the connection pool. [GH-12413]
- pki: Fix regression preventing email addresses being used as a common name within certificates [GH-12716]
- ⚡️ storage/postgres: Update postgres library (github.com/lib/pq) to properly remove terminated TLS connections from the connection pool. [GH-12413]
- 0️⃣ ui: Fix bug where edit role form on auth method is invalid by default [GH-12646]