Vault v1.8.5 Release Notes
-
November 4, 2021
๐ SECURITY:
- ๐ core/identity: Templated ACL policies would always match the first-created entity alias if multiple entity aliases existed for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. This vulnerability, CVE-2021-43998, was fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
๐ BUG FIXES:
- auth/aws: fix config/rotate-root to store new key [GH-12715]
- core/identity: Cleanup alias in the in-memory entity after an alias deletion by ID [GH-12834]
- โก๏ธ core/identity: Disallow entity alias creation/update if a conflicting alias exists for the target entity and mount combination [GH-12747]
- http (enterprise): Always forward internal/counters endpoints from perf standbys to active node
- identity/token: Adds missing call to unlock mutex in key deletion error handling [GH-12916]
- kmip (enterprise): Fix handling of custom attributes when servicing GetAttributes requests
- kmip (enterprise): Fix handling of invalid role parameters within various vault api calls
- kmip (enterprise): Forward KMIP register operations to the active node
- ๐ secrets/keymgmt (enterprise): Fix support for Azure Managed HSM Key Vault instances. [GH-12952]
- transform (enterprise): Fix an error where the decode response of an expired token is an empty result rather than an error.