ยซ Changelog History


Vault v1.8.5 Release Notes

  • November 4, 2021

    ๐Ÿ”’ SECURITY:

    • ๐Ÿ›  core/identity: Templated ACL policies would always match the first-created entity alias if multiple entity aliases existed for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. This vulnerability, CVE-2021-43998, was fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.

    ๐Ÿ› BUG FIXES:

    • auth/aws: fix config/rotate-root to store new key [GH-12715]
    • core/identity: Cleanup alias in the in-memory entity after an alias deletion by ID [GH-12834]
    • โšก๏ธ core/identity: Disallow entity alias creation/update if a conflicting alias exists for the target entity and mount combination [GH-12747]
    • http (enterprise): Always forward internal/counters endpoints from perf standbys to active node
    • identity/token: Adds missing call to unlock mutex in key deletion error handling [GH-12916]
    • kmip (enterprise): Fix handling of custom attributes when servicing GetAttributes requests
    • kmip (enterprise): Fix handling of invalid role parameters within various vault api calls
    • kmip (enterprise): Forward KMIP register operations to the active node
    • ๐Ÿ‘ secrets/keymgmt (enterprise): Fix support for Azure Managed HSM Key Vault instances. [GH-12952]
    • transform (enterprise): Fix an error where the decode response of an expired token is an empty result rather than an error.