Vault v1.9.1 Release Notes
-
December 9, 2021
๐ SECURITY:
- ๐ storage/raft: Integrated Storage backend could be caused to crash by an authenticated user with write permissions to the KV secrets engine. This vulnerability, CVE-2021-45042, was fixed in Vault 1.7.7, 1.8.6, and 1.9.1.
๐ IMPROVEMENTS:
- โฌ๏ธ storage/aerospike: Upgrade
aerospike-client-go
to v5.6.0. [GH-12165]
๐ BUG FIXES:
- auth/approle: Fix regression where unset cidrlist is returned as nil instead of zero-length array. [GH-13235]
- ๐ ha (enterprise): Prevents performance standby nodes from serving and caching stale data immediately after performance standby election completes
- ๐ http:Fix /sys/monitor endpoint returning streaming not supported [GH-13200]
- identity/oidc: Make the
nonce
parameter optional for the Authorization Endpoint of OIDC providers. [GH-13231] - ๐ identity: Fixes a panic in the OIDC key rotation due to a missing nil check. [GH-13298]
- ๐ sdk/queue: move lock before length check to prevent panics. [GH-13146]
- ๐ secrets/azure: Fixes service principal generation when assigning roles that have DataActions. [GH-13277]
- secrets/pki: Recognize ed25519 when requesting a response in PKCS8 format [GH-13257]
- storage/raft: Fix a panic when trying to store a key > 32KB in a transaction. [GH-13286]
- storage/raft: Fix a panic when trying to write a key > 32KB [GH-13282]
- ๐ป ui: Do not show verify connection value on database connection config page [GH-13152]
- ๐ป ui: Fixes issue restoring raft storage snapshot [GH-13107]
- ๐ป ui: Fixes issue with OIDC auth workflow when using MetaMask Chrome extension [GH-13133]
- ๐ ui: Fixes issue with automate secret deletion value not displaying initially if set in secret metadata edit view [GH-13177]
- ๐ป ui: Fixes issue with placeholder not displaying for automatically deleted secrets when deletion time has passed [GH-13166]
- ๐ ui: Fixes node-forge error when parsing EC (elliptical curve) certs [GH-13238]