Vault v1.9.5 Release Notes

  • April 22, 2022

    ๐Ÿ”„ CHANGES:

    • core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
    • core: Bump Go version to 1.17.9. [GH-15045]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • auth/ldap: Add username_as_alias configurable to change how aliases are named [GH-14324]
    • ๐Ÿง core: Systemd unit file included with the Linux packages now sets the service type to notify. [GH-14385]
    • โฌ†๏ธ sentinel (enterprise): Upgrade sentinel to v0.18.5 to avoid potential naming collisions in the remote installer
    • ๐Ÿ”Œ website/docs: added a link to an Enigma secret plugin. [GH-14389]

    ๐Ÿ› BUG FIXES:

    • โšก๏ธ api/sys/raft: Update RaftSnapshotRestore to use net/http client allowing bodies larger than allocated memory to be streamed [GH-14269]
    • api: Respect increment value in grace period calculations in LifetimeWatcher [GH-14836]
    • auth/approle: Add maximum length for input values that result in SHA56 HMAC calculation [GH-14746]
    • โšก๏ธ cassandra: Update gocql Cassandra client to fix "no hosts available in the pool" error [GH-14973]
    • ๐Ÿ“œ cli: Fix panic caused by parsing key=value fields whose value is a single backslash [GH-14523]
    • ๐Ÿ“‡ core (enterprise): Allow local alias create RPCs to persist alias metadata
    • core/metrics: Fix incorrect table size metric for local mounts [GH-14755]
    • ๐Ÿ“œ core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited integers [GH-15072]
    • ๐Ÿ“œ core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited strings [GH-14522]
    • ๐Ÿ“œ core: Fix panic caused by parsing policies with empty slice values. [GH-14501]
    • core: Fix panic for help request URL paths without /v1/ prefix [GH-14704]
    • core: fixing excessive unix file permissions [GH-14791]
    • core: fixing excessive unix file permissions on dir, files and archive created by vault debug command [GH-14846]
    • ๐Ÿ”ง core: report unused or redundant keys in server configuration [GH-14752]
    • core: time.After() used in a select statement can lead to memory leak [GH-14814]
    • ๐Ÿ›  identity/token: Fixes a bug where duplicate public keys could appear in the .well-known JWKS [GH-14543]
    • metrics/autosnapshots (enterprise) : Fix bug that could cause vault.autosnapshots.save.errors to not be incremented when there is an autosnapshot save error.
    • replication (enterprise): fix panic due to missing entity during invalidation of local aliases. [GH-14622]
    • ๐Ÿ’ป ui: Fix Generated Token's Policies helpText to clarify that comma separated values are not excepted in this field. [GH-15046]
    • ๐Ÿ’ป ui: Fix issue where UI incorrectly handled API errors when mounting backends [GH-14551]
    • ๐Ÿ’ป ui: Fixes caching issue on kv new version create [GH-14489]
    • ๐Ÿ’ป ui: Fixes edit auth method capabilities issue [GH-14966]
    • ๐Ÿ’ป ui: Fixes issue logging out with wrapped token query parameter [GH-14329]
    • ๐Ÿ’ป ui: Fixes issue with correct auth method not selected when logging out from OIDC or JWT methods [GH-14545]
    • ๐Ÿ’ป ui: Redirects to managed namespace if incorrect namespace in URL param [GH-14422]
    • ๐Ÿ’ป ui: fix search-select component showing blank selections when editing group member entity [GH-15058]
    • ๐Ÿ’ป ui: masked values no longer give away length or location of special characters [GH-15025]