Vault v1.9.9 Release Notes
-
August 31, 2022
๐ CHANGES:
- core: Bump Go version to 1.17.13.
๐ BUG FIXES:
- โ core (enterprise): Fix some races in merkle index flushing code found in testing
- core: Increase the allowed concurrent gRPC streams over the cluster port. [GH-16327]
- database: Invalidate queue should cancel context first to avoid deadlock [GH-15933]
- secrets/database: Fix a bug where the secret engine would queue up a lot of WAL deletes during startup. [GH-16686]
- ๐ป ui: Fix OIDC callback to accept namespace flag in different formats [GH-16886]
- ๐ป ui: Fix issue logging in with JWT auth method [GH-16466]
๐ SECURITY:
- ๐ identity/entity: When entity aliases mapped to a single entity share the same alias name, but have different mount accessors, Vault can leak metadata between the aliases. This metadata leak may result in unexpected access if templated policies are using alias metadata for path names. [HCSEC-2022-18]