Vault - 1.10.0

Unreleased

CHANGES:

• go: Update go version to 1.17.5 [GH-13408]
• ui: Upgrade Ember to version 3.24 [GH-13443]

FEATURES:

• Report in-flight requests:Adding a trace capability to show in-flight requests, and a new gauge metric to show the total number of in-flight requests [GH-13024]
• Transit SHA-3 Support: Add support for SHA-3 in the Transit backend. [GH-13367]

IMPROVEMENTS:

• api: Implements Login method in Go client libraries for GCP and Azure auth methods [GH-13022]
• api: Trim newline character from wrapping token in logical.Unwrap from the api package [GH-13044]
• api: add api method for modifying raft autopilot configuration [GH-12428]
• api: respect WithWrappingToken() option during AppRole login authentication when used with secret ID specified from environment or from string [GH-13241]
• auth/jwt: The Authorization Code flow makes use of the Proof Key for Code Exchange (PKCE) extension. [GH-13365]
• core/ha: Add new mechanism for keeping track of peers talking to active node, and new 'operator members' command to view them. [GH-13292]
• core/identity: Support updating an alias' custom_metadata to be empty. [GH-13395]
• core/pki: Support Y10K value in notAfter field to be compliant with IEEE 802.1AR-2018 standard [GH-12795]
• core: Periodically test the health of connectivity to auto-seal backends [GH-13078]
• core: Reading sys/mounts/:path now returns the configuration for the secret engine at the given path [GH-12792]
• core: Replace "master key" terminology with "root key" [GH-13324]
• http (enterprise): Serve /sys/license/status endpoint within namespaces
• sdk: Add helper for decoding root tokens [GH-10505]
• secrets/pki: Allow URI SAN templates in allowed_uri_sans when allowed_uri_sans_template is set to true. [GH-10249]
• secrets/transit: Don't abort transit encrypt or decrypt batches on single item failure. [GH-13111]
• storage/aerospike: Upgrade aerospike-client-go to v5.6.0. [GH-12165]
• storage/raft: Set InitialMmapSize to 100GB on 64bit architectures [GH-13178]
• ui: Add version diff view for KV V2 [GH-13000]
• ui: Added client side paging for namespace list view [GH-13195]
• ui: Adds flight icons to UI [GH-12976]
• ui: Display badge for all versions in secrets engine header [GH-13015]
• ui: Updates ember blueprints to glimmer components [GH-13149]
• ui: customizes empty state messages for transit and transform [GH-13090]

BUG FIXES:

• auth/approle: Fix regression where unset cidrlist is returned as nil instead of zero-length array. [GH-13235]
• auth/github: Use the Organization ID instead of the Organization name to verify the org membership. [GH-13332]
• core/token: Fix null token panic from 'v1/auth/token/' endpoints and return proper error response. [GH-13233]
• core/token: Fix null token_type panic resulting from 'v1/auth/token/roles/{role_name}' endpoint [GH-13236]
• core: authentication to "login" endpoint for non-existent mount path returns permission denied with status code 403 [GH-13162]
• ha (enterprise): Prevents performance standby nodes from serving and caching stale data immediately after performance standby election completes
• http:Fix /sys/monitor endpoint returning streaming not supported [GH-13200]
• identity/oidc: Make the nonce parameter optional for the Authorization Endpoint of OIDC providers. [GH-13231]
• identity: Fix possible nil pointer dereference. [GH-13318]
• identity: Fixes a panic in the OIDC key rotation due to a missing nil check. [GH-13298]
• sdk/helper/ldaputil: properly escape a trailing escape character to prevent panics. [GH-13452]
• sdk/queue: move lock before length check to prevent panics. [GH-13146]
• secrets/azure: Fixes service principal generation when assigning roles that have DataActions. [GH-13277]
• secrets/database/mssql: Accept a boolean for contained_db, rather than just a string. [GH-13469]
• secrets/pki: Default value for key_bits changed to 0, enabling key_type=ec key generation with default value [GH-13080]
• secrets/pki: Fixes around NIST P-curve signature hash length, default value for signature_bits changed to 0. [GH-12872]
• secrets/pki: Recognize ed25519 when requesting a response in PKCS8 format [GH-13257]
• secrets/pki: Skip signature bits validation for ed25519 curve key type [GH-13254]
• storage/raft: Fix a panic when trying to store a key > 32KB in a transaction. [GH-13286]
• storage/raft: Fix a panic when trying to write a key > 32KB [GH-13282]
• ui: Do not show verify connection value on database connection config page [GH-13152]
• ui: Fix client count current month data not showing unless monthly history data exists [GH-13396]
• ui: Fixes issue removing raft storage peer via cli not reflected in UI until refresh [GH-13098]
• ui: Fixes issue restoring raft storage snapshot [GH-13107]
• ui: Fixes issue with OIDC auth workflow when using MetaMask Chrome extension [GH-13133]
• ui: Fixes issue with automate secret deletion value not displaying initially if set in secret metadata edit view [GH-13177]
• ui: Fixes issue with placeholder not displaying for automatically deleted secrets when deletion time has passed [GH-13166]
• ui: Fixes long secret key names overlapping masked values [GH-13032]
• ui: Fixes node-forge error when parsing EC (elliptical curve) certs [GH-13238]