Vault - 1.10.4


June 10, 2022

CHANGES:

IMPROVEMENTS:

  • api/monitor: Add log_format option to allow for logs to be emitted in JSON format [GH-15536]
  • auth: Globally scoped Login MFA method Get/List endpoints [GH-15248]
  • auth: forward cached MFA auth response to the leader using RPC instead of forwarding all login requests [GH-15469]
  • cli/debug: added support for retrieving metrics from DR clusters if unauthenticated_metrics_access is enabled [GH-15316]
  • command/debug: Add log_format flag to allow for logs to be emitted in JSON format [GH-15536]
  • core: Fix some identity data races found by Go race detector (no known impact yet). [GH-15123]
  • storage/raft: Use larger timeouts at startup to reduce likelihood of inducing elections. [GH-15042]
  • ui: Allow namespace param to be parsed from state queryParam [GH-15378]

BUG FIXES:

  • agent: Redact auto auth token from renew endpoints [GH-15380]
  • auth/kubernetes: Fix error code when using the wrong service account [GH-15585]
  • auth/ldap: The logic for setting the entity alias when username_as_alias is set
    has been fixed. The previous behavior would make a request to the LDAP server to
    get user_attr before discarding it and using the username instead. This would
    make it impossible for a user to connect if this attribute was missing or had
    multiple values, even though it would not be used anyway. This has been fixed
    and the username is now used without making superfluous LDAP searches. [GH-15525]
  • auth: Fixed erroneous success message when using vault login in case of two-phase MFA [GH-15428]
  • auth: Fixed erroneous token information being displayed when using vault login in case of two-phase MFA [GH-15428]
  • auth: Fixed two-phase MFA information missing from table format when using vault login [GH-15428]
  • auth: Prevent deleting a valid MFA method ID using the endpoint for a different MFA method type [GH-15482]
  • core (enterprise): Fix overcounting of lease count quota usage at startup.
  • core: Prevent changing file permissions of audit logs when mode 0000 is used. [GH-15759]
  • core: Prevent metrics generation from causing deadlocks. [GH-15693]
  • core: fixed systemd reloading notification [GH-15041]
  • mfa/okta: disable client side rate limiting causing delays in push notifications [GH-15369]
  • storage/raft (enterprise): Auto-snapshot configuration now forbids slashes in file prefixes for all types, and "/" in path prefix for local storage type. Strip leading prefix in path prefix for AWS. Improve error handling/reporting.
  • transform (enterprise): Fix non-overridable column default value causing tokenization tokens to expire prematurely when using the MySQL storage backend.
  • ui: Fix inconsistent behavior in client count calendar widget [GH-15789]
  • ui: Fixed client count timezone for start and end months [GH-15167]
  • ui: fix firefox inability to recognize file format of client count csv export [GH-15364]

Details

date
June 10, 2022, midnight
name
1.10.4
type
Patch
👇
Register or login to:
  • 🔍View and search all Vault releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or