Overview All releases

Version History

1.16.2 1.16.1 1.16.0 1.15.8 1.15.7 1.15.6 1.15.5 1.15.4 1.15.3 1.15.2 1.15.1 1.15.0 1.14.12 1.14.11 1.14.10 1.14.9 1.14.8 1.14.7 1.14.6 1.14.5 1.14.4 1.14.3 1.14.2 1.14.1 1.14.0 1.13.13 1.13.12 1.13.11 1.13.10 1.13.9 1.13.8 1.13.7 1.13.6 1.13.5 1.13.4 1.13.3 1.13.2 1.13.1 1.13.0 1.12.11 1.12.10 1.12.9 1.12.8 1.12.7 1.12.6 1.12.5 1.12.4 1.12.3 1.12.2 1.12.1

1.12.0

1.11.12 1.11.11 1.11.10 1.11.9 1.11.8 1.11.7 1.11.6 1.11.5 1.11.4 1.11.3 1.11.2 1.11.1 1.11.0 1.10.11 1.10.10 1.10.9 1.10.8 1.10.7 1.10.6 1.10.5 1.10.4 1.10.3 1.10.2 1.10.1 1.10.0 1.9.10 1.9.9 1.9.8 1.9.7 1.9.6 1.9.5 1.9.4 1.9.3

1.9.2

1.9.1

1.9.0

1.8.12 1.8.11 1.8.10 1.8.9 1.8.8

1.8.7

1.8.6

1.8.5

1.8.4

1.8.3

1.8.2

1.8.1

1.8.0

1.7.10 1.7.9

1.7.8

1.7.7

1.7.6

1.7.5

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.7

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6.0

1.5.9

1.5.8

1.5.7

1.5.6

1.5.5

1.5.4

1.5.3

1.5.2

1.5.1

1.5.0

1.4.7

1.4.6

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.10

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.3

1.0.2

1.0.1

1.0.0

0.11.6

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11.0

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.6

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9.0

0.8.3

0.8.2

0.8.1

0.8.0

0.7.3

0.7.2

0.7.1

0.7.0

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.5.3

0.5.2

0.5.1

0.5.0

0.4.1

0.4.0

0.3.1

0.3.0

0.2.0

0.1.2

0.1.1

0.1.0

Vault - 1.12.0

Unreleased

CHANGES:

core: Bump Go version to 1.17.12.
identity: a request to /identity/group that includes member_group_ids that contains a cycle will now be responded to with a 400 rather than 500 [GH-15912]
licensing (enterprise): Terminated licenses will no longer result in shutdown. Instead, upgrades
will not be allowed if the license termination time is before the build date of the binary.

IMPROVEMENTS:

agent: Added disable_idle_connections configuration to disable leaving idle connections open in auto-auth, caching and templating. [GH-15986]
auth/oidc: Adds support for group membership parsing when using SecureAuth as an OIDC provider. [GH-16274]
core (enterprise): Add check to vault server command to ensure configured storage backend is supported.
core/activity: generate hyperloglogs containing clientIds for each month during precomputation [GH-16146]
core/activity: refactor activity log api to reuse partial api functions in activity endpoint when current month is specified [GH-16162]
core/activity: use monthly hyperloglogs to calculate new clients approximation for current month [GH-16184]
core/quotas (enterprise): Added ability to add path suffixes for lease-count resource quotas
core/quotas (enterprise): Added ability to add role information for lease-count resource quotas, to limit login requests on auth mounts made using that role
core/quotas: Added ability to add path suffixes for rate-limit resource quotas [GH-15989]
core/quotas: Added ability to add role information for rate-limit resource quotas, to limit login requests on auth mounts made using that role [GH-16115]
core: Add sys/loggers and sys/loggers/:name endpoints to provide ability to modify logging verbosity [GH-16111]
core: Limit activity log client count usage by namespaces [GH-16000]
docs: Clarify the behaviour of local mounts in the context of DR replication [GH-16218]
physical/postgresql: pass context to queries to propagate timeouts and cancellations on requests. [GH-15866]
plugins: Use AutoMTLS for secrets engines and auth methods run as external plugins. [GH-15671]
secret/nomad: allow reading CA and client auth certificate from /nomad/config/access [GH-15809]
secret/pki: Add signature_bits to sign-intermediate, sign-verbatim endpoints [GH-16124]
secret/pki: Allow issuing certificates with non-domain, non-email Common Names from roles, sign-verbatim, and as issuers (cn_validations). [GH-15996]
secret/transit: Allow importing Ed25519 keys from PKCS#8 with inner RFC 5915 ECPrivateKey blobs (NSS-wrapped keys). [GH-15742]
secrets/kubernetes: Add allowed_kubernetes_namespace_selector to allow selecting Kubernetes namespaces with a label selector when configuring roles. [GH-16240]
secrets/ssh: Allow additional text along with a template definition in defaultExtension value fields. [GH-16018]
ssh: Addition of an endpoint ssh/issue/:role to allow the creation of signed key pairs [GH-15561]
ui: Changed the tokenBoundCidrs tooltip content to clarify that comma separated values are not accepted in this field. [GH-15852]
ui: Removed deprecated version of core-js 2.6.11 [GH-15898]
website/docs: Update replication docs to mention Integrated Storage [GH-16063]

BUG FIXES:

agent/template: Fix parsing error for the exec stanza [GH-16231]
agent: Update consul-template for pkiCert bug fixes [GH-16087]
api/sys/internal/specs/openapi: support a new "dynamic" query parameter to generate generic mountpaths [GH-15835]
api: Fixed issue with internal/ui/mounts and internal/ui/mounts/(?P.+) endpoints where it was not properly handling /auth/ [GH-15552]
api: properly handle switching to/from unix domain socket when changing client address [GH-11904]
core (enterprise): Fix bug where wrapping token lookup does not work within namespaces. [GH-15583]
core/auth: Return a 403 instead of a 500 for a malformed SSCT [GH-16112]
core/identity: Replicate member_entity_ids and policies in identity/group across nodes identically [GH-16088]
core/replication (enterprise): Don't flush merkle tree pages to disk after losing active duty
core/seal: Fix possible keyring truncation when using the file backend. [GH-15946]
core: Fixes parsing boolean values for ha_storage backends in config [GH-15900]
debug: Fix panic when capturing debug bundle on Windows [GH-14399]
openapi: Fixed issue where information about /auth/token endpoints was not present with explicit policy permissions [GH-15552]
plugin/multiplexing: Fix panic when id doesn't exist in connection map [GH-16094]
quotas/lease-count: Fix lease-count quotas on mounts not properly being enforced when the lease generating request is a read [GH-15735]
replication (enterprise): Fix data race in saveCheckpoint.
secret/pki: Do not fail validation with a legacy key_bits default value and key_type=any when signing CSRs [GH-16246]
storage/raft (enterprise): Fix some storage-modifying RPCs used by perf standbys that weren't returning the resulting WAL state.
storage/raft (enterprise): Prevent unauthenticated voter status change with rejoin [GH-16324]
ui: Fixed bug where red spellcheck underline appears in sensitive/secret kv values when it should not appear [GH-15681]
ui: OIDC login type uses localStorage instead of sessionStorage [GH-16170]
vault: Fix a bug where duplicate policies could be added to an identity group. [GH-15638]

Details

date

Oct. 13, 2022, midnight

name

1.12.0

type

Minor

official page

https://github.com/hashicorp/vault/blob/main/CHANGELOG.md/#1120

👇

🔍View and search all Vault releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity