Vault - 1.12.6

April 26, 2023

CHANGES:

• core: Bump Go version to 1.19.8.

IMPROVEMENTS:

• cli/namespace: Add detailed flag to output additional namespace information
  such as namespace IDs and custom metadata. [GH-20243]
• core/activity: add an endpoint to write test activity log data, guarded by a build flag [GH-20019]
• core: Add a raft sub-field to the storage and ha_storage details provided by the
  /sys/config/state/sanitized endpoint in order to include the max_entry_size. [GH-20044]
• sdk/ldaputil: added connection_timeout to tune connection timeout duration
  for all LDAP plugins. [GH-20144]
• secrets/pki: Decrease size and improve compatibility of OCSP responses by removing issuer certificate. [GH-20201]

BUG FIXES:

• auth/ldap: Add max_page_size configurable to LDAP configuration [GH-19032]
• command/server: Fix incorrect paths in generated config for -dev-tls flag on Windows [GH-20257]
• core (enterprise): Fix intermittent issue with token entries sometimes not being found when using a newly created token in a request to a secondary, even when SSCT new_token forwarding is set. When this occurred, this would result in the following error to the client: error performing token check: no lease entry found for token that ought to have one, possible eventual consistency issue.
• core (enterprise): Fix read on perf standbys failing with 412 after leadership change, unseal, restores or restarts when no writes occur
• core/ssct (enterprise): Fixed race condition where a newly promoted DR may revert sscGenCounter
  resulting in 412 errors.
• core: Fix regression breaking non-raft clusters whose nodes share the same cluster_addr/api_addr. [GH-19721]
• helper/random: Fix race condition in string generator helper [GH-19875]
• kmip (enterprise): Fix a problem decrypting with keys that have no Process Start Date attribute.
• openapi: Fix many incorrect details in generated API spec, by using better techniques to parse path regexps [GH-18554]
• pki: Fix automatically turning off CRL signing on upgrade to Vault >= 1.12, if CA Key Usage disallows it [GH-20220]
• replication (enterprise): Fix a caching issue when replicating filtered data to
  a performance secondary. This resulted in the data being set to nil in the cache
  and a "invalid value" error being returned from the API.
• replication (enterprise): Fix replication status for Primary clusters showing its primary cluster's information (in case of DR) in secondaries field when known_secondaries field is nil
• secrets/pki: Fix patching of leaf_not_after_behavior on issuers. [GH-20341]
• secrets/transform (enterprise): Address SQL connection leak when cleaning expired tokens
• ui: Fix OIDC provider logo showing when domain doesn't match [GH-20263]
• ui: Fix bad link to namespace when namespace name includes . [GH-19799]
• ui: fixes browser console formatting for help command output [GH-20064]
• ui: remove use of htmlSafe except when first sanitized [GH-20235]