Vault - 1.12.8

June 21, 2023

BREAKING CHANGES:

• secrets/pki: Maintaining running count of certificates will be turned off by default.
  To re-enable keeping these metrics available on the tidy status endpoint, enable
  maintain_stored_certificate_counts on tidy-config, to also publish them to the
  metrics consumer, enable publish_stored_certificate_count_metrics . [GH-18186]

CHANGES:

• core: Bump Go version to 1.19.10.

FEATURES:

• Automated License Utilization Reporting: Added automated license
  utilization reporting, which sends minimal product-license metering
  data
  to HashiCorp without requiring you to manually collect and report them.
• core (enterprise): Add background worker for automatic reporting of billing
  information. [GH-19625]

IMPROVEMENTS:

• api: GET ... /sys/internal/counters/activity?current_billing_period=true now
  results in a response which contains the full billing period [GH-20694]
• api: /sys/internal/counters/config endpoint now contains read-only
  minimum_retention_months. [GH-20150]
• api: /sys/internal/counters/config endpoint now contains read-only
  reporting_enabled and billing_start_timestamp fields. [GH-20086]
• core (enterprise): add configuration for license reporting [GH-19891]
• core (enterprise): license updates trigger a reload of reporting and the activity log [GH-20680]
• core (enterprise): support reloading configuration for automated reporting via SIGHUP [GH-20680]
• core (enterprise): vault server command now allows for opt-out of automated
  reporting via the OPTOUT_LICENSE_REPORTING environment variable. [GH-3939]
• core/activity: error when attempting to update retention configuration below the minimum [GH-20078]
• core/activity: refactor the activity log's generation of precomputed queries [GH-20073]
• ui: updates clients configuration edit form state based on census reporting configuration [GH-20125]

BUG FIXES:

• core (enterprise): Don't delete backend stored data that appears to be filterable
  on this secondary if we don't have a corresponding mount entry.
• core/activity: add namespace breakdown for new clients when date range spans multiple months, including the current month. [GH-18766]
• core/activity: de-duplicate namespaces when historical and current month data are mixed [GH-18452]
• core/activity: fix the end_date returned from the activity log endpoint when partial counts are computed [GH-17856]
• core/activity: include mount counts when de-duplicating current and historical month data [GH-18598]
• core/activity: report mount paths (rather than mount accessors) in current month activity log counts and include deleted mount paths in precomputed queries. [GH-18916]
• core/activity: return partial month counts when querying a historical date range and no historical data exists. [GH-17935]
• core: Change where we evaluate filtered paths as part of mount operations; this is part of an enterprise bugfix that will
  have its own changelog entry. Fix wrong lock used in ListAuths link meta interface implementation. [GH-21260]
• core: Do not cache seal configuration to fix a bug that resulted in sporadic auto unseal failures. [GH-21223]
• core: Don't exit just because we think there's a potential deadlock. [GH-21342]
• core: Fix panic in sealed nodes using raft storage trying to emit raft metrics [GH-21249]
• identity: Fixes duplicate groups creation with the same name but unique IDs. [GH-20964]
• replication (enterprise): Fix a race condition with update-primary that could result in data loss after a DR failover
• replication (enterprise): Fix path filters deleting data right after it's written by backend Initialize funcs
• storage/raft: Fix race where new follower joining can get pruned by dead server cleanup. [GH-20986]