Vault - 1.14.8
Security
December 06, 2023
SECURITY:
- core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see CVE-2023-6337 & HCSEC-2023-34)
CHANGES:
- identity (enterprise): POST requests to the
/identity/entity/merge
endpoint
are now always forwarded from standbys to the active node. [GH-24325]
BUG FIXES:
- agent/logging: Agent should now honor correct -log-format and -log-file settings in logs generated by the consul-template library. [GH-24252]
- api: Fix deadlock on calls to sys/leader with a namespace configured
on the request. [GH-24256] - core: Fix a timeout initializing Vault by only using a short timeout persisting barrier keyring encryption counts. [GH-24336]
- ui: Fix payload sent when disabling replication [GH-24292]
Security
Details
date
Dec. 6, 2023, midnight
name
1.14.8
type
Patch
👇
Register or login to:
- 🔍View and search all Vault releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!