hashicorp/vault
### [`v1.11.2`](https://togithub.com/hashicorp/vault/blob/HEAD/CHANGELOG.md#1112)
[Compare Source](https://togithub.com/hashicorp/vault/compare/v1.11.1...v1.11.2)
##### August 2, 2022
IMPROVEMENTS:
- agent: Added `disable_keep_alives` configuration to disable keep alives in auto-auth, caching and templating. \[[GH-16479](https://togithub.com/hashicorp/vault/pull/16479)]
BUG FIXES:
- core/auth: Return a 403 instead of a 500 for a malformed SSCT \[[GH-16112](https://togithub.com/hashicorp/vault/pull/16112)]
- core: Increase the allowed concurrent gRPC streams over the cluster port. \[[GH-16327](https://togithub.com/hashicorp/vault/pull/16327)]
- secrets/kv: Fix `kv get` issue preventing the ability to read a secret when providing a leading slash \[[GH-16443](https://togithub.com/hashicorp/vault/pull/16443)]
- ui: Fix issue logging in with JWT auth method \[[GH-16466](https://togithub.com/hashicorp/vault/pull/16466)]
### [`v1.11.1`](https://togithub.com/hashicorp/vault/blob/HEAD/CHANGELOG.md#1111)
[Compare Source](https://togithub.com/hashicorp/vault/compare/v1.11.0...v1.11.1)
##### July 21, 2022
CHANGES:
- core: Bump Go version to 1.17.12.
IMPROVEMENTS:
- agent: Added `disable_idle_connections` configuration to disable leaving idle connections open in auto-auth, caching and templating. \[[GH-15986](https://togithub.com/hashicorp/vault/pull/15986)]
- core: Add `sys/loggers` and `sys/loggers/:name` endpoints to provide ability to modify logging verbosity \[[GH-16111](https://togithub.com/hashicorp/vault/pull/16111)]
- secrets/ssh: Allow additional text along with a template definition in defaultExtension value fields. \[[GH-16018](https://togithub.com/hashicorp/vault/pull/16018)]
BUG FIXES:
- agent/template: Fix parsing error for the exec stanza \[[GH-16231](https://togithub.com/hashicorp/vault/pull/16231)]
- agent: Update consul-template for pkiCert bug fixes \[[GH-16087](https://togithub.com/hashicorp/vault/pull/16087)]
- core/identity: Replicate member_entity_ids and policies in identity/group across nodes identically \[[GH-16088](https://togithub.com/hashicorp/vault/pull/16088)]
- core/replication (enterprise): Don't flush merkle tree pages to disk after losing active duty
- core/seal: Fix possible keyring truncation when using the file backend. \[[GH-15946](https://togithub.com/hashicorp/vault/pull/15946)]
- kmip (enterprise): Return SecretData as supported Object Type.
- plugin/multiplexing: Fix panic when id doesn't exist in connection map \[[GH-16094](https://togithub.com/hashicorp/vault/pull/16094)]
- secret/pki: Do not fail validation with a legacy key_bits default value and key_type=any when signing CSRs \[[GH-16246](https://togithub.com/hashicorp/vault/pull/16246)]
- storage/raft (enterprise): Prevent unauthenticated voter status change with rejoin \[[GH-16324](https://togithub.com/hashicorp/vault/pull/16324)]
- transform (enterprise): Fix a bug in the handling of nested or unmatched capture groups in FPE transformations.
- ui: OIDC login type uses localStorage instead of sessionStorage \[[GH-16170](https://togithub.com/hashicorp/vault/pull/16170)]
SECURITY:
- storage/raft (enterprise): Vault Enterprise (“Vault”) clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. This vulnerability, CVE-2022-36129, was fixed in Vault 1.9.8, 1.10.5, and 1.11.1. \[[HCSEC-2022-15](https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420)]
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
1.11.0->1.11.2Release Notes
hashicorp/vault
### [`v1.11.2`](https://togithub.com/hashicorp/vault/blob/HEAD/CHANGELOG.md#1112) [Compare Source](https://togithub.com/hashicorp/vault/compare/v1.11.1...v1.11.2) ##### August 2, 2022 IMPROVEMENTS: - agent: Added `disable_keep_alives` configuration to disable keep alives in auto-auth, caching and templating. \[[GH-16479](https://togithub.com/hashicorp/vault/pull/16479)] BUG FIXES: - core/auth: Return a 403 instead of a 500 for a malformed SSCT \[[GH-16112](https://togithub.com/hashicorp/vault/pull/16112)] - core: Increase the allowed concurrent gRPC streams over the cluster port. \[[GH-16327](https://togithub.com/hashicorp/vault/pull/16327)] - secrets/kv: Fix `kv get` issue preventing the ability to read a secret when providing a leading slash \[[GH-16443](https://togithub.com/hashicorp/vault/pull/16443)] - ui: Fix issue logging in with JWT auth method \[[GH-16466](https://togithub.com/hashicorp/vault/pull/16466)] ### [`v1.11.1`](https://togithub.com/hashicorp/vault/blob/HEAD/CHANGELOG.md#1111) [Compare Source](https://togithub.com/hashicorp/vault/compare/v1.11.0...v1.11.1) ##### July 21, 2022 CHANGES: - core: Bump Go version to 1.17.12. IMPROVEMENTS: - agent: Added `disable_idle_connections` configuration to disable leaving idle connections open in auto-auth, caching and templating. \[[GH-15986](https://togithub.com/hashicorp/vault/pull/15986)] - core: Add `sys/loggers` and `sys/loggers/:name` endpoints to provide ability to modify logging verbosity \[[GH-16111](https://togithub.com/hashicorp/vault/pull/16111)] - secrets/ssh: Allow additional text along with a template definition in defaultExtension value fields. \[[GH-16018](https://togithub.com/hashicorp/vault/pull/16018)] BUG FIXES: - agent/template: Fix parsing error for the exec stanza \[[GH-16231](https://togithub.com/hashicorp/vault/pull/16231)] - agent: Update consul-template for pkiCert bug fixes \[[GH-16087](https://togithub.com/hashicorp/vault/pull/16087)] - core/identity: Replicate member_entity_ids and policies in identity/group across nodes identically \[[GH-16088](https://togithub.com/hashicorp/vault/pull/16088)] - core/replication (enterprise): Don't flush merkle tree pages to disk after losing active duty - core/seal: Fix possible keyring truncation when using the file backend. \[[GH-15946](https://togithub.com/hashicorp/vault/pull/15946)] - kmip (enterprise): Return SecretData as supported Object Type. - plugin/multiplexing: Fix panic when id doesn't exist in connection map \[[GH-16094](https://togithub.com/hashicorp/vault/pull/16094)] - secret/pki: Do not fail validation with a legacy key_bits default value and key_type=any when signing CSRs \[[GH-16246](https://togithub.com/hashicorp/vault/pull/16246)] - storage/raft (enterprise): Prevent unauthenticated voter status change with rejoin \[[GH-16324](https://togithub.com/hashicorp/vault/pull/16324)] - transform (enterprise): Fix a bug in the handling of nested or unmatched capture groups in FPE transformations. - ui: OIDC login type uses localStorage instead of sessionStorage \[[GH-16170](https://togithub.com/hashicorp/vault/pull/16170)] SECURITY: - storage/raft (enterprise): Vault Enterprise (“Vault”) clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. This vulnerability, CVE-2022-36129, was fixed in Vault 1.9.8, 1.10.5, and 1.11.1. \[[HCSEC-2022-15](https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420)]Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.