secrets/openldap: Update plugin to v0.11.3 [GH-25040]
IMPROVEMENTS:
command/server: display logs on startup immediately if disable-gated-logs flag is set [GH-24280]
core/activity: Include secret_syncs in activity log responses [GH-24710]
oidc/provider: Adds code_challenge_methods_supported to OpenID Connect Metadata [GH-24979]
storage/raft: Upgrade to bbolt 1.3.8, along with an extra patch to reduce time scanning large freelist maps. [GH-24010]
sys (enterprise): Adds the chroot_namespace field to this sys/internal/ui/resultant-acl endpoint, which exposes the value of the chroot namespace from the
listener config.
ui: latest version of chrome does not automatically redirect back to the app after authentication unless triggered by the user, hence added a link to redirect back to the app. [GH-18513]
BUG FIXES:
audit/socket: Provide socket based audit backends with 'prefix' configuration option when supplied. [GH-25004]
audit: Fix bug where use of 'log_raw' option could result in other devices logging raw audit data [GH-24968]
auth/saml (enterprise): Fixes support for Microsoft Entra ID enterprise applications
core (enterprise): fix a potential deadlock if an error is received twice from underlying storage for the same key
core: upgrade github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 to
support azure workload identities. [GH-24954]
kmip (enterprise): Only return a Server Correlation Value to clients using KMIP version 1.4.
plugins: fix panic when registering containerized plugin with a custom runtime on a perf standby
ui: Allows users to dismiss the resultant-acl banner. [GH-25106]
ui: Correctly handle redirects from pre 1.15.0 Kv v2 edit, create, and show urls. [GH-24339]
ui: Fixed minor bugs with database secrets engine [GH-24947]
ui: Fixes input for jwks_ca_pem when configuring a JWT auth method [GH-24697]
ui: Fixes policy input toolbar scrolling by default [GH-23297]
ui: The UI can now be used to create or update database roles by operator without permission on the database connection. [GH-24660]
ui: fix KV v2 details view defaulting to JSON view when secret value includes { [GH-24513]
ui: fix incorrectly calculated capabilities on PKI issuer endpoints [GH-24686]
ui: fix issue where kv v2 capabilities checks were not passing in the full secret path if secret was inside a directory. [GH-24404]
ui: fix navigation items shown to user when chroot_namespace configured [GH-24492]
v1.15.4
1.15.4
SECURITY:
core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. Upgrading is strongly recommended.(see CVE-2023-6337 & HCSEC-2023-34)
secrets/openldap: Update plugin to v0.11.3 [GH-25040]
IMPROVEMENTS:
command/server: display logs on startup immediately if disable-gated-logs flag is set [GH-24280]
core/activity: Include secret_syncs in activity log responses [GH-24710]
oidc/provider: Adds code_challenge_methods_supported to OpenID Connect Metadata [GH-24979]
storage/raft: Upgrade to bbolt 1.3.8, along with an extra patch to reduce time scanning large freelist maps. [GH-24010]
sys (enterprise): Adds the chroot_namespace field to this sys/internal/ui/resultant-acl endpoint, which exposes the value of the chroot namespace from the
listener config.
ui: latest version of chrome does not automatically redirect back to the app after authentication unless triggered by the user, hence added a link to redirect back to the app. [GH-18513]
BUG FIXES:
audit/socket: Provide socket based audit backends with 'prefix' configuration option when supplied. [GH-25004]
audit: Fix bug where use of 'log_raw' option could result in other devices logging raw audit data [GH-24968]
auth/saml (enterprise): Fixes support for Microsoft Entra ID enterprise applications
core (enterprise): fix a potential deadlock if an error is received twice from underlying storage for the same key
core: upgrade github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 to
support azure workload identities. [GH-24954]
kmip (enterprise): Only return a Server Correlation Value to clients using KMIP version 1.4.
plugins: fix panic when registering containerized plugin with a custom runtime on a perf standby
ui: Allows users to dismiss the resultant-acl banner. [GH-25106]
ui: Correctly handle redirects from pre 1.15.0 Kv v2 edit, create, and show urls. [GH-24339]
ui: Fixed minor bugs with database secrets engine [GH-24947]
ui: Fixes input for jwks_ca_pem when configuring a JWT auth method [GH-24697]
ui: Fixes policy input toolbar scrolling by default [GH-23297]
ui: The UI can now be used to create or update database roles by operator without permission on the database connection. [GH-24660]
ui: fix KV v2 details view defaulting to JSON view when secret value includes { [GH-24513]
ui: fix incorrectly calculated capabilities on PKI issuer endpoints [GH-24686]
ui: fix issue where kv v2 capabilities checks were not passing in the full secret path if secret was inside a directory. [GH-24404]
ui: fix navigation items shown to user when chroot_namespace configured [GH-24492]
1.15.4
December 06, 2023
SECURITY:
core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see CVE-2023-6337 & HCSEC-2023-34)
CHANGES:
... (truncated)
Commits
0d8b67e backport of UI: JSON editor styling fix (#23306)
c395e8c backport of UI: make resultant-acl banner dismissable (#25108)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/argoproj-labs/argocd-vault-plugin/network/alerts).
Bumps github.com/hashicorp/vault from 1.15.2 to 1.15.5.
Release notes
Sourced from github.com/hashicorp/vault's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/vault's changelog.
... (truncated)
Commits
0d8b67e
backport of UI: JSON editor styling fix (#23306)c395e8c
backport of UI: make resultant-acl banner dismissable (#25108)4fd9977
Go update to 1.21.5 on 1.15 (#25101)fab8268
Revert licese reporting 1.15 (#25087)f03bb90
Update 1.15 to Go 1.21.6 (#25077)1ad6fa2
backport of commit afe599145dda0a3fa1ddce0bf2853c8d07a12bb5 (#25092)79aaafd
Backport of UI: Database fixes (#24947) into release/1.15 (#25042)970bc26
bump github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 version t...72c0fa3
Backport of Update vault-plugin-secrets-ad to v0.16.2 into release/1.15.x (#2...400b3b3
backport of commit 49a59bda5ebdc8beb0a85af25c7be46b270ad4fe (#25072)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show