service/medialive: Updates service API and documentation
AWS Elemental MediaLive now supports configuring how SCTE 35 passthrough triggers segment breaks in HLS and MediaPackage output groups. Previously, messages triggered breaks in all these output groups. The new option is to trigger segment breaks only in groups that have SCTE 35 passthrough enabled.
Release v1.52.2 (2024-05-03)
Service Client Updates
service/bedrock-agent: Updates service API and documentation
service/connect: Updates service API and documentation
service/connectcases: Updates service API and documentation
service/datasync: Updates service API and documentation
service/inspector2: Updates service API and documentation
service/sagemaker: Updates service API and documentation
Amazon SageMaker Inference now supports m6i, c6i, r6i, m7i, c7i, r7i and g5 instance types for Batch Transform Jobs
service/sesv2: Updates service API and documentation
Release v1.52.1 (2024-05-02)
Service Client Updates
service/dynamodb: Updates service API, documentation, waiters, paginators, and examples
This release adds support to specify an optional, maximum OnDemandThroughput for DynamoDB tables and global secondary indexes in the CreateTable or UpdateTable APIs. You can also override the OnDemandThroughput settings by calling the ImportTable, RestoreFromPointInTime, or RestoreFromBackup APIs.
service/ec2: Updates service API and documentation
This release includes a new API for retrieving the public endorsement key of the EC2 instance's Nitro Trusted Platform Module (NitroTPM).
service/personalize: Updates service API and documentation
service/redshift-serverless: Updates service API and documentation
Release v1.52.0 (2024-05-01)
Service Client Updates
service/bedrock-agent: Updates service API and documentation
service/ec2: Updates service documentation
Documentation updates for Amazon EC2.
service/personalize-runtime: Updates service API and documentation
service/securityhub: Updates service API and documentation
service/sesv2: Updates service API
SDK Features
service/alexaforbusiness: Remove Alexaforbusiness
This change removes the Alexaforbusiness service, since it is deprecated.
secrets/ssh: removal of the deprecated dynamic keys mode. When any remaining dynamic key leases expire, an error stating secret is unsupported by this backend will be thrown by the lease manager. [GH-18874]
CHANGES:
auth/alicloud: require the role field on login [GH-19005]
auth/approle: Add maximum length of 4096 for approle role_names, as this value results in HMAC calculation [GH-17768]
auth: Returns invalid credentials for ldap, userpass and approle when wrong credentials are provided for existent users.
This will only be used internally for implementing user lockout. [GH-17104]
core: Bump Go version to 1.20.1.
core: Vault version has been moved out of sdk and into main vault module.
Plugins using sdk/useragent.String must instead use sdk/useragent.PluginString. [GH-14229]
logging: Removed legacy environment variable for log format ('LOGXI_FORMAT'), should use 'VAULT_LOG_FORMAT' instead [GH-17822]
plugins: Mounts can no longer be pinned to a specific builtin version. Mounts previously pinned to a specific builtin version will now automatically upgrade to the latest builtin version, and may now be overridden if an unversioned plugin of the same name and type is registered. Mounts using plugin versions without builtin in their metadata remain unaffected. [GH-18051]
plugins: GET /database/config/:name endpoint now returns an additional plugin_version field in the response data. [GH-16982]
plugins: GET /sys/auth/:path/tune and GET /sys/mounts/:path/tune endpoints may now return an additional plugin_version field in the response data if set. [GH-17167]
plugins: GET for /sys/auth, /sys/auth/:path, /sys/mounts, and /sys/mounts/:path paths now return additional plugin_version, running_plugin_version and running_sha256 fields in the response data for each mount. [GH-17167]
sdk: Remove version package, make useragent.String versionless. [GH-19068]
secrets/aws: do not create leases for non-renewable/non-revocable STS credentials to reduce storage calls [GH-15869]
secrets/gcpkms: Updated plugin from v0.13.0 to v0.14.0 [GH-19063]
sys/internal/inspect: Turns of this endpoint by default. A SIGHUP can now be used to reload the configs and turns this endpoint on.
Azure Auth Managed Identities: Allow any Azure resource that supports managed identities to authenticate with Vault [GH-19077]
Azure Auth Rotate Root: Add support for rotate root in Azure Auth engine [GH-19077]
Event System (Alpha): Vault has a new opt-in experimental event system. Not yet suitable for production use. Events are currently only generated on writes to the KV secrets engine, but external plugins can also be updated to start generating events. [GH-19194]
GCP Secrets Impersonated Account Support: Add support for GCP service account impersonation, allowing callers to generate a GCP access token without requiring Vault to store or retrieve a GCP service account key for each role. [GH-19018]
Kubernetes Secrets Engine UI: Kubernetes is now available in the UI as a supported secrets engine. [GH-17893]
New PKI UI: Add beta support for new and improved PKI UI [GH-18842]
PKI Cross-Cluster Revocations: Revocation information can now be
synchronized across primary and performance replica clusters offering
a unified CRL/OCSP view of revocations across cluster boundaries. [GH-19196]
Server UDS Listener: Adding listener to Vault server to serve http request via unix domain socket [GH-18227]
Transit managed keys: The transit secrets engine now supports configuring and using managed keys
User Lockout: Adds support to configure the user-lockout behaviour for failed logins to prevent
brute force attacks for userpass, approle and ldap auth methods. [GH-19230]
VMSS Flex Authentication: Adds support for Virtual Machine Scale Set Flex Authentication [GH-19077]
Namespaces (enterprise): Added the ability to allow access to secrets and more to be shared across namespaces that do not share a namespace hierarchy. Using the new sys/config/group-policy-application API, policies can be configured to apply outside of namespace hierarchy, allowing this kind of cross-namespace sharing.
OpenAPI-based Go & .NET Client Libraries (Beta): We have now made available two new OpenAPI-based Go & .NET Client libraries (beta). You can use them to perform various secret management operations easily from your applications.
IMPROVEMENTS:
Redis ElastiCache DB Engine: Renamed configuration parameters for disambiguation; old parameters still supported for compatibility. [GH-18752]
secrets/ssh: removal of the deprecated dynamic keys mode. When any remaining dynamic key leases expire, an error stating secret is unsupported by this backend will be thrown by the lease manager. [GH-18874]
auth/approle: When using the Vault and Vault Enterprise (Vault) approle auth method, any authenticated user with access to the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999 has been fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. [HSEC-2023-07]
CHANGES:
auth/alicloud: require the role field on login [GH-19005]
auth/approle: Add maximum length of 4096 for approle role_names, as this value results in HMAC calculation [GH-17768]
auth: Returns invalid credentials for ldap, userpass and approle when wrong credentials are provided for existent users.
This will only be used internally for implementing user lockout. [GH-17104]
core: Bump Go version to 1.20.1.
core: Vault version has been moved out of sdk and into main vault module.
Plugins using sdk/useragent.String must instead use sdk/useragent.PluginString. [GH-14229]
logging: Removed legacy environment variable for log format ('LOGXI_FORMAT'), should use 'VAULT_LOG_FORMAT' instead [GH-17822]
plugins: Mounts can no longer be pinned to a specific builtin version. Mounts previously pinned to a specific builtin version will now automatically upgrade to the latest builtin version, and may now be overridden if an unversioned plugin of the same name and type is registered. Mounts using plugin versions without builtin in their metadata remain unaffected. [GH-18051]
plugins: GET /database/config/:name endpoint now returns an additional plugin_version field in the response data. [GH-16982]
plugins: GET /sys/auth/:path/tune and GET /sys/mounts/:path/tune endpoints may now return an additional plugin_version field in the response data if set. [GH-17167]
plugins: GET for /sys/auth, /sys/auth/:path, /sys/mounts, and /sys/mounts/:path paths now return additional plugin_version, running_plugin_version and running_sha256 fields in the response data for each mount. [GH-17167]
sdk: Remove version package, make useragent.String versionless. [GH-19068]
secrets/aws: do not create leases for non-renewable/non-revocable STS credentials to reduce storage calls [GH-15869]
secrets/gcpkms: Updated plugin from v0.13.0 to v0.14.0 [GH-19063]
sys/internal/inspect: Turns of this endpoint by default. A SIGHUP can now be used to reload the configs and turns this endpoint on.
User lockout: Ignore repeated bad credentials from the same user for a configured period of time. Enabled by default.
Azure Auth Managed Identities: Allow any Azure resource that supports managed identities to authenticate with Vault [GH-19077]
Azure Auth Rotate Root: Add support for rotate root in Azure Auth engine [GH-19077]
Event System (Alpha): Vault has a new opt-in experimental event system. Not yet suitable for production use. Events are currently only generated on writes to the KV secrets engine, but external plugins can also be updated to start generating events. [GH-19194]
GCP Secrets Impersonated Account Support: Add support for GCP service account impersonation, allowing callers to generate a GCP access token without requiring Vault to store or retrieve a GCP service account key for each role. [GH-19018]
Kubernetes Secrets Engine UI: Kubernetes is now available in the UI as a supported secrets engine. [GH-17893]
New PKI UI: Add beta support for new and improved PKI UI [GH-18842]
PKI Cross-Cluster Revocations: Revocation information can now be
synchronized across primary and performance replica clusters offering
a unified CRL/OCSP view of revocations across cluster boundaries. [GH-19196]
Server UDS Listener: Adding listener to Vault server to serve http request via unix domain socket [GH-18227]
Transit managed keys: The transit secrets engine now supports configuring and using managed keys
User Lockout: Adds support to configure the user-lockout behaviour for failed logins to prevent
brute force attacks for userpass, approle and ldap auth methods. [GH-19230]
VMSS Flex Authentication: Adds support for Virtual Machine Scale Set Flex Authentication [GH-19077]
Namespaces (enterprise): Added the ability to allow access to secrets and more to be shared across namespaces that do not share a namespace hierarchy. Using the new sys/config/group-policy-application API, policies can be configured to apply outside of namespace hierarchy, allowing this kind of cross-namespace sharing.
OpenAPI-based Go & .NET Client Libraries (Beta): We have now made available two new [OpenAPI-based Go] & [OpenAPI-based .NET] Client libraries (beta). You can use them to perform various secret management operations easily from your applications.
Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.
Maintenance
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]
v1.32.0
1.32.0
Maintenance
Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]
This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.
Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.
Maintenance
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]
1.32.0
Maintenance
Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]
This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.
The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.
[CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445#1449
[FEATURE] collectors: Add version collector. #1422#1427
The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.
[CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445#1449
[FEATURE] collectors: Add version collector. #1422#1427
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-dependencies group with 8 updates in the / directory:
0.12.2
0.13.0
1.51.12
1.52.3
1.28.1
1.28.6
0.3.4
0.3.5
1.12.0
1.13.0
2.15.0
2.17.2
1.18.0
1.19.0
1.5.1
1.5.2
Updates
github.com/IBM/keyprotect-go-client
from 0.12.2 to 0.13.0Release notes
Sourced from github.com/IBM/keyprotect-go-client's releases.
Commits
ef8a971
add info to contributing about the semantic release (#124)406a0f3
feat(build): Update travis distribution in CI file (#123)d81a8cc
feat(build): Add KMIP Management APIs to Go SDK (#122)866c8c2
retractions (#119)Updates
github.com/aws/aws-sdk-go
from 1.51.12 to 1.52.3Release notes
Sourced from github.com/aws/aws-sdk-go's releases.
... (truncated)
Commits
75bdfcd
Release v1.52.3 (2024-05-06) (#5253)417f8a9
Release v1.52.2 (2024-05-03) (#5252)8beb96a
Release v1.52.1 (2024-05-02) (#5251)09c0ee9
Release v1.52.0 (2024-05-01) (#5250)debabd5
Remove alexaforbusiness (#5249)f9db156
Release v1.51.32 (2024-04-30) (#5248)d5a9528
Release v1.51.31 (2024-04-29) (#5245)e267cf1
Merge pull request #5244 from aws/lucix-aws-patch-19e85d0c
Update PULL_REQUEST_TEMPLATE.mdf62236f
Release v1.51.30 (2024-04-26) (#5243)Updates
github.com/aws/aws-sdk-go-v2/service/sts
from 1.28.1 to 1.28.6Commits
33b8cf5
Release 2023-09-1255e9134
Regenerated Clients49e5eb0
Update endpoints model502be38
Update API modela5fcf9f
Upgrade to smithy core to latest (#2271)7692b7d
Release 2023-09-113d97b4a
Regenerated Clientsc78ce9a
Update API model4c98ee7
Release 2023-09-082b8aaa5
Regenerated ClientsUpdates
github.com/google/fscrypt
from 0.3.4 to 0.3.5Changelog
Sourced from github.com/google/fscrypt's changelog.
Commits
49c71de
v0.3.5ec1b997
Upgrade google.golang.org/protobuf to v1.33.02bf4521
README.md: remove old warning about ext4 encryption on removable mediac74be8c
README.md: update documentation about alternativesd00b463
ci.yml: use actions/checkout@v48c12cd6
build(deps): bump golang.org/x/crypto from 0.13.0 to 0.17.0a6c5029
Provide better error message when given a locked regular file6c5fc57
README.md, errors.go: CephFS now supports fscrypt4386958
Bump up required Go version to 1.181ecdfe0
Upgrade github.com/urfave/cliUpdates
github.com/hashicorp/vault/api
from 1.12.0 to 1.13.0Release notes
Sourced from github.com/hashicorp/vault/api's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/vault/api's changelog.
... (truncated)
Commits
a4cf0dc
Remove rc1 prerelease tag. (#19417)0a42f2a
backport of commit 9bb8321a5bf5b26beae865eb6290bd17aabc159f (#19409)75f1ea2
backport of commit eb70bfdc5bfb0dd4c47326e1933b94bd93602c56 (#19407)20e201b
backport of commit da31528fdc0d9b043a21b1676694eecfaef130db (#19405)7383b52
backport of commit 52bbf65ae7232e9306c8c8d7d392399f82d24f04 (#19397)b3dc15f
backport of commit ba013912b1b2fd75fd7776fecb5e5f0329cb21e4 (#19396)1240c8c
backport of commit 538bb799e49ba12e6b6fec9877d7a03b2225d239 (#19381)478b6f1
backport of commit 7b2ff1f111b95786528bd578fea5f25b88afb119 (#19382)a5edc66
backport of commit d35be2d0de3d1c036248570c538c2051c4c1dc57 (#19375)a0beacd
Backport of add nil check for secret id entry on delete via accessor into rel...Updates
github.com/onsi/ginkgo/v2
from 2.15.0 to 2.17.2Release notes
Sourced from github.com/onsi/ginkgo/v2's releases.
... (truncated)
Changelog
Sourced from github.com/onsi/ginkgo/v2's changelog.
... (truncated)
Commits
7836496
v2.17.2d91fe4e
Bump github.com/google/pprof8cb662e
Bump github.com/go-task/slim-sprig to v332259c8
fix: close files3134422
Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#1391)eca81b4
Bump github-pages from 230 to 231 in /docs (#1384)760def8
Bump golang.org/x/tools from 0.19.0 to 0.20.0 (#1383)4ce33f4
Bump golang.org/x/net from 0.23.0 to 0.24.0 (#1381)f2fcd97
Fix test for gomega version bumpfd622d2
Bump github.com/onsi/gomega from 1.30.0 to 1.33.0 (#1390)Updates
github.com/onsi/gomega
from 1.31.1 to 1.33.0Release notes
Sourced from github.com/onsi/gomega's releases.
Changelog
Sourced from github.com/onsi/gomega's changelog.
Commits
f2e65fc
v1.33.002e8706
docs: Receive(POINTER, MATCHER)ec1f186
feat: receiver matcher accepting (POINTER, MATCHER), includes unit tests9999deb
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745)cb5ff21
Bump github-pages from 229 to 230 in /docs (#735)bac6596
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746)4379951
v1.32.0a350b95
Maintain source backwards compatibilitya6c8875
Fix failing test436a197
Migrate github.com/golang/protobuf to google.golang.org/protobufUpdates
github.com/prometheus/client_golang
from 1.18.0 to 1.19.0Release notes
Sourced from github.com/prometheus/client_golang's releases.
Changelog
Sourced from github.com/prometheus/client_golang's changelog.
Commits
77d4003
Add 1.19.0 changelog (#1451)14259fa
Merge pull request #1448 from ywwg/owilliams/content-negotiation6d03920
deps: bump prometheus/common version353395b
Remove support for go 1.19 (#1449)9dd5d2a
Merge pull request #1445 from kavu/add_go122_metrics_testc906a5e
Add support for Go 1.227ac9036
Merge pull request #1440 from prometheus/dependabot/github_actions/github-act...8c7e30f
Merge pull request #1441 from prometheus/dependabot/go_modules/tutorial/whats...08769f8
Bump github.com/prometheus/common in /tutorial/whatsup83d5940
Bump the github-actions group with 2 updatesUpdates
github.com/Azure/azure-sdk-for-go/sdk/azidentity
from 1.5.1 to 1.5.2Release notes
Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.
Commits
299ebfe
Prepare internal for release (#22339)d00123d
Update packages (#22338)0a332e3
Fix issue in Verify-Link.ps1 after PS 7.4 update (#22336)c8ae7ed
Sync eng/common directory with azure-sdk-tools for PR 7615 (#22335)9ae828c
Replace ErrAuthenticationRequired with AuthenticationRequiredError (#22317)7c50f09
[Release] sdk/resourcemanager/springappdiscovery/armspringappdiscovery/0.1.0 ...b36de61
Added spec location verification to the release pipeline (#22301)00f2b8b
Go SDK for Azure Web PubSub Data plane (#21929)0aa2409
Sync eng/common directory with azure-sdk-tools for PR 7585 (#22312)572ba1f
JSON marshaling helpers will preserve Content-Type (#22309)You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show