Removes the openpgp.VerifyDetachedSignatureAndSaltedHash function and the packet.SaltedHashSpecifier as they are no longer required. They were introduced for verifying the headers in cleartext messages. However, in the latest crypto-refresh specification, cleartext message headers were dropped.
Documentation: This release adds a new price capacity optimized allocation strategy for Spot Instances to help customers optimize provisioning of Spot Instances via EC2 Auto Scaling, EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity availability and Spot Instance price.
Feature: This release adds a new price capacity optimized allocation strategy for Spot Instances to help customers optimize provisioning of Spot Instances via EC2 Auto Scaling, EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity availability and Spot Instance price.
Feature: This release adds support for task scale-in protection with updateTaskProtection and getTaskProtection APIs. UpdateTaskProtection API can be used to protect a service managed task from being terminated by scale-in events and getTaskProtection API to get the scale-in protection status of a task.
Feature: Amazon OpenSearch Service now offers managed VPC endpoints to connect to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This feature allows you to privately access OpenSearch Service domain without using public IPs or requiring traffic to traverse the Internet.
Feature: AWS introduces the new Amazon EventBridge Scheduler. EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage tasks from one central, managed service.
Feature: Amazon EC2 Trn1 instances, powered by AWS Trainium chips, are purpose built for high-performance deep learning training. u-24tb1.112xlarge and u-18tb1.112xlarge High Memory instances are purpose-built to run large in-memory databases.
Feature: This release adds the preview of customer-provided ephemeris support for AWS Ground Station, allowing space vehicle owners to provide their own position and trajectory information for a satellite.
Feature: This release adds support for Amazon Lightsail to automate the delegation of domains registered through Amazon Route 53 to Lightsail DNS management and to automate record creation for DNS validation of Lightsail SSL/TLS certificates.
Feature: This release adds support for AWS Network Firewall, AWS PrivateLink, and Gateway Load Balancers to Amazon VPC Reachability Analyzer, and it makes the path destination optional as long as a destination address in the filter at source is provided.
Feature: With this release customers can now tag their Application Auto Scaling registered targets with key-value pairs and manage IAM permissions for all the tagged resources centrally.
Feature: This release makes following few changes. db-cluster-identifier is now a required parameter of create-db-instance. describe-db-cluster will now return PendingModifiedValues and GlobalClusterIdentifier fields in the response.
Feature: This release adds a new API, SearchResources, which enable users to search through metadata and content of folders, documents, document versions and comments in a WorkDocs site.
Feature: S3 setting to create AWS Glue Data Catalog. Oracle setting to control conversion of timestamp column. Support for Kafka SASL Plain authentication. Setting to map boolean from PostgreSQL to Redshift. SQL Server settings to force lob lookup on inline LOBs and to control access of database logs.
Release (2023-03-16)
General Highlights
Dependency Update: Updated to the latest SDK module versions
secrets/ssh: removal of the deprecated dynamic keys mode. When any remaining dynamic key leases expire, an error stating secret is unsupported by this backend will be thrown by the lease manager. [GH-18874]
CHANGES:
auth/alicloud: require the role field on login [GH-19005]
auth/approle: Add maximum length of 4096 for approle role_names, as this value results in HMAC calculation [GH-17768]
auth: Returns invalid credentials for ldap, userpass and approle when wrong credentials are provided for existent users.
This will only be used internally for implementing user lockout. [GH-17104]
core: Bump Go version to 1.20.1.
core: Vault version has been moved out of sdk and into main vault module.
Plugins using sdk/useragent.String must instead use sdk/useragent.PluginString. [GH-14229]
logging: Removed legacy environment variable for log format ('LOGXI_FORMAT'), should use 'VAULT_LOG_FORMAT' instead [GH-17822]
plugins: Mounts can no longer be pinned to a specific builtin version. Mounts previously pinned to a specific builtin version will now automatically upgrade to the latest builtin version, and may now be overridden if an unversioned plugin of the same name and type is registered. Mounts using plugin versions without builtin in their metadata remain unaffected. [GH-18051]
plugins: GET /database/config/:name endpoint now returns an additional plugin_version field in the response data. [GH-16982]
plugins: GET /sys/auth/:path/tune and GET /sys/mounts/:path/tune endpoints may now return an additional plugin_version field in the response data if set. [GH-17167]
plugins: GET for /sys/auth, /sys/auth/:path, /sys/mounts, and /sys/mounts/:path paths now return additional plugin_version, running_plugin_version and running_sha256 fields in the response data for each mount. [GH-17167]
sdk: Remove version package, make useragent.String versionless. [GH-19068]
secrets/aws: do not create leases for non-renewable/non-revocable STS credentials to reduce storage calls [GH-15869]
secrets/gcpkms: Updated plugin from v0.13.0 to v0.14.0 [GH-19063]
sys/internal/inspect: Turns of this endpoint by default. A SIGHUP can now be used to reload the configs and turns this endpoint on.
Azure Auth Managed Identities: Allow any Azure resource that supports managed identities to authenticate with Vault [GH-19077]
Azure Auth Rotate Root: Add support for rotate root in Azure Auth engine [GH-19077]
Event System (Alpha): Vault has a new opt-in experimental event system. Not yet suitable for production use. Events are currently only generated on writes to the KV secrets engine, but external plugins can also be updated to start generating events. [GH-19194]
GCP Secrets Impersonated Account Support: Add support for GCP service account impersonation, allowing callers to generate a GCP access token without requiring Vault to store or retrieve a GCP service account key for each role. [GH-19018]
Kubernetes Secrets Engine UI: Kubernetes is now available in the UI as a supported secrets engine. [GH-17893]
New PKI UI: Add beta support for new and improved PKI UI [GH-18842]
PKI Cross-Cluster Revocations: Revocation information can now be
synchronized across primary and performance replica clusters offering
a unified CRL/OCSP view of revocations across cluster boundaries. [GH-19196]
Server UDS Listener: Adding listener to Vault server to serve http request via unix domain socket [GH-18227]
Transit managed keys: The transit secrets engine now supports configuring and using managed keys
User Lockout: Adds support to configure the user-lockout behaviour for failed logins to prevent
brute force attacks for userpass, approle and ldap auth methods. [GH-19230]
VMSS Flex Authentication: Adds support for Virtual Machine Scale Set Flex Authentication [GH-19077]
Namespaces (enterprise): Added the ability to allow access to secrets and more to be shared across namespaces that do not share a namespace hierarchy. Using the new sys/config/group-policy-application API, policies can be configured to apply outside of namespace hierarchy, allowing this kind of cross-namespace sharing.
OpenAPI-based Go & .NET Client Libraries (Beta): We have now made available two new OpenAPI-based Go & .NET Client libraries (beta). You can use them to perform various secret management operations easily from your applications.
IMPROVEMENTS:
Redis ElastiCache DB Engine: Renamed configuration parameters for disambiguation; old parameters still supported for compatibility. [GH-18752]
secrets/ssh: removal of the deprecated dynamic keys mode. When any remaining dynamic key leases expire, an error stating secret is unsupported by this backend will be thrown by the lease manager. [GH-18874]
auth/approle: When using the Vault and Vault Enterprise (Vault) approle auth method, any authenticated user with access to the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999 has been fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. [HSEC-2023-07]
CHANGES:
auth/alicloud: require the role field on login [GH-19005]
auth/approle: Add maximum length of 4096 for approle role_names, as this value results in HMAC calculation [GH-17768]
auth: Returns invalid credentials for ldap, userpass and approle when wrong credentials are provided for existent users.
This will only be used internally for implementing user lockout. [GH-17104]
core: Bump Go version to 1.20.1.
core: Vault version has been moved out of sdk and into main vault module.
Plugins using sdk/useragent.String must instead use sdk/useragent.PluginString. [GH-14229]
logging: Removed legacy environment variable for log format ('LOGXI_FORMAT'), should use 'VAULT_LOG_FORMAT' instead [GH-17822]
plugins: Mounts can no longer be pinned to a specific builtin version. Mounts previously pinned to a specific builtin version will now automatically upgrade to the latest builtin version, and may now be overridden if an unversioned plugin of the same name and type is registered. Mounts using plugin versions without builtin in their metadata remain unaffected. [GH-18051]
plugins: GET /database/config/:name endpoint now returns an additional plugin_version field in the response data. [GH-16982]
plugins: GET /sys/auth/:path/tune and GET /sys/mounts/:path/tune endpoints may now return an additional plugin_version field in the response data if set. [GH-17167]
plugins: GET for /sys/auth, /sys/auth/:path, /sys/mounts, and /sys/mounts/:path paths now return additional plugin_version, running_plugin_version and running_sha256 fields in the response data for each mount. [GH-17167]
sdk: Remove version package, make useragent.String versionless. [GH-19068]
secrets/aws: do not create leases for non-renewable/non-revocable STS credentials to reduce storage calls [GH-15869]
secrets/gcpkms: Updated plugin from v0.13.0 to v0.14.0 [GH-19063]
sys/internal/inspect: Turns of this endpoint by default. A SIGHUP can now be used to reload the configs and turns this endpoint on.
User lockout: Ignore repeated bad credentials from the same user for a configured period of time. Enabled by default.
Azure Auth Managed Identities: Allow any Azure resource that supports managed identities to authenticate with Vault [GH-19077]
Azure Auth Rotate Root: Add support for rotate root in Azure Auth engine [GH-19077]
Event System (Alpha): Vault has a new opt-in experimental event system. Not yet suitable for production use. Events are currently only generated on writes to the KV secrets engine, but external plugins can also be updated to start generating events. [GH-19194]
GCP Secrets Impersonated Account Support: Add support for GCP service account impersonation, allowing callers to generate a GCP access token without requiring Vault to store or retrieve a GCP service account key for each role. [GH-19018]
Kubernetes Secrets Engine UI: Kubernetes is now available in the UI as a supported secrets engine. [GH-17893]
New PKI UI: Add beta support for new and improved PKI UI [GH-18842]
PKI Cross-Cluster Revocations: Revocation information can now be
synchronized across primary and performance replica clusters offering
a unified CRL/OCSP view of revocations across cluster boundaries. [GH-19196]
Server UDS Listener: Adding listener to Vault server to serve http request via unix domain socket [GH-18227]
Transit managed keys: The transit secrets engine now supports configuring and using managed keys
User Lockout: Adds support to configure the user-lockout behaviour for failed logins to prevent
brute force attacks for userpass, approle and ldap auth methods. [GH-19230]
VMSS Flex Authentication: Adds support for Virtual Machine Scale Set Flex Authentication [GH-19077]
Namespaces (enterprise): Added the ability to allow access to secrets and more to be shared across namespaces that do not share a namespace hierarchy. Using the new sys/config/group-policy-application API, policies can be configured to apply outside of namespace hierarchy, allowing this kind of cross-namespace sharing.
OpenAPI-based Go & .NET Client Libraries (Beta): We have now made available two new [OpenAPI-based Go] & [OpenAPI-based .NET] Client libraries (beta). You can use them to perform various secret management operations easily from your applications.
Bumps the go group with 10 updates in the / directory:
1.15.7
1.15.9
1.9.2
1.11.1
1.5.1
1.5.2
1.1.0-alpha.0-proton
1.1.0-alpha.2
1.25.0
1.26.1
1.27.0
1.27.11
1.16.0
1.16.15
1.28.1
1.31.0
1.12.0
1.13.0
1.22.14
1.22.15
Updates
cloud.google.com/go/kms
from 1.15.7 to 1.15.9Release notes
Sourced from cloud.google.com/go/kms's releases.
Commits
b1c9263
chore: release main (#10004)a03bd0e
chore(spanner): update Spanner owner to harshachinta (#10060)7e8600a
chore(all): update deps (#10058)daea9d1
chore(deps): ignore go.opentelemetry.io/contrib/detectors/gcp (#10077)59457a3
feat(shopping): new shopping.merchant.conversions client (#10076)e82cc5f
feat(streetview): new client(s) (#10075)7656129
feat(aiplatform): A new valueTPU_V5_LITEPOD
is added to enum `AcceleratorT...f537fdd
chore: generate streetview publish client (#10072)1d757c6
docs(batch): Update description on allowed_locations in LocationPolicy field ...bb47185
chore(spanner): temporarily skip spanner tests (#10071)Updates
cloud.google.com/go/storage
from 1.38.0 to 1.39.1Commits
71dc4c6
chore(main): release storage 1.39.1 (#9524)ae7dc65
chore(apphub): add config to generate apiv1 (#9550)50fcc6e
chore(main): release bigtable 1.22.0 (#9551)74dcd1f
chore(securitycenter): add config to generate apiv2 (#9549)3f4d7c2
chore(cloudcontrolspartner): add config to generate apiv1 (#9548)48614ab
chore(bigtable): release 1.22.0 (#9547)511d9b2
fix(vertexai): clarify Client.GenerativeModel documentation (#9533)f0a2781
chore: re-drop weak refs to parent modules and tag (#9545)bdf2f17
chore(main): release auth 0.1.1 (#8920)9b97ce7
feat(spanner/spansql): support Table rename & Table synonym (#9275)Updates
github.com/Azure/azure-sdk-for-go/sdk/azcore
from 1.9.2 to 1.11.1Release notes
Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.
Commits
76e5495
Prep azcore@v1.11.1 for release (#22680)2650473
Increment package version after release of messaging/azeventhubs (#22677)51ef615
runtime.Poller.Result won't be done on non-terminal error (#22675)aef7678
Increment package version after release of messaging/azservicebus (#22678)a67b4de
Increment package version after release of messaging/eventgrid/azeventgrid (#...e978d51
[azopenai] Updating doc comments based on feedback from an issue, as well as ...4116d5d
Don't consider 408 as terminal failure for Location poller (#22674)e036aea
Sync eng/common directory with azure-sdk-tools for PR 7989 (#22673)53f73ad
Sync eng/common directory with azure-sdk-tools for PR 7988 (#22672)9e78ee2
[azeventgrid] Prepping for first GA of the Event Grid Basic package. (#22667)Updates
github.com/Azure/azure-sdk-for-go/sdk/azidentity
from 1.5.1 to 1.5.2Release notes
Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.
Commits
299ebfe
Prepare internal for release (#22339)d00123d
Update packages (#22338)0a332e3
Fix issue in Verify-Link.ps1 after PS 7.4 update (#22336)c8ae7ed
Sync eng/common directory with azure-sdk-tools for PR 7615 (#22335)9ae828c
Replace ErrAuthenticationRequired with AuthenticationRequiredError (#22317)7c50f09
[Release] sdk/resourcemanager/springappdiscovery/armspringappdiscovery/0.1.0 ...b36de61
Added spec location verification to the release pipeline (#22301)00f2b8b
Go SDK for Azure Web PubSub Data plane (#21929)0aa2409
Sync eng/common directory with azure-sdk-tools for PR 7585 (#22312)572ba1f
JSON marshaling helpers will preserve Content-Type (#22309)Updates
github.com/ProtonMail/go-crypto
from 1.1.0-alpha.0-proton to 1.1.0-alpha.2Release notes
Sourced from github.com/ProtonMail/go-crypto's releases.
Commits
9d2beb2
Remove VerifyDetachedSignatureAndSaltedHash and SaltedHashSpecifier (#196)Updates
github.com/aws/aws-sdk-go-v2
from 1.25.0 to 1.26.1Commits
0fde27c
Release 2024-03-2957e0d95
Regenerated Clientse114db5
Update SDK's smithy-go dependency to v1.20.2f456f07
Update endpoints model96b431a
Update API model6a694c7
dep: upgrade to smithy 1.47.0 (#2587)973665b
Release 2024-03-288b24e40
Regenerated Clients8788e04
Update endpoints model0480396
Update API modelUpdates
github.com/aws/aws-sdk-go-v2/config
from 1.27.0 to 1.27.11Commits
59563c7
Release 2024-04-053309337
Regenerated Clients3fd6e11
Update endpoints modela600d8d
Update API model735c0ae
Release 2024-04-043315561
Regenerated Clients2f687cd
Update endpoints model7d5cfa8
Update API model97d2f19
Release 2024-04-0388040cb
Regenerated ClientsUpdates
github.com/aws/aws-sdk-go-v2/credentials
from 1.17.0 to 1.17.11Changelog
Sourced from github.com/aws/aws-sdk-go-v2/credentials's changelog.
... (truncated)
Commits
0966539
Release 2022-11-10aec7ab6
Regenerated Clientsd008171
Update endpoints model29d44eb
Update API model01cee3e
Release 2022-11-09a947341
Regenerated Clients7aa742a
Update API model89b64d9
Release 2022-11-08312cdea
Regenerated Clients8ee4708
Update endpoints modelUpdates
github.com/aws/aws-sdk-go-v2/feature/s3/manager
from 1.16.0 to 1.16.15Commits
4b3b917
Release 2022-09-143ad6cfd
Regenerated Clientsabfad89
Update SDK's smithy-go dependency to v1.13.3b5262aa
Update SDK with latest version of API models (#1844)a13b7a4
codegen: Upgrade to smithy 1.25.0 (#1835)296bfb3
Update PULL_REQUEST_TEMPLATE.md (#1843)63566f0
Update BuildAuthToken to validate endpoint contains a port (#1837)b011f04
Update credentials.go (#1841)018b8c3
Amend typological errors in retryer package comments5b135f8
Release 2022-09-02.2Updates
github.com/aws/aws-sdk-go-v2/service/kms
from 1.28.1 to 1.31.0Changelog
Sourced from github.com/aws/aws-sdk-go-v2/service/kms's changelog.
... (truncated)
Commits
390cf19
Release 2023-03-21c37c72a
Regenerated Clientsd1e5193
Update endpoints model2506101
Update API modelc93b5cc
Merge pull request #2051 from aws/add100ContinueCustomizationc01aac6
Keep one changelog for PR3780faa
Keep one changelog for PRb94b5b7
Merge remote-tracking branch 'origin/add100ContinueCustomization' into add100...6174ff2
Change some variable name and use operation shape id to represent operation s...83491fc
add changelog to last commitUpdates
github.com/aws/aws-sdk-go-v2/service/s3
from 1.49.0 to 1.53.1Commits
0fde27c
Release 2024-03-2957e0d95
Regenerated Clientse114db5
Update SDK's smithy-go dependency to v1.20.2f456f07
Update endpoints model96b431a
Update API model6a694c7
dep: upgrade to smithy 1.47.0 (#2587)973665b
Release 2024-03-288b24e40
Regenerated Clients8788e04
Update endpoints model0480396
Update API modelUpdates
github.com/aws/aws-sdk-go-v2/service/sts
from 1.27.0 to 1.28.6Commits
33b8cf5
Release 2023-09-1255e9134
Regenerated Clients49e5eb0
Update endpoints model502be38
Update API modela5fcf9f
Upgrade to smithy core to latest (#2271)7692b7d
Release 2023-09-113d97b4a
Regenerated Clientsc78ce9a
Update API model4c98ee7
Release 2023-09-082b8aaa5
Regenerated ClientsUpdates
github.com/golang/protobuf
from 1.5.3 to 1.5.4Release notes
Sourced from github.com/golang/protobuf's releases.
Commits
75de7c0
Merge pull request #1597 from golang/updatedescb7697bb
all: update descriptor.proto to latest versionUpdates
github.com/hashicorp/vault/api
from 1.12.0 to 1.13.0Release notes
Sourced from github.com/hashicorp/vault/api's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/vault/api's changelog.
... (truncated)
Commits
a4cf0dc
Remove rc1 prerelease tag. (#19417)0a42f2a
backport of commit 9bb8321a5bf5b26beae865eb6290bd17aabc159f (#19409)75f1ea2
backport of commit eb70bfdc5bfb0dd4c47326e1933b94bd93602c56 (#19407)20e201b
backport of commit da31528fdc0d9b043a21b1676694eecfaef130db (#19405)7383b52
backport of commit 52bbf65ae7232e9306c8c8d7d392399f82d24f04 (#19397)b3dc15f
backport of commit ba013912b1b2fd75fd7776fecb5e5f0329cb21e4 (#19396)1240c8c
backport of commit 538bb799e49ba12e6b6fec9877d7a03b2225d239 (#19381)478b6f1
backport of commit 7b2ff1f111b95786528bd578fea5f25b88afb119 (#19382)a5edc66
backport of commit d35be2d0de3d1c036248570c538c2051c4c1dc57 (#19375)a0beacd
Backport of add nil check for secret id entry on delete via accessor into rel...Superseded by #1507.