search

hashicorp / vault-secrets-operator

The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.
https://hashicorp.com
Other
471 stars 102 forks source link

Bump github.com/hashicorp/vault/api from 1.13.0 to 1.15.0 #920

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps github.com/hashicorp/vault/api from 1.13.0 to 1.15.0.

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.15.0

1.15.0

September 27, 2023

SECURITY:

  • secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [GH-22852]

CHANGES:

  • auth/alicloud: Update plugin to v0.16.0 [GH-22646]
  • auth/azure: Update plugin to v0.16.0 [GH-22277]
  • auth/azure: Update plugin to v0.16.1 [GH-22795]
  • auth/azure: Update plugin to v0.16.2 [GH-23060]
  • auth/cf: Update plugin to v0.15.1 [GH-22758]
  • auth/gcp: Update plugin to v0.16.1 [GH-22612]
  • auth/jwt: Update plugin to v0.17.0 [GH-22678]
  • auth/kerberos: Update plugin to v0.10.1 [GH-22797]
  • auth/kubernetes: Update plugin to v0.17.0 [GH-22709]
  • auth/kubernetes: Update plugin to v0.17.1 [GH-22879]
  • auth/ldap: Normalize HTTP response codes when invalid credentials are provided [GH-21282]
  • auth/oci: Update plugin to v0.14.2 [GH-22805]
  • core (enterprise): Ensure Role Governing Policies are only applied down the namespace hierarchy
  • core/namespace (enterprise): Introduce the concept of high-privilege namespace (administrative namespace), which will have access to some system backend paths that were previously only accessible in the root namespace. [GH-21215]
  • core: Bump Go version to 1.21.1.
  • database/couchbase: Update plugin to v0.9.3 [GH-22854]
  • database/couchbase: Update plugin to v0.9.4 [GH-22871]
  • database/elasticsearch: Update plugin to v0.13.3 [GH-22696]
  • database/mongodbatlas: Update plugin to v0.10.1 [GH-22655]
  • database/redis-elasticache: Update plugin to v0.2.2 [GH-22584]
  • database/redis-elasticache: Update plugin to v0.2.3 [GH-22598]
  • database/redis: Update plugin to v0.2.2 [GH-22654]
  • database/snowflake: Update plugin to v0.9.0 [GH-22516]
  • events: Log level for processing an event dropped from info to debug. [GH-22997]
  • events: data_path will include full data path of secret, including name. [GH-22487]
  • replication (enterprise): Switch to non-deprecated gRPC field for resolver target host
  • sdk/logical/events: EventSender interface method is now SendEvent instead of Send. [GH-22487]
  • secrets/ad: Update plugin to v0.16.1 [GH-22856]
  • secrets/alicloud: Update plugin to v0.15.1 [GH-22533]
  • secrets/azure: Update plugin to v0.16.2 [GH-22799]
  • secrets/azure: Update plugin to v0.16.3 [GH-22824]
  • secrets/gcp: Update plugin to v0.17.0 [GH-22746]
  • secrets/gcpkms: Update plugin to v0.15.1 [GH-22757]
  • secrets/keymgmt: Update plugin to v0.9.3
  • secrets/kubernetes: Update plugin to v0.6.0 [GH-22823]
  • secrets/kv: Update plugin to v0.16.1 [GH-22716]
  • secrets/mongodbatlas: Update plugin to v0.10.1 [GH-22748]
  • secrets/openldap: Update plugin to v0.11.2 [GH-22734]
  • secrets/terraform: Update plugin to v0.7.3 [GH-22907]

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

1.15.0

September 27, 2023

SECURITY:

  • secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. This vulnerability, CVE-2023-4680, is fixed in Vault 1.14.3, 1.13.7, and 1.12.11. [GH-22852, HSEC-2023-28]
  • sentinel (enterprise): Sentinel RGP policies allowed for cross-namespace denial-of-service. This vulnerability, CVE-2023-3775, is fixed in Vault Enterprise 1.15.0, 1.14.4, and 1.13.8.[HSEC-2023-29]

CHANGES:

  • auth/alicloud: Update plugin to v0.16.0 [GH-22646]
  • auth/azure: Update plugin to v0.16.0 [GH-22277]
  • auth/azure: Update plugin to v0.16.1 [GH-22795]
  • auth/azure: Update plugin to v0.16.2 [GH-23060]
  • auth/cf: Update plugin to v0.15.1 [GH-22758]
  • auth/gcp: Update plugin to v0.16.1 [GH-22612]
  • auth/jwt: Update plugin to v0.17.0 [GH-22678]
  • auth/kerberos: Update plugin to v0.10.1 [GH-22797]
  • auth/kubernetes: Update plugin to v0.17.0 [GH-22709]
  • auth/kubernetes: Update plugin to v0.17.1 [GH-22879]
  • auth/ldap: Normalize HTTP response codes when invalid credentials are provided [GH-21282]
  • auth/oci: Update plugin to v0.14.2 [GH-22805]
  • core (enterprise): Ensure Role Governing Policies are only applied down the namespace hierarchy
  • core/namespace (enterprise): Introduce the concept of high-privilege namespace (administrative namespace), which will have access to some system backend paths that were previously only accessible in the root namespace. [GH-21215]
  • core: Bump Go version to 1.21.1.
  • database/couchbase: Update plugin to v0.9.3 [GH-22854]
  • database/couchbase: Update plugin to v0.9.4 [GH-22871]
  • database/elasticsearch: Update plugin to v0.13.3 [GH-22696]
  • database/mongodbatlas: Update plugin to v0.10.1 [GH-22655]
  • database/redis-elasticache: Update plugin to v0.2.2 [GH-22584]
  • database/redis-elasticache: Update plugin to v0.2.3 [GH-22598]
  • database/redis: Update plugin to v0.2.2 [GH-22654]
  • database/snowflake: Update plugin to v0.9.0 [GH-22516]
  • events: Log level for processing an event dropped from info to debug. [GH-22997]
  • events: data_path will include full data path of secret, including name. [GH-22487]
  • replication (enterprise): Switch to non-deprecated gRPC field for resolver target host
  • sdk/logical/events: EventSender interface method is now SendEvent instead of Send. [GH-22487]
  • secrets/ad: Update plugin to v0.16.1 [GH-22856]
  • secrets/alicloud: Update plugin to v0.15.1 [GH-22533]
  • secrets/azure: Update plugin to v0.16.2 [GH-22799]
  • secrets/azure: Update plugin to v0.16.3 [GH-22824]
  • secrets/gcp: Update plugin to v0.17.0 [GH-22746]
  • secrets/gcpkms: Update plugin to v0.15.1 [GH-22757]
  • secrets/keymgmt: Update plugin to v0.9.3
  • secrets/kubernetes: Update plugin to v0.6.0 [GH-22823]
  • secrets/kv: Update plugin to v0.16.1 [GH-22716]
  • secrets/mongodbatlas: Update plugin to v0.10.1 [GH-22748]
  • secrets/openldap: Update plugin to v0.11.2 [GH-22734]
  • secrets/terraform: Update plugin to v0.7.3 [GH-22907]

... (truncated)

Commits
  • b4d0727 backport of commit 771470c28f099c2af5342c76d94716d45aa6887e (#23012)
  • f8da51c backport of commit 88ed074287d99da0e298589c5236fa094f770b08 (#23263)
  • 9e00b34 backport of commit ac9f411949b57669884157a6b6239cb586023175 (#23259)
  • 20af1eb backport of commit 036cbcebd9c5669edbb4519c68cc56f8b83f12d6 (#23258)
  • 99b916a backport of commit 8924f9592d9ff6013c11d5459c376a90908a3c4c (#23257)
  • 4e439e0 backport of commit 1d61aeb8aebc96eecbb6a35e10bd914b4d0f41f4 (#23249)
  • 565427a backport of commit 1e76ad42ef4221cb8a58e050d2edbfc552a878a0 (#23247)
  • 6fafd52 backport: Support mlock and custom tmpdir for containerized plugins (#23215) ...
  • d3927bc Backport UI: Add pagination to new PKI (#23238)
  • 5603003 backport of commit 68dd82c902ecf4487d9c17729527da9befb81a7f (#23246)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 months ago

Superseded by #929.