auth/jwt: The Authorization Code flow makes use of the Proof Key for Code Exchange (PKCE) extension. [GH-13365]
BUG FIXES:
ui: Fix client count current month data not showing unless monthly history data exists [GH-13396]
1.9.1
December 9, 2021
SECURITY:
storage/raft: Integrated Storage backend could be caused to crash by an authenticated user with write permissions to the KV secrets engine. This vulnerability, CVE-2021-45042, was fixed in Vault 1.7.7, 1.8.6, and 1.9.1.
IMPROVEMENTS:
storage/aerospike: Upgrade aerospike-client-go to v5.6.0. [GH-12165]
BUG FIXES:
auth/approle: Fix regression where unset cidrlist is returned as nil instead of zero-length array. [GH-13235]
ha (enterprise): Prevents performance standby nodes from serving and caching stale data immediately after performance standby election completes
http:Fix /sys/monitor endpoint returning streaming not supported [GH-13200]
identity/oidc: Make the nonce parameter optional for the Authorization Endpoint of OIDC providers. [GH-13231]
identity: Fixes a panic in the OIDC key rotation due to a missing nil check. [GH-13298]
sdk/queue: move lock before length check to prevent panics. [GH-13146]
secrets/azure: Fixes service principal generation when assigning roles that have DataActions. [GH-13277]
secrets/pki: Recognize ed25519 when requesting a response in PKCS8 format [GH-13257]
storage/raft: Fix a panic when trying to store a key > 32KB in a transaction. [GH-13286]
storage/raft: Fix a panic when trying to write a key > 32KB [GH-13282]
ui: Do not show verify connection value on database connection config page [GH-13152]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/vault/api from 1.9.0 to 1.9.2.
Release notes
Sourced from github.com/hashicorp/vault/api's releases.
Changelog
Sourced from github.com/hashicorp/vault/api's changelog.
Commits
f4c6d87
ensure errors are checked (#12989) (#13471)b3091af
Backport 1.9.x: auth/gcp: update to v0.11.3 (#13457) (#13464)d872b67
Add vault revision to --version cmd (#13448)17f221d
crt 1.9 fix for ecr tag (#13423)604c65c
Backport 1.9: move to Go 1.17.5, cimg/go (#13421)e6d6f3d
UI/fix client count partial (#13396) (#13400)cd8a8fe
Backport: auth/jwt: Update plugin to v0.11.3 (#13365) (#13393)8fea6bd
go sdk version upgrade (#13384)a0822e6
upgrade version (#13381)0e1457c
changelog++Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)