core/entities: Fixed stranding of aliases upon entity merge, and require explicit selection of which aliases should be kept when some must be deleted [GH-16539]
core: Bump Go version to 1.19.1.
core: Validate input parameters for vault operator init command. Vault 1.12 CLI version is needed to run operator init now. [GH-16379]
identity: a request to /identity/group that includes member_group_ids that contains a cycle will now be responded to with a 400 rather than 500 [GH-15912]
licensing (enterprise): Terminated licenses will no longer result in shutdown. Instead, upgrades
will not be allowed if the license termination time is before the build date of the binary.
plugins: GET /sys/plugins/catalog/:type/:name endpoint now returns an additional version field in the response data. [GH-16688]
plugins: GET /sys/plugins/catalog endpoint now returns an additional detailed field in the response data with a list of additional plugin metadata. [GH-16688]
FEATURES:
Secrets/auth plugin multiplexing: manage multiple plugin configurations with a single plugin process [GH-14946]
secrets/database/hana: Add ability to customize dynamic usernames [GH-16631]
secrets/pki: Add an OCSP responder that implements a subset of RFC6960, answering single serial number OCSP requests for
a specific cluster's revoked certificates in a mount. [GH-16723]
ui: UI support for Okta Number Challenge. [GH-15998]
IMPROVEMENTS:
activity (enterprise): Added new clients unit tests to test accuracy of estimates
agent: Added disable_idle_connections configuration to disable leaving idle connections open in auto-auth, caching and templating. [GH-15986]
agent: Added disable_keep_alives configuration to disable keep alives in auto-auth, caching and templating. [GH-16479]
agent: JWT auto auth now supports a remove_jwt_after_reading config option which defaults to true. [GH-11969]
agent: Send notifications to systemd on start and stop. [GH-9802]
api/mfa: Add namespace path to the MFA read/list endpoint [GH-16911]
api: Add a sentinel error for missing KV secrets [GH-16699]
auth/aws: PKCS7 signatures will now use SHA256 by default in prep for Go 1.18 [GH-16455]
auth/cert: Add metadata to identity-alias [GH-14751]
auth/gcp: Add support for GCE regional instance groups [GH-16435]
auth/jwt: Adds support for Microsoft US Gov L4 to the Azure provider for groups fetching. [GH-16525]
auth/jwt: Improves detection of Windows Subsystem for Linux (WSL) for CLI-based logins. [GH-16525]
auth/kerberos: add add_group_aliases config to include LDAP groups in Vault group aliases [GH-16890]
auth/kerberos: add remove_instance_name parameter to the login CLI and the
Kerberos config in Vault. This removes any instance names found in the keytab
service principal name. [GH-16594]
auth/oidc: Adds support for group membership parsing when using SecureAuth as an OIDC provider. [GH-16274]
cli: CLI commands will print a warning if flags will be ignored because they are passed after positional arguments. [GH-16441]
command/audit: Improve missing type error message [GH-16409]
command/server: add -dev-tls and -dev-tls-cert-dir subcommands to create a Vault dev server with generated certificates and private key. [GH-16421]
core (enterprise): Add HTTP PATCH support for namespaces with an associated namespace patch CLI command
core (enterprise): Add check to vault server command to ensure configured storage backend is supported.
core (enterprise): Add custom metadata support for namespaces
core/activity: generate hyperloglogs containing clientIds for each month during precomputation [GH-16146]
core/activity: refactor activity log api to reuse partial api functions in activity endpoint when current month is specified [GH-16162]
core/activity: use monthly hyperloglogs to calculate new clients approximation for current month [GH-16184]
... (truncated)
Commits
b47a9e7 backport of commit 7f22056686b5a8e71c66e73eeaab4403809b791c (#17039)
e55f85c backport of commit 6c399c1c3b1c24ee830ef62d7966687a01dc5833 (#17286)
24d357e backport of commit fe3daa411ae09f57c38e648f9a9eec54c073b6ca (#17274)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/vault from 1.11.3 to 1.11.4.
Changelog
Sourced from github.com/hashicorp/vault's changelog.
... (truncated)
Commits
b47a9e7
backport of commit 7f22056686b5a8e71c66e73eeaab4403809b791c (#17039)e55f85c
backport of commit 6c399c1c3b1c24ee830ef62d7966687a01dc5833 (#17286)24d357e
backport of commit fe3daa411ae09f57c38e648f9a9eec54c073b6ca (#17274)9064683
resolved conflict (#17262)cd100f9
backport of commit 3eafec8f451625069ca7c08db581df5f7f53e92f (#17207)d3e20ac
backport of commit 523e91601376cbde9fc83cea87576f70f2394cb5 (#17191)9428784
backport of commit 0e84613cc4b231502cadb3fc431f01175d7e7c19 (#17177)31b7a0f
backport of commit 5bc40d1fa9b541d6126f2a218b39f118e2f94ebd (#17169)c304d68
auth/kubernetes: upgrade to v0.13.2 in release/1.11.x (#17162)4ecf420
backport of commit 8fddccdff0ba3004001a5f96a21a0ae5b69d35ed (#17156)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)