identity: Fix a panic on arm64 platform when doing identity I/O. [GH-12371]
1.7.7
December 9, 2021
SECURITY:
storage/raft: Integrated Storage backend could be caused to crash by an authenticated user with write permissions to the KV secrets engine. This vulnerability, CVE-2021-45042, was fixed in Vault 1.7.7, 1.8.6, and 1.9.1.
BUG FIXES:
ha (enterprise): Prevents performance standby nodes from serving and caching stale data immediately after performance standby election completes
storage/raft: Fix a panic when trying to store a key > 32KB in a transaction. [GH-13286]
storage/raft: Fix a panic when trying to write a key > 32KB [GH-13282]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/vault/api from 1.6.0 to 1.7.1.
Release notes
Sourced from github.com/hashicorp/vault/api's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/vault/api's changelog.
... (truncated)
Commits
9171422
core/token: fix panic looking up invalid batch tokens (#11415) (#11417)6977c11
stage: update GO_VERSION_MIN and sdk dep (#11414)b296e15
Make cubbyhole revocation/tidying compatible with cubbys in namespaces. (#114...8f371c3
Backport 1.7.1: Add root rotation statements support to database secret engin...0739917
Add support for unauthenticated pprof access on a per-listener basis,… (#1132...224e04e
Cassandra DB plugin: Allow special chars in usernames (#11262) (#11385)9c9675f
Backport (1.7.x): Validate hostnames when using TLS in Cassandra #11365 (#11390)af3f8c4
Update to Go 1.15.11 (#11395)3144d8f
pki: fix tidy removal on revoked entries (#11367) (#11400)7f6a5e3
Updates the JWT/OIDC auth plugin to v0.9.3 (#11388) (#11399)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)