auth/ldap: Normalize HTTP response codes when invalid credentials are provided [GH-21282]
core/namespace (enterprise): Introduce the concept of high-privilege namespace (administrative namespace),
which will have access to some system backend paths that were previously only accessible in the root namespace. [GH-21215]
secrets/transform (enterprise): Enforce a transformation role's max_ttl setting on encode requests, a warning will be returned if max_ttl was applied.
IMPROVEMENTS:
core/fips: Add RPM, DEB packages of FIPS 140-2 and HSM+FIPS 140-2 Vault Enterprise.
core: Add a new periodic metric to track the number of available policies, vault.policy.configured.count. [GH-21010]
replication (enterprise): Avoid logging warning if request is forwarded from a performance standby and not a performance secondary
secrets/transform (enterprise): Switch to pgx PostgreSQL driver for better timeout handling
sys/metrics (enterprise): Adds a gauge metric that tracks whether enterprise builtin secret plugins are enabled. [GH-21681]
BUG FIXES:
auth/azure: Fix intermittent 401s by preventing performance secondary clusters from rotating root credentials. [GH-21799]
core: Fixed an instance where incorrect route entries would get tainted. We now pre-calculate namespace specific paths to avoid this. [GH-24170]
identity: Remove caseSensitivityKey to prevent errors while loading groups which could result in missing groups in memDB when duplicates are found. [GH-20965]
replication (enterprise): update primary cluster address after DR failover
secrets/azure: Fix intermittent 401s by preventing performance secondary clusters from rotating root credentials. [GH-21632]
secrets/pki: Prevent deleted issuers from reappearing when migrating from a version 1 bundle to a version 2 bundle (versions including 1.13.0, 1.12.2, and 1.11.6); when managed keys were removed but referenced in the Vault 1.10 legacy CA bundle, this the error: no managed key found with uuid. [GH-21316]
secrets/pki: Support setting both maintain_stored_certificate_counts=false and publish_stored_certificate_count_metrics=false explicitly in tidy config. [GH-20664]
secrets/transform (enterprise): Fix nil panic when deleting a template with tokenization transformations present
secrets/transform (enterprise): Grab shared locks for various read operations, only escalating to write locks if work is required
serviceregistration: Fix bug where multiple nodes in a secondary cluster could be labelled active after updating the cluster's primary [GH-21642]
ui: Fixed an issue where editing an SSH role would clear default_critical_options and default_extension if left unchanged. [GH-21739]
ui: Surface DOMException error when browser settings prevent localStorage. [GH-21503]
v1.13.4
1.13.4
June 21, 2023
BREAKING CHANGES:
secrets/pki: Maintaining running count of certificates will be turned off by default.
To re-enable keeping these metrics available on the tidy status endpoint, enable
maintain_stored_certificate_counts on tidy-config, to also publish them to the
metrics consumer, enable publish_stored_certificate_count_metrics . [GH-18186]
auth/ldap: Normalize HTTP response codes when invalid credentials are provided [GH-21282]
core/namespace (enterprise): Introduce the concept of high-privilege namespace (administrative namespace),
which will have access to some system backend paths that were previously only accessible in the root namespace. [GH-21215]
secrets/transform (enterprise): Enforce a transformation role's max_ttl setting on encode requests, a warning will be returned if max_ttl was applied.
IMPROVEMENTS:
core/fips: Add RPM, DEB packages of FIPS 140-2 and HSM+FIPS 140-2 Vault Enterprise.
core: Add a new periodic metric to track the number of available policies, vault.policy.configured.count. [GH-21010]
replication (enterprise): Avoid logging warning if request is forwarded from a performance standby and not a performance secondary
secrets/transform (enterprise): Switch to pgx PostgreSQL driver for better timeout handling
sys/metrics (enterprise): Adds a gauge metric that tracks whether enterprise builtin secret plugins are enabled. [GH-21681]
BUG FIXES:
auth/azure: Fix intermittent 401s by preventing performance secondary clusters from rotating root credentials. [GH-21799]
core: Fixed an instance where incorrect route entries would get tainted. We now pre-calculate namespace specific paths to avoid this. [GH-24170]
identity: Remove caseSensitivityKey to prevent errors while loading groups which could result in missing groups in memDB when duplicates are found. [GH-20965]
replication (enterprise): update primary cluster address after DR failover
secrets/azure: Fix intermittent 401s by preventing performance secondary clusters from rotating root credentials. [GH-21632]
secrets/pki: Prevent deleted issuers from reappearing when migrating from a version 1 bundle to a version 2 bundle (versions including 1.13.0, 1.12.2, and 1.11.6); when managed keys were removed but referenced in the Vault 1.10 legacy CA bundle, this the error: no managed key found with uuid. [GH-21316]
secrets/pki: Support setting both maintain_stored_certificate_counts=false and publish_stored_certificate_count_metrics=false explicitly in tidy config. [GH-20664]
secrets/transform (enterprise): Fix nil panic when deleting a template with tokenization transformations present
secrets/transform (enterprise): Grab shared locks for various read operations, only escalating to write locks if work is required
serviceregistration: Fix bug where multiple nodes in a secondary cluster could be labelled active after updating the cluster's primary [GH-21642]
ui: Fixed an issue where editing an SSH role would clear default_critical_options and default_extension if left unchanged. [GH-21739]
ui: Surface DOMException error when browser settings prevent localStorage. [GH-21503]
1.13.4
June 21, 2023
BREAKING CHANGES:
secrets/pki: Maintaining running count of certificates will be turned off by default.
To re-enable keeping these metrics available on the tidy status endpoint, enable
maintain_stored_certificate_counts on tidy-config, to also publish them to the
metrics consumer, enable publish_stored_certificate_count_metrics . [GH-18186]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/network/alerts).
Bumps github.com/hashicorp/vault from 1.12.5 to 1.13.5.
Release notes
Sourced from github.com/hashicorp/vault's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/vault's changelog.
... (truncated)
Commits
5c6316b
backport of commit 8615b31598e094b1bf083242e76fff74a31daf9a (#22013)d99f9fa
backport of commit 437a7ab9340c9d5e6638570ac37a271e5c1342e5 (#22009)620dd76
Address memory consumption from TestCertStorageMetrics (#22004)46a72c0
backport of commit 02f43ecbc26ec79790f30826f49f97cecda987eb (#21587) (#21997)6392634
backport of UI: Remove logic that skips sending object if not changed (#21758)29cc2b2
[QT-590] Optimize the CI testing workflow (#21959) (#21984)dba044d
backport of commit 5ba848dbdd14cac24960ec31e83d620f698b87a8 (#21991)030b0af
backport of commit 4ce8e4b00f96de7b7f0d66878ef41d340fe33855 (#21987)3ac2cd3
[QT-588] test: fix drift between enos directories (#21695) (#21980)3b48c47
cherry-picking changes (#21919)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/network/alerts).