Closed arledesma closed 6 years ago
thanks @arledesma
am absorbing the 0.7.0 changes, including the above.
@rajanadar Has there been an update to this?
@dwoldo
this will be taken care of in the upcoming release.
Hi @rajanadar, any news about upcoming release?
@dimula @dwoldo few business trips have kept me away. i'll re-update the dates this week.
0.9.6 at the moment: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#096-march-20th-2018
And 0.10.3 at the moment: https://github.com/hashicorp/vault/blob/v0.10.3/CHANGELOG.md
Any updates on this? It's ok if you don't maintain the package anymore but please tell us so.
@SeriousM a vnext branch was always in progress. Just published 0.10.4x of this package. Please check it out. https://www.nuget.org/packages/VaultSharp/0.10.4000
@arledesma @dwoldo @dimula @CumpsD @pvandervelde @SeriousM
Thanks for your patience. The latest version of VaultSharp is out with all the goodness of Vault 0.10.x. Do check it out.
It looks like there are a couple of additions to account for.
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#070-early-access-final-release-march-21th-2017
0.7.0 (Early Access; final release March 21th, 2017)
SECURITY:
exclude_cn_from_sans
option used inpki
backend: When using a role in thepki
backend that specified theexclude_cn_from_sans
option, the common name would not then be properly validated against the role's constraints. This has been fixed. We recommend any users of this feature to upgrade to 0.7 as soon as feasible.DEPRECATIONS/CHANGES:
GET
orLIST
HTTP verb, will now internally canonicalize the path to have a trailing slash. This makes policy writing more predictable, as it means clients will no longer work or fail based on which client they're using or which HTTP verb they're using. However, it also means that policies allowinglist
capability must be carefully checked to ensure that they contain a trailing slash; some policies may need to be split into multiple stanzas to accommodate.pki/revoke
endpoint. Issuing leases is still possible by enabling thegenerate_lease
toggle in PKI role entries (this will default totrue
for upgrades, to keep existing behavior), which will allow using lease IDs to revoke certificates. For installations issuing large numbers of certificates (tens to hundreds of thousands, or millions), this will significantly improve Vault startup time since leases associated with these certificates will not have to be loaded; however note that it also means that revocation of a token used to issue certificates will no longer add these certificates to a CRL. If this behavior is desired or needed, consider keeping leases enabled and ensuring lifetimes are reasonable, and issue long-lived certificates via a different role with leases disabled.FEATURES:
IMPROVEMENTS:
LOGNAME
orUSER
env vars for the username if not explicitly set on the command line when authenticating [GH-2154]@cee
) before each line [GH-2359]config/ca
endpoint and also return it when CA key pair is generated [GH-2483]BUG FIXES: