hashicorp/vault
### [`v1.12.3`](https://togithub.com/hashicorp/vault/releases/tag/v1.12.3)
[Compare Source](https://togithub.com/hashicorp/vault/compare/v1.12.2...v1.12.3)
##### 1.12.3
##### February 6, 2023
CHANGES:
- core: Bump Go version to 1.19.4.
IMPROVEMENTS:
- audit: Include stack trace when audit logging recovers from a panic. \[[GH-18121](https://togithub.com/hashicorp/vault/pull/18121)]
- command/server: Environment variable keys are now logged at startup. \[[GH-18125](https://togithub.com/hashicorp/vault/pull/18125)]
- core/fips: use upstream toolchain for FIPS 140-2 compliance again; this will appear as X=boringcrypto on the Go version in Vault server logs.
- core: Add read support to `sys/loggers` and `sys/loggers/:name` endpoints \[[GH-17979](https://togithub.com/hashicorp/vault/pull/17979)]
- plugins: Let Vault unseal and mount deprecated builtin plugins in a
deactivated state if this is not the first unseal after an upgrade. \[[GH-17879](https://togithub.com/hashicorp/vault/pull/17879)]
- secrets/db/mysql: Add `tls_server_name` and `tls_skip_verify` parameters \[[GH-18799](https://togithub.com/hashicorp/vault/pull/18799)]
- secrets/kv: new KVv2 mounts and KVv1 mounts without any keys will upgrade synchronously, allowing for instant use \[[GH-17406](https://togithub.com/hashicorp/vault/pull/17406)]
- storage/raft: add additional raft metrics relating to applied index and heartbeating; also ensure OSS standbys emit periodic metrics. \[[GH-12166](https://togithub.com/hashicorp/vault/pull/12166)]
- ui: Added JWT authentication warning message about blocked pop-up windows and web browser settings. \[[GH-18787](https://togithub.com/hashicorp/vault/pull/18787)]
- ui: Prepends "passcode=" if not provided in user input for duo totp mfa method authentication \[[GH-18342](https://togithub.com/hashicorp/vault/pull/18342)]
- ui: Update language on database role to "Connection name" \[[GH-18261](https://togithub.com/hashicorp/vault/issues/18261)] \[[GH-18350](https://togithub.com/hashicorp/vault/pull/18350)]
BUG FIXES:
- auth/approle: Fix `token_bound_cidrs` validation when using /32 blocks for role and secret ID \[[GH-18145](https://togithub.com/hashicorp/vault/pull/18145)]
- auth/cert: Address a race condition accessing the loaded crls without a lock \[[GH-18945](https://togithub.com/hashicorp/vault/pull/18945)]
- auth/kubernetes: Ensure a consistent TLS configuration for all k8s API requests \[[#173](https://togithub.com/hashicorp/vault-plugin-auth-kubernetes/pull/173)] \[[GH-18716](https://togithub.com/hashicorp/vault/pull/18716)]
- cli/kv: skip formatting of nil secrets for patch and put with field parameter set \[[GH-18163](https://togithub.com/hashicorp/vault/pull/18163)]
- command/namespace: Fix vault cli namespace patch examples in help text. \[[GH-18143](https://togithub.com/hashicorp/vault/pull/18143)]
- core (enterprise): Fix a race condition resulting in login errors to [PKCS#11](https://togithub.com/PKCS/vault/issues/11) modules under high concurrency.
- core/managed-keys (enterprise): Limit verification checks to mounts in a key's namespace
- core/quotas (enterprise): Fix a potential deadlock that could occur when using lease count quotas.
- core/quotas: Fix issue with improper application of default rate limit quota exempt paths \[[GH-18273](https://togithub.com/hashicorp/vault/pull/18273)]
- core/seal: Fix regression handling of the key_id parameter in seal configuration HCL. \[[GH-17612](https://togithub.com/hashicorp/vault/pull/17612)]
- core: fix bug where context cancellations weren't forwarded to active node from performance standbys.
- core: prevent panic in login mfa enforcement delete after enforcement's namespace is deleted \[[GH-18923](https://togithub.com/hashicorp/vault/pull/18923)]
- database/mongodb: Fix writeConcern set to be applied to any query made on the database \[[GH-18546](https://togithub.com/hashicorp/vault/pull/18546)]
- expiration: Prevent panics on perf standbys when an irrevocable release gets deleted. \[[GH-18401](https://togithub.com/hashicorp/vault/pull/18401)]
- kmip (enterprise): Fix Destroy operation response that omitted Unique Identifier on some batched responses.
- kmip (enterprise): Fix Locate operation response incompatibility with clients using KMIP versions prior to 1.3.
- kmip (enterprise): Fix Query operation response that omitted streaming capability and supported profiles.
- licensing (enterprise): update autoloaded license cache after reload
- plugins: Allow running external plugins which override deprecated builtins. \[[GH-17879](https://togithub.com/hashicorp/vault/pull/17879)]
- plugins: Listing all plugins while audit logging is enabled will no longer result in an internal server error. \[[GH-18173](https://togithub.com/hashicorp/vault/pull/18173)]
- plugins: Skip loading but still mount data associated with missing plugins on unseal. \[[GH-18189](https://togithub.com/hashicorp/vault/pull/18189)]
- sdk: Don't panic if system view or storage methods called during plugin setup. \[[GH-18210](https://togithub.com/hashicorp/vault/pull/18210)]
- secrets/pki: Address nil panic when an empty POST request is sent to the OCSP handler \[[GH-18184](https://togithub.com/hashicorp/vault/pull/18184)]
- secrets/pki: Allow patching issuer to set an empty issuer name. \[[GH-18466](https://togithub.com/hashicorp/vault/pull/18466)]
- secrets/pki: OCSP GET request parameter was not being URL unescaped before processing. \[[GH-18938](https://togithub.com/hashicorp/vault/pull/18938)]
- secrets/pki: fix race between tidy's cert counting and tidy status reporting. \[[GH-18899](https://togithub.com/hashicorp/vault/pull/18899)]
- secrets/transit: Do not warn about unrecognized parameter 'batch_input' \[[GH-18299](https://togithub.com/hashicorp/vault/pull/18299)]
- secrets/transit: Honor `partial_success_response_code` on decryption failures. \[[GH-18310](https://togithub.com/hashicorp/vault/pull/18310)]
- storage/raft (enterprise): An already joined node can rejoin by wiping storage
and re-issueing a join request, but in doing so could transiently become a
non-voter. In some scenarios this resulted in loss of quorum. \[[GH-18263](https://togithub.com/hashicorp/vault/pull/18263)]
- storage/raft: Don't panic on unknown raft ops \[[GH-17732](https://togithub.com/hashicorp/vault/pull/17732)]
- ui: cleanup unsaved auth method ember data record when navigating away from mount backend form \[[GH-18651](https://togithub.com/hashicorp/vault/pull/18651)]
- ui: fixes query parameters not passed in api explorer test requests \[[GH-18743](https://togithub.com/hashicorp/vault/pull/18743)]
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v1.12.2->v1.12.3Release Notes
hashicorp/vault
### [`v1.12.3`](https://togithub.com/hashicorp/vault/releases/tag/v1.12.3) [Compare Source](https://togithub.com/hashicorp/vault/compare/v1.12.2...v1.12.3) ##### 1.12.3 ##### February 6, 2023 CHANGES: - core: Bump Go version to 1.19.4. IMPROVEMENTS: - audit: Include stack trace when audit logging recovers from a panic. \[[GH-18121](https://togithub.com/hashicorp/vault/pull/18121)] - command/server: Environment variable keys are now logged at startup. \[[GH-18125](https://togithub.com/hashicorp/vault/pull/18125)] - core/fips: use upstream toolchain for FIPS 140-2 compliance again; this will appear as X=boringcrypto on the Go version in Vault server logs. - core: Add read support to `sys/loggers` and `sys/loggers/:name` endpoints \[[GH-17979](https://togithub.com/hashicorp/vault/pull/17979)] - plugins: Let Vault unseal and mount deprecated builtin plugins in a deactivated state if this is not the first unseal after an upgrade. \[[GH-17879](https://togithub.com/hashicorp/vault/pull/17879)] - secrets/db/mysql: Add `tls_server_name` and `tls_skip_verify` parameters \[[GH-18799](https://togithub.com/hashicorp/vault/pull/18799)] - secrets/kv: new KVv2 mounts and KVv1 mounts without any keys will upgrade synchronously, allowing for instant use \[[GH-17406](https://togithub.com/hashicorp/vault/pull/17406)] - storage/raft: add additional raft metrics relating to applied index and heartbeating; also ensure OSS standbys emit periodic metrics. \[[GH-12166](https://togithub.com/hashicorp/vault/pull/12166)] - ui: Added JWT authentication warning message about blocked pop-up windows and web browser settings. \[[GH-18787](https://togithub.com/hashicorp/vault/pull/18787)] - ui: Prepends "passcode=" if not provided in user input for duo totp mfa method authentication \[[GH-18342](https://togithub.com/hashicorp/vault/pull/18342)] - ui: Update language on database role to "Connection name" \[[GH-18261](https://togithub.com/hashicorp/vault/issues/18261)] \[[GH-18350](https://togithub.com/hashicorp/vault/pull/18350)] BUG FIXES: - auth/approle: Fix `token_bound_cidrs` validation when using /32 blocks for role and secret ID \[[GH-18145](https://togithub.com/hashicorp/vault/pull/18145)] - auth/cert: Address a race condition accessing the loaded crls without a lock \[[GH-18945](https://togithub.com/hashicorp/vault/pull/18945)] - auth/kubernetes: Ensure a consistent TLS configuration for all k8s API requests \[[#173](https://togithub.com/hashicorp/vault-plugin-auth-kubernetes/pull/173)] \[[GH-18716](https://togithub.com/hashicorp/vault/pull/18716)] - cli/kv: skip formatting of nil secrets for patch and put with field parameter set \[[GH-18163](https://togithub.com/hashicorp/vault/pull/18163)] - command/namespace: Fix vault cli namespace patch examples in help text. \[[GH-18143](https://togithub.com/hashicorp/vault/pull/18143)] - core (enterprise): Fix a race condition resulting in login errors to [PKCS#11](https://togithub.com/PKCS/vault/issues/11) modules under high concurrency. - core/managed-keys (enterprise): Limit verification checks to mounts in a key's namespace - core/quotas (enterprise): Fix a potential deadlock that could occur when using lease count quotas. - core/quotas: Fix issue with improper application of default rate limit quota exempt paths \[[GH-18273](https://togithub.com/hashicorp/vault/pull/18273)] - core/seal: Fix regression handling of the key_id parameter in seal configuration HCL. \[[GH-17612](https://togithub.com/hashicorp/vault/pull/17612)] - core: fix bug where context cancellations weren't forwarded to active node from performance standbys. - core: prevent panic in login mfa enforcement delete after enforcement's namespace is deleted \[[GH-18923](https://togithub.com/hashicorp/vault/pull/18923)] - database/mongodb: Fix writeConcern set to be applied to any query made on the database \[[GH-18546](https://togithub.com/hashicorp/vault/pull/18546)] - expiration: Prevent panics on perf standbys when an irrevocable release gets deleted. \[[GH-18401](https://togithub.com/hashicorp/vault/pull/18401)] - kmip (enterprise): Fix Destroy operation response that omitted Unique Identifier on some batched responses. - kmip (enterprise): Fix Locate operation response incompatibility with clients using KMIP versions prior to 1.3. - kmip (enterprise): Fix Query operation response that omitted streaming capability and supported profiles. - licensing (enterprise): update autoloaded license cache after reload - plugins: Allow running external plugins which override deprecated builtins. \[[GH-17879](https://togithub.com/hashicorp/vault/pull/17879)] - plugins: Listing all plugins while audit logging is enabled will no longer result in an internal server error. \[[GH-18173](https://togithub.com/hashicorp/vault/pull/18173)] - plugins: Skip loading but still mount data associated with missing plugins on unseal. \[[GH-18189](https://togithub.com/hashicorp/vault/pull/18189)] - sdk: Don't panic if system view or storage methods called during plugin setup. \[[GH-18210](https://togithub.com/hashicorp/vault/pull/18210)] - secrets/pki: Address nil panic when an empty POST request is sent to the OCSP handler \[[GH-18184](https://togithub.com/hashicorp/vault/pull/18184)] - secrets/pki: Allow patching issuer to set an empty issuer name. \[[GH-18466](https://togithub.com/hashicorp/vault/pull/18466)] - secrets/pki: OCSP GET request parameter was not being URL unescaped before processing. \[[GH-18938](https://togithub.com/hashicorp/vault/pull/18938)] - secrets/pki: fix race between tidy's cert counting and tidy status reporting. \[[GH-18899](https://togithub.com/hashicorp/vault/pull/18899)] - secrets/transit: Do not warn about unrecognized parameter 'batch_input' \[[GH-18299](https://togithub.com/hashicorp/vault/pull/18299)] - secrets/transit: Honor `partial_success_response_code` on decryption failures. \[[GH-18310](https://togithub.com/hashicorp/vault/pull/18310)] - storage/raft (enterprise): An already joined node can rejoin by wiping storage and re-issueing a join request, but in doing so could transiently become a non-voter. In some scenarios this resulted in loss of quorum. \[[GH-18263](https://togithub.com/hashicorp/vault/pull/18263)] - storage/raft: Don't panic on unknown raft ops \[[GH-17732](https://togithub.com/hashicorp/vault/pull/17732)] - ui: cleanup unsaved auth method ember data record when navigating away from mount backend form \[[GH-18651](https://togithub.com/hashicorp/vault/pull/18651)] - ui: fixes query parameters not passed in api explorer test requests \[[GH-18743](https://togithub.com/hashicorp/vault/pull/18743)]Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.