core: Changes the unit of default_lease_ttl and max_lease_ttl values returned by
the /sys/config/state/sanitized endpoint from nanoseconds to seconds. [GH-14206]
Database plugin multiplexing: manage multiple database connections with a single plugin process [GH-14033]
Login MFA: Single and two phase MFA is now available when authenticating to Vault. [GH-14025]
Mount Migration: Vault supports moving secrets and auth mounts both within and across namespaces.
Postgres in the UI: Postgres DB is now supported by the UI [GH-12945]
Report in-flight requests: Adding a trace capability to show in-flight requests, and a new gauge metric to show the total number of in-flight requests [GH-13024]
Server Side Consistent Tokens: Service tokens have been updated to be longer (a minimum of 95 bytes) and token prefixes for all token types are updated from s., b., and r. to hvs., hvb., and hvr. for service, batch, and recovery tokens respectively. Vault clusters with integrated storage will now have read-after-write consistency by default. [GH-14109]
Transit SHA-3 Support: Add support for SHA-3 in the Transit backend. [GH-13367]
Transit Time-Based Key Autorotation: Add support for automatic, time-based key rotation to transit secrets engine, including in the UI. [GH-13691]
UI Client Count Improvements: Restructures client count dashboard, making use of billing start date to improve accuracy. Adds mount-level distribution and filtering. [GH-client-counts]
Agent Telemetry: The Vault Agent can now collect and return telemetry information at the /agent/v1/metrics endpoint.
IMPROVEMENTS:
agent: Adds ability to configure specific user-assigned managed identities for Azure auto-auth. [GH-14214]
agent: The agent/v1/quit endpoint can now be used to stop the Vault Agent remotely [GH-14223]
api: Allow cloning api.Client tokens via api.Config.CloneToken or api.Client.SetCloneToken(). [GH-13515]
api: Define constants for X-Vault-Forward and X-Vault-Inconsistent headers [GH-14067]
api: Implements Login method in Go client libraries for GCP and Azure auth methods [GH-13022]
api: Implements Login method in Go client libraries for LDAP auth methods [GH-13841]
api: Trim newline character from wrapping token in logical.Unwrap from the api package [GH-13044]
api: add api method for modifying raft autopilot configuration [GH-12428]
auth: forward cached MFA auth response to the leader using RPC instead of forwarding all login requests [GH-15469]
cli/debug: added support for retrieving metrics from DR clusters if unauthenticated_metrics_access is enabled [GH-15316]
command/debug: Add log_format flag to allow for logs to be emitted in JSON format [GH-15536]
core: Fix some identity data races found by Go race detector (no known impact yet). [GH-15123]
storage/raft: Use larger timeouts at startup to reduce likelihood of inducing elections. [GH-15042]
ui: Allow namespace param to be parsed from state queryParam [GH-15378]
BUG FIXES:
agent: Redact auto auth token from renew endpoints [GH-15380]
auth/kubernetes: Fix error code when using the wrong service account [GH-15585]
auth/ldap: The logic for setting the entity alias when username_as_alias is set
has been fixed. The previous behavior would make a request to the LDAP server to
get user_attr before discarding it and using the username instead. This would
make it impossible for a user to connect if this attribute was missing or had
multiple values, even though it would not be used anyway. This has been fixed
and the username is now used without making superfluous LDAP searches. [GH-15525]
auth: Fixed erroneous success message when using vault login in case of two-phase MFA [GH-15428]
auth: Fixed erroneous token information being displayed when using vault login in case of two-phase MFA [GH-15428]
auth: Fixed two-phase MFA information missing from table format when using vault login [GH-15428]
auth: Prevent deleting a valid MFA method ID using the endpoint for a different MFA method type [GH-15482]
core (enterprise): Fix overcounting of lease count quota usage at startup.
core: Prevent changing file permissions of audit logs when mode 0000 is used. [GH-15759]
core: Prevent metrics generation from causing deadlocks. [GH-15693]
mfa/okta: disable client side rate limiting causing delays in push notifications [GH-15369]
storage/raft (enterprise): Auto-snapshot configuration now forbids slashes in file prefixes for all types, and "/" in path prefix for local storage type. Strip leading prefix in path prefix for AWS. Improve error handling/reporting.
transform (enterprise): Fix non-overridable column default value causing tokenization tokens to expire prematurely when using the MySQL storage backend.
ui: Fix inconsistent behavior in client count calendar widget [GH-15789]
ui: Fixed client count timezone for start and end months [GH-15167]
ui: fix firefox inability to recognize file format of client count csv export [GH-15364]
1.10.3
May 11, 2022
BUG FIXES:
auth: load login MFA configuration upon restart [GH-15261]
core/config: Only ask the system about network interfaces when address configs contain a template having the format: {{ ... }} [GH-15224]
... (truncated)
Commits
6a1dde5 api/monitor: Adding log format to monitor command and debug (#15536) (#15791)
f7c004c Update changelog entry for go version bump to new standard (#15828)
f421d88 backport of commit c4289a20ab97f3baf2cc5e9f0d284f9841418614 (#15830)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/vault from 1.3.2 to 1.10.4.
Release notes
Sourced from github.com/hashicorp/vault's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/vault's changelog.
... (truncated)
Commits
6a1dde5
api/monitor: Adding log format to monitor command and debug (#15536) (#15791)f7c004c
Update changelog entry for go version bump to new standard (#15828)f421d88
backport of commit c4289a20ab97f3baf2cc5e9f0d284f9841418614 (#15830)65a897d
Backport 1.10.x: UI: calendar widget fix #15789 (#15799)0a1671a
Update Go to 1.17.11 (#15822)aba1978
backport of commit 1c284e8b021e2b1e999a5d44d62188ea88ba099e (#15794)da9be7e
backport of commit 0e8bcc15cc0201fd8416b36501af60f8b73de480 (#15784)548ae70
Backport of Add details to CHANGELOG and 1.10 upgrade note regarding new 412 ...6e36e0f
backport of commit adb1effa831aafee1264fd4cfa3b70bf572b2b01 (#15766)5ebe51b
backport of commit 20467b10f22dedb2800fab9b29dc75b42ecd01bd (#15763)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)