core: Revert #19676 (VAULT_GRPC_MIN_CONNECT_TIMEOUT env var) as we decided it was unnecessary. [GH-20826]
replication (enterprise): Add a new parameter for the update-primary API call
that allows for setting of the primary cluster addresses directly, instead of
via a token.
storage/aerospike: Aerospike storage shouldn't be used on 32-bit architectures and is now unsupported on them. [GH-20825]
IMPROVEMENTS:
Add debug symbols back to builds to fix Dynatrace support [GH-20519]
audit: add a mount_point field to audit requests and response entries [GH-20411]
autopilot: Update version to v0.2.0 to add better support for respecting min quorum [GH-19472]
command/server: Add support for dumping pprof files to the filesystem via SIGUSR2 when
VAULT_PPROF_WRITE_TO_FILE=true is set on the server. [GH-20609]
core: Add possibility to decode a generated encoded root token via the rest API [GH-20595]
core: include namespace path in granting_policies block of audit log
core: report intermediate error messages during request forwarding [GH-20643]
openapi: Fix generated types for duration strings [GH-20841]
sdk/framework: Fix non-deterministic ordering of 'required' fields in OpenAPI spec [GH-20881]
secrets/pki: add subject key identifier to read key response [GH-20642]
BUG FIXES:
api: Properly Handle nil identity_policies in Secret Data [GH-20636]
auth/ldap: Set default value for max_page_size properly [GH-20453]
cli: CLI should take days as a unit of time for ttl like flags [GH-20477]
cli: disable printing flags warnings messages for the ssh command [GH-20502]
command/server: fixes panic in Vault server command when running in recovery mode [GH-20418]
core (enterprise): Fix log shipper buffer size overflow issue for 32 bit architecture.
core (enterprise): Fix logshipper buffer size to default to DefaultBufferSize only when reported system memory is zero.
core (enterprise): Remove MFA Enforcment configuration for namespace when deleting namespace
core/identity: Allow updates of only the custom-metadata for entity alias. [GH-20368]
core: Fix Forwarded Writer construction to correctly find active nodes, allowing PKI cross-cluster functionality to succeed on existing mounts.
core: Fix writes to readonly storage on performance standbys when user lockout feature is enabled. [GH-20783]
core: prevent panic on login after namespace is deleted that had mfa enforcement [GH-20375]
replication (enterprise): Fix a race condition with invalid tokens during WAL streaming that was causing Secondary clusters to be unable to connect to a Primary.
replication (enterprise): fix bug where secondary grpc connections would timeout when connecting to a primary host that no longer exists.
secrets/pki: Include per-issuer enable_aia_url_templating in issuer read endpoint. [GH-20354]
secrets/transform (enterprise): Fix a caching bug affecting secondary nodes after a tokenization key rotation
secrets/transform: Added importing of keys and key versions into the Transform secrets engine using the command 'vault transform import' and 'vault transform import-version'. [GH-20668]
secrets/transit: Fix export of HMAC-only key, correctly exporting the key used for sign operations. For consumers of the previously incorrect key, use the plaintext export to retrieve these incorrect keys and import them as new versions.
secrets/transit: Fix bug related to shorter dedicated HMAC key sizing.
sdk/helper/keysutil: New HMAC type policies will have HMACKey equal to Key and be copied over on import. [GH-20864]
ui: Fixes issue unsealing cluster for seal types other than shamir [GH-20897]
core: Revert #19676 (VAULT_GRPC_MIN_CONNECT_TIMEOUT env var) as we decided it was unnecessary. [GH-20826]
replication (enterprise): Add a new parameter for the update-primary API call
that allows for setting of the primary cluster addresses directly, instead of
via a token.
storage/aerospike: Aerospike storage shouldn't be used on 32-bit architectures and is now unsupported on them. [GH-20825]
IMPROVEMENTS:
Add debug symbols back to builds to fix Dynatrace support [GH-20519]
audit: add a mount_point field to audit requests and response entries [GH-20411]
autopilot: Update version to v0.2.0 to add better support for respecting min quorum [GH-19472]
command/server: Add support for dumping pprof files to the filesystem via SIGUSR2 when
VAULT_PPROF_WRITE_TO_FILE=true is set on the server. [GH-20609]
core: Add possibility to decode a generated encoded root token via the rest API [GH-20595]
core: include namespace path in granting_policies block of audit log
core: report intermediate error messages during request forwarding [GH-20643]
openapi: Fix generated types for duration strings [GH-20841]
sdk/framework: Fix non-deterministic ordering of 'required' fields in OpenAPI spec [GH-20881]
secrets/pki: add subject key identifier to read key response [GH-20642]
BUG FIXES:
api: Properly Handle nil identity_policies in Secret Data [GH-20636]
auth/ldap: Set default value for max_page_size properly [GH-20453]
cli: CLI should take days as a unit of time for ttl like flags [GH-20477]
cli: disable printing flags warnings messages for the ssh command [GH-20502]
command/server: fixes panic in Vault server command when running in recovery mode [GH-20418]
core (enterprise): Fix log shipper buffer size overflow issue for 32 bit architecture.
core (enterprise): Fix logshipper buffer size to default to DefaultBufferSize only when reported system memory is zero.
core (enterprise): Remove MFA Enforcment configuration for namespace when deleting namespace
core/identity: Allow updates of only the custom-metadata for entity alias. [GH-20368]
core: Fix Forwarded Writer construction to correctly find active nodes, allowing PKI cross-cluster functionality to succeed on existing mounts.
core: Fix writes to readonly storage on performance standbys when user lockout feature is enabled. [GH-20783]
core: prevent panic on login after namespace is deleted that had mfa enforcement [GH-20375]
replication (enterprise): Fix a race condition with invalid tokens during WAL streaming that was causing Secondary clusters to be unable to connect to a Primary.
replication (enterprise): fix bug where secondary grpc connections would timeout when connecting to a primary host that no longer exists.
secrets/pki: Include per-issuer enable_aia_url_templating in issuer read endpoint. [GH-20354]
secrets/transform (enterprise): Fix a caching bug affecting secondary nodes after a tokenization key rotation
secrets/transform: Added importing of keys and key versions into the Transform secrets engine using the command 'vault transform import' and 'vault transform import-version'. [GH-20668]
secrets/transit: Fix export of HMAC-only key, correctly exporting the key used for sign operations. For consumers of the previously incorrect key, use the plaintext export to retrieve these incorrect keys and import them as new versions.
secrets/transit: Fix bug related to shorter dedicated HMAC key sizing.
sdk/helper/keysutil: New HMAC type policies will have HMACKey equal to Key and be copied over on import. [GH-20864]
ui: Fixes issue unsealing cluster for seal types other than shamir [GH-20897]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/vault from 1.3.2 to 1.13.3.
Release notes
Sourced from github.com/hashicorp/vault's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/vault's changelog.
... (truncated)
Commits
3bedf81
backport of commit b9f9f27e8e988c4f441f81df733fb0aa5c513290 (#21037)49da624
backport of commit 85128585837bcce2cf99f8e1f749c3a4aef204ca (#21031)375bdba
backport of commit dbe41c4fee5ce88a1f7ce83a64cc3a78116ab1b3 (#21006)71433b9
backport of commit be4979dfbbe09a04d4fe1ca7a2a22418ba2468d0 (#21002)68ae0e8
backport of commit 2c9a75b0932a141bba3464a6830ed83a77b05129 (#20977)1720d31
backport of commit 0115b5e43a41e757a533a828314c615456506eac (#20963)f06b721
backport of commit bb03d116999439bdebed58cb3536a756ba920d8d (#20957)2881445
Backport 1.13.x: UI: fixes pki role editing changing to default key parameter...9f18485
backport of commit 360a406a2f924f0a46491a77bdd9e1fcf03b99fa (#20927)780f4f4
backport of commit 0defa2a1e74348fc3c3628b9b6a16772a2b3c033 (#20909)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)