Skip to content
Pre-release
Pre-release

@hc-github-team-wg-packagespec hc-github-team-wg-packagespec released this Jun 16, 2021

Release vault v1.8.0-rc1

Assets 2

@hc-github-team-wg-packagespec hc-github-team-wg-packagespec released this Jun 16, 2021

Release vault v1.7.3

8 people reacted
Assets 2

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core released this May 21, 2021

1.7.2

May 20th, 2021

SECURITY:

  • Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token
    leases and dynamic secret leases with a zero-second TTL, causing them to be
    treated as non-expiring, and never revoked. This issue affects Vault and Vault
    Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and
    1.7.2 (CVE-2021-32923).

CHANGES:

  • agent: Update to use IAM Service Account Credentials endpoint for signing JWTs
    when using GCP Auto-Auth method [GH-11473]
  • auth/gcp: Update to v0.9.1 to use IAM Service Account Credentials API for
    signing JWTs [GH-11494]

IMPROVEMENTS:

  • api, agent: LifetimeWatcher now does more retries when renewal failures occur. This also impacts Agent auto-auth and leases managed via Agent caching. [GH-11445]
  • auth/aws: Underlying error included in validation failure message. [GH-11638]
  • http: Add optional HTTP response headers for hostname and raft node ID [GH-11289]
  • secrets/aws: add ability to provide a role session name when generating STS credentials [GH-11345]
  • secrets/database/mongodb: Add ability to customize SocketTimeout, ConnectTimeout, and ServerSelectionTimeout [GH-11600]
  • secrets/database/mongodb: Increased throughput by allowing for multiple request threads to simultaneously update users in MongoDB [GH-11600]

BUG FIXES:

  • agent/cert: Fix issue where the API client on agent was not honoring certificate
    information from the auto-auth config map on renewals or retries. [GH-11576]
  • agent: Fixed agent templating to use configured tls servername values [GH-11288]
  • core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [GH-11596]
  • core: correct logic for renewal of leases nearing their expiration time. [GH-11650]
  • identity: Use correct mount accessor when refreshing external group memberships. [GH-11506]
  • replication: Fix panic trying to update walState during identity group invalidation. [GH-1865]
  • secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [GH-11451]
  • secrets/database: Fixed minor race condition when rotate-root is called [GH-11600]
  • secrets/database: Fixes issue for V4 database interface where SetCredentials wasn't falling back to using RotateRootCredentials if SetCredentials is Unimplemented [GH-11585]
  • secrets/keymgmt (enterprise): Fixes audit logging for the read key response.
  • storage/raft: Support cluster address change for nodes in a cluster managed by autopilot [GH-11247]
  • ui: Fix entity group membership and metadata not showing [GH-11641]
  • ui: Fix text link URL on database roles list [GH-11597]
4 people reacted
Assets 2

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core released this May 21, 2021

1.6.5

May 20th, 2021

SECURITY:

  • Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token
    leases and dynamic secret leases with a zero-second TTL, causing them to be
    treated as non-expiring, and never revoked. This issue affects Vault and Vault
    Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and
    1.7.2 (CVE-2021-32923).

CHANGES:

  • agent: Update to use IAM Service Account Credentials endpoint for signing JWTs
    when using GCP Auto-Auth method [GH-11473]
  • auth/gcp: Update to v0.8.1 to use IAM Service Account Credentials API for
    signing JWTs [GH-11498]

BUG FIXES:

  • core (enterprise): Fix plugins mounted in namespaces being unable to use password policies [GH-11596]
  • core: correct logic for renewal of leases nearing their expiration time. [GH-11650]
  • secrets/database: Fix marshalling to allow providing numeric arguments to external database plugins. [GH-11451]
  • secrets/database: Fixes issue for V4 database interface where SetCredentials wasn't falling back to using RotateRootCredentials if SetCredentials is Unimplemented [GH-11585]
  • ui: Fix namespace-bug on login [GH-11182]
1 person reacted
Assets 2

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core released this May 21, 2021

1.5.9

May 20th, 2021

SECURITY:

  • Non-Expiring Leases: Vault and Vault Enterprise renewed nearly-expiring token
    leases and dynamic secret leases with a zero-second TTL, causing them to be
    treated as non-expiring, and never revoked. This issue affects Vault and Vault
    Enterprise versions 0.10.0 through 1.7.1, and is fixed in 1.5.9, 1.6.5, and
    1.7.2 (CVE-2021-32923).

CHANGES:

  • agent: Update to use IAM Service Account Credentials endpoint for signing JWTs
    when using GCP Auto-Auth method [GH-11473]
  • auth/gcp: Update to v0.7.2 to use IAM Service Account Credentials API for
    signing JWTs [GH-11499]

BUG FIXES:

  • core: correct logic for renewal of leases nearing their expiration time. [GH-11650]
Assets 2

@kalafut kalafut released this Apr 23, 2021

Release vault 1.7.1

Assets 2

@hashicorp-ci hashicorp-ci released this Apr 21, 2021

Release vault v1.6.4

Assets 2

@hashicorp-ci hashicorp-ci released this Apr 21, 2021

Release vault v1.5.8

Assets 2
Mar 30, 2021
fix end date calculation (#11232) (#11241)
Mar 30, 2021
fix end date calculation (#11232) (#11241)