V8.8.6

Breaking Change

• Shield was compiled on Ubuntu Jammy, and as such, requires Jammy stemcell from this release on.

• The azure plugin was removed due to incompatible changes in upstream libraries -- this will be restored in a future release, but if you're using this plugin, please refrain from upgrading to this release.

Improvements

• Updated go modules and vendored them to resolve latent CVEs and bugs
• Compiled with Go v1.20.4 on Ubuntu Jammy to address CVEs inherent to previous versions of language/OS.

Full Changelog: v8.8.5...v8.8.6

shield Release v8.8.5

Improvements

• Added flag for token verification in Okta OAuth

shield Release v8.8.4

New Features

• Added Okta OAuth Integration to SHIELD.

shield Release v8.8.3

Improvements

• Added --file flag to SHIELD's curl to use a filename to supply the request body.

shield Release v8.8.2

Bug Fix

• Fixed login screen for Github OAuth

shield Release v8.8.1

Improvements

• Renamed RabbitMQ Broker Backup Plugin

shield Release v8.8.0

New Features

• Added Gzip to compression options.

• Added backup job retry feature.

Improvements

• Added Mac ARM64 functionality to shield.

• Enabled actual download of ARM64 binary.

• Support for M1 ARM64 within api tests.

• Fixed description of notes for Define a New Data System.

shield Release v8.7.4

Improvements

• The web UI now waits 3 seconds before attempting to reconnect to the websocket, in order to avoid aggressive looping in cases where connection where a reverse proxy is obscuring the websocket's return code.
• The vault plugin can now backup and restore non-string data types without coercing them to strings. This will not work with existing backups - new backups will have to be taken with the updated plugin to gain this benefit.
• The vault plugin now supports enterprise namespaces.

Bug Fixes

• The shield core can now more reliably determine the seal state of its internal vault storage.
• The rabbitmq-broker plugin no longer errs if skip_ssl_validation is set to false in the web UI.

Warning

• This version was compiled with Go 1.16, meaning that components, typically plugins, will enforce that certificates must have a valid Subject Alternative Name - a Subject line with the domain name will no longer suffice.

shield Release v8.7.3

Improvements

• Docker images are now compiling via the go 1.13 toolchain.

• Agent Registration can now occur through chained load balancers,
  with standards-compliant comma-separated X-Forwarded-For
  headers. Why you would want to do this is beyond me, but ¯_(ツ)_/¯

• The metashield plugin now trusts system X.509 Root CAs if no
  specific CA is supplied.

• Bootstrap restoration is simpler now, and the UI for init /
  restore is more streamlined. See #680.

shield Release v8.7.2

Bug Fixes

• SHIELD will now be able to properly authenticate to vault again.