Vault - Package Updates

Package Updates

[1.16.2]

• Update vault to 1.18.2
• Full Changelog
• raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e
• auth/azure: Update plugin to v0.19.2 [GH-28848]
• core/ha (enterprise): Failed attempts to become a performance standby node are now using an exponential backoff instead of a
• login (enterprise): Return a 500 error during logins when performance standby nodes make failed gRPC requests to the active node. [GH-28807]
• Product Usage Reporting: Added product usage reporting, which collects anonymous, numerical, non-sensitive data about Vault secrets usage, and adds it to the existing utilization reports. See the [docs] for more info [GH-28858]
• secret/pki: Introduce a new value always_enforce_err within leaf_not_after_behavior to force the error in all circumstances such as CA issuance and ACME requests if requested TTL values are beyond the issuer's NotAfter. [GH-28907]
• secrets-sync (enterprise): No longer attempt to unsync a random UUID secret name in GCP upon destination creation.
• ui: Adds navigation for LDAP hierarchical roles [GH-28824]
• website/docs: changed outdated reference to consul-helm repository to consul-k8s repository. [GH-28825]
• auth/ldap: Fixed an issue where debug level logging was not emitted. [GH-28881]
• core: Improved an internal helper function that sanitizes paths by adding a check for leading backslashes
• secret/pki: Fix a bug that prevents PKI issuer field enable_aia_url_templating
• secrets-sync (enterprise): Fixed issue where secret-key granularity destinations could sometimes cause a panic when loading a sync status.
• secrets/aws: Fix issue with static credentials not rotating after restart or leadership change. [GH-28775]
• secrets/ssh: Return the flag allow_empty_principals in the read role api when key_type is "ca" [GH-28901]
• secrets/transform (enterprise): Fix nil panic when accessing a partially setup database store.
• secrets/transit: Fix a race in which responses from the key update api could contain results from another subsequent update [GH-28839]
• ui: Fixes rendering issues of LDAP dynamic and static roles with the same name [GH-28824]

Package Updates

[1.16.3]

• Update vault to 1.18.3
• Full Changelog

Package Updates

[1.16.4]

• Update vault to 1.18.4
• Full Changelog

Package Updates

[1.16.5]

• Update vault to 1.18.5
• Full Changelog

Package Updates

[1.17.0]

• Update vault to 1.19.0
• Full Changelog
• raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e
• raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.2.0
• api: Add to sys/health whether the node has been removed from the HA cluster. If the node has been removed, return code 530 by default or the value of the removedcode query parameter. [GH-28991]
• api: Add to sys/health whether the standby node has been able to successfully send heartbeats to the active node and the time in milliseconds since the last heartbeat. If the standby has been unable to send a heartbeat, return code 474 by default or the value of the haunhealthycode query parameter. [GH-28991]
• auth/alicloud: Update plugin to v0.20.0 [GH-29613]

Package Updates

[1.80.0]

• Update base image to 5.0.0

Package Updates

[1.80.1]

• Update vault to 1.19.1
• Full Changelog

Package Updates

[1.80.2]

• Update vault to 1.19.2
• Full Changelog
• core: Bump Go version to 1.23.8
• secrets/openldap: Update plugin to v0.15.4 [GH-30279]
• secrets/openldap: Prevent static role rotation on upgrade when NextVaultRotation is nil. Fixes an issue where static roles were unexpectedly rotated after upgrade due to a missing NextVaultRotation value. Now sets it to either LastVaultRotation + RotationPeriod or now + RotationPeriod. [GH-30265]
• secrets/pki (enterprise): Address a parsing bug that rejected CMPv2 requests containing a validity field.
• secrets/pki: fix a bug where key_usage was ignored when generating root certificates, and signing certain intermediate certificates. [GH-30034]
• secrets/transit: fix a panic when rotating on a managed key returns an error [GH-30214]

Package Updates

[1.80.3]

• Update vault to 1.19.3
• Full Changelog

Package Updates

[1.80.4]

• Update vault to 1.19.4
• Full Changelog
• Update vault-plugin-auth-cf to v0.20.1 GH-30586]
• auth/azure: Update plugin to v0.20.4 GH-30543]
• core: Bump Go version to 1.24.3.
• Namespaces (enterprise): allow a root token to relock a namespace
• core (enterprise): update to FIPS 140-3 cryptographic module in the FIPS builds.
• core: Updated code and documentation to support FIPS 140-3 compliant algorithms. GH-30576]
• core: support for X25519MLKEM768 (post quantum key agreement) in the Go TLS stack. GH-30603]
• ui: Replaces all instances of the deprecated event.keyCode with event.key GH-30493]
• core (enterprise): fix a bug where plugin automated root rotations would stop after seal/unseal operations
• plugins (enterprise): Fix an issue where Enterprise plugins can't run on a standby node when it becomes active because standby nodes don't extract the artifact when the plugin is registered. Remove extracting from Vault and require the operator to place the extracted artifact in the plugin directory before registration.

Package Updates

[1.80.5]

• Update vault to 1.19.5
• Full Changelog