SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for vault-1.16.0-8.2.x86_64.rpm :

* Fri Apr 05 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.16.0:
* SECURITY: - auth/cert: compare public keys of trusted non-CA certificates with incoming - client certificates to prevent trusting certs with the same serial number - but not the same public/private key. [GH-25649] - auth/cert: validate OCSP response was signed by the expected issuer and serial number matched request [GH-26091] - secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. [GH-22852]
* CHANGES: - Upgrade grpc to v1.58.3 [GH-23703] - Upgrade x/net to v0.17.0 [GH-23703] - api: add the enterprise parameter to the /sys/health endpoint [GH-24270] - auth/alicloud: Update plugin to v0.16.1 [GH-25014] - auth/alicloud: Update plugin to v0.17.0 [GH-25217] - auth/approle: Normalized error response messages when invalid credentials are provided [GH-23786] - auth/azure: Update plugin to v0.16.1 [GH-22795] - auth/azure: Update plugin to v0.17.0 [GH-25258] - auth/cf: Update plugin to v0.16.0 [GH-25196] - auth/gcp: Update plugin to v0.16.2 [GH-25233] - auth/jwt: Update plugin to v0.19.0 [GH-24972] - auth/jwt: Update plugin to v0.20.0 [GH-25326] - auth/jwt: Update plugin to v0.20.1 [GH-25937] - auth/kerberos: Update plugin to v0.10.1 [GH-22797] - auth/kerberos: Update plugin to v0.11.0 [GH-25232] - auth/kubernetes: Update plugin to v0.18.0 [GH-25207] - auth/oci: Update plugin to v0.14.1 [GH-22774] - auth/oci: Update plugin to v0.15.1 [GH-25245] - cli: Using vault plugin reload with -plugin in the root namespace will now reload the plugin across all namespaces instead of just the root namespace. [GH-24878] - cli: vault plugin info and vault plugin deregister now require 2 positional arguments instead of accepting either 1 or 2. [GH-24250] - core (enterprise): Seal High Availability (HA) must be enabled by enable_multiseal in configuration. - core: Bump Go version to 1.21.8. - database/couchbase: Update plugin to v0.10.1 [GH-25275] - database/elasticsearch: Update plugin to v0.14.0 [GH-25263] - database/mongodbatlas: Update plugin to v0.11.0 [GH-25264] - database/redis-elasticache: Update plugin to v0.3.0 [GH-25296] - database/redis: Update plugin to v0.2.3 [GH-25289] - database/snowflake: Update plugin to v0.10.0 [GH-25143] - database/snowflake: Update plugin to v0.9.1 [GH-25020] - events: Remove event noficiations websocket endpoint in non-Enterprise [GH-25640] - events: Source URL is now vault://{vault node} [GH-24201] - identity (enterprise): POST requests to the /identity/entity/merge endpoint - are now always forwarded from standbys to the active node. [GH-24325] - plugins/database: Reading connection config at database/config/:name will now return a computed running_plugin_version field if a non-builtin version is running. [GH-25105] - plugins: Add a warning to the response from sys/plugins/reload/backend if no plugins were reloaded. [GH-24512] - plugins: By default, environment variables provided during plugin registration will now take precedence over system environment variables. - Use the environment variable VAULT_PLUGIN_USE_LEGACY_ENV_LAYERING=true to opt out and keep higher preference for system environment - variables. When this flag is set, Vault will check during unseal for conflicts and print warnings for any plugins with environment - variables that conflict with system environment variables. [GH-25128] - plugins: /sys/plugins/runtimes/catalog response will always include a list of \"runtimes\" in the response, even if empty. [GH-24864] - sdk: Upgrade dependent packages by sdk. - This includes github.com/docker/docker to v24.0.7+incompatible, - google.golang.org/grpc to v1.57.2 and golang.org/x/net to v0.17.0. [GH-23913] - secrets/ad: Update plugin to v0.16.2 [GH-25058] - secrets/ad: Update plugin to v0.17.0 [GH-25187] - secrets/alicloud: Update plugin to v0.16.0 [GH-25257] - secrets/azure: Update plugin to v0.17.0 [GH-25189] - secrets/gcp: Update plugin to v0.18.0 [GH-25173] - secrets/gcpkms: Update plugin to v0.16.0 [GH-25231] - secrets/keymgmt: Update plugin to v0.10.0 - secrets/kubernetes: Update plugin to v0.7.0 [GH-25204] - secrets/kv: Update plugin to v0.16.2 [GH-22790] - secrets/kv: Update plugin to v0.17.0 [GH-25277] - secrets/mongodbatlas: Update plugin to v0.10.2 [GH-23849] - secrets/mongodbatlas: Update plugin to v0.11.0 [GH-25253] - secrets/openldap: Update plugin to v0.11.3 [GH-25040] - secrets/openldap: Update plugin to v0.12.0 [GH-25251] - secrets/openldap: Update plugin to v0.12.1 [GH-25524] - secrets/terraform: Update plugin to v0.7.5 [GH-25288] - telemetry: Seal wrap encrypt/decrypt metrics now differentiate between seals using a metrics label of seal name rather than separate metric names. [GH-23837] - ui: Update icons to use Flight icons where available. [GH-24823] - ui: add subnav for replication items [GH-24283]
* FEATURES: - Add Snapshot Inspector Tool: Add CLI tool to inspect Vault snapshots [GH-23457] - Audit Filtering: Audit devices support expression-based filter rules (powered by go-bexpr) to determine which entries are written to the audit log. [GH-24558] - Controlled Access to Unauthenticated Endpoints (enterprise): Gives admins more control over how unauthenticated endpoints in Vault can be accessed and in some cases what information they return. [GH-23547] [GH-23534] [GH-23740] - Custom messages (enterprise): Introduces custom messages settings, allowing users to view, and operators to configure system-wide messages. - Database Event Notifications: The database plugin now emits event notifications. [GH-24718] - Default Lease Count Quota (enterprise): Apply a new global default lease count quota of 300k leases for all - new installs of Vault. [GH-24382] - Experimental Raft-WAL Option: Reduces risk of infinite snapshot loops for follower nodes in large-scale Integrated Storage deployments. [GH-21460] - Manual License Utilization Reporting: Added manual license - utilization reporting, which allows users to create manual exports of product-license [metering - data] to report to Hashicorp. - Plugin Identity Tokens: Adds secret-less configuration of AWS secret engine using web identity federation. [GH-24987] - Plugin Workload Identity (enterprise): Vault can generate identity tokens for plugins to use in workload identity federation auth flows. - Quotas in Privileged Namespaces: Enable creation/update/deletion of quotas from the privileged namespace - Reload seal configuration on SIGHUP: Seal configuration is reloaded on SIGHUP so that seal configuration can - be changed without shutting down vault [GH-23571] - Request Limiter (enterprise): Add adaptive concurrency lim...
* Fri Apr 05 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.15.6:
* SECURITY: - auth/cert: compare public keys of trusted non-CA certificates with incoming - client certificates to prevent trusting certs with the same serial number - but not the same public/private key. [GH-25649]
* CHANGES: - core: Bump Go version to 1.21.7. - secrets/openldap: Update plugin to v0.12.1 [GH-25524]
* FEATURES: - Manual License Utilization Reporting: Added manual license - utilization reporting, which allows users to create manual exports of product-license [metering - data] to report to Hashicorp.
* IMPROVEMENTS: - auth/cert: Cache trusted certs to reduce memory usage and improve performance of logins. [GH-25421] - ui: Add deletion_allowed param to transformations and include tokenization as a type option [GH-25436] - ui: redirect back to current route after reauthentication when token expires [GH-25335] - ui: remove unnecessary OpenAPI calls for unmanaged auth methods [GH-25364]
* BUG FIXES: - agent: Fix issue where Vault Agent was unable to render KVv2 secrets with delete_version_after set. [GH-25387] - audit: Handle a potential panic while formatting audit entries for an audit log [GH-25605] - core (enterprise): Fix a deadlock that can occur on performance secondary clusters when there are many mounts and a mount is deleted or filtered [GH-25448] - core (enterprise): Fix a panic that can occur if only one seal exists but is unhealthy on the non-first restart of Vault. - core/quotas: Deleting a namespace that contains a rate limit quota no longer breaks replication [GH-25439] - openapi: Fixing response fields for rekey operations [GH-25509] - secrets/transit: When provided an invalid input with hash_algorithm=none, a lock was not released properly before reporting an error leading to deadlocks on a subsequent key configuration update. [GH-25336] - storage/file: Fixing spuriously deleting storage keys ending with .temp [GH-25395] - transform (enterprise): guard against a panic looking up a token in exportable mode with barrier storage. - ui: Do not disable JSON display toggle for KV version 2 secrets [GH-25235] - ui: Do not show resultant-acl banner on namespaces a user has access to [GH-25256] - ui: Fix copy button not working on masked input when value is not a string [GH-25269] - ui: Update the KV secret data when you change the version you\'re viewing of a nested secret. [GH-25152]
* Sun Feb 04 2024 Johannes Kastl - new package vault (Hashicorp vault): A tool for secrets management, encryption as a service, and privileged access management
  
ICM