v1.18.2
1.18.2
November 21, 2024
SECURITY:
- raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e
CHANGES:
- auth/azure: Update plugin to v0.19.2 [GH-28848]
- core/ha (enterprise): Failed attempts to become a performance standby node are now using an exponential backoff instead of a
10 second delay in between retries. The backoff starts at 2s and increases by a factor of two until reaching
the maximum of 16s. This should make unsealing of the node faster in some cases. - login (enterprise): Return a 500 error during logins when performance standby nodes make failed gRPC requests to the active node. [GH-28807]
FEATURES:
- Product Usage Reporting: Added product usage reporting, which collects anonymous, numerical, non-sensitive data about Vault secrets usage, and adds it to the existing utilization reports. See the [docs] for more info [GH-28858]
IMPROVEMENTS:
- secret/pki: Introduce a new value
always_enforce_err
withinleaf_not_after_behavior
to force the error in all circumstances such as CA issuance and ACME requests if requested TTL values are beyond the issuer's NotAfter. [GH-28907] - secrets-sync (enterprise): No longer attempt to unsync a random UUID secret name in GCP upon destination creation.
- ui: Adds navigation for LDAP hierarchical roles [GH-28824]
- website/docs: changed outdated reference to consul-helm repository to consul-k8s repository. [GH-28825]
BUG FIXES:
- auth/ldap: Fixed an issue where debug level logging was not emitted. [GH-28881]
- core: Improved an internal helper function that sanitizes paths by adding a check for leading backslashes
in addition to the existing check for leading slashes. [GH-28878] - secret/pki: Fix a bug that prevents PKI issuer field enable_aia_url_templating
to be set to false. [GH-28832] - secrets-sync (enterprise): Fixed issue where secret-key granularity destinations could sometimes cause a panic when loading a sync status.
- secrets/aws: Fix issue with static credentials not rotating after restart or leadership change. [GH-28775]
- secrets/ssh: Return the flag
allow_empty_principals
in the read role api when key_type is "ca" [GH-28901] - secrets/transform (enterprise): Fix nil panic when accessing a partially setup database store.
- secrets/transit: Fix a race in which responses from the key update api could contain results from another subsequent update [GH-28839]
- ui: Fixes rendering issues of LDAP dynamic and static roles with the same name [GH-28824]