mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-03 20:40:45 -05:00
add changelog for 1.15.4, 1.14.8, 1.13.12 (#24452)
This commit is contained in:
VAL
GitHub
parent
a087f7b267
commit
b5e9f3f32c
1 changed files with 61 additions and 0 deletions
61
CHANGELOG.md
61
CHANGELOG.md
|
|
@ -2,6 +2,28 @@
|
|||
- [v1.0.0 - v1.9.10](CHANGELOG-pre-v1.10.md)
|
||||
- [v0.11.6 and earlier](CHANGELOG-v0.md)
|
||||
|
||||
## 1.15.4
|
||||
### December 06, 2023
|
||||
|
||||
SECURITY:
|
||||
|
||||
* core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see [CVE-2023-6337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6337) & [HCSEC-2023-34](https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741))
|
||||
|
||||
CHANGES:
|
||||
|
||||
* identity (enterprise): POST requests to the `/identity/entity/merge` endpoint
|
||||
are now always forwarded from standbys to the active node. [[GH-24325](https://github.com/hashicorp/vault/pull/24325)]
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* agent/logging: Agent should now honor correct -log-format and -log-file settings in logs generated by the consul-template library. [[GH-24252](https://github.com/hashicorp/vault/pull/24252)]
|
||||
* api: Fix deadlock on calls to sys/leader with a namespace configured
|
||||
on the request. [[GH-24256](https://github.com/hashicorp/vault/pull/24256)]
|
||||
* core: Fix a timeout initializing Vault by only using a short timeout persisting barrier keyring encryption counts. [[GH-24336](https://github.com/hashicorp/vault/pull/24336)]
|
||||
* ui: Correctly handle directory redirects from pre 1.15.0 Kv v2 list view urls. [[GH-24281](https://github.com/hashicorp/vault/pull/24281)]
|
||||
* ui: Fix payload sent when disabling replication [[GH-24292](https://github.com/hashicorp/vault/pull/24292)]
|
||||
* ui: When Kv v2 secret is an object, fix so details view defaults to readOnly JSON editor. [[GH-24290](https://github.com/hashicorp/vault/pull/24290)]
|
||||
|
||||
## 1.15.3
|
||||
### November 30, 2023
|
||||
|
||||
|
|
@ -371,6 +393,26 @@ sdk/ldaputil: use EscapeLDAPValue implementation from cap/ldap [[GH-22249](https
|
|||
* ui: fixes model defaults overwriting input value when user tries to clear form input [[GH-22458](https://github.com/hashicorp/vault/pull/22458)]
|
||||
* ui: fixes text readability issue in revoke token confirmation dialog [[GH-22390](https://github.com/hashicorp/vault/pull/22390)]
|
||||
|
||||
## 1.14.8
|
||||
### December 06, 2023
|
||||
|
||||
SECURITY:
|
||||
|
||||
* core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see [CVE-2023-6337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6337) & [HCSEC-2023-34](https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741))
|
||||
|
||||
CHANGES:
|
||||
|
||||
* identity (enterprise): POST requests to the `/identity/entity/merge` endpoint
|
||||
are now always forwarded from standbys to the active node. [[GH-24325](https://github.com/hashicorp/vault/pull/24325)]
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* agent/logging: Agent should now honor correct -log-format and -log-file settings in logs generated by the consul-template library. [[GH-24252](https://github.com/hashicorp/vault/pull/24252)]
|
||||
* api: Fix deadlock on calls to sys/leader with a namespace configured
|
||||
on the request. [[GH-24256](https://github.com/hashicorp/vault/pull/24256)]
|
||||
* core: Fix a timeout initializing Vault by only using a short timeout persisting barrier keyring encryption counts. [[GH-24336](https://github.com/hashicorp/vault/pull/24336)]
|
||||
* ui: Fix payload sent when disabling replication [[GH-24292](https://github.com/hashicorp/vault/pull/24292)]
|
||||
|
||||
## 1.14.7
|
||||
### November 30, 2023
|
||||
|
||||
|
|
@ -862,6 +904,25 @@ with a new entity alias to be incorrectly forwarded from perf standbys. [[GH-211
|
|||
* ui: fixes key_bits and signature_bits reverting to default values when editing a pki role [[GH-20907](https://github.com/hashicorp/vault/pull/20907)]
|
||||
* ui: wait for wanted message event during OIDC callback instead of using the first message event [[GH-18521](https://github.com/hashicorp/vault/pull/18521)]
|
||||
|
||||
## 1.13.12
|
||||
### December 06, 2023
|
||||
|
||||
SECURITY:
|
||||
|
||||
* core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see [CVE-2023-6337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6337) & [HCSEC-2023-34](https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741))
|
||||
|
||||
CHANGES:
|
||||
|
||||
* identity (enterprise): POST requests to the `/identity/entity/merge` endpoint
|
||||
are now always forwarded from standbys to the active node. [[GH-24325](https://github.com/hashicorp/vault/pull/24325)]
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* api: Fix deadlock on calls to sys/leader with a namespace configured
|
||||
on the request. [[GH-24256](https://github.com/hashicorp/vault/pull/24256)]
|
||||
* core: Fix a timeout initializing Vault by only using a short timeout persisting barrier keyring encryption counts. [[GH-24336](https://github.com/hashicorp/vault/pull/24336)]
|
||||
* ui: Fix payload sent when disabling replication [[GH-24292](https://github.com/hashicorp/vault/pull/24292)]
|
||||
|
||||
## 1.13.11
|
||||
### November 30, 2023
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue