v1.12.7
1.12.7
June 08, 2023
CHANGES:
- core: Bump Go version to 1.19.9.
- core: Revert #19676 (VAULT_GRPC_MIN_CONNECT_TIMEOUT env var) as we decided it was unnecessary. [GH-20826]
IMPROVEMENTS:
- audit: add a
mount_point
field to audit requests and response entries [GH-20411] - command/server: Add support for dumping pprof files to the filesystem via SIGUSR2 when
VAULT_PPROF_WRITE_TO_FILE=true
is set on the server. [GH-20609] - core: include namespace path in granting_policies block of audit log
- openapi: Fix generated types for duration strings [GH-20841]
- sdk/framework: Fix non-deterministic ordering of 'required' fields in OpenAPI spec [GH-20881]
- secrets/pki: add subject key identifier to read key response [GH-20642]
- ui: update TTL picker for consistency [GH-18114]
BUG FIXES:
- api: Properly Handle nil identity_policies in Secret Data [GH-20636]
- auth/ldap: Set default value for
max_page_size
properly [GH-20453] - cli: CLI should take days as a unit of time for ttl like flags [GH-20477]
- cli: disable printing flags warnings messages for the ssh command [GH-20502]
- core (enterprise): Fix log shipper buffer size overflow issue for 32 bit architecture.
- core (enterprise): Fix logshipper buffer size to default to DefaultBufferSize only when reported system memory is zero.
- core (enterprise): Remove MFA Enforcment configuration for namespace when deleting namespace
- core: prevent panic on login after namespace is deleted that had mfa enforcement [GH-20375]
- replication (enterprise): Fix a race condition with invalid tokens during WAL streaming that was causing Secondary clusters to be unable to connect to a Primary.
- replication (enterprise): fix bug where secondary grpc connections would timeout when connecting to a primary host that no longer exists.
- secrets/transform (enterprise): Fix a caching bug affecting secondary nodes after a tokenization key rotation
- secrets/transit: Fix export of HMAC-only key, correctly exporting the key used for sign operations. For consumers of the previously incorrect key, use the plaintext export to retrieve these incorrect keys and import them as new versions.
secrets/transit: Fix bug related to shorter dedicated HMAC key sizing.
sdk/helper/keysutil: New HMAC type policies will have HMACKey equal to Key and be copied over on import. [GH-20864] - ui: Fixes issue unsealing cluster for seal types other than shamir [GH-20897]