vault: Update to 1.5.3
1.5.3 August 27th, 2020 BUG FIXES: * auth/aws: Made header handling for IAM authentication more robust * secrets/ssh: Fixed a bug with role option for SSH signing algorithm to allow more than RSA signing 1.5.2.1 August 21st, 2020 Enterprise Only NOTE: * Includes correct license in the HSM binary. 1.5.2 August 20th, 2020 NOTE: * OSS binaries of 1.5.1, 1.4.4, 1.3.8, and 1.2.5 were built without the Vault UI. Enterprise binaries are not affected. KNOWN ISSUES: * AWS IAM logins may return an error depending on the headers sent with the request. For more details and a workaround, see the 1.5.2 Upgrade Guide * In versions 1.2.6, 1.3.9, 1.4.5, and 1.5.2, enterprise licenses on the HSM build were not incorporated correctly - enterprise customers should use 1.2.6.1, 1.3.9.1, 1.4.5.1, and 1.5.2.1. 1.5.1 August 20th, 2020 SECURITY: * When using the IAM AWS Auth Method, under certain circumstances, values Vault uses to validate identities and roles can be manipulated and bypassed. This vulnerability affects Vault and Vault Enterprise 0.7.1 and newer and is fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1 (CVE-2020-16250) (Discovered by Felix Wilhelm of Google Project Zero) * When using the GCP GCE Auth Method, under certain circumstances, values Vault uses to validate GCE VMs can be manipulated and bypassed. This vulnerability affects Vault and Vault Enterprise 0.8.3 and newer and is fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1 (CVE-2020-16251) (Discovered by Felix Wilhelm of Google Project Zero) * When using Vault Agent with cert auto-auth and caching enabled, under certain circumstances, clients without permission to access agent's token may retrieve the token without login credentials. This vulnerability affects Vault Agent 1.1.0 and newer and is fixed in 1.5.1 (CVE-2020-17455) KNOWN ISSUES: * OSS binaries of 1.5.1, 1.4.4, 1.3.8, and 1.2.5 were built without the Vault UI. Enterprise binaries are not affected. * AWS IAM logins may return an error depending on the headers sent with the request. For more details and a workaround, see the 1.5.1 Upgrade Guide CHANGES: * pki: The tidy operation will now remove revoked certificates if the parameter tidy_revoked_certs is set to true. This will result in certificate entries being immediately removed, as opposed to awaiting until its NotAfter time. Note that this only affects certificates that have been already revoked. [GH-9609] IMPROVEMENTS: * auth/jwt: Add support for fetching groups and user information from G Suite during authentication. [GH-9574] * pki: Add a allowed_domains_template parameter that enables the use of identity templating within the allowed_domains parameter. [GH-8509] * secret/azure: Use write-ahead-logs to cleanup any orphaned Service Principals [GH-9773] * ui: Wrap TTL option on transit engine export action is updated to a new component. [GH-9632] * ui: Wrap Tool uses newest version of TTL Picker component. [GH-9691] BUG FIXES: * secrets/gcp: Ensure that the IAM policy version is appropriately set after a roleset's bindings have changed. [GH-9603] * replication (enterprise): Fix status API output incorrectly stating replication is in idle state. * replication (enterprise): Use PrimaryClusterAddr if it's been set * core: Fix panic when printing over-long info fields at startup [GH-9681] * core: Seal migration using the new minimal-downtime strategy didn't work properly with performance standbys. [GH-9690] * core: Vault failed to start when there were non-string values in seal configuration [GH-9555]
This commit is contained in:
parent
8589001660
commit
4ca907cc42
|
@ -1,6 +1,6 @@
|
|||
# $NetBSD$
|
||||
|
||||
DISTNAME= vault-1.5.0
|
||||
DISTNAME= vault-1.5.3
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= ${MASTER_SITE_GITHUB:=hashicorp/}
|
||||
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
$NetBSD$
|
||||
|
||||
SHA1 (vault-1.5.0.tar.gz) = 8128f8ab999db6eafdd02e11bb32973b6f6bb65a
|
||||
RMD160 (vault-1.5.0.tar.gz) = 628ec25d71fe3e76bdac0f7949388b876e41ec2c
|
||||
SHA512 (vault-1.5.0.tar.gz) = 245d5ea837f561d6c3832a0cb28d851dabe908fac2be7e53d3fd466689778d67b2cd5d9ea8c297f8daceb003c571a9768254a7e27d1fbeb1a376ac75e3c6edfb
|
||||
Size (vault-1.5.0.tar.gz) = 34940170 bytes
|
||||
SHA1 (vault-1.5.3.tar.gz) = ca11b81ffe657004023bd0388665bfe35ffe5962
|
||||
RMD160 (vault-1.5.3.tar.gz) = ad3b62e2e799c326dea17ea152b1a3b149fc10ea
|
||||
SHA512 (vault-1.5.3.tar.gz) = 2eaeabf939c20e914319f0038f7b2cea219618a5f830a7d250f4de447b1b7e9fab9fee611752fcd26086b67c3b5e32f403a88d4e7da1d94f34570e1a210bc4f8
|
||||
Size (vault-1.5.3.tar.gz) = 35123873 bytes
|
||||
SHA1 (patch-vendor_github.com_docker_docker_client_client__unix.go) = 51a400f6adaa6abe4cd42c31cfba4f037d9d81e5
|
||||
SHA1 (patch-vendor_github.com_docker_docker_pkg_system_stat__netbsd.go) = 125e35b6f5e9a0cdec8c0a5e0b7c67cc326467ea
|
||||
SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_system_stat__netbsd.go) = 723ce00bc56771008074e5d77efd465501fda2bb
|
||||
|
|
Loading…
Reference in New Issue