vault: Update to 1.4.0
CHANGES: * cli: The raft configuration command has been renamed to list-peers to avoid confusion. FEATURES: * Kerberos Authentication: Vault now supports Kerberos authentication using a SPNEGO token. Login can be performed using the Vault CLI, API, or agent. * Kubernetes Service Discovery: A new Kubernetes service discovery feature where, if configured, Vault will tag Vault pods with their current health status. For more, see #8249. * MongoDB Atlas Secrets: Vault can now generate dynamic credentials for both MongoDB Atlas databases as well as the Atlas programmatic interface. * OpenLDAP Secrets Engine: We now support password management of existing OpenLDAP user entries. For more, see #8360. * Redshift Database Secrets Engine: The database secrets engine now supports static and dynamic secrets for the Amazon Web Services (AWS) Redshift service. * Service Registration Config: A newly introduced service_registration configuration stanza, that allows for service registration to be configured separately from the storage backend. For more, see #7887. * Transform Secrets Engine (Enterprise): A new secrets engine that handles secure data transformation and tokenization against provided input value. * Integrated Storage: Promoted out of beta and into general availability for both open-source and enterprise workloads. IMPROVEMENTS: * agent: add option to force the use of the auth-auth token, and ignore the Vault token in the request [GH-8101] * api: Restore and fix DNS SRV Lookup [GH-8520] * audit: HMAC http_raw_body in audit log; this ensures that large authenticated Prometheus metrics responses get replaced with short HMAC values [GH-8130] * audit: Generate-root, generate-recovery-token, and generate-dr-operation-token requests and responses are now audited. [GH-8301] * auth/aws: Reduce the number of simultaneous STS client credentials needed [GH-8161] * auth/azure: subscription ID, resource group, vm and vmss names are now stored in alias metadata [GH-30] * auth/jwt: Additional OIDC callback parameters available for CLI logins [GH-80 & GH-86] * auth/jwt: Bound claims may be optionally configured using globs [GH-89] * auth/jwt: Timeout during OIDC CLI login if process doesn't complete within 2 minutes [GH-97] * auth/jwt: Add support for the form_post response mode [GH-98] * auth/jwt: add optional client_nonce to authorization flow [GH-104] * auth/okta: Upgrade okta sdk lib, which should improve handling of groups [GH-8143] * aws: Add support for v2 of the instance metadata service (see issue 7924 for all linked PRs) * core: Separate out service discovery interface from storage interface to allow new types of service discovery not coupled to storage [GH-7887] * core: Add support for telemetry option metrics_prefix [GH-8340] * core: Entropy Augmentation can now be used with AWS KMS and Vault Transit seals * core: Allow tls_min_version to be set to TLS 1.3 [GH-8305] * cli: Incorrect TLS configuration will now correctly fail [GH-8025] * identity: Allow specifying a custom client_id for identity tokens [GH-8165] * metrics/prometheus: improve performance with high volume of metrics updates [GH-8507] * replication (enterprise): Fix race condition causing clusters with high throughput writes to sometimes fail to enter streaming-wal mode * replication (enterprise): Secondary clusters can now perform an extra gRPC call to all nodes in a primary cluster in an attempt to resolve the active node's address * replication (enterprise): The replication status API now outputs last_performance_wal, last_dr_wal, and connection_state values * replication (enterprise): DR secondary clusters can now be recovered by the replication/dr/secondary/recover API * replication (enterprise): We now allow for an alternate means to create a Disaster Recovery token, by using a batch token that is created with an ACL that allows for access to one or more of the DR endpoints. * secrets/database/mongodb: Switched internal MongoDB driver to mongo-driver [GH-8140] * secrets/database/mongodb: Add support for x509 client authorization to MongoDB [GH-8329] * secrets/database/oracle: Add support for static credential rotation [GH-26] * secrets/consul: Add support to specify TLS options per Consul backend [GH-4800] * secrets/gcp: Allow specifying the TTL for a service key [GH-54] * secrets/gcp: Add support for rotating root keys [GH-53] * secrets/gcp: Handle version 3 policies for Resource Manager IAM requests [GH-77] * secrets/nomad: Add support to specify TLS options per Nomad backend [GH-8083] * secrets/ssh: Allowed users can now be templated with identity information [GH-7548] * secrets/transit: Adding RSA3072 key support [GH-8151] * storage/consul: Vault returns now a more descriptive error message when only a client cert or a client key has been provided [GH-4930] * storage/raft: Nodes in the raft cluster can all be given possible leader addresses for them to continuously try and join one of them, thus automating the process of join to a greater extent [GH-7856] * storage/raft: Fix a potential deadlock that could occur on leadership transition [GH-8547] * storage/raft: Refresh TLS keyring on snapshot restore [GH-8546] * storage/etcd: Bumped etcd client API SDK [GH-7931 & GH-4961 & GH-4349 & GH-7582] * ui: Make Transit Key actions more prominent [GH-8304] * ui: Add Core Usage Metrics [GH-8347] * ui: Add refresh Namespace list on the Namespace dropdown, and redesign of Namespace dropdown menu [GH-8442] * ui: Update transit actions to codeblocks & automatically encode plaintext unless indicated [GH-8462] * ui: Display the results of transit key actions in a modal window [GH-8462] * ui: Transit key version styling updates & ability to copy key from dropdown [GH-8480] BUG FIXES: * agent: Fix issue where TLS options are ignored for agent template feature [GH-7889] * auth/jwt: Use lower case role names for default_role to match the role case convention [GH-100] * auth/ldap: Fix a bug where the UPNDOMAIN parameter was wrongly used to lookup the group membership of the given user [GH-6325] * cli: Support autocompletion for nested mounts [GH-8303] * cli: Fix CLI namespace autocompletion [GH-8315] * identity: Fix incorrect caching of identity token JWKS responses [GH-8412] * metrics/stackdriver: Fix issue that prevents the stackdriver metrics library to create unnecessary stackdriver descriptors [GH-8073] * replication: Fix issue causing cubbyholes in namespaces on performance secondaries to not work. * seal (enterprise): Fix seal migration when transactional seal wrap backend is in use. * secrets/database/influxdb: Fix potential panic if connection to the InfluxDB database cannot be established [GH-8282] * secrets/database/mysql: Ensures default static credential rotation statements are used [GH-8240] * secrets/database/mysql: Fix inconsistent query parameter names: {{name}} or {{username}} for different queries. Now it allows for either for backwards compatibility [GH-8240] * secrets/database/postgres: Fix inconsistent query parameter names: {{name}} or {{username}} for different queries. Now it allows for either for backwards compatibility [GH-8240] * secrets/pki: Support FQDNs in DNS Name [GH-8288] * storage/raft: Allow seal migration to be performed on Vault clusters using raft storage [GH-8103] * telemetry: Prometheus requests on standby nodes will now return an error instead of forwarding the request to the active node [GH-8280] * ui: Fix broken popup menu on the transit secrets list page [GH-8348] * ui: Update headless Chrome flag to fix yarn run test:oss [GH-8035] * ui: Update CLI to accept empty strings as param value to reset previously-set values * ui: Fix bug where error states don't clear when moving between action tabs on Transit [GH-8354]
This commit is contained in:
parent
4dfc7d31be
commit
9e849789c4
|
@ -1,6 +1,6 @@
|
|||
# $NetBSD$
|
||||
|
||||
DISTNAME= vault-1.3.4
|
||||
DISTNAME= vault-1.4.0
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= ${MASTER_SITE_GITHUB:=hashicorp/}
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
$NetBSD$
|
||||
|
||||
SHA1 (vault-1.3.4.tar.gz) = 6f9afae2d5b6a462d3021dee6ab226143aa92b23
|
||||
RMD160 (vault-1.3.4.tar.gz) = 1910fae1d6b003d88de536d103a24f00adbcb007
|
||||
SHA512 (vault-1.3.4.tar.gz) = efae914ef76fb314d4652246fab468970f7b57d66af38453e3a0c74444f1879d049811cc09b7e059e1d9ea2b82c0b71de81cf54dce51778c8300247157d9a7c2
|
||||
Size (vault-1.3.4.tar.gz) = 31120568 bytes
|
||||
SHA1 (vault-1.4.0.tar.gz) = bf0826b737fc1c829ff76fbbf7aa98fe7b75d5cc
|
||||
RMD160 (vault-1.4.0.tar.gz) = de972aef35a0500aa69f4c277e83c1baec0be67d
|
||||
SHA512 (vault-1.4.0.tar.gz) = 13c1fb901fe577d91f2734f8a0ae5e51083e1307e7fc32a4388a1be48f2c46cd3d121432fa7450d6f9b439285d3ad5819b123631f41bb347e8d75ce683d24a7e
|
||||
Size (vault-1.4.0.tar.gz) = 33097110 bytes
|
||||
SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_system_stat__netbsd.go) = 723ce00bc56771008074e5d77efd465501fda2bb
|
||||
SHA1 (patch-vendor_github.com_ory_dockertest_docker_pkg_term_termios__bsd.go) = 9696daf0158de14d8756748b0dc5398be9ff64f4
|
||||
|
|
Loading…
Reference in New Issue