59d3e10dcf
SECURITY: * When deleting a namespace on Vault Enterprise, in certain circumstances, the deletion process will fail to revoke dynamic secrets for a mount in that namespace. This will leave any dynamic secrets in remote systems alive and will fail to clean them up. This vulnerability, CVE-2020-7220, affects Vault Enterprise 0.11.0 and newer. IMPROVEMENTS: * auth/aws: Add aws metadata to identity alias [GH-7975] * auth/kubernetes: Allow both names and namespaces to be set to "*" [GH-78] BUG FIXES: * auth/azure: Fix Azure compute client to use correct base URL [AZURE-27] * auth/ldap: Fix renewal of tokens without cofigured policies that are generated by an LDAP login [GH-8072] * auth/okta: Fix renewal of tokens without configured policies that are generated by an Okta login [GH-8072] * core: Fix seal migration error when attempting to migrate from auto unseal to shamir [GH-8172] * core: Fix seal migration config issue when migrating from auto unseal to auto unseal [GH-8172] * plugin: Fix issue where a plugin unwrap request potentially used an expired token [GH-8058] * replication: Fix issue where a forwarded request from a performance/standby node could run into a timeout * secrets/database: Fix issue where a manual static role rotation could potentially panic [GH-8098] * secrets/database: Fix issue where a manual root credential rotation request is not forwarded to the primary node [GH-8125] * secrets/database: Fix issue where a manual static role rotation request is not forwarded to the primary node [GH-8126] * secrets/database/mysql: Fix issue where special characters for a MySQL password were encoded [GH-8040] * ui: Fix deleting namespaces [GH-8132] * ui: Fix Error handler on kv-secret edit and kv-secret view pages [GH-8133] * ui: Fix OIDC callback to check storage [GH-7929]. * ui: Change .box-radio height to min-height to prevent overflow issues [GH-8065] |
||
|---|---|---|
| .. | ||
| patches | ||
| DESCR | ||
| Makefile | ||
| PLIST | ||
| distinfo | ||