Skip to content

chore(deps): update dependency hashicorp/vault to v1.18.3

WALL-E requested to merge renovate/hashicorp-vault-1.x into master

This MR contains the following updates:

Package Update Change
hashicorp/vault patch v1.18.0 -> v1.18.3

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

hashicorp/vault (hashicorp/vault)

v1.18.3

Compare Source

1.18.3

December 18, 2024

CHANGES:

  • secrets/openldap: Update plugin to v0.14.4 [GH-29131]
  • secrets/pki: Enforce the issuer constraint extensions (extended key usage, name constraints, issuer name) when issuing or signing leaf certificates. For more information see PKI considerations [GH-29045]

IMPROVEMENTS:

  • auth/okta: update to okta sdk v5 from v2. Transitively updates go-jose dependency to >=3.0.3 to resolve GO-2024-2631. See https://github.com/okta/okta-sdk-golang/blob/master/MIGRATING.md for details on changes. [GH-28121]
  • core: Added new enable_post_unseal_trace and post_unseal_trace_directory config options to generate Go traces during the post-unseal step for debug purposes. [GH-28895]
  • sdk: Add Vault build date to system view plugin environment response [GH-29082]
  • ui: Replace KVv2 json secret details view with Hds::CodeBlock component allowing users to search the full secret height. [GH-28808]

BUG FIXES:

  • autosnapshots (enterprise): Fix an issue where snapshot size metrics were not reported for cloud-based storage.
  • core/metrics: Fix unlocked mounts read for usage reporting. [GH-29091]
  • core/seal (enterprise): Fix problem with nodes unable to join Raft clusters with Seal High Availability enabled. [GH-29117]
  • core: fix bug in seal unwrapper that caused high storage latency in Vault CE. For every storage read request, the seal unwrapper was performing the read twice, and would also issue an unnecessary storage write. [GH-29050]
  • secret/db: Update static role rotation to generate a new password after 2 failed attempts. [GH-28989]
  • ui: Allow users to search the full json object within the json code-editor edit/create view. [GH-28808]
  • ui: Decode connection_url to fix database connection updates (i.e. editing connection config, deleting roles) failing when urls include template variables. [GH-29114]
  • vault/diagnose: Fix time to expiration reporting within the TLS verification to not be a month off. [GH-29128]

v1.18.2

Compare Source

1.18.2

November 21, 2024

SECURITY:

  • raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e

CHANGES:

  • auth/azure: Update plugin to v0.19.2 [GH-28848]
  • core/ha (enterprise): Failed attempts to become a performance standby node are now using an exponential backoff instead of a 10 second delay in between retries. The backoff starts at 2s and increases by a factor of two until reaching the maximum of 16s. This should make unsealing of the node faster in some cases.
  • login (enterprise): Return a 500 error during logins when performance standby nodes make failed gRPC requests to the active node. [GH-28807]

FEATURES:

  • Product Usage Reporting: Added product usage reporting, which collects anonymous, numerical, non-sensitive data about Vault secrets usage, and adds it to the existing utilization reports. See the [docs] for more info [GH-28858]

IMPROVEMENTS:

  • secret/pki: Introduce a new value always_enforce_err within leaf_not_after_behavior to force the error in all circumstances such as CA issuance and ACME requests if requested TTL values are beyond the issuer's NotAfter. [GH-28907]
  • secrets-sync (enterprise): No longer attempt to unsync a random UUID secret name in GCP upon destination creation.
  • ui: Adds navigation for LDAP hierarchical roles [GH-28824]
  • website/docs: changed outdated reference to consul-helm repository to consul-k8s repository. [GH-28825]

BUG FIXES:

  • auth/ldap: Fixed an issue where debug level logging was not emitted. [GH-28881]
  • core: Improved an internal helper function that sanitizes paths by adding a check for leading backslashes in addition to the existing check for leading slashes. [GH-28878]
  • secret/pki: Fix a bug that prevents PKI issuer field enable_aia_url_templating to be set to false. [GH-28832]
  • secrets-sync (enterprise): Fixed issue where secret-key granularity destinations could sometimes cause a panic when loading a sync status.
  • secrets/aws: Fix issue with static credentials not rotating after restart or leadership change. [GH-28775]
  • secrets/ssh: Return the flag allow_empty_principals in the read role api when key_type is "ca" [GH-28901]
  • secrets/transform (enterprise): Fix nil panic when accessing a partially setup database store.
  • secrets/transit: Fix a race in which responses from the key update api could contain results from another subsequent update [GH-28839]
  • ui: Fixes rendering issues of LDAP dynamic and static roles with the same name [GH-28824]

v1.18.1

Compare Source

1.18.1

October 30, 2024

CHANGES:

  • auth/azure: Update plugin to v0.19.1 [GH-28712]
  • secrets/azure: Update plugin to v0.20.1 [GH-28699]
  • secrets/openldap: Update plugin to v0.14.1 [GH-28479]
  • secrets/openldap: Update plugin to v0.14.2 [GH-28704]
  • secrets/openldap: Update plugin to v0.14.3 [GH-28780]

IMPROVEMENTS:

  • core: Add a mount tuneable that trims trailing slashes of request paths during POST. Needed to support CMPv2 in PKI. [GH-28752]
  • raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241003195753-88fef418d705
  • ui: Add button to copy secret path in kv v1 and v2 secrets engines [GH-28629]
  • ui: Adds copy button to identity entity, alias and mfa method IDs [GH-28742]

BUG FIXES:

  • agent: Fix chown error running agent on Windows with an auto-auth file sinks. [GH-28748]
  • audit: Prevent users from enabling multiple audit devices of file type with the same file_path to write to. [GH-28751]
  • cli: Fixed a CLI precedence issue where -agent-address didn't override VAULT_AGENT_ADDR as it should [GH-28574]
  • core/seal (enterprise): Fix bug that caused seal generation information to be replicated, which prevented disaster recovery and performance replication clusters from using their own seal high-availability configuration.
  • core/seal: Fix an issue that could cause reading from sys/seal-backend-status to return stale information. [GH-28631]
  • core: Fixed panic seen when performing help requests without /v1/ in the URL. [GH-28669]
  • kmip (enterprise): Use the default KMIP port for IPv6 addresses missing a port, for the listen_addrs configuration field, in order to match the existing IPv4 behavior
  • namespaces (enterprise): Fix issue where namespace patch requests to a performance secondary would not patch the namespace's metadata.
  • proxy: Fix chown error running proxy on Windows with an auto-auth file sink. [GH-28748]
  • secrets/pki: Address issue with ACME HTTP-01 challenges failing for IPv6 IPs due to improperly formatted URLs [GH-28718]
  • ui: No longer running decodeURIComponent on KVv2 list view allowing percent encoded data-octets in path name. [GH-28698]

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by WALL-E

Merge request reports