Skip to content

chore(deps): update dependency hashicorp/vault to v1.15.4

Renovate Bot requested to merge renovate/hashicorp-vault-1.x into master

This MR contains the following updates:

Package Update Change
hashicorp/vault patch v1.15.2 -> v1.15.4

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

hashicorp/vault (hashicorp/vault)

v1.15.4

Compare Source

1.15.4

SECURITY:

  • core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. Upgrading is strongly recommended.(see CVE-2023-6337 & HCSEC-2023-34)

CHANGES:

  • identity (enterprise): POST requests to the /identity/entity/merge endpoint are now always forwarded from standbys to the active node. [GH-24325]

BUG FIXES:

  • agent/logging: Agent should now honor correct -log-format and -log-file settings in logs generated by the consul-template library. [GH-24252]
  • api: Fix deadlock on calls to sys/leader with a namespace configured on the request. [GH-24256]
  • core: Fix a timeout initializing Vault by only using a short timeout persisting barrier keyring encryption counts. [GH-24336]
  • ui: Correctly handle directory redirects from pre 1.15.0 Kv v2 list view urls. [GH-24281]
  • ui: Fix payload sent when disabling replication [GH-24292]
  • ui: When Kv v2 secret is an object, fix so details view defaults to readOnly JSON editor. [GH-24290]

v1.15.3

Compare Source

1.15.3

November 30, 2023

CHANGES:

  • core: Bump Go version to 1.21.4.

IMPROVEMENTS:

  • core (enterprise): Speed up unseal when using namespaces
  • core: update sys/seal-status (and CLI vault status) to report the type of the seal when unsealed, as well as the type of the recovery seal if an auto-seal. [GH-23022]
  • secrets/pki: do not check TLS validity on ACME requests redirected to https [GH-22521]
  • ui: Sort list view of entities and aliases alphabetically using the item name [GH-24103]
  • ui: capabilities-self is always called in the user's root namespace [GH-24168]

BUG FIXES:

  • activity log (enterprise): De-duplicate client count estimates for license utilization reporting.
  • auth/cert: Handle errors related to expired OCSP server responses [GH-24193]
  • core (Enterprise): Treat multiple disabled HA seals as a migration to Shamir.
  • core/audit: Audit logging a Vault response will now use a 5 second context timeout, separate from the original request. [GH-24238]
  • core/config: Use correct HCL config value when configuring log_requests_level. [GH-24059]
  • core/quotas: Close rate-limit blocked client purge goroutines when sealing [GH-24108]
  • core: Fix an error that resulted in the wrong seal type being returned by sys/seal-status while Vault is in seal migration mode. [GH-24165]
  • replication (enterprise): disallow configuring paths filter for a mount path that does not exist
  • secrets-sync (enterprise): Fix panic when setting usage_gauge_period to none
  • secrets/pki: Do not set nextUpdate field in OCSP responses when ocsp_expiry is 0 [GH-24192]
  • secrets/transit: Fix a panic when attempting to export a public RSA key [GH-24054]
  • ui: Fix JSON editor in KV V2 unable to handle pasted values [GH-24224]
  • ui: Fix error when tuning token auth configuration within namespace [GH-24147]
  • ui: show error from API when seal fails [GH-23921]

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports