ecba82a71a
SECURITY: - default Policy Privilege Escalation: If a parent token did not have the default policy attached to its token, it could still create children with the default policy. This is no longer allowed (unless the parent has sudo capability for the creation path). In most cases this is low severity since the access grants in the default policy are meant to be access grants that are acceptable for all tokens to have. - Leases Not Expired When Limited Use Token Runs Out of Uses: When using limited-use tokens to create leased secrets, if the limited-use token was revoked due to running out of uses (rather than due to TTL expiration or explicit revocation) it would fail to revoke the leased secrets. These secrets would still be revoked when their TTL expired, limiting the severity of this issue. An endpoint has been added (auth/token/tidy) that can perform housekeeping tasks on the token store; one of its tasks can detect this situation and revoke the associated leases. FEATURES: - Policy UI (Enterprise): Vault Enterprise UI now supports viewing, creating, and editing policies. IMPROVEMENTS: - http: Vault now sets a no-store cache control header to make it more secure in setups that are not end-to-end encrypted BUG FIXES: - auth/ldap: Don't panic if dialing returns an error and starttls is enabled; instead, return the error - ui (Enterprise): Submitting an unseal key now properly resets the form so a browser refresh isn't required to continue. 0.6.3 (December 6, 2016) DEPRECATIONS/CHANGES: - Request size limitation: A maximum request size of 32MB is imposed to prevent a denial of service attack with arbitrarily large requests - LDAP denies passwordless binds by default: In new LDAP mounts, or when existing LDAP mounts are rewritten, passwordless binds will be denied by default. The new deny_null_bind parameter can be set to false to allow these. - Any audit backend activated satisfies conditions: Previously, when a new Vault node was taking over service in an HA cluster, all audit backends were required to be loaded successfully to take over active duty. This behavior now matches the behavior of the audit logging system itself: at least one audit backend must successfully be loaded. The server log contains an error when this occurs. This helps keep a Vault HA cluster working when there is a misconfiguration on a standby node. FEATURES: - Web UI (Enterprise): Vault Enterprise now contains a built-in web UI that offers access to a number of features, including init/unsealing/sealing, authentication via userpass or LDAP, and K/V reading/writing. The capability set of the UI will be expanding rapidly in further releases. To enable it, set ui = true in the top level of Vault's configuration file and point a web browser at your Vault address. - Google Cloud Storage Physical Backend: You can now use GCS for storing Vault data IMPROVEMENTS: - auth/github: Policies can now be assigned to users as well as to teams - cli: Set the number of retries on 500 down to 0 by default (no retrying). It can be very confusing to users when there is a pause while the retries happen if they haven't explicitly set it. With request forwarding the need for this is lessened anyways. - core: Response wrapping is now allowed to be specified by backend responses (requires backends gaining support) - physical/consul: When announcing service, use the scheme of the Vault server rather than the Consul client - secret/consul: Added listing functionality to roles - secret/postgresql: Added revocation_sql parameter on the role endpoint to enable customization of user revocation SQL statements - secret/transit: Add listing of keys BUG FIXES: - api/unwrap, command/unwrap: Increase compatibility of unwrap command with Vault 0.6.1 and older - api/unwrap, command/unwrap: Fix error when no client token exists - auth/approle: Creating the index for the role_id properly - auth/aws-ec2: Handle the case of multiple upgrade attempts when setting the instance-profile ARN - auth/ldap: Avoid leaking connections on login - command/path-help: Use the actual error generated by Vault rather than always using 500 when there is a path help error - command/ssh: Use temporary file for identity and ensure its deletion before the command returns - cli: Fix error printing values with -field if the values contained formatting directives - command/server: Don't say mlock is supported on OSX when it isn't. - core: Fix bug where a failure to come up as active node (e.g. if an audit backend failed) could lead to deadlock - physical/mysql: Fix potential crash during setup due to a query failure - secret/consul: Fix panic on user error |
||
---|---|---|
.. | ||
DESCR | ||
distinfo | ||
Makefile | ||
PLIST |