82a0ea5889
## 0.7.3 (June 7th, 2017) SECURITY: - Cert auth backend now checks validity of individual certificates - App-ID path salting was skipped in 0.7.1/0.7.2 DEPRECATIONS/CHANGES: - Step-Down is Forwarded FEATURES: - ed25519 Signing/Verification in Transit with Key Derivation - Key Version Specification for Encryption in Transit - Replication Primary Discovery (Enterprise) IMPROVEMENTS: - api/health: Add Sys().Health() - audit: Add auth information to requests that error out - command/auth: Add `-no-store` option that prevents the auth command from storing the returned token into the configured token helper - core/forwarding: Request forwarding now heartbeats to prevent unused connections from being terminated by firewalls or proxies - plugins/databases: Add MongoDB as an internal database plugin - storage/dynamodb: Add a method for checking the existence of children, speeding up deletion operations in the DynamoDB storage backend - storage/mysql: Add max_parallel parameter to MySQL backend - secret/databases: Support listing connections - secret/databases: Support custom renewal statements in Postgres database plugin - secret/databases: Use the role name as part of generated credentials - ui (Enterprise): Transit key and secret browsing UI handle large lists better - ui (Enterprise): root tokens are no longer persisted - ui (Enterprise): support for mounting Database and TOTP secret backends BUG FIXES: - auth/app-id: Fix regression causing loading of salts to be skipped - auth/aws: Improve EC2 describe instances performance - auth/aws: Fix lookup of some instance profile ARNs - auth/aws: Resolve ARNs to internal AWS IDs which makes lookup at various points (e.g. renewal time) more robust - auth/aws: Properly honor configured period when using IAM authentication - auth/aws: Check that a bound IAM principal is not empty (in the current state of the role) before requiring it match the previously authenticated client - auth/cert: Fix panic on renewal - auth/cert: Certificate verification for non-CA certs - core/acl: Prevent race condition when compiling ACLs in some scenarios - secret/database: Increase wrapping token TTL; in a loaded scenario it could be too short - secret/generic: Allow integers to be set as the value of `ttl` field as the documentation claims is supported - secret/ssh: Added host key callback to ssh client config - storage/s3: Avoid a panic when some bad data is returned - storage/dynamodb: Fix list functions working improperly on Windows - storage/file: Don't leak file descriptors in some error cases - storage/swift: Fix pre-v3 project/tenant name reading |
||
|---|---|---|
| .. | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||