$npx -y @buildinternet/releases show rel_VO7a_qGQBW_v7zvBT1CTE
July 25, 2023
CHANGES:
auth/ldap: Normalize HTTP response codes when invalid credentials are provided [GH-21282]
core/namespace (enterprise): Introduce the concept of high-privilege namespace (administrative namespace),
which will have access to some system backend paths that were previously only accessible in the root namespace. [GH-21215]
secrets/transform (enterprise): Enforce a transformation role's max_ttl setting on encode requests, a warning will be returned if max_ttl was applied.
IMPROVEMENTS:
core/fips: Add RPM, DEB packages of FIPS 140-2 and HSM+FIPS 140-2 Vault Enterprise.
core: Add a new periodic metric to track the number of available policies, vault.policy.configured.count. [GH-21010]
replication (enterprise): Avoid logging warning if request is forwarded from a performance standby and not a performance secondary
secrets/transform (enterprise): Switch to pgx PostgreSQL driver for better timeout handling
sys/metrics (enterprise): Adds a gauge metric that tracks whether enterprise builtin secret plugins are enabled. [GH-21681]
BUG FIXES:
auth/azure: Fix intermittent 401s by preventing performance secondary clusters from rotating root credentials. [GH-21799]
core: Fixed an instance where incorrect route entries would get tainted. We now pre-calculate namespace specific paths to avoid this. [GH-24170]
identity: Remove caseSensitivityKey to prevent errors while loading groups which could result in missing groups in memDB when duplicates are found. [GH-20965]
replication (enterprise): update primary cluster address after DR failover
secrets/azure: Fix intermittent 401s by preventing performance secondary clusters from rotating root credentials. [GH-21632]
secrets/pki: Prevent deleted issuers from reappearing when migrating from a version 1 bundle to a version 2 bundle (versions including 1.13.0, 1.12.2, and 1.11.6); when managed keys were removed but referenced in the Vault 1.10 legacy CA bundle, this the error: no managed key found with uuid. [GH-21316]
secrets/pki: Support setting both maintain_stored_certificate_counts=false and publish_stored_certificate_count_metrics=false explicitly in tidy config. [GH-20664]
secrets/transform (enterprise): Fix nil panic when deleting a template with tokenization transformations present
secrets/transform (enterprise): Grab shared locks for various read operations, only escalating to write locks if work is required
serviceregistration: Fix bug where multiple nodes in a secondary cluster could be labelled active after updating the cluster's primary [GH-21642]
ui: Fixed an issue where editing an SSH role would clear default_critical_options and default_extension if left unchanged. [GH-21739]
ui: Surface DOMException error when browser settings prevent localStorage. [GH-21503]