diff options
| author | fhajny <fhajny@pkgsrc.org> | 2018-10-07 20:19:38 +0000 |
|---|---|---|
| committer | fhajny <fhajny@pkgsrc.org> | 2018-10-07 20:19:38 +0000 |
| commit | 3add68bcd4f5d568ac5e5f8366c35aceeb19b452 (patch) | |
| tree | 23ca30fed4f6f8b0151d88d789ee7baee66495a2 /devel/go-nitro | |
| parent | acf32b6afbc98def43cbd387ea666b4cdd3a2a0c (diff) | |
| download | pkgsrc-3add68bcd4f5d568ac5e5f8366c35aceeb19b452.tar.gz | |
## 0.11.2 (October 2nd, 2018)
CHANGES:
- `sys/seal-status` now includes an `initialized` boolean in the
output. If Vault is not initialized, it will return a `200` with
this value set `false` instead of a `400`.
- `passthrough_request_headers` will now deny certain headers from
being provided to backends based on a global denylist.
FEATURES:
- AWS Secret Engine Root Credential Rotation: The credential used by
the AWS secret engine can now be rotated, to ensure that only Vault
knows the credentials it is using.
- Storage Backend Migrator: A new `operator migrate` command allows
offline migration of data between two storage backends.
- AliCloud KMS Auto Unseal and Seal Wrap Support (Enterprise):
AliCloud KMS can now be used a support seal for Auto Unseal and
Seal Wrapping.
BUG FIXES:
- auth/okta: Fix reading deprecated `token` parameter if a token was
previously set in the configuration
- core: Re-add deprecated capabilities information for now
- core: Fix handling of cyclic token relationships
- storage/mysql: Fix locking on MariaDB
- replication: Fix DR API when using a token
- identity: Ensure old group alias is removed when a new one is
written
- storage/alicloud: Don't call uname on package init
- secrets/jwt: Fix issue where request context would be canceled too
early
- ui: fix need to have update for aws iam creds generation
- ui: fix calculation of token expiry
IMPROVEMENTS:
- auth/aws: The identity alias name can now configured to be either
IAM unique ID of the IAM Principal, or ARN of the caller identity
- auth/cert: Add allowed_organizational_units support
- cli: Format TTLs for non-secret responses
- identity: Support operating on entities and groups by their names
- plugins: Add `env` parameter when registering plugins to the catalog
to allow operators to include environment variables during plugin
execution.
- secrets/aws: WAL Rollback improvements
- secrets/aws: Allow specifying STS role-default TTLs
- secrets/pki: Add configuration support for setting NotBefore
- core: Support for passing the Vault token via an Authorization
Bearer header
- replication: Reindex process now runs in the background and does not
block other vault operations
- storage/zookeeper: Enable TLS based communication with Zookeeper
- ui: you can now init a cluster with a seal config
- ui: added the option to force promote replication clusters
- replication: Allow promotion of a secondary when data is syncing
with a "force" flag
Diffstat (limited to 'devel/go-nitro')
0 files changed, 0 insertions, 0 deletions