summaryrefslogtreecommitdiff
path: root/security/pks
diff options
context:
space:
mode:
authorfhajny <fhajny@pkgsrc.org>2017-03-20 15:15:28 +0000
committerfhajny <fhajny@pkgsrc.org>2017-03-20 15:15:28 +0000
commit7d87d7e175429f965ad3c296af51022952dacf5d (patch)
tree9c71735423917bd55c6cb4da5368d8da721245ec /security/pks
parentdbdc769e9a2450eed277ca7322cc55093f675720 (diff)
downloadpkgsrc-7d87d7e175429f965ad3c296af51022952dacf5d.tar.gz
Update security/vault to 0.7.0.
SECURITY: * Common name not being validated when `exclude_cn_from_sans` option used in `pki` backend DEPRECATIONS/CHANGES: * List Operations Always Use Trailing Slash * PKI Defaults to Unleased Certificates FEATURES: * Replication (Enterprise) * Response Wrapping & Replication in the Vault Enterprise UI * Expanded Access Control Policies * SSH Backend As Certificate Authority IMPROVEMENTS: * api/request: Passing username and password information in API request * audit: Logging the token's use count with authentication response and logging the remaining uses of the client token with request * auth/approle: Support for restricting the number of uses on the tokens issued * auth/aws-ec2: AWS EC2 auth backend now supports constraints for VPC ID, Subnet ID and Region * auth/ldap: Use the value of the `LOGNAME` or `USER` env vars for the username if not explicitly set on the command line when authenticating * audit: Support adding a configurable prefix (such as `@cee`) before each line * core: Canonicalize list operations to use a trailing slash * core: Add option to disable caching on a per-mount level * core: Add ability to require valid client certs in listener config * physical/dynamodb: Implement a session timeout to avoid having to use recovery mode in the case of an unclean shutdown, which makes HA much safer * secret/pki: O (Organization) values can now be set to role-defined values for issued/signed certificates * secret/pki: Certificates issued/signed from PKI backend do not generate leases by default * secret/pki: When using DER format, still return the private key type * secret/pki: Add an intermediate to the CA chain even if it lacks an authority key ID * secret/pki: Add role option to use CSR SANs * secret/ssh: SSH backend as CA to sign user and host certificates * secret/ssh: Support reading of SSH CA public key from `config/ca` endpoint and also return it when CA key pair is generated BUG FIXES: * audit: When auditing headers use case-insensitive comparisons * auth/aws-ec2: Return role period in seconds and not nanoseconds * auth/okta: Fix panic if user had no local groups and/or policies set * command/server: Fix parsing of redirect address when port is not mentioned * physical/postgresql: Fix listing returning incorrect results if there were multiple levels of children Full changelog: https://github.com/hashicorp/vault/blob/v0.7.0/CHANGELOG.md
Diffstat (limited to 'security/pks')
0 files changed, 0 insertions, 0 deletions