From 27f008bd3fa7e75242e6275b7970e967c9a2e1b0 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Wed, 14 Nov 2018 12:55:31 -0600
Subject: [PATCH] Add check to protect against accidental version downgrade

---
 vault/logical_system.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/vault/logical_system.go b/vault/logical_system.go
index 2ea39bfd8018..a711fe85ced4 100644
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@@ -63,6 +63,7 @@ func systemBackendMemDBSchema() *memdb.DBSchema {
 	return systemSchema
 }
 
+// NewSystemBackend makes a new sys backend
 func NewSystemBackend(core *Core, logger log.Logger) *SystemBackend {
 	db, _ := memdb.NewMemDB(systemBackendMemDBSchema())
 
@@ -1342,6 +1343,16 @@ func (b *SystemBackend) handleTuneWriteCommon(ctx context.Context, path string,
 				resp = &logical.Response{}
 				resp.AddWarning(fmt.Sprintf("Upgrading mount from version %d to version %d. This mount will be unavailable for a brief period and will resume service shortly.", meVersion, optVersion))
 			}
+		} else {
+			// if version is not included in the
+			// options, and is present in the current
+			// mountEntry's options, copy it's value
+			// to the new options map to protect
+			// against accidental version downgrades
+			if vers, ok := mountEntry.Options["version"]; ok {
+				options["version"] = vers
+				numBuiltIn++
+			}
 		}
 		if options != nil {
 			// For anything we don't recognize and provide special handling,