Skip to content

Commit

Permalink
Backport of Add upgrade note for #15108. into release/1.10.x (#15284)
Browse files Browse the repository at this point in the history
  • Loading branch information
hc-github-team-secure-vault-core authored May 4, 2022
1 parent dc487a1 commit 4afd420
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions website/content/docs/upgrading/upgrade-to-1.10.x.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -109,3 +109,16 @@ set to `unauth`.
There is a workaround for this error that will allow you to sign in to Vault using the OIDC
auth method. Select the "Other" tab instead of selecting the specific OIDC auth mount tab.
From there, select "OIDC" from the "Method" select box and proceed to sign in to Vault.

### Login MFA not enforced after restart

A serious bug was identified in the Login MFA feature introduced in 1.10.0:
[#15108](https://github.com/hashicorp/vault/issues/15108).
Upon restart, Vault is not populating its in-memory MFA data structures based
on what is found in storage. Although Vault is persisting to storage MFA methods
and login enforcement configs populated via /identity/mfa, they will effectively
disappear after the process is restarted.

We plan to issue a new 1.10.3 release to address this soon. We recommend delaying
any rollouts of Login MFA until that release.

0 comments on commit 4afd420

Please sign in to comment.