v1.12.5
1.12.5
March 29, 2023
IMPROVEMENTS:
- auth/github: Allow for an optional Github auth token environment variable to make authenticated requests when fetching org id
website/docs: Add docs forVAULT_AUTH_CONFIG_GITHUB_TOKEN
environment variable when writing Github config [GH-19244] - core: Allow overriding gRPC connect timeout via VAULT_GRPC_MIN_CONNECT_TIMEOUT. This is an env var rather than a config setting because we don't expect this to ever be needed. It's being added as a last-ditch
option in case all else fails for some replication issues we may not have fully reproduced. [GH-19676] - core: validate name identifiers in mssql physical storage backend prior use [GH-19591]
BUG FIXES:
- cli: Fix vault read handling to return raw data as secret.Data when there is no top-level data object from api response. [GH-17913]
- core (enterprise): Attempt to reconnect to a PKCS#11 HSM if we retrieve a CKR_FUNCTION_FAILED error.
- core: Fixed issue with remounting mounts that have a non-trailing space in the 'to' or 'from' paths. [GH-19585]
- kmip (enterprise): Do not require attribute Cryptographic Usage Mask when registering Secret Data managed objects.
- kmip (enterprise): Fix a problem forwarding some requests to the active node.
- openapi: Fix logic for labeling unauthenticated/sudo paths. [GH-19600]
- secrets/ldap: Invalidates WAL entry for static role if
password_policy
has changed. [GH-19641] - secrets/transform (enterprise): Fix persistence problem with rotated tokenization key versions
- ui: fixes issue navigating back a level using the breadcrumb from secret metadata view [GH-19703]
- ui: pass encodeBase64 param to HMAC transit-key-actions. [GH-19429]
- ui: use URLSearchParams interface to capture namespace param from SSOs (ex. ADFS) with decoded state param in callback url [GH-19460]