Skip to content

v1.14.6

Compare
Choose a tag to compare
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering released this 08 Nov 19:39
5efc0cb

1.14.6

November 09, 2023

SECURITY:

  • core: inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. This vulnerability, CVE-2023-5954, was introduced in Vault 1.15.0, 1.14.3, and 1.13.7, and is fixed in Vault 1.15.2, 1.14.6, and 1.13.10. [HSEC-2023-33]

CHANGES:

  • auth/approle: Normalized error response messages when invalid credentials are provided [GH-23786]
  • secrets/mongodbatlas: Update plugin to v0.10.2 [GH-23849]

FEATURES:

  • cli/snapshot: Add CLI tool to inspect Vault snapshots [GH-23457]

IMPROVEMENTS:

  • storage/etcd: etcd should only return keys when calling List() [GH-23872]

BUG FIXES:

  • api/seal-status: Fix deadlock on calls to sys/seal-status with a namespace configured
    on the request. [GH-23861]
  • core (enterprise): Do not return an internal error when token policy type lookup fails, log it instead and continue.
  • core/activity: Fixes segments fragment loss due to exceeding entry record size limit [GH-23781]
  • core/mounts: Fix reading an "auth" mount using "sys/internal/ui/mounts/" when filter paths are enforced returns 500 error code from the secondary [GH-23802]
  • core: Revert PR causing memory consumption bug [GH-23986]
  • core: Skip unnecessary deriving of policies during Login MFA Check. [GH-23894]
  • core: fix bug where deadlock detection was always on for expiration and quotas.
    These can now be configured individually with detect_deadlocks. [GH-23902]
  • core: fix policies with wildcards not matching list operations due to the policy path not having a trailing slash [GH-23874]
  • expiration: Fix fatal error "concurrent map iteration and map write" when collecting metrics from leases. [GH-24027]