Skip to content

v1.15.4

Compare
Choose a tag to compare
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering released this 05 Dec 20:48
9b61934

1.15.4

SECURITY:

  • core: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. Upgrading is strongly recommended.(see CVE-2023-6337 & HCSEC-2023-34)

CHANGES:

  • identity (enterprise): POST requests to the /identity/entity/merge endpoint are now always forwarded from standbys to the active node. [GH-24325]

BUG FIXES:

  • agent/logging: Agent should now honor correct -log-format and -log-file settings in logs generated by the consul-template library. [GH-24252]
  • api: Fix deadlock on calls to sys/leader with a namespace configured on the request. [GH-24256]
  • core: Fix a timeout initializing Vault by only using a short timeout persisting barrier keyring encryption counts. [GH-24336]
  • ui: Correctly handle directory redirects from pre 1.15.0 Kv v2 list view urls. [GH-24281]
  • ui: Fix payload sent when disabling replication [GH-24292]
  • ui: When Kv v2 secret is an object, fix so details view defaults to readOnly JSON editor. [GH-24290]