v1.9.3
1.9.3
January 27, 2022
IMPROVEMENTS:
- auth/kubernetes: Added support for dynamically reloading short-lived tokens for better Kubernetes 1.21+ compatibility [GH-13698]
- auth/ldap: Add username to alias metadata [GH-13669]
- core/identity: Support updating an alias'
custom_metadata
to be empty. [GH-13395] - core: Fixes code scanning alerts [GH-13667]
- http (enterprise): Serve /sys/license/status endpoint within namespaces
BUG FIXES:
- auth/oidc: Fixes OIDC auth from the Vault UI when using the implicit flow and
form_post
response mode. [GH-13492] - cli: Fix using kv patch with older server versions that don't support HTTP PATCH. [GH-13615]
- core (enterprise): Workaround AWS CloudHSM v5 SDK issue not allowing read-only sessions
- core/identity: Address a data race condition between local updates to aliases and invalidations [GH-13476]
- core: add support for go-sockaddr templates in the top-level cluster_addr field [GH-13678]
- identity/oidc: Check for a nil signing key on rotation to prevent panics. [GH-13716]
- kmip (enterprise): Fix locate by name operations fail to find key after a rekey operation.
- secrets/database/mssql: Accept a boolean for
contained_db
, rather than just a string. [GH-13469] - secrets/gcp: Fixes role bindings for BigQuery dataset resources. [GH-13548]
- secrets/pki: Fix regression causing performance secondaries to forward certificate generation to the primary. [GH-13759]
- storage/raft: On linux, use map_populate for bolt files to improve startup time. [GH-13573]
- storage/raft: Units for bolt metrics now given in milliseconds instead of nanoseconds [GH-13749]
- ui: Fixes breadcrumb bug for secrets navigation [GH-13604]
- ui: Fixes issue saving KMIP role correctly [GH-13585]