Vault 1.0.1 已发布,更新内容如下:
安全:
Update version of Go to 1.11.3 to fix Go bug https://github.com/golang/go/issues/29233 which corresponds to CVE-2018-16875
Database user revocation: If a client has configured custom revocation statements for a role with a value of
"", that statement would be executed verbatim, resulting in a lack of actual revocation but success for the operation. Vault will now strip empty statements from any provided; as a result if an empty statement is provided, it will behave as if no statement is provided, falling back to the default revocation statement.
变更:
secret/database: On role read, empty statements will be returned as empty slices instead of potentially being returned as JSON null values. This makes it more in line with other parts of Vault and makes it easier for statically typed languages to interpret the values.
增强:
cli: Strip iTerm extra characters from password manager input [GH-5837]
core: Add operationId field to OpenAPI output [GH-5876]
ui: Added ability to search for Group and Policy IDs when creating Groups and Entities instead of typing them in manually
扫描二维码关注公众号,回复: 4579957 查看本文章
BUG 修复:
auth/azure: Cache azure authorizer [15]
auth/gcp: Remove explicit project for service account in GCE authorizer [58]
cli: Show correct stored keys/threshold for autoseals [GH-5910]
cli: Fix backwards compatibility fallback when listing plugins [GH-5913]
core: Fix upgrades when the seal config had been created on early versions of vault [GH-5956]
namespaces: Correctly reload the proper mount when tuning or reloading the mount [GH-5937]
secret/azure: Cache azure authorizer [19]
secret/database: Strip empty statements on user input [GH-5955]
secret/gcpkms: Add path for retrieving the public key [5]
secret/pki: Fix panic that could occur during tidy operation when malformed data was found [GH-5931]
secret/pki: Strip empty line in ca_chain output [GH-5779]