mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-22 11:11:26 +01:00
Code Issues Projects Releases Wiki Activity

docs: add 1.2.4 upgrade guide (#7839)

Browse Source
This commit is contained in:
Calvin Leung Huang 2019-11-07 15:28:58 -08:00 committed by GitHub
parent 269f9da771
commit d3a7e6e205
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
website/source/docs/upgrading/upgrade-to-1.2.4.html.md Normal file
View File

@ -0,0 +1,44 @@
---
layout: "docs"
page_title: "Upgrading to Vault 1.2.4 - Guides"
sidebar_title: "Upgrade to 1.2.4"
sidebar_current: "docs-upgrading-to-1.2.4"
description: |-
This page contains the list of deprecations and important or breaking changes
for Vault 1.2.4. Please read it carefully.
---
# Overview
This page contains the list of deprecations and important or breaking changes
for Vault 1.2.4 compared to 1.2.3. Please read it carefully.
## Detached Leases From Tokens in non-root Namespaces
In a non-root namespace, revocation of a token scoped to a non-root namespace
did not trigger the expected revocation of dynamic secret leases associated with
that token. As a result, dynamic secret leases in non-root namespaces may
outlive the token that created them. This vulnerability, CVE-2019-18616, affects
Vault Enterprise 0.11.0 and newer.
## Mount Filtering in Disaster Recovery Secondary Clusters
Disaster Recovery secondary clusters did not delete already-replicated data
after a mount filter has been created on an upstream Performance secondary
cluster. As a result, encrypted secrets may remain replicated on a Disaster
Recovery secondary cluster after application of a mount filter excluding those
secrets from replication. This vulnerability, CVE-2019-18617, affects Vault
Enterprise 0.8 and newer.
## Golang crypto/dsa CVE
Update version of Go to 1.12.12 to fix Go bug golang.org/issue/34960 which
corresponds to CVE-2019-17596.
## AWS Region Detection in Agent and CLI
If a custom sts_endpoint is configured, Vault Agent and the CLI should provide
the corresponding region via the region parameter (which already existed as a
CLI parameter, and has now been added to Agent). The automatic region detection
added to the CLI and Agent in 1.2 has been removed.

3
website/source/layouts/docs.erb
View File

@ -374,7 +374,8 @@
'upgrade-to-1.1.1', 'upgrade-to-1.1.1',
'upgrade-to-1.1.2', 'upgrade-to-1.1.2',
'upgrade-to-1.2.0', 'upgrade-to-1.2.0',
'upgrade-to-1.2.1' 'upgrade-to-1.2.1',
'upgrade-to-1.2.4'
] ]
}, },
'----------------', '----------------',