* go get github.com/hashicorp/cap/ldap@main && go mod tidy
* add 1.19 upgrade note
* changelog
* cd sdk && go get github.com/hashicorp/cap/ldap@main && go mod tidy
* add more detail in changelog
* update changelog
* go mod tidy after resolving merge conflicts
* docs: add Secrets Sync SSRF protection breaking change to 1.17 upgrade guide
The Secrets Sync feature in 1.17.3 introduced SSRF protection that blocks private IP ranges, affecting users accessing secret stores through private endpoints. This adds documentation about the change and available options.
* renamed issue
* referenced secret sync ssrf known issue
* re-ordered secret sync known issue in page
* Hide copy-to-clipboard button on the output example codeblock
---------
Co-authored-by: yhyakuna <yoko@hashicorp.com>
* init
* fix versions
* remove whitespace
* update version
* fix file name
* fix link
* fix links (included one from other known issue too
* Fix spacing
* properly cleanup aliases no longer in entity during invalidation
* test: verify proper alias removal from entity in invalidation
* add changelog entry
* document dangling entity-alias known issue
* improve entity-alias delete test
* fixup! document dangling entity-alias known issue
* use simpler approach to reconcile entity aliases in invalidation
* adjust comment to match previous code change
* add test covering local aliases
* pre-delete changed entity in invalidation
* docs: known issue for listener proxy protocol behavior
* relative links
* update text
* Update website/content/partials/known-issues/config_listener_proxy_protocol_behavior_issue.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* change one of the uses of 'this'
* Update website/content/partials/known-issues/config_listener_proxy_protocol_behavior_issue.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/partials/known-issues/config_listener_proxy_protocol_behavior_issue.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* docs: correct auth jwt role requirements
* remove upgrade guide to be added in separate PR
* Revert "remove upgrade guide to be added in separate PR"
This reverts commit 6554d3ff63623a329b0d93f7143d95cd3f19b3e6.
* update required details for bound audience
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* fix formatting to match the existing format of the file
* add 1.16 known issues
* add 1.17 upgrade guide note
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* docs: document known issue sending sighup to ent standby node
* be more specific with cause of panic
* add partial to upgrade guides for 1.14, 1.15, 1.16
* Document enabling config
* Fix nav data JSON after disabling over-zealous prettifier
* Address review feedback
* Add warning about reloading config during overload
* Bad metrics links
* Another bad link
* Add upgrade note about deprecation
---------
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
* PKI: Change sign-intermediate to truncate notAfter by default
- The PKI sign-intermediate API allowed an end-user to request a TTL
value that would extend beyond the signing issuer's notAfter. This would
generate an invalid CA chain when properly validated.
- We are now changing the default behavior to truncate the returned certificate
to the signing issuer's notAfter.
- End-users can get the old behavior by configuring the signing issuer's
leaf_not_after_behavior field to permit, and call sign-intermediary
with the new argument enforce_leaf_not_after_behavior to true. The
new argument could also be used to enforce an error instead of truncating
behavior if the signing issuer's leaf_not_after_behavior is set to err.
* Add cl
* Add cl and upgrade note
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* document known issue for azure secrets engine failing on role creation
* fix empty space
* remove new line
* add workaround
* remove space
---------
Co-authored-by: Tony Wittinger <anwittin@users.noreply.github.com>
Due to the reported issue under https://github.com/hashicorp/vault/pull/24441, we identified that there are users issuing step-down during the upgrade, which is unintended.
We modified the documentation to make it clear that step-down should not be attempted, in addition rephrased the sentence with "step-down" word and exclude that term to avoid confusion.
