v1.13.1
1.13.1
March 29, 2023
IMPROVEMENTS:
- auth/github: Allow for an optional Github auth token environment variable to make authenticated requests when fetching org id
website/docs: Add docs forVAULT_AUTH_CONFIG_GITHUB_TOKEN
environment variable when writing Github config [GH-19244] - core: Allow overriding gRPC connect timeout via VAULT_GRPC_MIN_CONNECT_TIMEOUT. This is an env var rather than a config setting because we don't expect this to ever be needed. It's being added as a last-ditch
option in case all else fails for some replication issues we may not have fully reproduced. [GH-19676] - core: validate name identifiers in mssql physical storage backend prior use [GH-19591]
- database/elasticsearch: Update error messages resulting from Elasticsearch API errors [GH-19545]
- events: Suppress log warnings triggered when events are sent but the events system is not enabled. [GH-19593]
BUG FIXES:
- agent: Fix panic when SIGHUP is issued to Agent while it has a non-TLS listener. [GH-19483]
- core (enterprise): Attempt to reconnect to a PKCS#11 HSM if we retrieve a CKR_FUNCTION_FAILED error.
- core: Fixed issue with remounting mounts that have a non-trailing space in the 'to' or 'from' paths. [GH-19585]
- kmip (enterprise): Do not require attribute Cryptographic Usage Mask when registering Secret Data managed objects.
- kmip (enterprise): Fix a problem forwarding some requests to the active node.
- openapi: Fix logic for labeling unauthenticated/sudo paths. [GH-19600]
- secrets/ldap: Invalidates WAL entry for static role if
password_policy
has changed. [GH-19640] - secrets/pki: Fix PKI revocation request forwarding from standby nodes due to an error wrapping bug [GH-19624]
- secrets/transform (enterprise): Fix persistence problem with rotated tokenization key versions
- ui: Fixes crypto.randomUUID error in unsecure contexts from third party ember-data library [GH-19428]
- ui: fixes SSH engine config deletion [GH-19448]
- ui: fixes issue navigating back a level using the breadcrumb from secret metadata view [GH-19703]
- ui: fixes oidc tabs in auth form submitting with the root's default_role value after a namespace has been inputted [GH-19541]
- ui: pass encodeBase64 param to HMAC transit-key-actions. [GH-19429]
- ui: use URLSearchParams interface to capture namespace param from SSOs (ex. ADFS) with decoded state param in callback url [GH-19460]