v1.9.9

Backport of UI/OIDC auth bug for hcp namespace flag into release/1.9.…

v1.11.2

backport of commit ab1c8339274bd23ceadebb1b0513694693c20add (#16277)

Co-authored-by: Lucy Davinhart || Strawb System <lucy.davinhart@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

v1.11.1

Revert "Backport of AutoMTLS for secrets/auth plugins into release/1.…

v1.10.5

backport of commit 3ca6036a4aa590f68c677790c5d5afe1d24f52e6 (#16373)

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

v1.9.8

backport of commit 10620260b14da90072077cda2ebb9e14b6cab5ce (#16361)

Co-authored-by: Loïc Saint-Roch <loicsaintroch@users.noreply.github.com>

v1.11.0

1.11.0

Unreleased

CHANGES:

• auth/aws: Add RoleSession to DisplayName when using assumeRole for authentication [GH-14954]
• auth: Remove support for legacy MFA
  (https://www.vaultproject.io/docs/v1.10.x/auth/mfa) [GH-14869]
• core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
• core: Bump Go version to 1.17.9. [GH-go-ver-1110]
• licensing (enterprise): Remove support for stored licenses and associated sys/license and sys/license/signed
  endpoints in favor of autoloaded licenses.
• replication (enterprise): The /sys/replication/performance/primary/mount-filter endpoint has been removed. Please use Paths Filter instead.
• ui: Upgrade Ember to version 3.28 [GH-14763]

FEATURES:

• Non-Disruptive Intermediate/Root Certificate Rotation: This allows
  import, generation and configuration of any number of keys and/or issuers
  within a PKI mount, providing operators the ability to rotate certificates
  in place without affecting existing client configurations. [GH-15277]
• api/command: Global -output-policy flag to determine minimum required policy HCL for a given operation [GH-14899]
• nomad: Bootstrap Nomad ACL system if no token is provided [GH-12451]
• storage/dynamodb: Added AWS_DYNAMODB_REGION environment variable. [GH-15054]

IMPROVEMENTS:

• agent/auto-auth: Add min_backoff to the method stanza for configuring initial backoff duration. [GH-15204]
• agent: Update consult-template to v0.29.0 [GH-15293]
• agent: Upgrade hashicorp/consul-template version for sprig template functions and improved writeTo function [GH-15092]
• api: Add ability to pass certificate as PEM bytes to api.Client. [GH-14753]
• api: Add context-aware functions to vault/api for each API wrapper function. [GH-14388]
• api: Added MFALogin() for handling MFA flow when using login helpers. [GH-14900]
• api: If the parameters supplied over the API payload are ignored due to not
  being what the endpoints were expecting, or if the parameters supplied get
  replaced by the values in the endpoint's path itself, warnings will be added to
  the non-empty responses listing all the ignored and replaced parameters. [GH-14962]
• api: Provide a helper method WithNamespace to create a cloned client with a new NS [GH-14963]
• api: Use the context passed to the api/auth Login helpers. [GH-14775]
• auth/okta: Add support for Google provider TOTP type in the Okta auth method [GH-14985]
• auth: enforce a rate limit for TOTP passcode validation attempts [GH-14864]
• cli/debug: added support for retrieving metrics from DR clusters if unauthenticated_metrics_access is enabled [GH-15316]
• cli/vault: warn when policy name contains upper-case letter [GH-14670]
• cli: Alternative flag-based syntax for KV to mitigate confusion from automatically appended /data [GH-14807]
• cockroachdb: add high-availability support [GH-12965]
• core (enterprise): Include termination_time in sys/license/status response
• core (enterprise): Include termination time in license inspect command output
• core : check uid and permissions of config dir, config file, plugin dir and plugin binaries [GH-14817]
• core,transit: Allow callers to choose random byte source including entropy augmentation sources for the sys/tools/random and transit/random endpoints. [GH-15213]
• core/activity: Order month data in ascending order of timestamps [GH-15259]
• core: Add new DB methods that do not prepare statements. [GH-15166]
• core: Fix some identity data races found by Go race detector (no known impact yet). [GH-15123]
• core: Include build date in sys/seal-status and sys/version-history endpoints. [GH-14957]
• core: Upgrade github.org/x/crypto/ssh [GH-15125]
• sdk: Change OpenAPI code generator to extract request objects into /components/schemas and reference them by name. [GH-14217]
• secrets/consul: Add support for Consul node-identities and service-identities [GH-15295]
• secrets/consul: Vault is now able to automatically bootstrap the Consul ACL system. [GH-10751]
• secrets/pki: Warn when generate_lease and no_store are both set to true on requests. [GH-14292]
• sentinel (enterprise): Upgrade sentinel to v0.18.5 to avoid potential naming collisions in the remote installer
• storage/raft: Use larger timeouts at startup to reduce likelihood of inducing elections. [GH-15042]
• ui: Parse schema refs from OpenAPI [GH-14508]
• ui: Remove storybook. [GH-15074]
• ui: Replaces the IvyCodemirror wrapper with a custom ember modifier. [GH-14659]
• website/docs: added a link to an Enigma secret plugin. [GH-14389]

BUG FIXES:

• Fixed panic when adding or modifying a Duo MFA Method in Enterprise
• agent: Fix log level mismatch between ERR and ERROR [GH-14424]
• api/sys/raft: Update RaftSnapshotRestore to use net/http client allowing bodies larger than allocated memory to be streamed [GH-14269]
• api: Fixes bug where OutputCurlString field was unintentionally being copied over during client cloning [GH-14968]
• api: Respect increment value in grace period calculations in LifetimeWatcher [GH-14836]
• auth/approle: Add maximum length for input values that result in SHA56 HMAC calculation [GH-14746]
• auth: forward requests subject to login MFA from perfStandby to Active node [GH-15009]
• auth: load login MFA configuration upon restart [GH-15261]
• cassandra: Update gocql Cassandra client to fix "no hosts available in the pool" error [GH-14973]
• cli: Fix panic caused by parsing key=value fields whose value is a single backslash [GH-14523]
• cli: kv get command now honors trailing spaces to retrieve secrets [GH-15188]
• core (enterprise): Allow local alias create RPCs to persist alias metadata
• core (enterprise): Fix some races in merkle index flushing code found in testing
• core/config: Only ask the system about network interfaces when address configs contain a template having the format: {{ ... }} [GH-15224]
• core/managed-keys (enterprise): Allow PKCS#11 managed keys to use 0 as a slot number
• core/metrics: Fix incorrect table size metric for local mounts [GH-14755]
• core: Fix double counting for "route" metrics [GH-12763]
• core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited integers [GH-15072]
• core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited strings [GH-14522]
• core: Fix panic caused by parsing policies with empty slice values. [GH-14501]
• core: Fix panic for help request URL paths without /v1/ prefix [GH-14704]
• core: fixed systemd reloading notification [GH-15041]
• core: fixing excessive unix file permissions [GH-14791]
• core: fixing excessive unix file permissions on dir, files and archive created by vault debug command [GH-14846]
• core: pre-calculate namespace specific paths when tainting...

v1.11.0-rc1

Backport: docs: Update CSI Provider command line arguments (#15810) (…

v1.10.4

api/monitor: Adding log format to monitor command and debug (#15536) …

v1.9.7

Update go bump changelog filename to new standard (#15827)

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

v1.8.12

backport of commit 0e8bcc15cc0201fd8416b36501af60f8b73de480 (#15783)

Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>