A tool for secrets management, encryption as a service, and privileged access management
Please note that Vault 1.16.1 is the first Enterprise release of the Vault Enterprise 1.16 series.
BUG FIXES:
SECURITY:
IMPROVEMENTS:
BUG FIXES:
/sys/config/auditing
)
will now force invalidation and be reloaded from storage when data is replicated
to other nodes.SECURITY:
CHANGES:
IMPROVEMENTS:
BUG FIXES:
SECURITY:
CHANGES:
enterprise
parameter to the /sys/health
endpoint [GH-24270]vault plugin reload
with -plugin
in the root namespace will now reload the plugin across all namespaces instead of just the root namespace. [GH-24878]vault plugin info
and vault plugin deregister
now require 2 positional arguments instead of accepting either 1 or 2. [GH-24250]enable_multiseal
in configuration.vault://{vault node}
[GH-24201]/identity/entity/merge
endpoint
are now always forwarded from standbys to the active node. [GH-24325]database/config/:name
will now return a computed running_plugin_version
field if a non-builtin version is running. [GH-25105]VAULT_PLUGIN_USE_LEGACY_ENV_LAYERING=true
to opt out and keep higher preference for system environment
variables. When this flag is set, Vault will check during unseal for conflicts and print warnings for any plugins with environment
variables that conflict with system environment variables. [GH-25128]/sys/plugins/runtimes/catalog
response will always include a list of "runtimes" in the response, even if empty. [GH-24864]FEATURES:
pki/issue
requests to prevent
overloading the Vault server. [GH-25093]IMPROVEMENTS:
tls-server-name
arg for plugin registration [GH-23549]mount_type
, returning mount information (e.g. kv
for KVV1/KVV2) for mount when appropriate. [GH-23047]connection_timeout
in favor of request_timeout
for timeouts
sdk/ldaputil: deprecates Client in favor of cap/ldap.Client [GH-22185]authenticate_from_environment
variable to "true" and "false" string literals, too. [GH-22996]vault plugin
sub-commands. [GH-24250]vault operator usage
command output [GH-25751]plugin_tmpdir
config option for containerized plugins, in addition to the existing VAULT_PLUGIN_TMPDIR
environment variable. [GH-24978]disable_request_limiter
to allow
disabling the request limiter per-listener. [GH-25098]code_challenge_methods_supported
to OpenID Connect Metadata [GH-24979]sys/plugins/reload/:type/:name
available in the root namespace for reloading a specific plugin across all namespaces. [GH-24878]deletion_allowed
param to transformations and include tokenization
as a type option [GH-25436]BUG FIXES:
/sys/config/auditing
)
will now force invalidation and be reloaded from storage when data is replicated
to other nodes.log_requests_level
. [GH-24056]detect_deadlocks
. [GH-23902]{
[GH-24513]SECURITY:
CHANGES:
enterprise
parameter to the /sys/health
endpoint [GH-24270]vault plugin reload
with -plugin
in the root namespace will now reload the plugin across all namespaces instead of just the root namespace. [GH-24878]vault plugin info
and vault plugin deregister
now require 2 positional arguments instead of accepting either 1 or 2. [GH-24250]vault://{vault node}
[GH-24201]/identity/entity/merge
endpoint
are now always forwarded from standbys to the active node. [GH-24325]database/config/:name
will now return a computed running_plugin_version
field if a non-builtin version is running. [GH-25105]VAULT_PLUGIN_USE_LEGACY_ENV_LAYERING=true
to opt out and keep higher preference for system environment
variables. When this flag is set, Vault will check during unseal for conflicts and print warnings for any plugins with environment
variables that conflict with system environment variables. [GH-25128]/sys/plugins/runtimes/catalog
response will always include a list of "runtimes" in the response, even if empty. [GH-24864]FEATURES:
pki/issue
requests to prevent
overloading the Vault server. [GH-25093]IMPROVEMENTS:
tls-server-name
arg for plugin registration [GH-23549]mount_type
, returning mount information (e.g. kv
for KVV1/KVV2) for mount when appropriate. [GH-23047]connection_timeout
in favor of request_timeout
for timeouts
sdk/ldaputil: deprecates Client in favor of cap/ldap.Client [GH-22185]authenticate_from_environment
variable to "true" and "false" string literals, too. [GH-22996]vault plugin
sub-commands. [GH-24250]vault operator usage
command output [GH-25751]plugin_tmpdir
config option for containerized plugins, in addition to the existing VAULT_PLUGIN_TMPDIR
environment variable. [GH-24978]disable_request_limiter
to allow
disabling the request limiter per-listener. [GH-25098]code_challenge_methods_supported
to OpenID Connect Metadata [GH-24979]sys/plugins/reload/:type/:name
available in the root namespace for reloading a specific plugin across all namespaces. [GH-24878]deletion_allowed
param to transformations and include tokenization
as a type option [GH-25436]BUG FIXES:
log_requests_level
. [GH-24056]detect_deadlocks
. [GH-23902]{
[GH-24513]SECURITY:
CHANGES:
FEATURES:
IMPROVEMENTS:
deletion_allowed
param to transformations and include tokenization
as a type option [GH-25436]BUG FIXES:
SECURITY:
CHANGES:
FEATURES:
IMPROVEMENTS:
BUG FIXES:
SECURITY:
CHANGES:
enterprise
parameter to the /sys/health
endpoint [GH-24270]vault plugin reload
with -plugin
in the root namespace will now reload the plugin across all namespaces instead of just the root namespace. [GH-24878]vault plugin info
and vault plugin deregister
now require 2 positional arguments instead of accepting either 1 or 2. [GH-24250]vault://{vault node}
[GH-24201]/identity/entity/merge
endpoint
are now always forwarded from standbys to the active node. [GH-24325]database/config/:name
will now return a computed running_plugin_version
field if a non-builtin version is running. [GH-25105]VAULT_PLUGIN_USE_LEGACY_ENV_LAYERING=true
to opt out and keep higher preference for system environment variables. When this flag is set, Vault will check during unseal for conflicts and print warnings for any plugins with environment variables that conflict with system environment variables. [GH-25128]/sys/plugins/runtimes/catalog
response will always include a list of "runtimes" in the response, even if empty. [GH-24864]FEATURES:
pki/issue
requests to prevent overloading the Vault
server. [GH-25093]IMPROVEMENTS:
tls-server-name
arg for plugin registration [GH-23549]mount_type
, returning mount information (e.g. kv
for KVV1/KVV2) for mount when appropriate. [GH-23047]connection_timeout
in favor of request_timeout
for timeouts
sdk/ldaputil: deprecates Client in favor of cap/ldap.Client [GH-22185]authenticate_from_environment
variable to "true" and "false" string literals, too. [GH-22996]vault plugin
sub-commands. [GH-24250]plugin_tmpdir
config option for containerized plugins, in addition to the existing VAULT_PLUGIN_TMPDIR
environment variable. [GH-24978]disable_request_limiter
to allow
disabling the request limiter per-listener. [GH-25098]code_challenge_methods_supported
to OpenID Connect Metadata [GH-24979]sys/plugins/reload/:type/:name
available in the root namespace for reloading a specific plugin across all namespaces. [GH-24878]deletion_allowed
param to transformations and include tokenization
as a type option [GH-25436]BUG FIXES:
log_requests_level
. [GH-24056]detect_deadlocks
. [GH-23902]{
[GH-24513]SECURITY:
CHANGES:
enterprise
parameter to the /sys/health
endpoint [GH-24270]vault plugin reload
with -plugin
in the root namespace will now reload the plugin across all namespaces instead of just the root namespace. [GH-24878]vault plugin info
and vault plugin deregister
now require 2 positional arguments instead of accepting either 1 or 2. [GH-24250]vault://{vault node}
[GH-24201]/identity/entity/merge
endpoint
are now always forwarded from standbys to the active node. [GH-24325]database/config/:name
will now return a computed running_plugin_version
field if a non-builtin version is running. [GH-25105]VAULT_PLUGIN_USE_LEGACY_ENV_LAYERING=true
to opt out and keep higher preference for system environment
variables. When this flag is set, Vault will check during unseal for conflicts and print warnings for any plugins with environment
variables that conflict with system environment variables. [GH-25128]/sys/plugins/runtimes/catalog
response will always include a list of "runtimes" in the response, even if empty. [GH-24864]FEATURES:
pki/issue
requests to prevent overloading the Vault
server. [GH-25093]IMPROVEMENTS:
tls-server-name
arg for plugin registration [GH-23549]mount_type
, returning mount information (e.g. kv
for KVV1/KVV2) for mount when appropriate. [GH-23047]connection_timeout
in favor of request_timeout
for timeouts
sdk/ldaputil: deprecates Client in favor of cap/ldap.Client [GH-22185]authenticate_from_environment
variable to "true" and "false" string literals, too. [GH-22996]vault plugin
sub-commands. [GH-24250]plugin_tmpdir
config option for containerized plugins, in addition to the existing VAULT_PLUGIN_TMPDIR
environment variable. [GH-24978]disable_request_limiter
to allow
disabling the request limiter per-listener. [GH-25098]code_challenge_methods_supported
to OpenID Connect Metadata [GH-24979]sys/plugins/reload/:type/:name
available in the root namespace for reloading a specific plugin across all namespaces. [GH-24878]BUG FIXES:
log_requests_level
. [GH-24056]detect_deadlocks
. [GH-23902]{
[GH-24513]