Skip to content

Commit abbb8dc

Browse files
schavisschavis
authored
[VAULT DOCS] Add missing entry to important changes (#775)
* update missing important changes info and associated summary tables * tweak headings * additional tweaks * Pull in some changes from #776 * forgot to save * address conflicts nad fold in changes from other PRs * fix defunct link
1 parent ff72016 commit abbb8dc

File tree

23 files changed

+421
-384
lines changed

23 files changed

+421
-384
lines changed

content/vault/global/partials/file-audit-devices.mdx renamed to content/vault/global/partials/important-changes/breaking-changes/cve-2025-6000.mdx

File renamed without changes.

content/vault/global/partials/important-changes/summary-tables/1_16.mdx

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
### Breaking changes
2+
3+
Introduced | Recommendations | Edition | Change
4+
---------- | --------------- | ---------- | ------
5+
1.16.0 | **Yes** | All | [Docker image no longer contains curl](/vault/docs/v1.16.x/updates/important-changes#docker-image-no-longer-contains-curl)
6+
1.16.21 | **Yes** | All | [Rekey cancellations use a nonce](/vault/docs/v1.20.x/updates/important-changes#rekey-cancel-nonce)
7+
1.16.23 | **Yes** | All | [CVE-2025-6000: File audit devices cannot use executable file permissions](/vault/docs/v1.16.x/updates/important-changes#cve-2025-6000)
8+
9+
### New behavior
10+
11+
Introduced | Recommendations | Edition | Change
12+
---------- | --------------- | ---------- | ------
13+
1.16.0 | No | Enterprise | [Activity log changes](/vault/docs/v1.16.x/updates/important-changes#activity-log-changes)
14+
1.16.0 | No | All | [Auto-rolled billing start date](/vault/docs/v1.16.x/updates/important-changes#auto-rolled-billing-start-date)
15+
1.16.0 | **Yes** | All | [Default lease count quota enabled when upgrading from Vault versions before 1.9](/vault/docs/v1.16.x/updates/important-changes#default-lease-count-quota-enabled-when-upgrading-from-vault-versions-before-1-9)
16+
1.16.0 | **Yes** | All | [External plugin variables take precedence over system variables](/vault/docs/v1.16.x/updates/important-changes#external-plugin-variables-take-precedence-over-system-variables)
17+
1.16.0 | **Yes** | All | [LDAP auth login changes](/vault/docs/v1.16.x/updates/important-changes#ldap-auth-entity-alias-names-no-longer-include-upndomain)
18+
1.16.0 | **Yes** | All | [Product usage reporting](/vault/docs/v1.16.x/updates/important-changes#product-usage-reporting)
19+
1.16.0 | **Yes** | All | [Secrets Sync cannot be activated from chroot namespace](/vault/docs/v1.16.x/updates/important-changes#secrets-sync-cannot-be-activated-from-chroot-namespace)
20+
1.16.0 | No | Enterprise | [Secrets Sync now requires setting a one-time flag before use](/vault/docs/v1.16.x/updates/important-changes#secrets-sync-now-requires-setting-a-one-time-flag-before-use)
21+
1.16.18 | No | All | [Strict validation for Azure auth login requests](/vault/docs/v1.16.x/updates/important-changes#strict-azure)
22+
23+
24+
### Known issues
25+
26+
Found | Fixed | Workaround | Edition | Issue
27+
------- |-------- | ---------- | ---------- | -----
28+
1.16.0 | 1.16.18 | Upgrade | All | [Vault log file missing subsystem logs](/vault/docs/v1.16.x/updates/important-changes#vault-log-file-missing-subsystem-logs)
29+
1.16.0 | 1.16.3 | **Yes** | All | [Azure secrets engine role creation failing](/vault/docs/v1.16.x/updates/important-changes#azure-secrets-engine-role-creation-failing)
30+
1.16.0 | 1.16.3 | **Yes** | All | [Cached activation flags for secrets sync on follower nodes are not updated](/vault/docs/v1.16.x/updates/important-changes#secret-sync-flag)
31+
1.16.0 | No | **Yes** | Enterprise | [Duplicate identity groups created when concurrent requests sent to the primary and PR secondary cluster](/vault/docs/v1.16.x/updates/important-changes#duplicate-identity-groups-created-when-concurrent-requests-sent-to-the-primary-and-pr-secondary-cluster)
32+
1.16.0 | No | **Yes** | Enterprise | [Duplicate unseal/seal wrap HSM keys](/vault/docs/v1.16.x/updates/important-changes#hsm-keys)
33+
1.16.0 | 1.16.1 | Upgrade | All | [Error logging in with LDAP auth method](/vault/docs/v1.16.x/updates/important-changes#error-logging-in-with-ldap-auth-method)
34+
1.16.0 | 1.16.1 | Upgrade | All | [Error logging in with LDAP auth method when anonymous group search is enabled](/vault/docs/v1.16.x/updates/important-changes#error-logging-in-with-ldap-auth-method-when-anonymous-group-search-is-enabled)
35+
1.16.0 | No | **Yes** | All | [Existing clusters do not show the current Vault version in UI by default](/vault/docs/v1.16.x/updates/important-changes#existing-clusters-do-not-show-the-current-vault-version-in-ui-by-default)
36+
1.16.0 | No | **Yes** | Enterprise | [Manual entity merges sent to a PR secondary cluster are not persisted to storage](/vault/docs/v1.16.x/updates/important-changes#manual-entity-merges-sent-to-a-pr-secondary-cluster-are-not-persisted-to-storage)
37+
1.16.0 | 1.16.4 | **Yes** | All | [New nodes added by autopilot upgrades provisioned with the wrong version](/vault/docs/v1.16.x/updates/important-changes#new-nodes-added-by-autopilot-upgrades-provisioned-with-the-wrong-version)
38+
1.16.0 | 1.16.3 | **Yes** | Enterprise | [Performance Standbys revert to Standby mode on unseal](/vault/docs/v1.16.x/updates/important-changes#performance-standbys-revert-to-standby-mode-on-unseal)
39+
1.16.0 | No | **Yes** | All | [PKI OCSP GET requests can return HTTP redirect responses](/vault/docs/v1.16.x/updates/important-changes#pki-ocsp-get-requests-can-return-http-redirect-responses)
40+
1.16.0 | 1.16.6 | **Yes** | Enterprise | [Potential DoS when using the deny_unauthorized proxy protocol behavior for a TCP listener](/vault/docs/v1.16.x/updates/important-changes#potential-dos-when-using-the-deny_unauthorized-proxy-protocol-behavior-for-a-tcp-listener)
41+
1.16.0 | No | **Yes** | All | [Sending SIGHUP to vault standby node causes panic](/vault/docs/v1.16.x/updates/important-changes#sending-sighup-to-vault-standby-node-causes-panic)
42+
1.16.0 | No | Upgrade | All | [Unwanted secret rotation for DB and LDAP roles on restart](/vault/docs/v1.16.x/updates/important-changes#database-and-ldap-secrets-engine-unwanted-secret-rotation-on-backend-restart)
43+
1.16.1 | 1.16.2 | **Yes** | All | [Error configuring the JWT auth method](/vault/docs/v1.16.x/updates/important-changes#error-configuring-the-jwt-auth-method)
44+
1.16.3 | 1.16.6 | **Yes** | All | [JWT auth login requires bound audiences on the role](/vault/docs/v1.16.x/updates/important-changes#jwt-auth-login-requires-bound-audiences-on-the-role)
45+
1.16.3 | 1.16.7 | Upgrade | Enterprise | [Vault standby nodes not deleting removed entity-aliases from in-memory database](/vault/docs/v1.16.x/updates/important-changes#deleting-an-entity-aliases-does-not-remove-it-from-the-in-memory-database-on-standby-nodes)
46+
1.16.7 | 1.16.9 | Upgrade | All | [Client tokens and token accessors audited in plaintext](/vault/docs/v1.16.x/updates/important-changes#client-tokens-and-token-accessors-audited-in-plaintext)
47+
1.16.16 | No | No | All | [Authorization failure with Azure federated identity credentials](/vault/docs/v1.16.x/updates/important-changes#authorization-failures-using-azure-federated-identity-credentials)
48+
1.16.16 | 1.16.20 | Upgrade | All | [Unexpected DB static role rotations on upgrade](/vault/docs/v1.16.x/updates/important-changes#database-static-role-rotations-on-upgrade)
49+
1.16.16 | 1.16.20 | Upgrade | All | [Unexpected LDAP static role rotations on upgrade](/vault/docs/v1.16.x/updates/important-changes#ldap-static-role-rotations-on-upgrade)
50+
1.16.17 | 1.16.21 | **Yes** | Enterprise | [External Enterprise plugins cannot run on a standby node when it becomes active](/vault/docs/v1.16.x/updates/important-changes#external-ent-plugins)
51+
1.16.18 | 1.16.21 | Upgrade | All | [Azure authN fails to authenticate Uniform VMSS instances](/vault/docs/v1.16.x/updates/important-changes#azure-auth-fails-to-authenticate-uniform-vmss-instances)

content/vault/global/partials/important-changes/summary-tables/1_17.mdx

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
### General updates
2+
3+
Update | Introduced | Recommendations | Edition | Change
4+
--------------- | ---------- |---------------- | ------- | ------
5+
Beta deprecated | 1.17.0 | No | All | [Request limiter deprecated](/vault/docs/v1.17.x/updates/important-changes#request-limiter)
6+
Opt out feature | 1.17.0 | **Yes** | All | [PKI sign-intermediate now truncates `notAfter` field to signing issuer](/vault/docs/v1.17.x/updates/important-changes#pki-truncate)
7+
8+
9+
### Breaking changes
10+
11+
Introduced | Recommendations | Edition | Change
12+
---------- | --------------- | ---------- | ------
13+
1.17.18 | **Yes** | All | [Rekey cancellations use a nonce](/vault/docs/v1.20.x/updates/important-changes#rekey-cancel-nonce)
14+
15+
16+
### New behavior
17+
18+
Introduced | Recommendations | Edition | Change
19+
---------- | --------------- | ---------- | ------
20+
1.17.0 | No | All | [Allowed audit headers now have unremovable defaults](/vault/docs/v1.17.x/updates/important-changes#audit-headers)
21+
1.17.0 | **Yes** | All | [JWT auth login requires `bound_audiences` parameter on role](/vault/docs/v1.17.x/updates/important-changes#jwt-auth-login-requires-bound-audiences-on-the-role)
22+
1.17.14 | No | All | [Strict validation for Azure auth login requests](/vault/docs/v1.17.x/updates/important-changes#strict-azure)
23+
1.17.3 | **Yes** | All | [Secrets Sync SSRF Protection May Block Private Endpoints](/vault/docs/v1.17.x/updates/important-changes#secrets-sync-ssrf-protection-may-block-private-endpoints)
24+
1.17.9 | No | All | [Default report months deprecated for `sys/internal/counters`](/vault/docs/v1.17.x/updates/important-changes#activity-log-changes)
25+
1.17.9 | **Yes** | All | [Vault product usage metrics reporting](/vault/docs/v1.17.x/updates/important-changes#product-usage-reporting)
26+
27+
28+
### Known issues
29+
30+
Found | Fixed | Workaround | Edition | Issue
31+
------- |-------- | ---------- | ---------- | -----
32+
1.17.0 | 1.17.4 | **Yes** | All | [AWS Auth Role configuration requires an external_id](/vault/docs/v1.17.x/updates/important-changes#aws-auth-role-configuration-requires-an-external_id)
33+
1.17.0 | 1.17.6 | **Yes** | All | [Cached activation flags for secrets sync on follower nodes are not updated](/vault/docs/v1.17.x/updates/important-changes#cached-activation-flags-for-secrets-sync-on-follower-nodes-are-not-updated)
34+
1.17.0 | 1.17.5 | Upgrade | All | [Client tokens and token accessors audited in plaintext](/vault/docs/v1.17.x/updates/important-changes#client-tokens-and-token-accessors-audited-in-plaintext)
35+
1.17.0 | 1.17.3 | Upgrade | All | [Deleting an entity-aliases does not remove it from the in-memory database on standby nodes](/vault/docs/v1.17.x/updates/important-changes#deleting-an-entity-aliases-does-not-remove-it-from-the-in-memory-database-on-standby-nodes)
36+
1.17.0 | No | **Yes** | Enterprise | [Duplicate identity groups created when concurrent requests sent to the primary and PR secondary cluster](/vault/docs/v1.17.x/updates/important-changes#duplicate-identity-groups-created-when-concurrent-requests-sent-to-the-primary-and-pr-secondary-cluster)
37+
1.17.0 | No | **Yes** | Enterprise | [Duplicate unseal/seal wrap HSM keys](/vault/docs/v1.17.x/updates/important-changes#seal-seal-wrapped-duplicate-hsm-keys)
38+
1.17.0 | 1.17.2 | Upgrade | Enterprise | [Input data on Transit Generate CMAC Response](/vault/docs/v1.17.x/updates/important-changes#input-data-on-transit-generate-cmac-response)
39+
1.17.0 | No | **Yes** | Enterprise | [Manual entity merges sent to a PR secondary cluster are not persisted to storage](/vault/docs/v1.17.x/updates/important-changes#manual-entity-merges-sent-to-a-pr-secondary-cluster-are-not-persisted-to-storage)
40+
1.17.0 | No | **Yes** | All | [PKI OCSP GET requests can return HTTP redirect responses](/vault/docs/v1.17.x/updates/important-changes#pki-ocsp)
41+
1.17.0 | No | Upgrade | All | [Unwanted secret rotation for DB and LDAP roles on restart](/vault/docs/v1.17.x/updates/important-changes#database-and-ldap-secrets-engine-unwanted-secret-rotation-on-backend-restart)
42+
1.17.0 | 1.17.1 | Upgrade | All | [Vault Agent and Vault Proxy consume an excessive amount of CPU](/vault/docs/v1.17.x/updates/important-changes#vault-agent-and-vault-proxy-consume-an-excessive-amount-of-cpu)
43+
1.17.0 | 1.17.3 | Upgrade | Enterprise | [Vault standby nodes not deleting removed entity-aliases from in-memory database](/vault/docs/v1.17.x/updates/important-changes#deleting-an-entity-aliases-does-not-remove-it-from-the-in-memory-database-on-standby-nodes)
44+
1.17.0 | 1.17.17 | **Yes** | Enterprise | [External Enterprise plugins cannot run on a standby node when it becomes active](/vault/docs/v1.17.x/updates/important-changes#external-ent-plugins)
45+
1.17.0 | 1.17.14 | Upgrade | All | [Vault log file missing subsystem logs](/vault/docs/v1.17.x/updates/important-changes#vault-log-file-missing-subsystem-logs)
46+
1.17.1 | 1.17.2 | **Yes** | All | [Potential DoS when using the deny_unauthorized proxy protocol behavior for a TCP listener](/vault/docs/v1.17.x/updates/important-changes#potential-dos-when-using-the-deny_unauthorized-proxy-protocol-behavior-for-a-tcp-listener)
47+
1.17.12 | No | No | All | [Authorization failure with Azure federated identity credentials](/vault/docs/v1.17.x/updates/important-changes#authorization-failures-using-azure-federated-identity-credentials)
48+
1.17.12 | 1.17.16 | Upgrade | All | [Unexpected DB static role rotations on upgrade](/vault/docs/v1.17.x/updates/important-changes#database-static-role-rotations-on-upgrade)
49+
1.17.12 | 1.17.16 | Upgrade | All | [Unexpected LDAP static role rotations on upgrade](/vault/docs/v1.17.x/updates/important-changes#ldap-static-role-rotations-on-upgrade)
50+
1.17.14 | 1.17.17 | **Yes** | All | [Azure authN fails to authenticate Uniform VMSS instances](/vault/docs/v1.17.x/updates/important-changes#azure-auth-fails-to-authenticate-uniform-vmss-instances)

content/vault/global/partials/important-changes/summary-tables/1_18.mdx

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
### General updates
2+
3+
Update | Introduced | Recommendations | Edition | Change
4+
--------------- | ---------- |---------------- | ------- | ------
5+
Beta removed | 1.18.0 | No | All | [Request limiter removed](/vault/docs/v1.18.x/updates/important-changes#request-limiter-configuration-removal)
6+
7+
### Breaking changes
8+
9+
Introduced | Recommendations | Edition | Change
10+
---------- | --------------- | ---------- | ------
11+
1.18.11 | **Yes** | All | [Rekey cancellations use a nonce](/vault/docs/v1.18.x/updates/important-changes#rekey-cancel-nonce)
12+
1.18.12 | **Yes** | All | [CVE-2025-6000: File audit devices cannot use executable file permissions](/vault/docs/v1.18.x/updates/important-changes#cve-2025-6000)
13+
14+
### New behavior
15+
16+
Introduced | Recommendations | Edition | Change
17+
---------- | --------------- | ---------- | ------
18+
1.18.0 | No | All | [Activity log changes](/vault/docs/v1.18.x/updates/important-changes#default-activity-log-querying-period)
19+
1.18.0 | **Yes** | All | [Docker image no longer contains curl](/vault/docs/v1.18.x/updates/important-changes#docker-image-no-longer-contains-curl)
20+
1.18.2 | **Yes** | All | [Anonymous product usage metrics collection](/vault/docs/v1.18.x/updates/important-changes#product-usage-reporting)
21+
1.18.7 | No | All | [Strict validation for Azure auth login requests](/vault/docs/v1.18.x/updates/important-changes#azure-auth-plugin-requires-resource_group_name-vm_name-and-vmss_name-to-match-the-jwt-claims-on-login)
22+
23+
24+
### Known issues
25+
26+
Found | Fixed | Workaround | Edition | Issue
27+
------ |-------- | ---------- | ---------- | -----
28+
1.18.0 | No | **Yes** | Enterprise | [Duplicate unseal/seal wrap HSM keys](/vault/docs/v1.18.x/updates/important-changes#seal-seal-wrapped-duplicate-hsm-keys)
29+
1.18.0 | 1.18.9 | **Yes** | All | [Unwanted secret rotation for DB and LDAP roles on restart](/vault/docs/v1.18.x/updates/important-changes#database-and-ldap-secrets-engine-unwanted-secret-rotation-on-backend-restart)
30+
1.18.0 | 1.18.7 | Upgrade | All | [Vault log file missing subsystem logs](/vault/docs/v1.18.x/updates/important-changes#vault-log-file-missing-subsystem-logs)
31+
1.18.5 | No | No | All | [Authorization failure with Azure federated identity credentials](/vault/docs/v1.18.x/updates/important-changes#authorization-failures-using-azure-federated-identity-credentials)
32+
1.18.5 | 1.18.9 | Upgrade | All | [Unexpected DB static role rotations on upgrade](/vault/docs/v1.18.x/updates/important-changes#database-static-role-rotations-on-upgrade)
33+
1.18.5 | 1.18.9 | Upgrade | All | [Unexpected LDAP static role rotations on upgrade](/vault/docs/v1.18.x/updates/important-changes#ldap-static-role-rotations-on-upgrade)
34+
1.18.6 | 1.18.10 | **Yes** | Enterprise | [External Enterprise plugins cannot run on a standby node when it becomes active](/vault/docs/v1.18.x/updates/important-changes#external-ent-plugins)
35+
1.18.7 | 1.18.10 | **Yes** | All | [Azure authN fails to authenticate Uniform VMSS instances](/vault/docs/v1.18.x/updates/important-changes#azure-auth-fails-to-authenticate-uniform-vmss-instances)

0 commit comments

Comments
 (0)