v1.17.1

1.17.1

June 26, 2024

CHANGES:

• auth/jwt: Update plugin to v0.21.0 [GH-27498]

IMPROVEMENTS:

• storage/raft: Improve autopilot logging on startup to show config values clearly and avoid spurious logs [GH-27464]
• ui/secrets-sync: Hide Secrets Sync from the sidebar nav if user does not have access to the feature. [GH-27262]

BUG FIXES:

• agent: Fixed an issue causing excessive CPU usage during normal operation [GH-27518]
• config: Vault TCP listener config now correctly supports the documented proxy_protocol_behavior
  setting of 'deny_unauthorized' [GH-27459]
• core/audit: Audit logging a Vault request/response checks if the existing context
  is cancelled and will now use a new context with a 5 second timeout.
  If the existing context is cancelled a new context, will be used. [GH-27531]
• helper/pkcs7: Fix parsing certain messages containing only certificates [GH-27435]
• proxy: Fixed an issue causing excessive CPU usage during normal operation [GH-27518]
• replication (enterprise): fix cache invalidation issue leading to namespace custom metadata not being shown correctly on performance secondaries
• secrets-sync (enterprise): Properly remove tags from secrets in AWS when they are removed from the source association
• secrets-sync (enterprise): Return more accurate error code for invalid connection details
• secrets-sync (enterprise): Skip invalid GitHub repository names when creating destinations
• storage/azure: Fix invalid account name initialization bug [GH-27563]
• storage/raft (enterprise): Fix issue with namespace cache not getting cleared on snapshot restore, resulting in namespaces not found in the snapshot being inaccurately represented by API responses. [GH-27474]
• ui: Allow creation of session_token type roles for AWS secret backend [GH-27424]