v1.18.4
📦 vaultView on GitHub →
✨ 3 features🐛 10 fixes🔧 13 symbols
Summary
This patch updates internal dependencies for consistency and addresses several bugs across activity export, core key rotation, database plugins, and UI login flows, particularly concerning MFA and LDAP navigation.
✨ New Features
- Database secrets engine now allows skipping the automatic rotation of static roles during import (Enterprise).
- Event authorization now uses the \`path\` event metadata field for client \`subscribe\` capability instead of requiring \`data_path\` (Enterprise).
- UI adds navigation for LDAP hierarchical libraries.
🐛 Bug Fixes
- Activity Export API response now includes activity records from clients created by deleted or disabled auth mounts.
- Prevented integer overflows of the barrier key counter on key rotation requests.
- Fixed silent failure of root rotation for MSSQL contained databases when a custom root rotation statement was missing.
- Fixed a bug causing zombie dbus-daemon processes on certain systems.
- Fixed a bug where slow database connections could block goroutines.
- Fixed a bug preventing the full CA chain from being used when enforcing PKI name constraints.
- Sentinel (Enterprise) no longer reports inaccurate log messages for failing an advisory policy.
- Fixed UI login issues when MFA is enabled for SAML auth methods (Enterprise).
- Fixed UI login issues when MFA is enabled for OIDC (Azure, Auth0) and Okta auth methods.
- Fixed navigation for quick actions in LDAP roles' popup menu.
🔧 Affected Symbols
Database secrets engineEvent authorizationactivity.Export APIbarrier key counterdatabase/mssqldbus-daemonsdk/databasesecrets/pkisentinelui/SAMLui/OIDCui/Oktaui/LDAP