Skip to content

Commit

Permalink
Release notes backport for 1.18 (#28915)
Browse files Browse the repository at this point in the history
* VAULT-32201 release notes for product usage reporting (#28904)

* VAULT-32201 release notes for product usage reporting

* Add note about default report months

* Better release notes

* Update website/content/docs/upgrading/upgrade-to-1.18.x.mdx

Co-authored-by: divyaac <[email protected]>

---------

Co-authored-by: divyaac <[email protected]>
  • Loading branch information
VioletHynes and divyaac authored Nov 15, 2024
1 parent bda6150 commit 8af62ad
Show file tree
Hide file tree
Showing 6 changed files with 159 additions and 37 deletions.
33 changes: 18 additions & 15 deletions website/content/docs/release-notes/1.16.1.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -13,21 +13,24 @@ description: |-

## Important changes

| Version | Change |
|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1.16.0+ | [Existing clusters do not show the current Vault version in UI by default](/vault/docs/upgrading/upgrade-to-1.16.x#default-policy-changes) |
| 1.16.0+ | [Default LCQ enabled when upgrading pre-1.9](/vault/docs/upgrading/upgrade-to-1.16.x#default-lcq-pre-1.9-upgrade) |
| 1.16.0+ | [External plugin environment variables take precedence over server variables](/vault/docs/upgrading/upgrade-to-1.16.x#external-plugin-variables) |
| 1.16.0+ | [LDAP auth entity alias names no longer include upndomain](/vault/docs/upgrading/upgrade-to-1.16.x#ldap-auth-entity-alias-names-no-longer-include-upndomain) |
| 1.16.0+ | [Secrets Sync now requires a one-time flag to operate](/vault/docs/upgrading/upgrade-to-1.16.x#secrets-sync-now-requires-setting-a-one-time-flag-before-use) |
| 1.16.0+ | [Azure secrets engine role creation failing](/vault/docs/upgrading/upgrade-to-1.16.x#azure-secrets-engine-role-creation-failing) |
| 1.16.1 - 1.16.3 | [New nodes added by autopilot upgrades provisioned with the wrong version](/vault/docs/upgrading/upgrade-to-1.15.x#new-nodes-added-by-autopilot-upgrades-provisioned-with-the-wrong-version) |
| 1.15.8+ | [Autopilot upgrade for Vault Enterprise fails](/vault/docs/upgrading/upgrade-to-1.15.x#autopilot) |
| 1.16.5 | [Listener stops listening on untrusted upstream connection with particular config settings](/vault/docs/upgrading/upgrade-to-1.16.x#listener-proxy-protocol-config) |
| 1.16.3 - 1.16.6 | [Vault standby nodes not deleting removed entity-aliases from in-memory database](/vault/docs/upgrading/upgrade-to-1.16.x#dangling-entity-alias-in-memory) |
| 0.7.0+ | [Duplicate identity groups created](/vault/docs/upgrading/upgrade-to-1.16.x#duplicate-identity-groups-created-when-concurrent-requests-sent-to-the-primary-and-pr-secondary-cluster) | |
| Known Issue (0.7.0+) | [Manual entity merges fail](/vault/docs/upgrading/upgrade-to-1.16.x#manual-entity-merges-sent-to-a-pr-secondary-cluster-are-not-persisted-to-storage)
| Known Issue (1.16.7-1.16.8) | [Some values in the audit logs not hmac'd properly](/vault/docs/upgrading/upgrade-to-1.16.x#client-tokens-and-token-accessors-audited-in-plaintext) |
| Version | Change |
|-----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1.16.0+ | [Existing clusters do not show the current Vault version in UI by default](/vault/docs/upgrading/upgrade-to-1.16.x#default-policy-changes) |
| 1.16.0+ | [Default LCQ enabled when upgrading pre-1.9](/vault/docs/upgrading/upgrade-to-1.16.x#default-lcq-pre-1.9-upgrade) |
| 1.16.0+ | [External plugin environment variables take precedence over server variables](/vault/docs/upgrading/upgrade-to-1.16.x#external-plugin-variables) |
| 1.16.0+ | [LDAP auth entity alias names no longer include upndomain](/vault/docs/upgrading/upgrade-to-1.16.x#ldap-auth-entity-alias-names-no-longer-include-upndomain) |
| 1.16.0+ | [Secrets Sync now requires a one-time flag to operate](/vault/docs/upgrading/upgrade-to-1.16.x#secrets-sync-now-requires-setting-a-one-time-flag-before-use) |
| 1.16.0+ | [Azure secrets engine role creation failing](/vault/docs/upgrading/upgrade-to-1.16.x#azure-secrets-engine-role-creation-failing) |
| 1.16.1 - 1.16.3 | [New nodes added by autopilot upgrades provisioned with the wrong version](/vault/docs/upgrading/upgrade-to-1.15.x#new-nodes-added-by-autopilot-upgrades-provisioned-with-the-wrong-version) |
| 1.15.8+ | [Autopilot upgrade for Vault Enterprise fails](/vault/docs/upgrading/upgrade-to-1.15.x#autopilot) |
| 1.16.5 | [Listener stops listening on untrusted upstream connection with particular config settings](/vault/docs/upgrading/upgrade-to-1.16.x#listener-proxy-protocol-config) |
| 1.16.3 - 1.16.6 | [Vault standby nodes not deleting removed entity-aliases from in-memory database](/vault/docs/upgrading/upgrade-to-1.16.x#dangling-entity-alias-in-memory) |
| 0.7.0+ | [Duplicate identity groups created](/vault/docs/upgrading/upgrade-to-1.16.x#duplicate-identity-groups-created-when-concurrent-requests-sent-to-the-primary-and-pr-secondary-cluster) | |
| Known Issue (0.7.0+) | [Manual entity merges fail](/vault/docs/upgrading/upgrade-to-1.16.x#manual-entity-merges-sent-to-a-pr-secondary-cluster-are-not-persisted-to-storage) |
| Known Issue (1.16.7-1.16.8) | [Some values in the audit logs not hmac'd properly](/vault/docs/upgrading/upgrade-to-1.16.x#client-tokens-and-token-accessors-audited-in-plaintext) |
| New default (1.16.13) | [Vault product usage metrics reporting](/vault/docs/upgrading/upgrade-to-1.6.x#product-usage-reporting) |
| Deprecation (1.16.13) | [`default_report_months` is deprecated for the `sys/internal/counters` API](/vault/docs/upgrading/upgrade-to-1.16.x#activity-log-changes) |


## Vault companion updates

Expand Down
29 changes: 16 additions & 13 deletions website/content/docs/release-notes/1.17.0.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,22 @@ description: |-

## Important changes

| Change | Description |
|------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| New default (1.17) | [Allowed audit headers now have unremovable defaults](/vault/docs/upgrading/upgrade-to-1.17.x#audit-headers) |
| Opt out feature (1.17) | [PKI sign-intermediate now truncates `notAfter` field to signing issuer](/vault/docs/upgrading/upgrade-to-1.17.x#pki-truncate) |
| Beta feature deprecated (1.17) | [Request limiter deprecated](/vault/docs/upgrading/upgrade-to-1.17.x#request-limiter) |
| Known issue (1.17.0+) | [PKI OCSP GET requests can return HTTP redirect responses](/vault/docs/upgrading/upgrade-to-1.17.x#pki-ocsp) |
| Known issue (1.17.0) | [Vault Agent and Vault Proxy consume excessive amounts of CPU](/vault/docs/upgrading/upgrade-to-1.17.x#agent-proxy-cpu-1-17) |
| Known issue (1.15.8 - 1.15.9, 1.16.0 - 1.16.3) | [Autopilot upgrade for Vault Enterprise fails](/vault/docs/upgrading/upgrade-to-1.16.x#new-nodes-added-by-autopilot-upgrades-provisioned-with-the-wrong-version) |
| Known issue (1.17.0 - 1.17.2) | [Vault standby nodes not deleting removed entity-aliases from in-memory database](/vault/docs/upgrading/upgrade-to-1.17.x#dangling-entity-alias-in-memory) |
| Known Issue (0.7.0+) | [Duplicate identity groups created](/vault/docs/upgrading/upgrade-to-1.17.x#duplicate-identity-groups-created-when-concurrent-requests-sent-to-the-primary-and-pr-secondary-cluster)
| Known Issue (0.7.0+) | [Manual entity merges fail](/vault/docs/upgrading/upgrade-to-1.17.x#manual-entity-merges-sent-to-a-pr-secondary-cluster-are-not-persisted-to-storage)
| Known Issue (1.17.3-1.17.4) | [Some values in the audit logs not hmac'd properly](/vault/docs/upgrading/upgrade-to-1.17.x#client-tokens-and-token-accessors-audited-in-plaintext)
| Known Issue (1.17.0-1.17.5) | [Cached activation flags for secrets sync on follower nodes are not updated](/vault/docs/upgrading/upgrade-to-1.17.x#cached-activation-flags-for-secrets-sync-on-follower-nodes-are-not-updated)
| Change | Description |
|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| New default (1.17) | [Allowed audit headers now have unremovable defaults](/vault/docs/upgrading/upgrade-to-1.17.x#audit-headers) |
| Opt out feature (1.17) | [PKI sign-intermediate now truncates `notAfter` field to signing issuer](/vault/docs/upgrading/upgrade-to-1.17.x#pki-truncate) |
| Beta feature deprecated (1.17) | [Request limiter deprecated](/vault/docs/upgrading/upgrade-to-1.17.x#request-limiter) |
| Known issue (1.17.0+) | [PKI OCSP GET requests can return HTTP redirect responses](/vault/docs/upgrading/upgrade-to-1.17.x#pki-ocsp) |
| Known issue (1.17.0) | [Vault Agent and Vault Proxy consume excessive amounts of CPU](/vault/docs/upgrading/upgrade-to-1.17.x#agent-proxy-cpu-1-17) |
| Known issue (1.15.8 - 1.15.9, 1.16.0 - 1.16.3) | [Autopilot upgrade for Vault Enterprise fails](/vault/docs/upgrading/upgrade-to-1.16.x#new-nodes-added-by-autopilot-upgrades-provisioned-with-the-wrong-version) |
| Known issue (1.17.0 - 1.17.2) | [Vault standby nodes not deleting removed entity-aliases from in-memory database](/vault/docs/upgrading/upgrade-to-1.17.x#dangling-entity-alias-in-memory) |
| Known issue (1.17.0 - 1.17.3) | [AWS Auth AssumeRole requires an external ID even if none is set](/vault/docs/upgrading/upgrade-to-1.17.x#aws-auth-role-configuration-requires-an-external_id) |
| Known Issue (0.7.0+) | [Duplicate identity groups created](/vault/docs/upgrading/upgrade-to-1.17.x#duplicate-identity-groups-created-when-concurrent-requests-sent-to-the-primary-and-pr-secondary-cluster) |
| Known Issue (0.7.0+) | [Manual entity merges fail](/vault/docs/upgrading/upgrade-to-1.17.x#manual-entity-merges-sent-to-a-pr-secondary-cluster-are-not-persisted-to-storage) |
| Known Issue (1.17.3-1.17.4) | [Some values in the audit logs not hmac'd properly](/vault/docs/upgrading/upgrade-to-1.17.x#client-tokens-and-token-accessors-audited-in-plaintext) |
| Known Issue (1.17.0-1.17.5) | [Cached activation flags for secrets sync on follower nodes are not updated](/vault/docs/upgrading/upgrade-to-1.17.x#cached-activation-flags-for-secrets-sync-on-follower-nodes-are-not-updated) |
| New default (1.17.9) | [Vault product usage metrics reporting](/vault/docs/upgrading/upgrade-to-1.17.x#product-usage-reporting) |
| Deprecation (1.17.9) | [`default_report_months` is deprecated for the `sys/internal/counters` API](/vault/docs/upgrading/upgrade-to-1.17.x#activity-log-changes) |

## Vault companion updates

Expand Down
17 changes: 9 additions & 8 deletions website/content/docs/release-notes/1.18.0.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,12 @@ description: |-

## Important changes

| Change | Description
| --------------------------- | -----------
| New default (1.18.0) | [Default activity log querying period](/vault/docs/upgrading/upgrade-to-1.18.x#default-activity-log-querying-period)
| New default (1.18.0) | [Docker image no longer contains curl](/vault/docs/upgrading/upgrade-to-1.18.x#docker-image-no-longer-contains-curl)
| Beta feature removed (1.18) | [Request limiter removed](/vault/docs/upgrading/upgrade-to-1.18.x#request-limiter-configuration-removal)
| Change | Description |
|-----------------------------|----------------------------------------------------------------------------------------------------------------------|
| New default (1.18.0) | [Default activity log querying period](/vault/docs/upgrading/upgrade-to-1.18.x#default-activity-log-querying-period) |
| New default (1.18.0) | [Docker image no longer contains curl](/vault/docs/upgrading/upgrade-to-1.18.x#docker-image-no-longer-contains-curl) |
| Beta feature removed (1.18) | [Request limiter removed](/vault/docs/upgrading/upgrade-to-1.18.x#request-limiter-configuration-removal) |
| New default (1.18.2) | [Vault product usage metrics reporting](/vault/docs/upgrading/upgrade-to-1.18.x#product-usage-reporting) |

## Vault companion updates

Expand Down Expand Up @@ -63,15 +64,15 @@ Follow the learn more links for more information, or browse the list of
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Overall stability improvements.
Overall stability improvements.
<br /><br />
Learn more: <a href="/vault/docs/concepts/integrated-storage/autopilot">Autopilot overview</a>
</td>
</tr>

<tr>
<td style={{verticalAlign: 'middle'}}>
Client count
Client count
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Expand All @@ -88,7 +89,7 @@ Follow the learn more links for more information, or browse the list of
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
<td style={{verticalAlign: 'middle'}}>
Enable PKI support for automated certificate enrollment with CMPv2
protocols for 5G networks per 3G PP standards.
protocols for 5G networks per 3G PP standards.
<br /><br />
Learn more: <a href="/vault/docs/secrets/pki/cmpv2">CMPv2 in the Vault PKI plugin</a>
</td>
Expand Down
53 changes: 53 additions & 0 deletions website/content/docs/upgrading/upgrade-to-1.16.x.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,50 @@ operation called an activation-flag. The feature is gated until a Vault operator
decides to trigger the flag. More information can be found in the
[secrets sync documentation](/vault/docs/sync#activating-the-feature).

### Activity Log Changes

#### Default Activity Log Querying Period

As of 1.16.13 and later, the field `default_report_months` can no longer be configured or read. Any previously set values
will be ignored by the system.


Attempts to modify `default_report_months` through the
[/sys/internal/counters/config](/vault/api-docs/system/internal-counters#update-the-client-count-configuration)
endpoint, will result in the following warning from Vault:

<CodeBlockConfig hideClipboard>

```shell-session
WARNING! The following warnings were returned from Vault:
* default_report_months is deprecated: defaulting to billing start time
```

</CodeBlockConfig>


The `current_billing_period` toggle for `/sys/internal/counters/activity` is also deprecated, as this will be set
true by default.

Attempts to set `current_billing_period` will result in the following warning from Vault:

<CodeBlockConfig hideClipboard>

```shell-session
WARNING! The following warnings were returned from Vault:
* current_billing_period is deprecated; unless otherwise specified, all requests will default to the current billing period
```

</CodeBlockConfig>

### Auto-rolled billing start date

As of 1.16.7 and later, the billing start date (license start date if not configured) automatically rolls over to the latest billing year at the end of the last cycle.
Expand Down Expand Up @@ -142,6 +186,15 @@ kubectl exec -ti <NAME> -- wget https://github.com/moparisthebest/static-curl/re

**NOTE:** When using this option you'll want to verify that the static binary comes from a trusted source.

### Product usage reporting

As of 1.16.13, Vault will collect anonymous product usage metrics for HashiCorp. This information will be collected
alongside activity information, and will be sent automatically if automated reporting is configured, or added to manual
reports if manual reporting is preferred.

See the main page for [Vault product usage metrics reporting](/vault/docs/enterprise/license/product-usage-reporting) for
more details, and information about opt-out.

## Known issues and workarounds

@include 'known-issues/1_17_audit-log-hmac.mdx'
Expand Down
Loading

0 comments on commit 8af62ad

Please sign in to comment.