Trez/rinoa-docker
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions 1 Activity

🔧 Renovate: Update (patch) regex/hashicorp/vault to 1.18.5 to v1.18.5 #383

Merged
renovate-bot merged 1 commits from renovate/regex-hashicorp-vault-1-18-5 into main 2025-09-30 18:11:21 -04:00
Conversation 0 Commits 1 Files Changed 1
+1 -1
renovate-bot commented 2025-09-30 18:11:14 -04:00
Member
Copy Link
Copy Source

This PR contains the following updates:

Package Update Change
hashicorp/vault patch 1.18.0 -> 1.18.5

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Renovate Update Info

  • Update Type: patch

  • Automerge: 🛑 This update requires manual approval

Release Notes

hashicorp/vault (hashicorp/vault)

v1.18.5

Compare Source

February 25, 2025

SECURITY:

  • raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.2.0

CHANGES:

  • core: Bump Go version to 1.23.6
  • raft/autopilot (enterprise): Alongside the CE autopilot update, update raft-autopilot-enterprise library to v0.3.0 and add enterprise-specific regression testing.
  • secrets/openldap: Update plugin to v0.14.5 [GH-29551]

FEATURES:

  • Plugins: Allow Enterprise plugins to run externally on Vault Enterprise only.

IMPROVEMENTS:

  • raft/autopilot: We've updated the autopilot reconciliation logic (by updating the raft-autopilot dependency to v0.3.0) to avoid artificially increasing the quorum in presence of an unhealthy node. Now autopilot will start the reconciliation process by attempting to demote a failed voter node before any promotions, fixing the issue where Vault would initially increase quorum when faced with a failure of a voter node. In certain configurations, especially when using Vault Enterprise Redundancy Zones and losing a voter then a non-voter in quick succession, this would lead to a loss of quorum and cluster failure. [GH-29306]
  • ui: Application static breadcrumbs should be formatted in title case. [GH-29206]

BUG FIXES:

  • activity: Show activity records from clients created in deleted namespaces when activity log is queried from admin namespace. [GH-29432]
  • core/managed-keys (enterprise): Allow mechanism numbers above 32 bits in PKCS#11 managed keys.
  • core: Fix bug when if failing to persist the barrier keyring to track encryption counts, the number of outstanding encryptions remains added to the count, overcounting encryptions. [GH-29506]
  • database: Fix a bug where static role passwords are erroneously rotated across backend restarts when using skip import rotation. [GH-29537]
  • export API: Normalize the start_date parameter to the start of the month as is done in the sys/counters API to keep the results returned from both of the API's consistent. [GH-29562]
  • identity/oidc (enterprise): Fix delays in rotation and invalidation of OIDC keys when there are too many namespaces.
    The Cache-Control header returned by the identity/oidc/.well-known/keys endpoint now depends only on the named keys for
    the queried namespace. [GH-29312]
  • secrets-sync (enterprise): Add new parameters for destination configs to specify allowlists for IP's and ports.
  • secrets/pki: fixes issue #​28749 requiring all chains to be single line of authority. [GH-29342]
  • ui (enterprise): Fixes token renewal to ensure capability checks are performed in the relevant namespace, resolving 'Not authorized' errors for resources that users have permission to access. [GH-29416]
  • ui/database: Fixes 'cannot update static username' error when updating static role's rotation period [GH-29498]
  • ui: Fixes text overflow on Secrets engines and Auth Engines list views for long names & descriptions [GH-29430]
  • ui: MFA methods now display the namespace path instead of the namespace id. [GH-29588]

v1.18.4

Compare Source

January 30, 2025

CHANGES:

  • auth/cf: Update plugin to v0.19.1 [GH-29295]
  • sdk: Updated golang and dependency versions to be consistent across core, API, SDK to address [GO-2024-3333] and ensure version consistency [GH-29422]

IMPROVEMENTS:

  • plugins (enterprise): The Database secrets engine now allows skipping the automatic rotation of static roles during import.
  • events (enterprise): Use the path event metadata field when authorizing a client's subscribe capability for consuming an event, instead of requiring data_path to be present in the event metadata.
  • ui: Adds navigation for LDAP hierarchical libraries [GH-29293]
  • ui: Adds params to postgresql database to improve editing a connection in the web browser. [GH-29200]

BUG FIXES:

  • activity: Include activity records from clients created by deleted or disabled auth mounts in Export API response. [GH-29376]
  • core: Prevent integer overflows of the barrier key counter on key rotation requests [GH-29176]
  • database/mssql: Fix a bug where contained databases would silently fail root rotation if a custom root rotation statement was not provided. [GH-29399]
  • plugins: Fix a bug that causes zombie dbus-daemon processes on certain systems. [GH-29334]
  • sdk/database: Fix a bug where slow database connections can cause goroutines to be blocked. [GH-29097]
  • secrets/pki: Fix a bug that prevented the full CA chain to be used when enforcing name constraints. [GH-29255]
  • sentinel (enterprise): No longer report inaccurate log messages for when failing an advisory policy.
  • ui (enterprise): Fixes login to web UI when MFA is enabled for SAML auth methods [GH-28873]
  • ui: Fixes login to web UI when MFA is enabled for OIDC (i.e. azure, auth0) and Okta auth methods [GH-28873]
  • ui: Fixes navigation for quick actions in LDAP roles' popup menu [GH-29293]

v1.18.3

Compare Source

December 18, 2024

CHANGES:

  • secrets/openldap: Update plugin to v0.14.4 [GH-29131]
  • secrets/pki: Enforce the issuer constraint extensions (extended key usage, name constraints, issuer name) when issuing or signing leaf certificates. For more information see PKI considerations [GH-29045]

IMPROVEMENTS:

  • auth/okta: update to okta sdk v5 from v2. Transitively updates go-jose dependency to >=3.0.3 to resolve GO-2024-2631. See https://github.com/okta/okta-sdk-golang/blob/master/MIGRATING.md for details on changes. [GH-28121]
  • core: Added new enable_post_unseal_trace and post_unseal_trace_directory config options to generate Go traces during the post-unseal step for debug purposes. [GH-28895]
  • sdk: Add Vault build date to system view plugin environment response [GH-29082]
  • ui: Replace KVv2 json secret details view with Hds::CodeBlock component allowing users to search the full secret height. [GH-28808]

BUG FIXES:

  • autosnapshots (enterprise): Fix an issue where snapshot size metrics were not reported for cloud-based storage.
  • core/metrics: Fix unlocked mounts read for usage reporting. [GH-29091]
  • core/seal (enterprise): Fix problem with nodes unable to join Raft clusters with Seal High Availability enabled. [GH-29117]
  • core: fix bug in seal unwrapper that caused high storage latency in Vault CE. For every storage read request, the
    seal unwrapper was performing the read twice, and would also issue an unnecessary storage write. [GH-29050]
  • secret/db: Update static role rotation to generate a new password after 2 failed attempts. [GH-28989]
  • ui: Allow users to search the full json object within the json code-editor edit/create view. [GH-28808]
  • ui: Decode connection_url to fix database connection updates (i.e. editing connection config, deleting roles) failing when urls include template variables. [GH-29114]
  • ui: Fix Swagger explorer bug where requests with path params were not working. [GH-28670]
  • vault/diagnose: Fix time to expiration reporting within the TLS verification to not be a month off. [GH-29128]

v1.18.2

Compare Source

November 21, 2024

SECURITY:

  • raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e

CHANGES:

  • auth/azure: Update plugin to v0.19.2 [GH-28848]
  • core/ha (enterprise): Failed attempts to become a performance standby node are now using an exponential backoff instead of a
    10 second delay in between retries. The backoff starts at 2s and increases by a factor of two until reaching
    the maximum of 16s. This should make unsealing of the node faster in some cases.
  • login (enterprise): Return a 500 error during logins when performance standby nodes make failed gRPC requests to the active node. [GH-28807]

FEATURES:

  • Product Usage Reporting: Added product usage reporting, which collects anonymous, numerical, non-sensitive data about Vault secrets usage, and adds it to the existing utilization reports. See the [docs] for more info [GH-28858]

IMPROVEMENTS:

  • secret/pki: Introduce a new value always_enforce_err within leaf_not_after_behavior to force the error in all circumstances such as CA issuance and ACME requests if requested TTL values are beyond the issuer's NotAfter. [GH-28907]
  • secrets-sync (enterprise): No longer attempt to unsync a random UUID secret name in GCP upon destination creation.
  • ui: Adds navigation for LDAP hierarchical roles [GH-28824]
  • website/docs: changed outdated reference to consul-helm repository to consul-k8s repository. [GH-28825]

BUG FIXES:

  • auth/ldap: Fixed an issue where debug level logging was not emitted. [GH-28881]
  • core: Improved an internal helper function that sanitizes paths by adding a check for leading backslashes
    in addition to the existing check for leading slashes. [GH-28878]
  • secret/pki: Fix a bug that prevents PKI issuer field enable_aia_url_templating
    to be set to false. [GH-28832]
  • secrets-sync (enterprise): Fixed issue where secret-key granularity destinations could sometimes cause a panic when loading a sync status.
  • secrets/aws: Fix issue with static credentials not rotating after restart or leadership change. [GH-28775]
  • secrets/ssh: Return the flag allow_empty_principals in the read role api when key_type is "ca" [GH-28901]
  • secrets/transform (enterprise): Fix nil panic when accessing a partially setup database store.
  • secrets/transit: Fix a race in which responses from the key update api could contain results from another subsequent update [GH-28839]
  • ui: Fixes rendering issues of LDAP dynamic and static roles with the same name [GH-28824]

v1.18.1

Compare Source

September 24, 2025

SECURITY:

  • core: Update github.com/hashicorp/go-getter to fix security vulnerability GHSA-wjrx-6529-hcj3.
  • core: Update github.com/ulikunitz/xz to fix security vulnerability GHSA-25xm-hr59-7c27.

CHANGES:

  • core: Bump Go version to 1.24.7.
  • core: Updates post-install script to print updated license information
  • database/snowflake: Update plugin to v0.12.3
  • sdk: Upgrade to go-secure-stdlib/plugincontainer@​v0.4.2, which also bumps github.com/docker/docker to v28.3.3+incompatible

IMPROVEMENTS:

  • Raft: Auto-join will now allow you to enforce IPv4 on networks that allow IPv6 and dual-stack enablement, which is on by default in certain regions.
  • auth/cert: Support RFC 9440 colon-wrapped Base64 certificates in x_forwarded_for_client_cert_header, to fix TLS certificate auth errors with Google Cloud Application Load Balancer.
  • core (enterprise): Updated code to support FIPS 140-3 compliant algorithms.

BUG FIXES:

  • auth/cert: Recover from partially populated caches of trusted certificates if one or more certificates fails to load.
  • secrets/transit: Fix error when using ed25519 keys that were imported with derivation enabled
  • sys/mounts: enable unsetting allowed_response_headers

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [hashicorp/vault](https://github.com/hashicorp/vault) | patch | `1.18.0` -> `1.18.5` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### ⚡ Renovate Update Info - **Update Type:** patch - **Automerge:** 🛑 This update requires manual approval --- ### Release Notes <details> <summary>hashicorp/vault (hashicorp/vault)</summary> ### [`v1.18.5`](https://github.com/hashicorp/vault/blob/HEAD/CHANGELOG.md#1185) [Compare Source](https://github.com/hashicorp/vault/compare/v1.18.4...v1.18.5) ##### February 25, 2025 SECURITY: - raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.2.0 CHANGES: - core: Bump Go version to 1.23.6 - raft/autopilot (enterprise): Alongside the CE autopilot update, update raft-autopilot-enterprise library to v0.3.0 and add enterprise-specific regression testing. - secrets/openldap: Update plugin to v0.14.5 \[[GH-29551](https://github.com/hashicorp/vault/pull/29551)] FEATURES: - **Plugins**: Allow Enterprise plugins to run externally on Vault Enterprise only. IMPROVEMENTS: - raft/autopilot: We've updated the autopilot reconciliation logic (by updating the raft-autopilot dependency to v0.3.0) to avoid artificially increasing the quorum in presence of an unhealthy node. Now autopilot will start the reconciliation process by attempting to demote a failed voter node before any promotions, fixing the issue where Vault would initially increase quorum when faced with a failure of a voter node. In certain configurations, especially when using Vault Enterprise Redundancy Zones and losing a voter then a non-voter in quick succession, this would lead to a loss of quorum and cluster failure. \[[GH-29306](https://github.com/hashicorp/vault/pull/29306)] - ui: Application static breadcrumbs should be formatted in title case. \[[GH-29206](https://github.com/hashicorp/vault/pull/29206)] BUG FIXES: - activity: Show activity records from clients created in deleted namespaces when activity log is queried from admin namespace. \[[GH-29432](https://github.com/hashicorp/vault/pull/29432)] - core/managed-keys (enterprise): Allow mechanism numbers above 32 bits in [PKCS#11](https://github.com/PKCS/vault/issues/11) managed keys. - core: Fix bug when if failing to persist the barrier keyring to track encryption counts, the number of outstanding encryptions remains added to the count, overcounting encryptions. \[[GH-29506](https://github.com/hashicorp/vault/pull/29506)] - database: Fix a bug where static role passwords are erroneously rotated across backend restarts when using skip import rotation. \[[GH-29537](https://github.com/hashicorp/vault/pull/29537)] - export API: Normalize the start\_date parameter to the start of the month as is done in the sys/counters API to keep the results returned from both of the API's consistent. \[[GH-29562](https://github.com/hashicorp/vault/pull/29562)] - identity/oidc (enterprise): Fix delays in rotation and invalidation of OIDC keys when there are too many namespaces. The Cache-Control header returned by the identity/oidc/.well-known/keys endpoint now depends only on the named keys for the queried namespace. \[[GH-29312](https://github.com/hashicorp/vault/pull/29312)] - secrets-sync (enterprise): Add new parameters for destination configs to specify allowlists for IP's and ports. - secrets/pki: fixes issue [#&#8203;28749](https://github.com/hashicorp/vault/issues/28749) requiring all chains to be single line of authority. \[[GH-29342](https://github.com/hashicorp/vault/pull/29342)] - ui (enterprise): Fixes token renewal to ensure capability checks are performed in the relevant namespace, resolving 'Not authorized' errors for resources that users have permission to access. \[[GH-29416](https://github.com/hashicorp/vault/pull/29416)] - ui/database: Fixes 'cannot update static username' error when updating static role's rotation period \[[GH-29498](https://github.com/hashicorp/vault/pull/29498)] - ui: Fixes text overflow on Secrets engines and Auth Engines list views for long names & descriptions \[[GH-29430](https://github.com/hashicorp/vault/pull/29430)] - ui: MFA methods now display the namespace path instead of the namespace id. \[[GH-29588](https://github.com/hashicorp/vault/pull/29588)] ### [`v1.18.4`](https://github.com/hashicorp/vault/blob/HEAD/CHANGELOG.md#1184) [Compare Source](https://github.com/hashicorp/vault/compare/v1.18.3...v1.18.4) ##### January 30, 2025 CHANGES: - auth/cf: Update plugin to v0.19.1 \[[GH-29295](https://github.com/hashicorp/vault/pull/29295)] - sdk: Updated golang and dependency versions to be consistent across core, API, SDK to address \[[GO-2024-3333](https://pkg.go.dev/vuln/GO-2024-3333)] and ensure version consistency \[[GH-29422](https://github.com/hashicorp/vault/pull/29422)] IMPROVEMENTS: - plugins (enterprise): The Database secrets engine now allows skipping the automatic rotation of static roles during import. - events (enterprise): Use the `path` event metadata field when authorizing a client's `subscribe` capability for consuming an event, instead of requiring `data_path` to be present in the event metadata. - ui: Adds navigation for LDAP hierarchical libraries \[[GH-29293](https://github.com/hashicorp/vault/pull/29293)] - ui: Adds params to postgresql database to improve editing a connection in the web browser. \[[GH-29200](https://github.com/hashicorp/vault/pull/29200)] BUG FIXES: - activity: Include activity records from clients created by deleted or disabled auth mounts in Export API response. \[[GH-29376](https://github.com/hashicorp/vault/pull/29376)] - core: Prevent integer overflows of the barrier key counter on key rotation requests \[[GH-29176](https://github.com/hashicorp/vault/pull/29176)] - database/mssql: Fix a bug where contained databases would silently fail root rotation if a custom root rotation statement was not provided. \[[GH-29399](https://github.com/hashicorp/vault/pull/29399)] - plugins: Fix a bug that causes zombie dbus-daemon processes on certain systems. \[[GH-29334](https://github.com/hashicorp/vault/pull/29334)] - sdk/database: Fix a bug where slow database connections can cause goroutines to be blocked. \[[GH-29097](https://github.com/hashicorp/vault/pull/29097)] - secrets/pki: Fix a bug that prevented the full CA chain to be used when enforcing name constraints. \[[GH-29255](https://github.com/hashicorp/vault/pull/29255)] - sentinel (enterprise): No longer report inaccurate log messages for when failing an advisory policy. - ui (enterprise): Fixes login to web UI when MFA is enabled for SAML auth methods \[[GH-28873](https://github.com/hashicorp/vault/pull/28873)] - ui: Fixes login to web UI when MFA is enabled for OIDC (i.e. azure, auth0) and Okta auth methods \[[GH-28873](https://github.com/hashicorp/vault/pull/28873)] - ui: Fixes navigation for quick actions in LDAP roles' popup menu \[[GH-29293](https://github.com/hashicorp/vault/pull/29293)] ### [`v1.18.3`](https://github.com/hashicorp/vault/blob/HEAD/CHANGELOG.md#1183) [Compare Source](https://github.com/hashicorp/vault/compare/v1.18.2...v1.18.3) ##### December 18, 2024 CHANGES: - secrets/openldap: Update plugin to v0.14.4 \[[GH-29131](https://github.com/hashicorp/vault/pull/29131)] - secrets/pki: Enforce the issuer constraint extensions (extended key usage, name constraints, issuer name) when issuing or signing leaf certificates. For more information see [PKI considerations](https://developer.hashicorp.com/vault/docs/secrets/pki/considerations#issuer-constraints-enforcement) \[[GH-29045](https://github.com/hashicorp/vault/pull/29045)] IMPROVEMENTS: - auth/okta: update to okta sdk v5 from v2. Transitively updates go-jose dependency to >=3.0.3 to resolve GO-2024-2631. See <https://github.com/okta/okta-sdk-golang/blob/master/MIGRATING.md> for details on changes. \[[GH-28121](https://github.com/hashicorp/vault/pull/28121)] - core: Added new `enable_post_unseal_trace` and `post_unseal_trace_directory` config options to generate Go traces during the post-unseal step for debug purposes. \[[GH-28895](https://github.com/hashicorp/vault/pull/28895)] - sdk: Add Vault build date to system view plugin environment response \[[GH-29082](https://github.com/hashicorp/vault/pull/29082)] - ui: Replace KVv2 json secret details view with Hds::CodeBlock component allowing users to search the full secret height. \[[GH-28808](https://github.com/hashicorp/vault/pull/28808)] BUG FIXES: - autosnapshots (enterprise): Fix an issue where snapshot size metrics were not reported for cloud-based storage. - core/metrics: Fix unlocked mounts read for usage reporting. \[[GH-29091](https://github.com/hashicorp/vault/pull/29091)] - core/seal (enterprise): Fix problem with nodes unable to join Raft clusters with Seal High Availability enabled. \[[GH-29117](https://github.com/hashicorp/vault/pull/29117)] - core: fix bug in seal unwrapper that caused high storage latency in Vault CE. For every storage read request, the seal unwrapper was performing the read twice, and would also issue an unnecessary storage write. \[[GH-29050](https://github.com/hashicorp/vault/pull/29050)] - secret/db: Update static role rotation to generate a new password after 2 failed attempts. \[[GH-28989](https://github.com/hashicorp/vault/pull/28989)] - ui: Allow users to search the full json object within the json code-editor edit/create view. \[[GH-28808](https://github.com/hashicorp/vault/pull/28808)] - ui: Decode `connection_url` to fix database connection updates (i.e. editing connection config, deleting roles) failing when urls include template variables. \[[GH-29114](https://github.com/hashicorp/vault/pull/29114)] - ui: Fix Swagger explorer bug where requests with path params were not working. \[[GH-28670](https://github.com/hashicorp/vault/issues/28670)] - vault/diagnose: Fix time to expiration reporting within the TLS verification to not be a month off. \[[GH-29128](https://github.com/hashicorp/vault/pull/29128)] ### [`v1.18.2`](https://github.com/hashicorp/vault/blob/HEAD/CHANGELOG.md#1182) [Compare Source](https://github.com/hashicorp/vault/compare/v1.18.1...v1.18.2) ##### November 21, 2024 SECURITY: - raft/snapshotagent (enterprise): upgrade raft-snapshotagent to v0.0.0-20241115202008-166203013d8e CHANGES: - auth/azure: Update plugin to v0.19.2 \[[GH-28848](https://github.com/hashicorp/vault/pull/28848)] - core/ha (enterprise): Failed attempts to become a performance standby node are now using an exponential backoff instead of a 10 second delay in between retries. The backoff starts at 2s and increases by a factor of two until reaching the maximum of 16s. This should make unsealing of the node faster in some cases. - login (enterprise): Return a 500 error during logins when performance standby nodes make failed gRPC requests to the active node. \[[GH-28807](https://github.com/hashicorp/vault/pull/28807)] FEATURES: - **Product Usage Reporting**: Added product usage reporting, which collects anonymous, numerical, non-sensitive data about Vault secrets usage, and adds it to the existing utilization reports. See the \[[docs](https://developer.hashicorp.com/vault/docs/enterprise/license/product-usage-reporting)] for more info \[[GH-28858](https://github.com/hashicorp/vault/pull/28858)] IMPROVEMENTS: - secret/pki: Introduce a new value `always_enforce_err` within `leaf_not_after_behavior` to force the error in all circumstances such as CA issuance and ACME requests if requested TTL values are beyond the issuer's NotAfter. \[[GH-28907](https://github.com/hashicorp/vault/pull/28907)] - secrets-sync (enterprise): No longer attempt to unsync a random UUID secret name in GCP upon destination creation. - ui: Adds navigation for LDAP hierarchical roles \[[GH-28824](https://github.com/hashicorp/vault/pull/28824)] - website/docs: changed outdated reference to consul-helm repository to consul-k8s repository. \[[GH-28825](https://github.com/hashicorp/vault/pull/28825)] BUG FIXES: - auth/ldap: Fixed an issue where debug level logging was not emitted. \[[GH-28881](https://github.com/hashicorp/vault/pull/28881)] - core: Improved an internal helper function that sanitizes paths by adding a check for leading backslashes in addition to the existing check for leading slashes. \[[GH-28878](https://github.com/hashicorp/vault/pull/28878)] - secret/pki: Fix a bug that prevents PKI issuer field enable\_aia\_url\_templating to be set to false. \[[GH-28832](https://github.com/hashicorp/vault/pull/28832)] - secrets-sync (enterprise): Fixed issue where secret-key granularity destinations could sometimes cause a panic when loading a sync status. - secrets/aws: Fix issue with static credentials not rotating after restart or leadership change. \[[GH-28775](https://github.com/hashicorp/vault/pull/28775)] - secrets/ssh: Return the flag `allow_empty_principals` in the read role api when key\_type is "ca" \[[GH-28901](https://github.com/hashicorp/vault/pull/28901)] - secrets/transform (enterprise): Fix nil panic when accessing a partially setup database store. - secrets/transit: Fix a race in which responses from the key update api could contain results from another subsequent update \[[GH-28839](https://github.com/hashicorp/vault/pull/28839)] - ui: Fixes rendering issues of LDAP dynamic and static roles with the same name \[[GH-28824](https://github.com/hashicorp/vault/pull/28824)] ### [`v1.18.1`](https://github.com/hashicorp/vault/blob/HEAD/CHANGELOG.md#11815-Enterprise) [Compare Source](https://github.com/hashicorp/vault/compare/v1.18.0...v1.18.1) ##### September 24, 2025 SECURITY: - core: Update github.com/hashicorp/go-getter to fix security vulnerability GHSA-wjrx-6529-hcj3. - core: Update github.com/ulikunitz/xz to fix security vulnerability GHSA-25xm-hr59-7c27. CHANGES: - core: Bump Go version to 1.24.7. - core: Updates post-install script to print updated license information - database/snowflake: Update plugin to [v0.12.3](https://github.com/hashicorp/vault-plugin-database-snowflake/releases/tag/v0.12.3) - sdk: Upgrade to go-secure-stdlib/plugincontainer\@&#8203;v0.4.2, which also bumps github.com/docker/docker to v28.3.3+incompatible IMPROVEMENTS: - Raft: Auto-join will now allow you to enforce IPv4 on networks that allow IPv6 and dual-stack enablement, which is on by default in certain regions. - auth/cert: Support RFC 9440 colon-wrapped Base64 certificates in `x_forwarded_for_client_cert_header`, to fix TLS certificate auth errors with Google Cloud Application Load Balancer. - core (enterprise): Updated code to support FIPS 140-3 compliant algorithms. BUG FIXES: - auth/cert: Recover from partially populated caches of trusted certificates if one or more certificates fails to load. - secrets/transit: Fix error when using [`ed25519`](https://github.com/hashicorp/vault/commit/ed25519) keys that were imported with derivation enabled - sys/mounts: enable unsetting allowed\_response\_headers </details> --- ### Configuration 📅 **Schedule**: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzEuMTIiLCJ1cGRhdGVkSW5WZXIiOiI0MS4xMzEuMTIiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyIsInJlbm92YXRlIl19-->
renovate-bot added 1 commit 2025-09-30 18:11:16 -04:00
🔧 Renovate: Update (patch) regex/hashicorp/vault to 1.18.5 to v1.18.5 479a986adc
renovate-bot scheduled this pull request to auto merge when all checks succeed 2025-09-30 18:11:17 -04:00
renovate-bot merged commit eae8485981 into main 2025-09-30 18:11:21 -04:00
renovate-bot deleted branch renovate/regex-hashicorp-vault-1-18-5 2025-09-30 18:11:22 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
docker-compose
manual
renovate
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-sonarqube-bot renovate-bot root Trez.One
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Trez/rinoa-docker#383
Delete Branch "renovate/regex-hashicorp-vault-1-18-5"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?