---
- branch: MAIN
  date: Tue Jun 13 06:28:38 UTC 2017
  files:
  - new: '1.13'
    old: '1.12'
    path: pkgsrc/security/vault/Makefile
    pathrev: pkgsrc/security/vault/Makefile@1.13
    type: modified
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/security/vault/distinfo
    pathrev: pkgsrc/security/vault/distinfo@1.8
    type: modified
  id: 20170613T062838Z.05c162b0b8400e5a61a02dd5c7e93b006bef3645
  log: |
    Update security/vault to 0.7.3.

    ## 0.7.3 (June 7th, 2017)

    SECURITY:

    - Cert auth backend now checks validity of individual certificates
    - App-ID path salting was skipped in 0.7.1/0.7.2

    DEPRECATIONS/CHANGES:

    - Step-Down is Forwarded

    FEATURES:

    - ed25519 Signing/Verification in Transit with Key Derivation
    - Key Version Specification for Encryption in Transit
    - Replication Primary Discovery (Enterprise)

    IMPROVEMENTS:

    - api/health: Add Sys().Health()
    - audit: Add auth information to requests that error out
    - command/auth: Add `-no-store` option that prevents the auth command
      from storing the returned token into the configured token helper
    - core/forwarding: Request forwarding now heartbeats to prevent unused
      connections from being terminated by firewalls or proxies
    - plugins/databases: Add MongoDB as an internal database plugin
    - storage/dynamodb: Add a method for checking the existence of
      children, speeding up deletion operations in the DynamoDB storage backend
    - storage/mysql: Add max_parallel parameter to MySQL backend
    - secret/databases: Support listing connections
    - secret/databases: Support custom renewal statements in Postgres
      database plugin
    - secret/databases: Use the role name as part of generated credentials
    - ui (Enterprise): Transit key and secret browsing UI handle large
      lists better
    - ui (Enterprise): root tokens are no longer persisted
    - ui (Enterprise): support for mounting Database and TOTP secret
      backends

    BUG FIXES:

    - auth/app-id: Fix regression causing loading of salts to be skipped
    - auth/aws: Improve EC2 describe instances performance
    - auth/aws: Fix lookup of some instance profile ARNs
    - auth/aws: Resolve ARNs to internal AWS IDs which makes lookup at
      various points (e.g. renewal time) more robust
    - auth/aws: Properly honor configured period when using IAM
      authentication
    - auth/aws: Check that a bound IAM principal is not empty (in the
      current state of the role) before requiring it match the previously
      authenticated client
    - auth/cert: Fix panic on renewal
    - auth/cert: Certificate verification for non-CA certs
    - core/acl: Prevent race condition when compiling ACLs in some
      scenarios
    - secret/database: Increase wrapping token TTL; in a loaded scenario
      it could be too short
    - secret/generic: Allow integers to be set as the value of `ttl` field
      as the documentation claims is supported
    - secret/ssh: Added host key callback to ssh client config
    - storage/s3: Avoid a panic when some bad data is returned
    - storage/dynamodb: Fix list functions working improperly on Windows
    - storage/file: Don't leak file descriptors in some error cases
    - storage/swift: Fix pre-v3 project/tenant name reading
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/vault'
  unixtime: '1497335318'
  user: fhajny