问答博客资讯标签用户活动
logo极客观点logo项目管理logoHarmonyOS
开发者社区
javascript
前端
python
node.js
react
vue.js
php
laravel
go
人工智能
mysql
linux
ios
java
android
css
typescript
spring
程序员
logoONES 研发管理logo思否企业问答

发布 v2.3.1 · openbao/openbao

  • OpenBao v2.3.0 Unreleased Due to Illumos Build Bug: Illumos was removed from v2.3.1 due to a bug.

  • SECURITY:

    • core/sys: Added listener parameter to disable unauthenticated rekey operations and enabled auditing. [CVE-2025-52894, Upstream HCSEC-2025-11 / CVE-2025-4656]
    • sdk/framework: Prevented additional information disclosure on invalid requests. [CVE-2025-52893]

  • CHANGES:

    • packaging/systemd: Don't set LimitNOFILE, letting Go manage it automatically. [GH-1179]
    • storage/postgresql: Support empty connection URLs. [GH-1297]
    • packaging: Remove support for Illumos due to broken builds. [GH-1503]

  • FEATURES:

    • KMIP Auto-Unseal: Added support for automatic unsealing using KMIP. [GH-1144]
    • Namespaces UI Support: Added namespace picker and management pages. [GH-1406]
    • Namespaces: Supported tenant isolation with various features. [GH-1165]
    • Added ARM64 HSM builds and Alpine-based HSM container images. [GH-1427]
    • Supported Common Expression Language (CEL) in PKI and auth/jwt. [GH-794, GH-869]
    • ssh: Supported multiple certificate issuers in SSH secret engine mounts. [GH-880]

  • IMPROVEMENTS:

    • When using auto-unseal via KMS, log KMS-specific configuration at startup. [GH-1346]
    • approle: Use transactions for read + write operations. [GH-992]
    • auth/jwt: Support lazy resolution of oidc_discovery_url or jwks_url. [GH-1306]
    • core/identity: Added unsafe_cross_namespace_identity. [GH-1432]
    • core/policies: Added check-and-set support and related endpoints. [GH-1162, GH-1224, GH-1142]
    • core: Supported pagination and transactions in some views. [GH-1102]
    • database/valkey: Revived Redis plugin as Valkey. [GH-1019]
    • database: Used transactions in some database package methods. [GH-995]
    • pki: Added not_after_bound and not_before_bound role parameters. [GH-1172]
    • ssh: Used transactions in some ssh package methods. [GH-989]
    • storage/postgresql: Supported retrying database connection on startup. [GH-1280]

  • DEPRECATIONS:

    • Deprecated using duplicate and undocumented PKCS#11 auto-unseal options. Use documented alternatives. [GH-1385]

  • BUG FIXES:

    • api: Stopped marshaling nil interface data. [GH-1315]
    • core/identity: Loaded namespace entities and groups into MemDB. [GH-1432]
    • oidc: Added buffer time to prevent flakiness. [GH-1178]
    • pki: Addressed a timing issue in a test. [GH-1139]
    • sealing/pkcs11: Correctly finalized the PKCS#11 library on shutdown. [GH-1349]
    • secrets/kv: Fixed a panic on detailed metadata list. [GH-1388]
    • storage/postgresql: Removed redundant PermitPool. [GH-1299]
    • storage/postgresql: Skipped table creation on PostgreSQL replicas. [GH-1478]
    • vault: Addressed timing issues in OIDC tests. [GH-1129, GH-1100]
  • What's Changed over Beta: Backported various fixes and improvements.
  • Release notes: [https://openbao.org/docs/rele...]
  • Full Changelog: v2.2.0...v2.3.1
Release v2.3.1 · openbao/openbao
https://github.com/openbao/openbao/releases/tag/v2.3.1
阅读 16
0 条评论
得票最新