Vault
Overview
This page contains the list of deprecations and important or breaking changes for Vault 0.6.3. Please read it carefully.
LDAP null binds disabled by default
When using the LDAP auth method, deny_null_bind
has a default value of
true
, preventing a successful user authentication when an empty password
is provided. If you utilize passwordless LDAP binds, deny_null_bind
must
be set to false
. Upgrades will keep previous behavior until the LDAP
configuration information is rewritten, at which point the new behavior
will be utilized.
Request size limitation
A maximum request size of 32MB is imposed to prevent a denial of service attack with arbitrarily large requests.
Any audit device successfully activated allows active duty
Previously, when a new Vault node was taking over service in an HA cluster, all audit devices were required to be active successfully to take over active duty. This behavior now matches the behavior of the audit logging system itself: at least one audit device must successfully be activated. The server log contains an error when this occurs. This helps keep a Vault HA cluster working when there is a misconfiguration on a standby node.