Skip to content

Commit

Permalink
changelog++
Browse files Browse the repository at this point in the history
jefferai committed Feb 25, 2016

Verified

This commit was signed with the committer’s verified signature.
Hzfengsy Siyuan Feng
1 parent b280daa commit 0a4bcf8
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -12,6 +12,10 @@ DEPRECATIONS/BREAKING CHANGES:
mismatch between the Vault server and clients could result in a certificate
that would not be considered expired by a client being removed from the CRL.
The new `pki/tidy` endpoint can be used to trigger expirations. [GH-1129]
* The `cert` backend now performs a variant of channel binding at renewal time
for increased security. In order to not overly burden clients, a notion of
identity is used. This functionality can be disabled. See the 0.5.1 upgrade
guide for more specific information [GH-1127]

FEATURES:

@@ -35,15 +39,15 @@ IMPROVEMENTS:
* deps: Use the standardized Go 1.6 vendoring system
* secret/aws: Inform users of AWS-imposed policy restrictions around STS
tokens if they attempt to use an invalid policy [GH-1113]
* secret/mysql: While configuring mysql backend, avoid verification of
connection_url by disabling it using verify_connection option [GH-1096]
* secret/mysql: The MySQL backend now allows disabling verification of the
`connection_url` [GH-1096]
* secret/pki: Submitted CSRs are now verified to have the correct key type and
minimum number of bits according to the role. The exception is intermediate
CA signing and the `sign-verbatim` path [GH-1104]
* secret/pki: New `tidy` endpoint to allow expunging expired certificates.
[GH-1129]
* secret/postgresql: While configuring mysql backend, avoid verification of
connection_url by disabling it using verify_connection option [GH-1096]
* secret/postgresql: The PostgreSQL backend now allows disabling verification
of the `connection_url` [GH-1096]
* secret/ssh: When verifying an OTP, return 400 if it is not valid instead of
204 [GH-1086]
* credential/app-id: App ID backend will check the validity of app-id and user-id

0 comments on commit 0a4bcf8

Please sign in to comment.