IMPROVEMENTS:
- Added
-log-levelcommand-line option GH-77
CHANGES:
- Building with Go 1.21.4
- Updated golang dependencies GH-71
- golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 => v0.16.0
- golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c => v0.15.0
- golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 => v0.19.0
- golang.org/x/text v0.3.3 => v0.14.0
- github.com/hashicorp/go-hclog v1.4.0 => v1.5.0
- github.com/hashicorp/go-uuid v1.0.2 => v1.0.3
- github.com/hashicorp/vault/api v1.4.1 => v1.10.0
- github.com/go-jose/go-jose/v3 v3.0.0 => v3.0.1
BUG FIXES:
- Update ssh-helper's
Versionto properly reflect its release version
SECURITY:
- HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Assigned CVE-2020-24359, fixed in 0.2.0.
FEATURES:
- Add support for namespaces GH-44
SECURITY:
- Make a safe exit when displaying usage text [GH-32]
SECURITY:
- Verify that OTPs conform to UUID format [7a831a5]
IMPROVEMENTS:
- Added
allowed_rolesoption to configuration, which enforces specified role names to be present in the verification response received by the agent.
UPGRADE NOTES:
- The option
allowed_rolesis a breaking change. When vault-ssh-helper is upgraded, it is required that the existing configuration files have an entry forallowed_roles="*"to be backwards compatible.
SECURITY:
- Introduced
devmode. Ifdevmode is not activated,vault-ssh-helpercan only communicate with Vault that has TLS enabled [f7a8707]
IMPROVEMENTS:
- Updated the documentation [GH-12]
BUG FIXES:
- Empty check for
allowed_cidr_list[9acaa58]
- Initial release