Skip to content

Commit 68989b7

Browse files
Merge branch 'main' into prepare-terraform/v1.13
2 parents 980c673 + c8dd2f9 commit 68989b7

File tree

9 files changed

+23
-8
lines changed

9 files changed

+23
-8
lines changed

content/vault/global/partials/important-changes/breaking-changes/cve-2025-6000.mdx

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,15 +5,24 @@
55
| Breaking | 1.20.1+, 1.19.7+, 1.18.12+, 1.16.23+ | All
66

77
File audit devices require explicit configuration for prefixing and cannot use
8-
executable file permissions. You must set `allow_audit_log_prefixing` to `true`
9-
in your server configuration to enable `file` audit devices with the `prefix`
10-
option. Additionally, `file` audit devices cannot use file modes with executable
11-
permissions (e.g., 0777, 0755).
8+
executable file permissions.
9+
10+
Vault will not unseal on upgrade if your only configured audit device is a
11+
`file` device with the executable
12+
[mode](/vault/docs/commands/audit/enable#command-arguments) set.
13+
14+
Vault `file` audit devices cannot use file modes with executable permissions
15+
(e.g., 0777, 0755), and should be configured with `0644` permissions
16+
(or similar).
17+
18+
Additionally, to enable `file` audit devices with the `prefix` option, you must
19+
set `allow_audit_log_prefixing` to `true` in your server configuration on each
20+
node in your cluster.
1221

1322
#### Recommendation
1423

1524
If you use `file` audit devices:
1625

1726
1. Add `allow_audit_log_prefixing = true` to your Vault server configuration if
1827
you want to use the `prefix` option.
19-
1. Use non-executable file modes (e.g., 0644, 0666) for log files.
28+
1. Use non-executable file modes (e.g., 0644, 0666) for log files.

content/vault/v1.14.x/content/docs/internals/recommended-patterns.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
1818
| [Improve upgrade cadence](#improve-upgrade-cadence) | Enterprise, Community |
1919
| [Test before upgrades](#test-before-upgrades) | Enterprise, Community |
2020
| [Rotate audit device logs](#rotate-audit-device-logs) | Enterprise, Community |
21+
| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
2122
| [Monitor metrics](#monitor-metrics) | Enterprise, Community |
2223
| [Establish usage baseline](#establish-usage-baseline) | Enterprise, Community |
2324
| [Minimize root token use](#minimize-root-token-use) | All |

content/vault/v1.15.x/content/docs/internals/recommended-patterns.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
1818
| [Improve upgrade cadence](#improve-upgrade-cadence) | Enterprise, Community |
1919
| [Test before upgrades](#test-before-upgrades) | Enterprise, Community |
2020
| [Rotate audit device logs](#rotate-audit-device-logs) | Enterprise, Community |
21+
| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
2122
| [Monitor metrics](#monitor-metrics) | Enterprise, Community |
2223
| [Establish usage baseline](#establish-usage-baseline) | Enterprise, Community |
2324
| [Minimize root token use](#minimize-root-token-use) | All |

content/vault/v1.16.x/content/docs/internals/recommended-patterns.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
1818
| [Improve upgrade cadence](#improve-upgrade-cadence) | Enterprise, Community |
1919
| [Test before upgrades](#test-before-upgrades) | Enterprise, Community |
2020
| [Rotate audit device logs](#rotate-audit-device-logs) | Enterprise, Community |
21+
| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
2122
| [Monitor metrics](#monitor-metrics) | Enterprise, Community |
2223
| [Establish usage baseline](#establish-usage-baseline) | Enterprise, Community |
2324
| [Minimize root token use](#minimize-root-token-use) | All |

content/vault/v1.17.x/content/docs/internals/recommended-patterns.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
1818
| [Improve upgrade cadence](#improve-upgrade-cadence) | Enterprise, Community |
1919
| [Test before upgrades](#test-before-upgrades) | Enterprise, Community |
2020
| [Rotate audit device logs](#rotate-audit-device-logs) | Enterprise, Community |
21+
| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
2122
| [Monitor metrics](#monitor-metrics) | Enterprise, Community |
2223
| [Establish usage baseline](#establish-usage-baseline) | Enterprise, Community |
2324
| [Minimize root token use](#minimize-root-token-use) | All |

content/vault/v1.18.x/content/docs/internals/recommended-patterns.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
1818
| [Improve upgrade cadence](#improve-upgrade-cadence) | Enterprise, Community |
1919
| [Test before upgrades](#test-before-upgrades) | Enterprise, Community |
2020
| [Rotate audit device logs](#rotate-audit-device-logs) | Enterprise, Community |
21+
| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
2122
| [Monitor metrics](#monitor-metrics) | Enterprise, Community |
2223
| [Establish usage baseline](#establish-usage-baseline) | Enterprise, Community |
2324
| [Minimize root token use](#minimize-root-token-use) | All |

content/vault/v1.19.x/content/docs/internals/recommended-patterns.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
1818
| [Improve upgrade cadence](#improve-upgrade-cadence) | Enterprise, Community |
1919
| [Test before upgrades](#test-before-upgrades) | Enterprise, Community |
2020
| [Rotate audit device logs](#rotate-audit-device-logs) | Enterprise, Community |
21+
| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
2122
| [Monitor metrics](#monitor-metrics) | Enterprise, Community |
2223
| [Establish usage baseline](#establish-usage-baseline) | Enterprise, Community |
2324
| [Minimize root token use](#minimize-root-token-use) | All |

content/vault/v1.20.x/content/docs/internals/recommended-patterns.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
1818
| [Improve upgrade cadence](#improve-upgrade-cadence) | Enterprise, Community |
1919
| [Test before upgrades](#test-before-upgrades) | Enterprise, Community |
2020
| [Rotate audit device logs](#rotate-audit-device-logs) | Enterprise, Community |
21+
| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
2122
| [Monitor metrics](#monitor-metrics) | Enterprise, Community |
2223
| [Establish usage baseline](#establish-usage-baseline) | Enterprise, Community |
2324
| [Minimize root token use](#minimize-root-token-use) | All |

content/vault/v1.20.x/content/partials/cli/audit/args/file/mode.mdx

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,8 @@
33
**`mode (string : "0600")`**
44

55
The `chmod`-style octal permissions for the audit file. Set `mode` to "0000" to
6-
prevent Vault from modifying the file mode.
7-
8-
File audit devices cannot use file modes with executable permissions (e.g., 0777, 0755).
6+
prevent Vault from modifying the file mode. File audit devices cannot use file
7+
modes with executable permissions (e.g., 0777, 0755).
98

109
**Example**: `mode="0644"`
1110

0 commit comments

Comments
 (0)