From 14d9de93ab56342616319308e10aecb41f2263d4 Mon Sep 17 00:00:00 2001 From: JMGoldsmith Date: Wed, 5 Nov 2025 14:52:48 +0100 Subject: [PATCH 1/8] updating known issue for rotation manager --- .../important-changes/summary-tables/1_19.mdx | 3 ++- .../important-changes/summary-tables/1_20.mdx | 3 ++- .../content/docs/updates/important-changes.mdx | 14 ++++++++++++++ .../content/docs/updates/important-changes.mdx | 14 ++++++++++++++ 4 files changed, 32 insertions(+), 2 deletions(-) diff --git a/content/vault/global/partials/important-changes/summary-tables/1_19.mdx b/content/vault/global/partials/important-changes/summary-tables/1_19.mdx index 044a5ff78f..93b55e4d0a 100644 --- a/content/vault/global/partials/important-changes/summary-tables/1_19.mdx +++ b/content/vault/global/partials/important-changes/summary-tables/1_19.mdx @@ -44,4 +44,5 @@ Found | Fixed | Workaround | Edition | Issue 1.18.4 | No | **Yes** | All | [Failing credential refresh for Snowflake DB secrets engine key pair authentication](/vault/docs/v1.19.x/updates/important-changes#snowflake-keypair-refresh) 1.19.0 | No | No | All | [Writing configuration to local auth mount (ldap, aws, gcp, azure) ignores local flag](/vault/docs/v1.19.x/updates/important-changes#local-auth-known-issue) 1.19.0 | No | **Yes** | Enterprise | [Missed events with multiple event clients](/vault/docs/v1.19.x/updates/important-changes#missed-events) -1.19.0 | 1.19.11 | No | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.19.x/updates/important-changes#multi-seal-rewrap) \ No newline at end of file +1.19.0 | 1.19.11 | No | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.19.x/updates/important-changes#multi-seal-rewrap) +1.19.0 | 1.19.10 | Upgrade. | Enterprise | [Rotation manager job creation will fail, spawning large number of goroutines](/vault/docs/v1.19.x/updates/important-changes#rotation-manager-goroutines) \ No newline at end of file diff --git a/content/vault/global/partials/important-changes/summary-tables/1_20.mdx b/content/vault/global/partials/important-changes/summary-tables/1_20.mdx index f810a2d59f..fb2146eb7f 100644 --- a/content/vault/global/partials/important-changes/summary-tables/1_20.mdx +++ b/content/vault/global/partials/important-changes/summary-tables/1_20.mdx @@ -32,4 +32,5 @@ Found | Fixed | Workaround | Edition | Issue 1.20.0 | 1.20.1 | **Yes** | All | [Duplicate LDAP password rotations on standby node check-in](/vault/docs/v1.20.x/updates/important-changes#ldap-checkin) 1.20.0 | No | No | All | [Writing configuration to local auth mount (ldap, aws, gcp, azure) ignores local flag](/vault/docs/v1.20.x/updates/important-changes#local-auth-known-issue) 1.20.0 | No | **Yes** | Enterprise | [Missed events with multiple event clients](/vault/docs/v1.20.x/updates/important-changes#missed-events) -1.20.0 | 1.20.5 | No | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.20.x/updates/important-changes#multi-seal-rewrap) \ No newline at end of file +1.20.0 | 1.20.5 | No | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.20.x/updates/important-changes#multi-seal-rewrap) +1.19.0 | 1.20.14 | Upgrade. | Enterprise | [Rotation manager job creation will fail, spawning large number of goroutines](/vault/docs/v1.19.x/updates/important-changes#rotation-manager-goroutines) \ No newline at end of file diff --git a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx index a337a078c5..dc4c082b12 100644 --- a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx +++ b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx @@ -344,6 +344,20 @@ Explicitly set the default endpoint and region when configuring sts: ## Known issues +### Rotation registrations failing ((#rotation-manager-goroutines)) + +| Change | Affected version | Fixed version +| ------------ | -------------------------------- | -------------------- +| Known Issue | 1.19.0, 1.20.0 | 1.19.10, 1.20.4, 1.21.0 + +Rotation manager configurations and jobs may cause a lock to be held indefinitely. This +can have a down stream effect on being able to create new rotaiton jobs, authentication +using configs with rotation manager configured, or other unknown effects. + +#### Workaround + +Upgrade to one of the following versions - 1.19.10, 1.20.4, 1.21.0 + ### AWS auto join fails on startup ((#aws-auto-join)). | Change | Status | Affected version | Fixed version diff --git a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx index 2bcddec032..f562809a35 100644 --- a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx +++ b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx @@ -254,6 +254,20 @@ their existing schedule until you manually update rotation with an API call. ## Known issues +### Rotation registrations failing ((#rotation-manager-goroutines)) + +| Change | Affected version | Fixed version +| ------------ | -------------------------------- | -------------------- +| Known Issue | 1.19.0, 1.20.0 | 1.19.10, 1.20.4, 1.21.0 + +Rotation manager configurations and jobs may cause a lock to be held indefinitely. This +can have a down stream effect on being able to create new rotaiton jobs, authentication +using configs with rotation manager configured, or other unknown effects. + +#### Workaround + +Upgrade to one of the following versions - 1.19.10, 1.20.4, 1.21.0 + ### AWS auto join fails on startup ((#aws-auto-join)). | Change | Status | Affected version | Fixed version From 934c2dca9aab9e69d63269a3ce0154d1f3de6c8e Mon Sep 17 00:00:00 2001 From: JMGoldsmith Date: Wed, 5 Nov 2025 15:07:40 +0100 Subject: [PATCH 2/8] fix typo --- .../vault/v1.19.x/content/docs/updates/important-changes.mdx | 2 +- .../vault/v1.20.x/content/docs/updates/important-changes.mdx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx index dc4c082b12..e1473ebd68 100644 --- a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx +++ b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx @@ -351,7 +351,7 @@ Explicitly set the default endpoint and region when configuring sts: | Known Issue | 1.19.0, 1.20.0 | 1.19.10, 1.20.4, 1.21.0 Rotation manager configurations and jobs may cause a lock to be held indefinitely. This -can have a down stream effect on being able to create new rotaiton jobs, authentication +can have a down stream effect on being able to create new rotation jobs, authentication using configs with rotation manager configured, or other unknown effects. #### Workaround diff --git a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx index f562809a35..52419c9896 100644 --- a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx +++ b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx @@ -261,7 +261,7 @@ their existing schedule until you manually update rotation with an API call. | Known Issue | 1.19.0, 1.20.0 | 1.19.10, 1.20.4, 1.21.0 Rotation manager configurations and jobs may cause a lock to be held indefinitely. This -can have a down stream effect on being able to create new rotaiton jobs, authentication +can have a down stream effect on being able to create new rotation jobs, authentication using configs with rotation manager configured, or other unknown effects. #### Workaround From bca4b42524eb07d75613769b601878a19b1c29ce Mon Sep 17 00:00:00 2001 From: JMGoldsmith Date: Thu, 6 Nov 2025 10:37:59 +0100 Subject: [PATCH 3/8] Update content/vault/v1.19.x/content/docs/updates/important-changes.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- .../v1.19.x/content/docs/updates/important-changes.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx index e1473ebd68..331813e17d 100644 --- a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx +++ b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx @@ -346,9 +346,9 @@ Explicitly set the default endpoint and region when configuring sts: ### Rotation registrations failing ((#rotation-manager-goroutines)) -| Change | Affected version | Fixed version -| ------------ | -------------------------------- | -------------------- -| Known Issue | 1.19.0, 1.20.0 | 1.19.10, 1.20.4, 1.21.0 +| Change | Affected version | Fixed version +| ------------ | ---------------- | ------------- +| Known Issue | 1.19.0 | 1.19.10 Rotation manager configurations and jobs may cause a lock to be held indefinitely. This can have a down stream effect on being able to create new rotation jobs, authentication From 8722f760df3fd96bb875a613078477408f9494a9 Mon Sep 17 00:00:00 2001 From: JMGoldsmith Date: Thu, 6 Nov 2025 10:38:10 +0100 Subject: [PATCH 4/8] Update content/vault/v1.20.x/content/docs/updates/important-changes.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- .../v1.20.x/content/docs/updates/important-changes.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx index 52419c9896..40814b6b20 100644 --- a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx +++ b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx @@ -256,9 +256,9 @@ their existing schedule until you manually update rotation with an API call. ### Rotation registrations failing ((#rotation-manager-goroutines)) -| Change | Affected version | Fixed version -| ------------ | -------------------------------- | -------------------- -| Known Issue | 1.19.0, 1.20.0 | 1.19.10, 1.20.4, 1.21.0 +| Change | Affected version | Fixed version +| ------------ | ---------------- | ------------- +| Known Issue | 1.20.0 | 1.20.4 Rotation manager configurations and jobs may cause a lock to be held indefinitely. This can have a down stream effect on being able to create new rotation jobs, authentication From 56afc3eee0cfd6ebe757b1c0f4fc4602dd2397d1 Mon Sep 17 00:00:00 2001 From: JMGoldsmith Date: Thu, 6 Nov 2025 10:38:25 +0100 Subject: [PATCH 5/8] Update content/vault/v1.19.x/content/docs/updates/important-changes.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- .../vault/v1.19.x/content/docs/updates/important-changes.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx index 331813e17d..55e3ba7a3b 100644 --- a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx +++ b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx @@ -356,7 +356,7 @@ using configs with rotation manager configured, or other unknown effects. #### Workaround -Upgrade to one of the following versions - 1.19.10, 1.20.4, 1.21.0 +Upgrade to 1.19.10 or the latest version of 1.20.x or 1.21.x. ### AWS auto join fails on startup ((#aws-auto-join)). From 23aae88a8b0437af3e1682bcf37796d9da96d419 Mon Sep 17 00:00:00 2001 From: JMGoldsmith Date: Thu, 6 Nov 2025 10:38:35 +0100 Subject: [PATCH 6/8] Update content/vault/v1.20.x/content/docs/updates/important-changes.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- .../vault/v1.20.x/content/docs/updates/important-changes.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx index 40814b6b20..c1994ff2b4 100644 --- a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx +++ b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx @@ -266,7 +266,7 @@ using configs with rotation manager configured, or other unknown effects. #### Workaround -Upgrade to one of the following versions - 1.19.10, 1.20.4, 1.21.0 +Upgrade to 1.20.4+ or 1.21.x. ### AWS auto join fails on startup ((#aws-auto-join)). From 4f63aae8d4052141eea7997f6ee6a4a7bd9a3f40 Mon Sep 17 00:00:00 2001 From: JMGoldsmith Date: Thu, 6 Nov 2025 10:38:48 +0100 Subject: [PATCH 7/8] Update content/vault/v1.19.x/content/docs/updates/important-changes.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- .../v1.19.x/content/docs/updates/important-changes.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx index 55e3ba7a3b..d793e637dc 100644 --- a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx +++ b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx @@ -350,9 +350,10 @@ Explicitly set the default endpoint and region when configuring sts: | ------------ | ---------------- | ------------- | Known Issue | 1.19.0 | 1.19.10 -Rotation manager configurations and jobs may cause a lock to be held indefinitely. This -can have a down stream effect on being able to create new rotation jobs, authentication -using configs with rotation manager configured, or other unknown effects. +Rotation manager configurations and jobs may cause Vault to hold a lock +indefinitely and cause multiple downstream effects including failures to create +new rotation jobs and failed authentication for methods configured to use +rotation manager. #### Workaround From 72bc515106307026d71261233ca0698d4eb633f8 Mon Sep 17 00:00:00 2001 From: JMGoldsmith Date: Thu, 6 Nov 2025 10:39:09 +0100 Subject: [PATCH 8/8] Update content/vault/v1.20.x/content/docs/updates/important-changes.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- .../v1.20.x/content/docs/updates/important-changes.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx index c1994ff2b4..bda1ce6113 100644 --- a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx +++ b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx @@ -260,9 +260,10 @@ their existing schedule until you manually update rotation with an API call. | ------------ | ---------------- | ------------- | Known Issue | 1.20.0 | 1.20.4 -Rotation manager configurations and jobs may cause a lock to be held indefinitely. This -can have a down stream effect on being able to create new rotation jobs, authentication -using configs with rotation manager configured, or other unknown effects. +Rotation manager configurations and jobs may cause Vault to hold a lock +indefinitely and cause multiple downstream effects including failures to create +new rotation jobs and failed authentication for methods configured to use +rotation manager. #### Workaround