diff --git a/website/content/docs/concepts/identity.mdx b/website/content/docs/concepts/identity.mdx
index 53d05142d129..51d47a8acd58 100644
--- a/website/content/docs/concepts/identity.mdx
+++ b/website/content/docs/concepts/identity.mdx
@@ -20,11 +20,13 @@ Each user may have multiple accounts with various identity providers, and Vault
 supports many of those providers to authenticate with Vault. Vault Identity can
 tie authentications from various auth methods to a single representation. This representation of a consolidated identity is called an **Entity** and their
 corresponding accounts with authentication providers can be mapped as
-**Aliases**. In essence, each entity is made up of zero or more aliases. 
+**Aliases**. In essence, each entity is made up of zero or more aliases. An entity cannot have more than one alias for
+a particular authentication backend.
 
 For example, a user with accounts in both GitHub and LDAP can be mapped to a
 single entity in Vault with two aliases, one of type GitHub and one of type
-LDAP.
+LDAP. Note however, if both aliases are created on the same auth mount, say
+a Github mount, both aliases cannot be mapped to the same entity.
 
 ![Entity  overview](/img/vault-identity-doc-1.png)
 
diff --git a/website/content/docs/upgrading/upgrade-to-1.7.0.mdx b/website/content/docs/upgrading/upgrade-to-1.7.x.mdx
similarity index 91%
rename from website/content/docs/upgrading/upgrade-to-1.7.0.mdx
rename to website/content/docs/upgrading/upgrade-to-1.7.x.mdx
index 07dfaf13fa65..23c8077d34c1 100644
--- a/website/content/docs/upgrading/upgrade-to-1.7.0.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.7.x.mdx
@@ -1,15 +1,15 @@
 ---
 layout: docs
-page_title: Upgrading to Vault 1.7.0 - Guides
+page_title: Upgrading to Vault 1.7.x - Guides
 description: |-
   This page contains the list of deprecations and important or breaking changes
-  for Vault 1.7.0. Please read it carefully.
+  for Vault 1.7.x. Please read it carefully.
 ---
 
 # Overview
 
 This page contains the list of deprecations and important or breaking changes
-for Vault 1.7.0 compared to 1.6. Please read it carefully.
+for Vault 1.7.x compared to 1.6. Please read it carefully.
 
 ## Barrier Key Auto-Rotation
 
@@ -31,6 +31,8 @@ endpoint changes is available in the [AWS Auth API docs](/api-docs/auth/aws#depr
 
 @include 'alpine-314.mdx'
 
+@include 'entity-alias-mapping.mdx'
+
 ## Known Issues
 
 Due to the known issue, Transform Secrets Engine users are recommended to upgrade to version 1.7.0.
@@ -48,3 +50,4 @@ Due to the known issue, Lease Count Quota users with DR Secondaries are recommen
 @include 'transform-upgrade.mdx'
 
 @include 'lease-count-quota-upgrade.mdx'
+
diff --git a/website/content/docs/upgrading/upgrade-to-1.8.0.mdx b/website/content/docs/upgrading/upgrade-to-1.8.x.mdx
similarity index 93%
rename from website/content/docs/upgrading/upgrade-to-1.8.0.mdx
rename to website/content/docs/upgrading/upgrade-to-1.8.x.mdx
index 4f7133b8b77c..5fd3f0fbe0a4 100644
--- a/website/content/docs/upgrading/upgrade-to-1.8.0.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.8.x.mdx
@@ -1,15 +1,15 @@
 ---
 layout: docs
-page_title: Upgrading to Vault 1.8.0 - Guides
+page_title: Upgrading to Vault 1.8.x - Guides
 description: |-
   This page contains the list of deprecations and important or breaking changes
-  for Vault 1.8.0. Please read it carefully.
+  for Vault 1.8.x. Please read it carefully.
 ---
 
 # Overview
 
 This page contains the list of deprecations and important or breaking changes
-for Vault 1.8.0 compared to 1.7. Please read it carefully.
+for Vault 1.8.x compared to 1.7. Please read it carefully.
 
 ## License Enhancements
 
@@ -40,6 +40,9 @@ Notes](https://golang.org/doc/go1.16) for full details. Of particular note:
 
 @include 'alpine-314.mdx'
 
+
+@include 'entity-alias-mapping.mdx'
+
 ## Known Issues
 
 - MSSQL integrations (storage and secrets engine) will crash with a "panic: not implemented" error
diff --git a/website/content/docs/upgrading/upgrade-to-1.9.0.mdx b/website/content/docs/upgrading/upgrade-to-1.9.x.mdx
similarity index 95%
rename from website/content/docs/upgrading/upgrade-to-1.9.0.mdx
rename to website/content/docs/upgrading/upgrade-to-1.9.x.mdx
index e4a11a0bcc06..ed70722ab2ff 100644
--- a/website/content/docs/upgrading/upgrade-to-1.9.0.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.9.x.mdx
@@ -1,15 +1,15 @@
 ---
 layout: docs
-page_title: Upgrading to Vault 1.9.0 - Guides
+page_title: Upgrading to Vault 1.9.x - Guides
 description: |-
   This page contains the list of deprecations and important or breaking changes
-  for Vault 1.9.0. Please read it carefully.
+  for Vault 1.9.x. Please read it carefully.
 ---
 
 # Overview
 
 This page contains the list of deprecations and important or breaking changes
-for Vault 1.9.0 compared to 1.8. Please read it carefully.
+for Vault 1.9.x compared to 1.8. Please read it carefully.
 
 ## OIDC Provider
 
@@ -56,6 +56,8 @@ To re-enable the old behavior, update the roles with a value
 of `"*"` to the `allowed_extensions` parameter allowing any/all extensions to be
 specified by clients.
 
+@include 'entity-alias-mapping.mdx'
+
 ## Deprecations
 
 ### HTTP Request Counter Deprecation
@@ -92,3 +94,4 @@ Additionally, Go has begun doing automated cipher suite ordering and no longer
 respects the order of suites given in `tls_cipher_suites`.
 
 See [this blog post](https://go.dev/blog/tls-cipher-suites) for more information.
+
diff --git a/website/content/partials/entity-alias-mapping.mdx b/website/content/partials/entity-alias-mapping.mdx
new file mode 100644
index 000000000000..b8b3e4e37a80
--- /dev/null
+++ b/website/content/partials/entity-alias-mapping.mdx
@@ -0,0 +1,7 @@
+## Entity Alias mapping
+
+Previously, an entity in Vault could be mapped to multiple entity aliases on the same authentication backend. This
+led to a potential security vulnerability (CVE-2021-43998), as ACL policies templated with alias information would match the first
+alias created. Thus, tokens created from all aliases of the entity, will have access to the paths containing alias 
+metadata of the first alias due to templated policies being incorrectly applied. As a result, the mapping behavior was updated 
+such that an entity can only have one alias per authentication backend. This change exists in Vault 1.9.0+, 1.8.5+ and 1.7.6+.
\ No newline at end of file
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 9acc95bd313c..a85f89dcdb31 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -1470,16 +1470,16 @@
         "path": "upgrading/plugins"
       },
       {
-        "title": "Upgrade to 1.9.0",
-        "path": "upgrading/upgrade-to-1.9.0"
+        "title": "Upgrade to 1.9.x",
+        "path": "upgrading/upgrade-to-1.9.x"
       },
       {
-        "title": "Upgrade to 1.8.0",
-        "path": "upgrading/upgrade-to-1.8.0"
+        "title": "Upgrade to 1.8.x",
+        "path": "upgrading/upgrade-to-1.8.x"
       },
       {
-        "title": "Upgrade to 1.7.0",
-        "path": "upgrading/upgrade-to-1.7.0"
+        "title": "Upgrade to 1.7.x",
+        "path": "upgrading/upgrade-to-1.7.x"
       },
       {
         "title": "Upgrade to 1.6.3",