diff --git a/website/content/docs/release-notes/1.15.0.mdx b/website/content/docs/release-notes/1.15.0.mdx index 2265b2afcd16..a70f9242e0c9 100644 --- a/website/content/docs/release-notes/1.15.0.mdx +++ b/website/content/docs/release-notes/1.15.0.mdx @@ -25,7 +25,10 @@ description: |- | 1.15.0+ | [URL change for KV v2 plugin](/vault/docs/upgrading/upgrade-to-1.15.x#kv2-url-change) | | 1.15.1 | [Fatal error during expiration metrics gathering causing Vault crash](/vault/docs/upgrading/upgrade-to-1.15.x#fatal-error-during-expiration-metrics-gathering-causing-vault-crash) | | 1.15.0 - 1.15.4 | [Audit devices could log raw data despite configuration](/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration) | -| 1.15.0 - 1.15.5 | [Deadlock can occur on performance secondary clusters with many mounts](/vault/docs/upgrading/upgrade-to-1.15.x#deadlock-can-occur-on-performance-secondary-clusters-with-many-mounts) +| 1.15.5 | [Unable to rotate LDAP credentials](/vault/docs/upgrading/upgrade-to-1.15.x#unable-to-rotate-ldap-credentials) | +| 1.15.0 - 1.15.5 | [Deadlock can occur on performance secondary clusters with many mounts](/vault/docs/upgrading/upgrade-to-1.15.x#deadlock-can-occur-on-performance-secondary-clusters-with-many-mounts) | +| 1.15.0 - 1.15.5 | [Audit fails to recover from panics when formatting audit entries](/vault/docs/upgrading/upgrade-to-1.15.x#audit-fails-to-recover-from-panics-when-formatting-audit-entries) | +| 1.15.0 - 1.15.7 | [Vault Enterprise performance standby nodes audit all request headers regardless of settings](/vault/docs/upgrading/upgrade-to-1.15.x#vault-enterprise-performance-standby-nodes-audit-all-request-headers) | ## Vault companion updates diff --git a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx index 8caef06b9546..e6f75140c3b2 100644 --- a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx @@ -74,3 +74,5 @@ option. @include 'known-issues/1_15-audit-panic-handling-with-eventlogger.mdx' @include 'known-issues/ocsp-redirect.mdx' + +@include 'known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx' diff --git a/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx b/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx new file mode 100644 index 000000000000..de2467ec66ec --- /dev/null +++ b/website/content/partials/known-issues/1_15-audit-vault-enterprise-perf-standby-logs-all-headers.mdx @@ -0,0 +1,27 @@ +### Vault Enterprise Performance Standby nodes audit all request headers + +#### Affected versions + +- 1.15.0 - 1.15.7 + +#### Issue + +Due to an issue in the new event framework, Performance Standby nodes in a Vault +Enterprise cluster do not correctly receive configuration regarding which request +headers should be written to the audit log. + +Rather than no headers appearing in the audit logs by default, Vault Enterprise +logs **all** headers on Performance Standby nodes. + +The header issue was resolved in `1.15.8`. + +#### Workaround + +Set the `VAULT_AUDIT_DISABLE_EVENTLOGGER` environment variable to `true` to +disable the new underlying event framework and restart Vault: + +```shell-session +$ export VAULT_AUDIT_DISABLE_EVENTLOGGER=true +``` + +On startup, Vault reverts to the audit behavior used in `1.14.x`.