From aea2151dc3fa017e49dd3c7baaef78beeb6f73e6 Mon Sep 17 00:00:00 2001 From: Meggie Date: Fri, 30 Aug 2024 21:57:20 -0400 Subject: [PATCH] Adding known issue writeup for audit log bug (#28247) * Create 1_17_audit-log-hmac.mdx * add to 1.17 notes * add to 1.16 upgrade notes --- .../content/docs/upgrading/upgrade-to-1.16.x.mdx | 2 ++ .../content/docs/upgrading/upgrade-to-1.17.x.mdx | 2 ++ .../partials/known-issues/1_17_audit-log-hmac.mdx | 15 +++++++++++++++ 3 files changed, 19 insertions(+) create mode 100644 website/content/partials/known-issues/1_17_audit-log-hmac.mdx diff --git a/website/content/docs/upgrading/upgrade-to-1.16.x.mdx b/website/content/docs/upgrading/upgrade-to-1.16.x.mdx index b922ea665a..d969b48e85 100644 --- a/website/content/docs/upgrading/upgrade-to-1.16.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.16.x.mdx @@ -144,6 +144,8 @@ kubectl exec -ti -- wget https://github.com/moparisthebest/static-curl/re ## Known issues and workarounds +@include 'known-issues/1_17_audit-log-hmac.mdx' + @include 'known-issues/1_16-jwt_auth_bound_audiences.mdx' @include 'known-issues/1_16-jwt_auth_config.mdx' diff --git a/website/content/docs/upgrading/upgrade-to-1.17.x.mdx b/website/content/docs/upgrading/upgrade-to-1.17.x.mdx index 5bd7ab0ca4..7b94b6646e 100644 --- a/website/content/docs/upgrading/upgrade-to-1.17.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.17.x.mdx @@ -131,6 +131,8 @@ kubectl exec -ti -- wget https://github.com/moparisthebest/static-curl/re ## Known issues and workarounds +@include 'known-issues/1_17_audit-log-hmac.mdx' + @include 'known-issues/ocsp-redirect.mdx' @include 'known-issues/agent-and-proxy-excessive-cpu-1-17.mdx' diff --git a/website/content/partials/known-issues/1_17_audit-log-hmac.mdx b/website/content/partials/known-issues/1_17_audit-log-hmac.mdx new file mode 100644 index 0000000000..99163c684d --- /dev/null +++ b/website/content/partials/known-issues/1_17_audit-log-hmac.mdx @@ -0,0 +1,15 @@ +### Client tokens and token accessors audited in plaintext + +#### Affected versions + +- 1.16.7, 1.16.8, 1.17.3, 1.17.4 + +#### Issue + +In versions 1.16.7, 1.16.8, 1.17.3, and 1.17.4 audit logs may contain non-hmac’d values for +client_token and accessor data in the response portion. +A fix has been created and is released in 1.16.9 and 1.17.5. + +#### Workaround +It is recommended to avoid affected versions when upgrading. +If you are on these versions and using the audit logging feature please upgrade promptly to 1.16.9 or 1.17.5.