Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in Piiano Vault release v1.10.2.
- A new
PVAULT_SERVICE_PCI_RESTRICTIONSenvironment variable was added to enforce PCI regulatory rules in the Vault. These rules apply only to PCI data types. When set to
true, the following rules are enforced:
CC_CVVdata type expiration is enforced to be always less than one hour for all operations. Attempting to create/update a token/object with a longer expiration time will fail with a bad request (400) error code.
- A global deny policy is dynamically injected to all IAM roles to prevents any read access of the
CC_NUMBERdata type. Attempting to access
CC_NUMBERwill fail with 403 error code. Note, this policy affects only Roles used by users. When a role is used internally by the Vault, such as with the
http_callaction, it would still be possible to use the
CC_NUMBERdata type in the
- The behaviour of
PVAULT_SERVICE_ALLOW_ORIGINSenvironment variable was extended to allow CORS headers for control operations from the browser.
- Update the
pvault-migrateCLI to be more graceful when encountering unknown Vault version.
- Fix a bug where license was reported as new in logs even when being unchanged.
- Fix a bug where the user role was not reported correctly in debug logs.
- Fix a bug where disabling users was not saved correctly in the database and caused anti-tampering signature failures.