Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in Piiano Vault release v1.10.2.
New features
- A new
PVAULT_SERVICE_PCI_RESTRICTIONS
environment variable was added to enforce PCI regulatory rules in the Vault. These rules apply only to PCI data types. When set totrue
, the following rules are enforced:CC_CVV
data type expiration is enforced to be always less than one hour for all operations. Attempting to create/update a token/object with a longer expiration time will fail with a bad request (400) error code.- A global deny policy is dynamically injected to all IAM roles to prevents any read access of the
CC_NUMBER
data type. Attempting to accessCC_NUMBER
will fail with 403 error code. Note, this policy affects only Roles used by users. When a role is used internally by the Vault, such as with thehttp_call
action, it would still be possible to use theCC_NUMBER
data type in thehttp_call
action.
Logic changes
- The behaviour of
PVAULT_SERVICE_ALLOW_ORIGINS
environment variable was extended to allow CORS headers for control operations from the browser. - Update the
pvault-migrate
CLI to be more graceful when encountering unknown Vault version.
Bug fixes
- Fix a bug where license was reported as new in logs even when being unchanged.
- Fix a bug where the user role was not reported correctly in debug logs.
- Fix a bug where disabling users was not saved correctly in the database and caused anti-tampering signature failures.