Adding known issue writeup for audit log bug (#28247)

* Create 1_17_audit-log-hmac.mdx * add to 1.17 notes * add to 1.16 upgrade notes
hashicorp · Aug 31, 2024 · aea2151 · aea2151
1 parent fcd6ef2
commit aea2151
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/website/content/docs/upgrading/upgrade-to-1.16.x.mdx b/website/content/docs/upgrading/upgrade-to-1.16.x.mdx
@@ -144,6 +144,8 @@ kubectl exec -ti <NAME> -- wget https://github.com/moparisthebest/static-curl/re
 
 ## Known issues and workarounds
 
+@include 'known-issues/1_17_audit-log-hmac.mdx'
+
 @include 'known-issues/1_16-jwt_auth_bound_audiences.mdx'
 
 @include 'known-issues/1_16-jwt_auth_config.mdx'

diff --git a/website/content/docs/upgrading/upgrade-to-1.17.x.mdx b/website/content/docs/upgrading/upgrade-to-1.17.x.mdx
@@ -131,6 +131,8 @@ kubectl exec -ti <NAME> -- wget https://github.com/moparisthebest/static-curl/re
 
 ## Known issues and workarounds
 
+@include 'known-issues/1_17_audit-log-hmac.mdx'
+
 @include 'known-issues/ocsp-redirect.mdx'
 
 @include 'known-issues/agent-and-proxy-excessive-cpu-1-17.mdx'

diff --git a/website/content/partials/known-issues/1_17_audit-log-hmac.mdx b/website/content/partials/known-issues/1_17_audit-log-hmac.mdx
@@ -0,0 +1,15 @@
+### Client tokens and token accessors audited in plaintext
+
+#### Affected versions
+
+- 1.16.7, 1.16.8, 1.17.3, 1.17.4 
+
+#### Issue
+
+In versions 1.16.7, 1.16.8, 1.17.3, and 1.17.4 audit logs may contain non-hmac’d values for
+client_token and accessor data in the response portion. 
+A fix has been created and is released in 1.16.9 and 1.17.5.
+
+#### Workaround
+It is recommended to avoid affected versions when upgrading.
+If you are on these versions and using the audit logging feature please upgrade promptly to 1.16.9 or 1.17.5.