Merge branch 'main' into ui/update-ui-deps-resolve-braces-vulnerability

changelog/27605.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+storage/raft: Bump raft to v1.7.0 which includes pre-vote. This should make clusters more stable during network partitions.
+```

changelog/27631.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+core: Fixed an issue with performance standbys not being able to handle rotate root requests.
+```

go.mod

@@ -124,7 +124,7 @@ require (
 	github.com/hashicorp/hcp-scada-provider v0.2.2
 	github.com/hashicorp/hcp-sdk-go v0.75.0
 	github.com/hashicorp/nomad/api v0.0.0-20240213164230-c364cb57298d
-	github.com/hashicorp/raft v1.6.1
+	github.com/hashicorp/raft v1.7.0
 	github.com/hashicorp/raft-autopilot v0.2.0
 	github.com/hashicorp/raft-boltdb/v2 v2.3.0
 	github.com/hashicorp/raft-snapshot v1.0.4
@@ -217,7 +217,7 @@ require (
 	golang.org/x/net v0.25.0
 	golang.org/x/oauth2 v0.20.0
 	golang.org/x/sync v0.7.0
-	golang.org/x/sys v0.20.0
+	golang.org/x/sys v0.21.0
 	golang.org/x/term v0.20.0
 	golang.org/x/text v0.15.0
 	golang.org/x/tools v0.21.0
@@ -394,7 +394,7 @@ require (
 	github.com/hashicorp/consul/proto-public v0.6.1 // indirect
 	github.com/hashicorp/cronexpr v1.1.2 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
-	github.com/hashicorp/go-msgpack/v2 v2.1.1 // indirect
+	github.com/hashicorp/go-msgpack/v2 v2.1.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/fileutil v0.1.0 // indirect
 	github.com/hashicorp/go-secure-stdlib/plugincontainer v0.3.0 // indirect
 	github.com/hashicorp/go-slug v0.15.0 // indirect

go.sum

@@ -1452,6 +1452,8 @@ github.com/hashicorp/go-msgpack v1.1.5 h1:9byZdVjKTe5mce63pRVNP1L7UAmdHOTEMGehn6
 github.com/hashicorp/go-msgpack v1.1.5/go.mod h1:gWVc3sv/wbDmR3rQsj1CAktEZzoz1YNK9NfGLXJ69/4=
 github.com/hashicorp/go-msgpack/v2 v2.1.1 h1:xQEY9yB2wnHitoSzk/B9UjXWRQ67QKu5AOm8aFp8N3I=
 github.com/hashicorp/go-msgpack/v2 v2.1.1/go.mod h1:upybraOAblm4S7rx0+jeNy+CWWhzywQsSRV5033mMu4=
+github.com/hashicorp/go-msgpack/v2 v2.1.2 h1:4Ee8FTp834e+ewB71RDrQ0VKpyFdrKOjvYtnQ/ltVj0=
+github.com/hashicorp/go-msgpack/v2 v2.1.2/go.mod h1:upybraOAblm4S7rx0+jeNy+CWWhzywQsSRV5033mMu4=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
@@ -1545,6 +1547,8 @@ github.com/hashicorp/raft v1.1.2-0.20191002163536-9c6bd3e3eb17/go.mod h1:vPAJM8A
 github.com/hashicorp/raft v1.2.0/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8=
 github.com/hashicorp/raft v1.6.1 h1:v/jm5fcYHvVkL0akByAp+IDdDSzCNCGhdO6VdB56HIM=
 github.com/hashicorp/raft v1.6.1/go.mod h1:N1sKh6Vn47mrWvEArQgILTyng8GoDRNYlgKyK7PMjs0=
+github.com/hashicorp/raft v1.7.0 h1:4u24Qn6lQ6uwziM++UgsyiT64Q8GyRn43CV41qPiz1o=
+github.com/hashicorp/raft v1.7.0/go.mod h1:N1sKh6Vn47mrWvEArQgILTyng8GoDRNYlgKyK7PMjs0=
 github.com/hashicorp/raft-autopilot v0.2.0 h1:2/R2RPgamgRKgNWGQioULZvjeKXQZmDuw5Ty+6c+H7Y=
 github.com/hashicorp/raft-autopilot v0.2.0/go.mod h1:q6tZ8UAZ5xio2gv2JvjgmtOlh80M6ic8xQYBe2Egkg8=
 github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk=
@@ -2642,6 +2646,8 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

vault/logical_system_paths.go

@@ -1832,6 +1832,7 @@ func (b *SystemBackend) sealPaths() []*framework.Path {
 							Description: "OK",
 						}},
 					},
+					ForwardPerformanceStandby: true,
 				},
 			},
 

website/content/docs/commands/index.mdx

@@ -435,7 +435,9 @@ variables are supplied, `VAULT_PROXY_ADDR` will be prioritized and preferred.
 
 ### `VAULT_DISABLE_REDIRECTS`
 
-Prevents the Vault client from following redirects. By default, the Vault client will automatically follow a single redirect.
+Prevents the Vault client from following HTTP redirects. By default, the
+Vault CLI client only follows the first redirect. Additional redirects can
+result in an empty or unexpected response. 
 
 ~> **Note:** Disabling redirect following behavior could cause issues with commands such as 'vault operator raft snapshot' as this command redirects the request to the cluster's primary node.
 

website/content/docs/enterprise/index.mdx

@@ -6,15 +6,15 @@ description: |-
   source offering that may be beneficial in certain workflows.
 ---
 
-# Vault enterprise
+# Vault Enterprise
 
 Vault Enterprise includes a number of features that may be useful in specific
 workflows. Please use the sidebar navigation on the left to choose a specific
 topic.
 
 These features are part of [Vault Enterprise](https://www.hashicorp.com/vault?utm_source=oss&utm_medium=docs&utm_campaign=vault&_ga=1.201793489.1956619674.1489356624).
 
-## Vault enterprise licenses
+## Vault Enterprise licenses
 
 A Vault Enterprise license needs to be applied to a Vault cluster
 in order to use Vault Enterprise features.  See

website/content/docs/secrets/databases/index.mdx

@@ -40,22 +40,21 @@ With static roles, anyone with the proper Vault policies can access the
 associated user account in the database.
 
 <Warning title="Do not use static roles for root database credentials">
-   Do not manage the same root database credentials that you provide to Vault in
-   <tt>config/</tt> with static roles.
-
-   Vault does not distinguish between standard credentials and root credentials
-   when rotating passwords. If you assign your root credentials to a static
-   role, any dynamic or static users managed by that database configuration will
-   fail after rotation because the password for <tt>config/</tt> is no longer
-   valid.
-
-   If you need to rotate root credentials, use the
-   [Rotate root credentials](/vault/api-docs/secret/databases#rotate-root-credentials)
-   API endpoint.
-</Warning>
 
-Consult the [database capabilities table](#db-capabilities-table) to determine
-if your chosen database backend supports static roles.
+Do not manage the same root database credentials that you provide to Vault in
+<tt>config/</tt> with static roles.
+
+Vault does not distinguish between standard credentials and root credentials
+when rotating passwords. If you assign your root credentials to a static
+role, any dynamic or static users managed by that database configuration will
+fail after rotation because the password for <tt>config/</tt> is no longer
+valid.
+
+If you need to rotate root credentials, use the
+[Rotate root credentials](/vault/api-docs/secret/databases#rotate-root-credentials)
+API endpoint.
+
+</Warning>
 
 ## Setup
 
@@ -347,7 +346,6 @@ Refer to the following step-by-step tutorials for more information:
 
 - [Secrets as a Service: Dynamic Secrets](/vault/tutorials/db-credentials/database-secrets)
 - [Database Root Credential Rotation](/vault/tutorials/db-credentials/database-root-rotation)
-- [Database Static Roles and Credential Rotation](/vault/tutorials/db-credentials/database-creds-rotation)
 
 ## API