Talend · asaintsever · Apr 5, 2020 · Apr 3, 2020 · Apr 3, 2020 · Apr 5, 2020
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog for Vault Sidecar Injector
 
+## Release v6.0.1 - 2020-04-xx
+
+This is a minor release to update Vault image to `1.3.4` by default to benefit from CVE fixes (see details [here](https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020)).
+
+- [VSI #23](https://github.com/Talend/vault-sidecar-injector/pull/23) - Update HashiCorp Vault image (CVE fixes)
+
 ## Release v6.0.0 - 2020-03-04
 
 This is a major release introducing new features and complete code refactoring for clear isolation of modes.

diff --git a/README.md b/README.md
@@ -119,7 +119,7 @@ Template below is used by default to fetch all secrets and create corresponding
 
 <!-- {% raw %} -->
 ```yaml
-{{ with secret "<APPSVC_VAULT_SECRETS_PATH>" }}{{ range $k, $v := .Data }}
+{{ with secret "<Path to secrets (defaut value or `sidecar.vault.talend.org/secrets-path` annotation)>" }}{{ range $k, $v := .Data }}
 {{ $k }}={{ $v }}
 {{ end }}{{ end }}
 ```
@@ -1024,7 +1024,7 @@ The following table lists the configurable parameters of the `Vault Sidecar Inje
 | injectconfig.jobbabysitter.resources.requests.memory | Job babysitter sidecar memory resource requests | 20Mi |
 | injectconfig.vault.image.path  | Image path  | vault |
 | injectconfig.vault.image.pullPolicy    | Pull policy for image: IfNotPresent or Always  | Always   |
-| injectconfig.vault.image.tag  | Image tag | 1.3.2 |
+| injectconfig.vault.image.tag  | Image tag | 1.3.4 |
 | injectconfig.vault.loglevel                    | Vault log level: trace, debug, info, warn, err    | info    |
 | injectconfig.vault.resources.limits.cpu | Vault sidecar CPU resource limits | 50m |
 | injectconfig.vault.resources.limits.memory | Vault sidecar memory resource limits | 50Mi |

diff --git a/VERSION_CHART b/VERSION_CHART
@@ -1 +1 @@
-3.2.0
+3.2.1
diff --git a/VERSION_RELEASE b/VERSION_RELEASE
@@ -1 +1 @@
-6.0.0
+6.0.1
diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
@@ -66,7 +66,7 @@ injectconfig:
   vault:
     image:
       path: "vault" # image path
-      tag: "1.3.2" # image tag
+      tag: "1.3.4" # image tag
       pullPolicy: Always # Pull policy for images: IfNotPresent or Always
     loglevel: info # Vault log level: trace, debug, info, warn, err
     resources:

diff --git a/test/config/injectionconfig.yaml b/test/config/injectionconfig.yaml
@@ -1,6 +1,6 @@
 initContainers:
   - name: tvsi-vault-agent-init
-    image: vault:1.3.2
+    image: vault:1.3.4
     imagePullPolicy: Always
     env:
       - name: SKIP_SETCAP
@@ -94,7 +94,7 @@ containers:
         mountPath: /var/run/secrets/kubernetes.io/serviceaccount
         readOnly: true
   - name: tvsi-vault-agent
-    image: vault:1.3.2
+    image: vault:1.3.4
     imagePullPolicy: Always
     env:
       - name: SKIP_SETCAP

diff --git a/test/config/injectionconfig.yaml.resolved b/test/config/injectionconfig.yaml.resolved
@@ -89,7 +89,7 @@ containers:
   - name: VSI_VAULT_AUTH_METHOD
     value: kubernetes
   - name: VSI_VAULT_ROLE
-  image: vault:1.3.2
+  image: vault:1.3.4
   imagePullPolicy: Always
   lifecycle:
     preStop:
@@ -146,7 +146,7 @@ initContainers:
     value: https://vault:8200
   - name: VSI_SECRETS_TEMPLATES_PLACEHOLDER
   - name: VSI_VAULT_ROLE
-  image: vault:1.3.2
+  image: vault:1.3.4
   imagePullPolicy: Always
   name: tvsi-vault-agent-init
   resources: {}