diff --git a/website/content/docs/concepts/identity.mdx b/website/content/docs/concepts/identity.mdx
index 53d05142d1298a2667d1df2b3562abf9645674f4..51d47a8acd58d258feb4c023232f20562d652dd1 100644
--- a/website/content/docs/concepts/identity.mdx
+++ b/website/content/docs/concepts/identity.mdx
@@ -20,11 +20,13 @@ Each user may have multiple accounts with various identity providers, and Vault
 supports many of those providers to authenticate with Vault. Vault Identity can
 tie authentications from various auth methods to a single representation. This representation of a consolidated identity is called an **Entity** and their
 corresponding accounts with authentication providers can be mapped as
-**Aliases**. In essence, each entity is made up of zero or more aliases. 
+**Aliases**. In essence, each entity is made up of zero or more aliases. An entity cannot have more than one alias for
+a particular authentication backend.
 
 For example, a user with accounts in both GitHub and LDAP can be mapped to a
 single entity in Vault with two aliases, one of type GitHub and one of type
-LDAP.
+LDAP. Note however, if both aliases are created on the same auth mount, say
+a Github mount, both aliases cannot be mapped to the same entity.
 
 ![Entity  overview](/img/vault-identity-doc-1.png)
 
diff --git a/website/content/docs/upgrading/upgrade-to-1.7.0.mdx b/website/content/docs/upgrading/upgrade-to-1.7.x.mdx
similarity index 91%
rename from website/content/docs/upgrading/upgrade-to-1.7.0.mdx
rename to website/content/docs/upgrading/upgrade-to-1.7.x.mdx
index 07dfaf13fa65e701b607630dc6504f2ccfa48e61..23c8077d34c1cbcb3546fe2e942e62e3884f2c89 100644
--- a/website/content/docs/upgrading/upgrade-to-1.7.0.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.7.x.mdx
@@ -1,15 +1,15 @@
 ---
 layout: docs
-page_title: Upgrading to Vault 1.7.0 - Guides
+page_title: Upgrading to Vault 1.7.x - Guides
 description: |-
   This page contains the list of deprecations and important or breaking changes
-  for Vault 1.7.0. Please read it carefully.
+  for Vault 1.7.x. Please read it carefully.
 ---
 
 # Overview
 
 This page contains the list of deprecations and important or breaking changes
-for Vault 1.7.0 compared to 1.6. Please read it carefully.
+for Vault 1.7.x compared to 1.6. Please read it carefully.
 
 ## Barrier Key Auto-Rotation
 
@@ -31,6 +31,8 @@ endpoint changes is available in the [AWS Auth API docs](/api-docs/auth/aws#depr
 
 @include 'alpine-314.mdx'
 
+@include 'entity-alias-mapping.mdx'
+
 ## Known Issues
 
 Due to the known issue, Transform Secrets Engine users are recommended to upgrade to version 1.7.0.
@@ -48,3 +50,4 @@ Due to the known issue, Lease Count Quota users with DR Secondaries are recommen
 @include 'transform-upgrade.mdx'
 
 @include 'lease-count-quota-upgrade.mdx'
+
diff --git a/website/content/docs/upgrading/upgrade-to-1.8.0.mdx b/website/content/docs/upgrading/upgrade-to-1.8.x.mdx
similarity index 93%
rename from website/content/docs/upgrading/upgrade-to-1.8.0.mdx
rename to website/content/docs/upgrading/upgrade-to-1.8.x.mdx
index 4f7133b8b77c68cd9b13aa0e6ae9ab7219d07f7f..5fd3f0fbe0a4432e40a00b7d2e85ee98f729d907 100644
--- a/website/content/docs/upgrading/upgrade-to-1.8.0.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.8.x.mdx
@@ -1,15 +1,15 @@
 ---
 layout: docs
-page_title: Upgrading to Vault 1.8.0 - Guides
+page_title: Upgrading to Vault 1.8.x - Guides
 description: |-
   This page contains the list of deprecations and important or breaking changes
-  for Vault 1.8.0. Please read it carefully.
+  for Vault 1.8.x. Please read it carefully.
 ---
 
 # Overview
 
 This page contains the list of deprecations and important or breaking changes
-for Vault 1.8.0 compared to 1.7. Please read it carefully.
+for Vault 1.8.x compared to 1.7. Please read it carefully.
 
 ## License Enhancements
 
@@ -40,6 +40,9 @@ Notes](https://golang.org/doc/go1.16) for full details. Of particular note:
 
 @include 'alpine-314.mdx'
 
+
+@include 'entity-alias-mapping.mdx'
+
 ## Known Issues
 
 - MSSQL integrations (storage and secrets engine) will crash with a "panic: not implemented" error
diff --git a/website/content/docs/upgrading/upgrade-to-1.9.0.mdx b/website/content/docs/upgrading/upgrade-to-1.9.x.mdx
similarity index 95%
rename from website/content/docs/upgrading/upgrade-to-1.9.0.mdx
rename to website/content/docs/upgrading/upgrade-to-1.9.x.mdx
index e4a11a0bcc066151a9fa4e1c16434b0f7ecec437..ed70722ab2ffb6459163ad8b8b209aa76309e089 100644
--- a/website/content/docs/upgrading/upgrade-to-1.9.0.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.9.x.mdx
@@ -1,15 +1,15 @@
 ---
 layout: docs
-page_title: Upgrading to Vault 1.9.0 - Guides
+page_title: Upgrading to Vault 1.9.x - Guides
 description: |-
   This page contains the list of deprecations and important or breaking changes
-  for Vault 1.9.0. Please read it carefully.
+  for Vault 1.9.x. Please read it carefully.
 ---
 
 # Overview
 
 This page contains the list of deprecations and important or breaking changes
-for Vault 1.9.0 compared to 1.8. Please read it carefully.
+for Vault 1.9.x compared to 1.8. Please read it carefully.
 
 ## OIDC Provider
 
@@ -56,6 +56,8 @@ To re-enable the old behavior, update the roles with a value
 of `"*"` to the `allowed_extensions` parameter allowing any/all extensions to be
 specified by clients.
 
+@include 'entity-alias-mapping.mdx'
+
 ## Deprecations
 
 ### HTTP Request Counter Deprecation
@@ -92,3 +94,4 @@ Additionally, Go has begun doing automated cipher suite ordering and no longer
 respects the order of suites given in `tls_cipher_suites`.
 
 See [this blog post](https://go.dev/blog/tls-cipher-suites) for more information.
+
diff --git a/website/content/partials/entity-alias-mapping.mdx b/website/content/partials/entity-alias-mapping.mdx
new file mode 100644
index 0000000000000000000000000000000000000000..b8b3e4e37a80acd774520155e1419f2d4dec0e26
--- /dev/null
+++ b/website/content/partials/entity-alias-mapping.mdx
@@ -0,0 +1,7 @@
+## Entity Alias mapping
+
+Previously, an entity in Vault could be mapped to multiple entity aliases on the same authentication backend. This
+led to a potential security vulnerability (CVE-2021-43998), as ACL policies templated with alias information would match the first
+alias created. Thus, tokens created from all aliases of the entity, will have access to the paths containing alias 
+metadata of the first alias due to templated policies being incorrectly applied. As a result, the mapping behavior was updated 
+such that an entity can only have one alias per authentication backend. This change exists in Vault 1.9.0+, 1.8.5+ and 1.7.6+.
\ No newline at end of file
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 9acc95bd313c48abb3ea34a59b48ad0c14c565fb..a85f89dcdb3163eb7cc795c6ee8cbe411aadb7fc 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -1470,16 +1470,16 @@
         "path": "upgrading/plugins"
       },
       {
-        "title": "Upgrade to 1.9.0",
-        "path": "upgrading/upgrade-to-1.9.0"
+        "title": "Upgrade to 1.9.x",
+        "path": "upgrading/upgrade-to-1.9.x"
       },
       {
-        "title": "Upgrade to 1.8.0",
-        "path": "upgrading/upgrade-to-1.8.0"
+        "title": "Upgrade to 1.8.x",
+        "path": "upgrading/upgrade-to-1.8.x"
       },
       {
-        "title": "Upgrade to 1.7.0",
-        "path": "upgrading/upgrade-to-1.7.0"
+        "title": "Upgrade to 1.7.x",
+        "path": "upgrading/upgrade-to-1.7.x"
       },
       {
         "title": "Upgrade to 1.6.3",