Vault - 1.10.0



  • go: Update go version to 1.17.5 [GH-13408]
  • ui: Upgrade Ember to version 3.24 [GH-13443]


  • Report in-flight requests:Adding a trace capability to show in-flight requests, and a new gauge metric to show the total number of in-flight requests [GH-13024]
  • Transit SHA-3 Support: Add support for SHA-3 in the Transit backend. [GH-13367]


  • api: Implements Login method in Go client libraries for GCP and Azure auth methods [GH-13022]
  • api: Trim newline character from wrapping token in logical.Unwrap from the api package [GH-13044]
  • api: add api method for modifying raft autopilot configuration [GH-12428]
  • api: respect WithWrappingToken() option during AppRole login authentication when used with secret ID specified from environment or from string [GH-13241]
  • auth/jwt: The Authorization Code flow makes use of the Proof Key for Code Exchange (PKCE) extension. [GH-13365]
  • core/ha: Add new mechanism for keeping track of peers talking to active node, and new 'operator members' command to view them. [GH-13292]
  • core/identity: Support updating an alias' custom_metadata to be empty. [GH-13395]
  • core/pki: Support Y10K value in notAfter field to be compliant with IEEE 802.1AR-2018 standard [GH-12795]
  • core: Periodically test the health of connectivity to auto-seal backends [GH-13078]
  • core: Reading sys/mounts/:path now returns the configuration for the secret engine at the given path [GH-12792]
  • core: Replace "master key" terminology with "root key" [GH-13324]
  • http (enterprise): Serve /sys/license/status endpoint within namespaces
  • sdk: Add helper for decoding root tokens [GH-10505]
  • secrets/pki: Allow URI SAN templates in allowed_uri_sans when allowed_uri_sans_template is set to true. [GH-10249]
  • secrets/transit: Don't abort transit encrypt or decrypt batches on single item failure. [GH-13111]
  • storage/aerospike: Upgrade aerospike-client-go to v5.6.0. [GH-12165]
  • storage/raft: Set InitialMmapSize to 100GB on 64bit architectures [GH-13178]
  • ui: Add version diff view for KV V2 [GH-13000]
  • ui: Added client side paging for namespace list view [GH-13195]
  • ui: Adds flight icons to UI [GH-12976]
  • ui: Display badge for all versions in secrets engine header [GH-13015]
  • ui: Updates ember blueprints to glimmer components [GH-13149]
  • ui: customizes empty state messages for transit and transform [GH-13090]


  • auth/approle: Fix regression where unset cidrlist is returned as nil instead of zero-length array. [GH-13235]
  • auth/github: Use the Organization ID instead of the Organization name to verify the org membership. [GH-13332]
  • core/token: Fix null token panic from 'v1/auth/token/' endpoints and return proper error response. [GH-13233]
  • core/token: Fix null token_type panic resulting from 'v1/auth/token/roles/{role_name}' endpoint [GH-13236]
  • core: authentication to "login" endpoint for non-existent mount path returns permission denied with status code 403 [GH-13162]
  • ha (enterprise): Prevents performance standby nodes from serving and caching stale data immediately after performance standby election completes
  • http:Fix /sys/monitor endpoint returning streaming not supported [GH-13200]
  • identity/oidc: Make the nonce parameter optional for the Authorization Endpoint of OIDC providers. [GH-13231]
  • identity: Fix possible nil pointer dereference. [GH-13318]
  • identity: Fixes a panic in the OIDC key rotation due to a missing nil check. [GH-13298]
  • sdk/helper/ldaputil: properly escape a trailing escape character to prevent panics. [GH-13452]
  • sdk/queue: move lock before length check to prevent panics. [GH-13146]
  • secrets/azure: Fixes service principal generation when assigning roles that have DataActions. [GH-13277]
  • secrets/database/mssql: Accept a boolean for contained_db, rather than just a string. [GH-13469]
  • secrets/pki: Default value for key_bits changed to 0, enabling key_type=ec key generation with default value [GH-13080]
  • secrets/pki: Fixes around NIST P-curve signature hash length, default value for signature_bits changed to 0. [GH-12872]
  • secrets/pki: Recognize ed25519 when requesting a response in PKCS8 format [GH-13257]
  • secrets/pki: Skip signature bits validation for ed25519 curve key type [GH-13254]
  • storage/raft: Fix a panic when trying to store a key > 32KB in a transaction. [GH-13286]
  • storage/raft: Fix a panic when trying to write a key > 32KB [GH-13282]
  • ui: Do not show verify connection value on database connection config page [GH-13152]
  • ui: Fix client count current month data not showing unless monthly history data exists [GH-13396]
  • ui: Fixes issue removing raft storage peer via cli not reflected in UI until refresh [GH-13098]
  • ui: Fixes issue restoring raft storage snapshot [GH-13107]
  • ui: Fixes issue with OIDC auth workflow when using MetaMask Chrome extension [GH-13133]
  • ui: Fixes issue with automate secret deletion value not displaying initially if set in secret metadata edit view [GH-13177]
  • ui: Fixes issue with placeholder not displaying for automatically deleted secrets when deletion time has passed [GH-13166]
  • ui: Fixes long secret key names overlapping masked values [GH-13032]
  • ui: Fixes node-forge error when parsing EC (elliptical curve) certs [GH-13238]


March 23, 2022, midnight
Register or login to:
  • 🔍View and search all Vault releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google