Vault - 1.11.0



  • auth/aws: Add RoleSession to DisplayName when using assumeRole for authentication [GH-14954]
  • auth: Remove support for legacy MFA
    ( [GH-14869]
  • core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
  • core: Bump Go version to 1.17.9. [GH-go-ver-1110]
  • licensing (enterprise): Remove support for stored licenses and associated sys/license and sys/license/signed
    endpoints in favor of autoloaded licenses.
  • replication (enterprise): The /sys/replication/performance/primary/mount-filter endpoint has been removed. Please use Paths Filter instead.
  • ui: Upgrade Ember to version 3.28 [GH-14763]


  • nomad: Bootstrap Nomad ACL system if no token is provided [GH-12451]


  • agent: Upgrade hashicorp/consul-template version for sprig template functions and improved writeTo function [GH-15092]
  • api: Add ability to pass certificate as PEM bytes to api.Client. [GH-14753]
  • api: Add context-aware functions to vault/api for each API wrapper function. [GH-14388]
  • api: Added MFALogin() for handling MFA flow when using login helpers. [GH-14900]
  • api: If the parameters supplied over the API payload are ignored due to not
    being what the endpoints were expecting, or if the parameters supplied get
    replaced by the values in the endpoint's path itself, warnings will be added to
    the non-empty responses listing all the ignored and replaced parameters. [GH-14962]
  • api: Provide a helper method WithNamespace to create a cloned client with a new NS [GH-14963]
  • api: Use the context passed to the api/auth Login helpers. [GH-14775]
  • auth/okta: Add support for Google provider TOTP type in the Okta auth method [GH-14985]
  • auth: enforce a rate limit for TOTP passcode validation attempts [GH-14864]
  • cli/vault: warn when policy name contains upper-case letter [GH-14670]
  • cli: Alternative flag-based syntax for KV to mitigate confusion from automatically appended /data [GH-14807]
  • cockroachdb: add high-availability support [GH-12965]
  • core (enterprise): Include termination_time in sys/license/status response
  • core : check uid and permissions of config dir, config file, plugin dir and plugin binaries [GH-14817]
  • core: Include build date in sys/seal-status and sys/version-history endpoints. [GH-14957]
  • sdk: Change OpenAPI code generator to extract request objects into /components/schemas and reference them by name. [GH-14217]
  • secrets/consul: Vault is now able to automatically bootstrap the Consul ACL system. [GH-10751]
  • secrets/pki: Warn when generate_lease and no_store are both set to true on requests. [GH-14292]
  • sentinel (enterprise): Upgrade sentinel to v0.18.5 to avoid potential naming collisions in the remote installer
  • ui: Parse schema refs from OpenAPI [GH-14508]
  • ui: Remove storybook. [GH-15074]
  • ui: Replaces the IvyCodemirror wrapper with a custom ember modifier. [GH-14659]
  • website/docs: added a link to an Enigma secret plugin. [GH-14389]


  • Fixed panic when adding or modifying a Duo MFA Method in Enterprise
  • agent: Fix log level mismatch between ERR and ERROR [GH-14424]
  • api/sys/raft: Update RaftSnapshotRestore to use net/http client allowing bodies larger than allocated memory to be streamed [GH-14269]
  • api: Fixes bug where OutputCurlString field was unintentionally being copied over during client cloning [GH-14968]
  • api: Respect increment value in grace period calculations in LifetimeWatcher [GH-14836]
  • auth/approle: Add maximum length for input values that result in SHA56 HMAC calculation [GH-14746]
  • auth: forward requests subject to login MFA from perfStandby to Active node [GH-15009]
  • cassandra: Update gocql Cassandra client to fix "no hosts available in the pool" error [GH-14973]
  • cli: Fix panic caused by parsing key=value fields whose value is a single backslash [GH-14523]
  • core (enterprise): Allow local alias create RPCs to persist alias metadata
  • core (enterprise): Fix some races in merkle index flushing code found in testing
  • core/managed-keys (enterprise): Allow PKCS#11 managed keys to use 0 as a slot number
  • core/metrics: Fix incorrect table size metric for local mounts [GH-14755]
  • core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited integers [GH-15072]
  • core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited strings [GH-14522]
  • core: Fix panic caused by parsing policies with empty slice values. [GH-14501]
  • core: Fix panic for help request URL paths without /v1/ prefix [GH-14704]
  • core: fixing excessive unix file permissions [GH-14791]
  • core: fixing excessive unix file permissions on dir, files and archive created by vault debug command [GH-14846]
  • core: report unused or redundant keys in server configuration [GH-14752]
  • core: time.After() used in a select statement can lead to memory leak [GH-14814]
  • raft: Ensure initialMmapSize is set to 0 on Windows [GH-14977]
  • replication (enterprise): fix panic due to missing entity during invalidation of local aliases. [GH-14622]
  • sdk/cidrutil: Only check if cidr contains remote address for IP addresses [GH-14487]
  • secrets/database: Ensure that a connection_url password is redacted in all cases. [GH-14744]
  • secrets/pki: Fix handling of "any" key type with default zero signature bits value. [GH-14875]
  • secrets/pki: Fixed bug where larger SHA-2 hashes were truncated with shorter ECDSA CA certificates [GH-14943]
  • ui: Fix Generated Token's Policies helpText to clarify that comma separated values are not accepted in this field. [GH-15046]
  • ui: Fix KV secret showing in the edit form after a user creates a new version but doesn't have read capabilities [GH-14794]
  • ui: Fix issue with KV not recomputing model when you changed versions. [GH-14941]
  • ui: Fixes edit auth method capabilities issue [GH-14966]
  • ui: Fixes issue logging in with OIDC from a listed auth mounts tab [GH-14916]
  • ui: fix search-select component showing blank selections when editing group member entity [GH-15058]
  • ui: masked values no longer give away length or location of special characters [GH-15025]


June 20, 2022, midnight
Register or login to:
  • 🔍View and search all Vault releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google