Overview All releases

Version History

1.16.2 1.16.1 1.16.0 1.15.8 1.15.7 1.15.6 1.15.5 1.15.4 1.15.3 1.15.2 1.15.1 1.15.0 1.14.12 1.14.11 1.14.10 1.14.9 1.14.8 1.14.7 1.14.6 1.14.5 1.14.4 1.14.3 1.14.2 1.14.1 1.14.0 1.13.13 1.13.12 1.13.11 1.13.10

1.13.9

1.13.8 1.13.7 1.13.6 1.13.5 1.13.4 1.13.3 1.13.2 1.13.1 1.13.0 1.12.11 1.12.10 1.12.9 1.12.8 1.12.7 1.12.6 1.12.5 1.12.4 1.12.3 1.12.2 1.12.1 1.12.0 1.11.12 1.11.11 1.11.10 1.11.9 1.11.8 1.11.7 1.11.6 1.11.5 1.11.4 1.11.3 1.11.2 1.11.1 1.11.0 1.10.11 1.10.10 1.10.9 1.10.8 1.10.7 1.10.6 1.10.5 1.10.4 1.10.3 1.10.2 1.10.1 1.10.0 1.9.10 1.9.9 1.9.8 1.9.7 1.9.6 1.9.5 1.9.4 1.9.3

1.9.2

1.9.1

1.9.0

1.8.12 1.8.11 1.8.10 1.8.9 1.8.8

1.8.7

1.8.6

1.8.5

1.8.4

1.8.3

1.8.2

1.8.1

1.8.0

1.7.10 1.7.9

1.7.8

1.7.7

1.7.6

1.7.5

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.7

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6.0

1.5.9

1.5.8

1.5.7

1.5.6

1.5.5

1.5.4

1.5.3

1.5.2

1.5.1

1.5.0

1.4.7

1.4.6

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.10

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.3

1.0.2

1.0.1

1.0.0

0.11.6

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11.0

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.6

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9.0

0.8.3

0.8.2

0.8.1

0.8.0

0.7.3

0.7.2

0.7.1

0.7.0

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.5.3

0.5.2

0.5.1

0.5.0

0.4.1

0.4.0

0.3.1

0.3.0

0.2.0

0.1.2

0.1.1

0.1.0

Vault - 1.13.9

Security

October 25, 2023

CHANGES:

core: Bump Go version to 1.20.10.
replication (enterprise): Switch to non-deprecated gRPC field for resolver target host

IMPROVEMENTS:

api/plugins: add tls-server-name arg for plugin registration [GH-23549]
core: Use a worker pool for the rollback manager. Add new metrics for the rollback manager to track the queued tasks. [GH-22567]

BUG FIXES:

command/server: Fix bug with sigusr2 where pprof files were not closed correctly [GH-23636]
events: Ignore sending context to give more time for events to send [GH-23500]
expiration: Prevent large lease loads from delaying state changes, e.g. becoming active or standby. [GH-23282]
kmip (enterprise): Improve handling of failures due to storage replication issues.
kmip (enterprise): Return a structure in the response for query function Query Server Information.
mongo-db: allow non-admin database for root credential rotation [GH-23240]
replication (enterprise): Fix a bug where undo logs would only get enabled on the initial node in a cluster.
replication (enterprise): Fix a missing unlock when changing replication state
secrets/transit (enterprise): Address an issue using sign/verify operations with managed keys returning an error about it not containing a private key
secrets/transit (enterprise): Address panic when using GCP,AWS,Azure managed keys for encryption operations. At this time all encryption operations for the cloud providers have been disabled, only signing operations are supported.
secrets/transit (enterprise): Apply hashing arguments and defaults to managed key sign/verify operations
secrets/transit: Do not allow auto rotation on managed_key key types [GH-23723]

1.13.6

August 30, 2023

CHANGES:

core: Bump Go version to 1.20.7.

IMPROVEMENTS:

core: Log rollback manager failures during unmount, remount to prevent replication failures on secondary clusters. [GH-22235]
replication (enterprise): Make reindex less disruptive by allowing writes during the flush phase.
secrets/database: Improves error logging for static role rotations by including the database and role names. [GH-22253]
storage/raft: Cap the minimum dead_server_last_contact_threshold to 1m. [GH-22040]
ui: KV View Secret card will link to list view if input ends in "/" [GH-22502]
ui: enables create and update KV secret workflow when control group present [GH-22471]

BUG FIXES:

activity (enterprise): Fix misattribution of entities to no or child namespace auth methods [GH-18809]
api: Fix breakage with UNIX domain socket addresses introduced by newest Go versions as a security fix. [GH-22523]
core (enterprise): Remove MFA Configuration for namespace when deleting namespace
core/quotas (enterprise): Fix a case where we were applying login roles to lease count quotas in a non-login context.
Also fix a related potential deadlock. [GH-21110]
core: Remove "expiration manager is nil on tokenstore" error log for unauth requests on DR secondary as they do not have expiration manager. [GH-22137]
core: Fix bug where background thread to update locked user entries runs on DR secondaries. [GH-22355]
core: Fix readonly errors that could occur while loading mounts/auths during unseal [GH-22362]
core: Fixed an instance where incorrect route entries would get tainted. We now pre-calculate namespace specific paths to avoid this. [GH-21470]
expiration: Fix a deadlock that could occur when a revocation failure happens while restoring leases on startup. [GH-22374]
license: Add autoloaded license path to the cache exempt list. This is to ensure the license changes on the active node is observed on the perfStandby node. [GH-22363]
replication (enterprise): Fix bug sync invalidate CoreReplicatedClusterInfoPath
replication (enterprise): Fix panic when update-primary was called on demoted clusters using update_primary_addrs
replication (enterprise): Fixing a bug by which the atomicity of a merkle diff result could be affected. This means it could be a source of a merkle-diff & sync process failing to switch into stream-wal mode afterwards.
sdk/ldaputil: Properly escape user filters when using UPN domains
sdk/ldaputil: use EscapeLDAPValue implementation from cap/ldap [GH-22249]
secrets/ldap: Fix bug causing schema and password_policy to be overwritten in config. [GH-22331]
secrets/transform (enterprise): Tidy operations will be re-scheduled at a minimum of every minute, not a maximum of every minute
ui: Fix blank page or ghost secret when canceling KV secret create [GH-22541]
ui: fixes max_versions default for secret metadata unintentionally overriding kv engine defaults [GH-22394]
ui: fixes model defaults overwriting input value when user tries to clear form input [GH-22458]

1.13.8

September 27, 2023

SECURITY:

sentinel (enterprise): Sentinel RGP policies allowed for cross-namespace denial-of-service. This vulnerability, CVE-2023-3775, is fixed in Vault Enterprise 1.15.0, 1.14.4, and 1.13.8. [HSEC-2023-29]

CHANGES:

core (enterprise): Ensure Role Governing Policies are only applied down the namespace hierarchy

IMPROVEMENTS:

ui: Added allowed_domains_template field for CA type role in SSH engine [GH-23119]

BUG FIXES:

core: Fixes list password policy to include those with names containing / characters. [GH-23155]
secrets/pki: Fix removal of issuers to clean up unreferenced CRLs. [GH-23007]
ui (enterprise): Fix error message when generating SSH credential with control group [GH-23025]
ui: Fixes old pki's filter and search roles page bug [GH-22810]
ui: don't exclude features present on license [GH-22855]

1.13.7

September 13, 2023

SECURITY:

secrets/transit: fix a regression that was honoring nonces provided in non-convergent modes during encryption. This vulnerability, CVE-2023-4680, is fixed in Vault 1.14.3, 1.13.7, and 1.12.11. [GH-22852, HSEC-2023-28]

CHANGES:

core: Bump Go version to 1.20.8.
database/snowflake: Update plugin to v0.7.3 [GH-22591]

FEATURES:

** Merkle Tree Corruption Detection (enterprise) **: Add a new endpoint to check merkle tree corruption.

IMPROVEMENTS:

auth/ldap: improved login speed by adding concurrency to LDAP token group searches [GH-22659]
core/quotas: Add configuration to allow skipping of expensive role calculations [GH-22651]
kmip (enterprise): reduce latency of KMIP operation handling

BUG FIXES:

cli: Fix the CLI failing to return wrapping information for KV PUT and PATCH operations when format is set to table. [GH-22818]
core/quotas: Only perform ResolveRoleOperation for role-based quotas and lease creation. [GH-22597]
core/quotas: Reduce overhead for role calculation when using cloud auth methods. [GH-22583]
core/seal: add a workaround for potential connection [hangs] in Azure autoseals. [GH-22760]
core: All subloggers now reflect configured log level on reload. [GH-22038]
kmip (enterprise): fix date handling error with some re-key operations
raft/autopilot: Add dr-token flag for raft autopilot cli commands [GH-21165]
replication (enterprise): Fix discovery of bad primary cluster addresses to be more reliable

Security

Details

date

Oct. 25, 2023, midnight

name

1.13.9

type

Patch

official page

https://github.com/hashicorp/vault/blob/main/CHANGELOG.md/#1139

👇

🔍View and search all Vault releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity