Hello,
The Vault team has released HashiCorp Vault 0.10.3.
Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers now. Docker images will be submitted for building soon.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing
secu...@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].
Note: there are a few minor behavioral changes, most notably that (like all other auth methods) successful authentications using the 'ldap', 'okta', and 'radius' auth methods will produce a token even if no policies have been specifically configured for that user, which ensures that these users will properly get a token with the 'default' policy. See the Changelog for more information.
In addition to a number of improvements and bug fixes, this version addresses a few regressions in 0.10.2:
* AppRole roles using only CIDRs and not Secret-IDs would panic during login
* Security fixes in 0.10.2 led to a request processing slowdown
Additionally, there are several notable new features:
* Active Directory Secrets Engine Root Rotation: The AD secrets engine now contains an endpoint that allows the initially-configured account credentials to be rotated by Vault. Triggering this after submitting configuration ensures that only Vault knows its own credentials.
* URI SANs in PKI: You can now encode URI SANs into issued certificates, and restrict allowed values via a glob-supporting list.
* Token CIDR binding for AppRole: AppRole now lets you specify CIDRs to bind generated tokens to, which can be distinct from the CIDRs that Secret-IDs are bound to.
* KV rollback command: There is now a `vault kv rollback` command that makes it easier to restore a previous version of a secret in KV v2, and uses check-and-set to ensure that it happens atomically.
See the Changelog at [3] for the full list.
---
Upgrading
See [4] for general upgrade instructions..
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault mailing list.
We hope you enjoy Vault 0.10.3!
Sincerely,
The Vault Team