[ANN] Vault 1.5.4 Released

12 views

Skip to first unread message

Meggie Ladlow

unread,

Sep 24, 2020, 4:46:43 PM9/24/20

to HashiCorp Announcements

Hi folks,

The Vault team is happy to announce the release of Vault 1.5.4!

There is security content pertaining to batch token expiration in this release; see the SECURITY section of the Changelog at [3] for details.

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing secu...@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

Key fixes and improvements in this release are enumerated below.

Replication: We fixed a bug which prevented replication from functioning when filtered path evaluation failed
UI: We fixed a bug where a dropdown for identity/entity management did not reflect actual policies
Kubernetes Auth Engine: We added an option to disable defaulting to the local CA cert and service account JWT
Plugin Reload: We fixed two issues related to cluster-wide plugin reload cleanup
Metrics: We’ve disabled usage metrics collection on performance standby nodes and fixed a crash if metrics collection encountered zero-length keys in KV store
GCP Secrets Engine: We added a check for 403 during rollbacks to prevent repeated deletion calls
AWS Credentials: We added X-Amz-Content_sha256 as a default STS request header

See the Changelog at [3] for the full list of improvements and bug fixes.

OSS [5] and Enterprise [6] Docker images will be available soon.

---

Upgrading

See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].

We hope you enjoy Vault 1.5.4!

Sincerely, The Vault Team

[1] https://releases.hashicorp.com/vault/1.5.4/

[2] https://www.hashicorp.com/security

[3] https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154

[4] https://www.vaultproject.io/docs/upgrading

[5] https://hub.docker.com/_/vault

[6] https://hub.docker.com/r/hashicorp/vault-enterprise

[7] https://discuss.hashicorp.com/c/vault

Reply all

Reply to author

Forward

This conversation is locked

You cannot reply and perform actions on locked conversations.

0 new messages