[ANN] Vault 1.6.2 Released

[Meggie Ladlow]

Hi folks,

The Vault team is happy to announce the release of Vault 1.6.2!

There is security content pertaining to the potential disclosure of internal IP addresses and secret engine mounts in this release. There is also an issue with removing raft peers from DR secondary clusters; see the SECURITY section of the Changelog at [3] for details.

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing secu...@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

Key fixes and improvements in this release are enumerated below.

• KMIP: We’ve added functionality to show an error when a KMIP secrets engine mount is configured on a port that is in use by another KMIP secrets engine.
• Vault Agent: We fixed a regression introduced in 1.6.1 where Vault Agent would not auto-auth to its configured namespace unless VAULT_NAMESPACE was set.

See the Changelog at [3] for the full list of improvements and bug fixes.

OSS [5] and Enterprise [6] Docker images will be available soon.

---

Upgrading

See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].

We hope you enjoy Vault 1.6.2!

Sincerely, The Vault Team

[1] https://releases.hashicorp.com/vault/1.6.2/

[2] https://www.hashicorp.com/security

[3] https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#162

[4] https://www.vaultproject.io/docs/upgrading

[5] https://hub.docker.com/_/vault

[6] https://hub.docker.com/r/hashicorp/vault-enterprise

[7] https://discuss.hashicorp.com/c/vault