The Vault team is announcing the release of Vault 1.10.1, 1.9.5, and 1.8.10!
Open-source binaries can be downloaded at [1, 2, 3]. Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing secu...@hashicorp.com
and do not use the public issue tracker. Our security policy and our PGP key can be found at .
These releases contain fixes to low and informational severity findings identified in a recent third-party security audit.
The key fixes and improvements in 1.10.1 are:
- Config: We improved our config parsing to add warnings about unused and/or redundant keys
- Integrated Storage: Vault 1.10.1 allows for streaming large integrated storage snapshots that would not otherwise fit into allocated memory
- Local Aliases Panic: We fixed a panic that could occur during reconciliation of local aliases with entities
- MFA: We fixed two MFA panics. One could occur when certain types of login requests were serviced by performance standby nodes. The second was a Duo MFA panic.
- UI: We fixed a bug on the login page that could prevent logging in via OIDC.
See the Changelog at  for the full list of improvements and bug fixes.
See the Feature Deprecation Notice and Plans page  for our upcoming feature deprecation plans.
OSS  and Enterprise  Docker images will be available soon.
See  for general upgrade instructions.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at .
We hope you enjoy Vault 1.10.1!
Sincerely, The Vault Team