Vault 1.14.0-rc1, 1.13.3, 1.12.7 and 1.11.11 released!

[Cinthia Vanni]

Hi folks,

The Vault team is announcing the release candidate of Vault 1.14, as well as 1.13.3, 1.12.7, and 1.11.11.

Open-source binaries can be downloaded at [1, 2, 3, 4]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing secu...@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [5].

The major features and improvements in the 1.14 release are:

• Vault PKI - ACME: Support for the ACME certificate lifecycle management protocol is now added to the Vault PKI plugin. Enables standard ACME clients, such as EFF's certbot, CNCF's k8s cert-manager etc., to request certificates from a Vault server without needing to know Vault APIs or auth mechanisms.

• Vault PKI - New UI:  Revamped PKI UI goes live. Was released as beta in 1.13. Delivers superior user experience via UI in areas such as -  workflows, metadata, issuer info, mount and tidy configuration, cross signing, multi-issuers etc.   

• Agent Proxy Mode: Vault Agent’s proxy mode is now available as a separate command.

• Automated License Utilization Reporting: Added automated license utilization reporting, which sends minimal product-license metering data [13] to HashiCorp without requiring you to manually collect and report them.

• New UI Navigation: Implemented a new sidebar-based navigation system using the new HashiCorp Design System and re-organized some of the items in the nav to streamline HCPv <> Vault movement, remove UX challenges, make the system status clearer, and make features more discoverable.

• AWS Secrets Engine - Static Roles: The engine now supports creation of static roles to manage static credentials for AWS IAM users.

• MongoDB Atlas Database Engine - User X.509 Certificates: The engine now supports generating X.509 credentials for dynamic roles for client authentication against MongoDB instances in Atlas.

See the Changelog at [6] for the full list of improvements and bug fixes.

See the Feature Deprecation Notice and Plans page [11] for our upcoming feature deprecation plans.

Note: In Vault 1.14 we will stop publishing official Dockerhub images and publish only our Verified Publisher images. Users of Docker images should pull from “hashicorp/vault” instead of “vault”.

OSS [9] and Enterprise [10] Docker images will be available soon.

---

Upgrading

See [7] for general upgrade instructions, and [8] for upgrade instructions and known issues.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [12].

We hope you enjoy Vault 1.14!

Sincerely, The Vault Team

[1] https://releases.hashicorp.com/vault/1.14.0-rc1

[2] https://releases.hashicorp.com/vault/1.13.3

[3] https://releases.hashicorp.com/vault/1.12.7

[4] https://releases.hashicorp.com/vault/1.11.11

[5] https://www.hashicorp.com/security

[6] https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#1132

[7] https://www.vaultproject.io/docs/upgrading

[8] https://developer.hashicorp.com/vault/docs/v1.14.x/release-notes

[9] https://hub.docker.com/r/hashicorp/vault

[10] https://hub.docker.com/r/hashicorp/vault-enterprise

[11] https://vaultproject.io/docs/deprecation

[12] https://discuss.hashicorp.com/c/vault

[13] https://developer.hashicorp.com/vault/docs/v1.14.x/enterprise/license/utilization-reporting