Hi all,
The Vault team is announcing the release of Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
The 1.20.3 Community Edition and Enterprise release candidates are available on our releases portal [1,10].
Community [6] and Enterprise [7] Docker images are also available.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing secu...@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].
Notable changes in the release are:
Seal HA [Enterprise]: Addresses and edge case scenario where partial seal wrapping of the barrier keyring occurs when alternating unhealthy seals, there is a potential inability to unseal.
Addressed an issue with the go-discover package that prevented auto-join from working in AWS regions without dual-stack connectivity. We recommend upgrading if you use auto-join in these regions.
Attestation Evidence with Logging for Credential Rotation (1.19.9 and 1.20.3 only)
RACF passphrase support for LDAP secrets engine
Fixes GCP secrets sync incorrectly changing the case on customer-managed KMS keys’ resource names
We added configuration on Vault listeners to control JSON request payload size and complexity. We have additionally set generous defaults on these values, but if you are sending very large or very complex JSON requests to Vault, some might be denied, and the parameters may need to be adjusted.
See the Changelog at [3] for the full list of improvements and bug fixes.
See the Feature Deprecation Notice and Plans page [8] for our upcoming feature deprecation plans.
---
Upgrading
See [4] for general upgrade instructions and [5] for upgrade instructions and known issues.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [9].
We hope you enjoy Vault 1.20.3!
Sincerely, The Vault Team
[1] https://releases.hashicorp.com/vault/1.20.3
[2] https://www.hashicorp.com/security
[3] https://github.com/hashicorp/vault/blob/main/CHANGELOG.md
[4] https://developer.hashicorp.com/vault/docs/upgrading
[5] https://developer.hashicorp.com/vault/docs/updates/release-notes
[6] https://hub.docker.com/r/hashicorp/vault
[7] https://hub.docker.com/r/hashicorp/vault-enterprise
[8] https://developer.hashicorp.com/vault/docs/deprecation
[9] https://discuss.hashicorp.com/c/vault
[10] https://releases.hashicorp.com/vault/1.20.3+ent