Vault 1.15.2, 1.14.6, and 1.13.10 released!

25 views
Skip to first unread message

Meggie Ladlow

unread,
Nov 9, 2023, 11:33:11 AM11/9/23
to HashiCorp Announcements

Hi folks,


The Vault team is announcing the release of 1.15.2, as well as Vault 1.14.6 and 1.13.10.


Community Edition binaries can be downloaded at [1, 2, 3]. Enterprise binaries are available to customers as well.


As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing secu...@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [4].


The major features and improvements in these releases are:


  • Logger Memory Leak: In 1.13.7, 1.14.3, and 1.15.0, we fixed a bug that made some loggers in Vault not respond to SIGHUPs to reload their configuration. In the process of fixing that bug we introduced a memory leak preventing unused loggers from being cleaned up. The memory leak is particularly notable for logins to Vault Enterprise. We have reverted the logger bug fix, so the loggers may not respond to SIGHUPs to reload their configurations [12].

  • Error during metrics gathering: In Vault 1.13.9, 1.14.5, and 1.15.1, we introduced a change to improve state change speed (a node becoming active or standby). This change sometimes causes a concurrent iteration and write on a map, which causes Vault to crash.

  • Internal Error -- Namespace (Enterprise): If a user is a member of a group that gets a policy from a namespace other than the one they're trying to log into, and that policy doesn't exist, Vault returns an internal error. This impacts all auth methods. 



See the Changelog at [5] for the full list of improvements and bug fixes.


See the Feature Deprecation Notice and Plans page [10] for our upcoming feature deprecation plans.


Community [8] and Enterprise [9] Docker images will be available soon.


---


Upgrading


See [6] for general upgrade instructions, and [7] for upgrade instructions and known issues.


As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [11].


We hope you enjoy Vault 1.15.2!


Sincerely, The Vault Team


[1] https://releases.hashicorp.com/vault/1.15.2

[2] https://releases.hashicorp.com/vault/1.14.6

[3] https://releases.hashicorp.com/vault/1.13.10

[4] https://www.hashicorp.com/security

[5] https://github.com/hashicorp/vault/blob/main/CHANGELOG.md 

[6] https://developer.hashicorp.com/vault/docs/upgrading

[7] https://developer.hashicorp.com/vault/docs/release-notes/1.15.0

[8] https://hub.docker.com/r/hashicorp/vault

[9] https://hub.docker.com/r/hashicorp/vault-enterprise

[10] https://developer.hashicorp.com/vault/docs/deprecation

[11] https://discuss.hashicorp.com/c/vault

[12] https://github.com/hashicorp/vault/blob/main/website/content/partials/known-issues/sublogger-levels-unchanged-on-reload.mdx


Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages