Hi folks,
The Vault team is announcing the release of the Vault 1.11 release candidate, as well as Vault 1.10.4, 1.9.7, and 1.8.12 !
Open-source binaries can be downloaded at [1, 2, 3, 4]. Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing
secu...@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [5].
These releases contain fixes to low and informational severity findings identified in a recent third-party security audit.
The major features and improvements in the Vault 1.11 release candidate are:
- Autopilot Improvements (Enterprise): Autopilot on Vault Enterprise now supports automated upgrades and redundancy zones when using integrated storage.
- Kubernetes Secrets Engine: Add support for generating dynamic Kubernetes service account tokens.
- Consul Secrets Engine: Node and Service identities are now supported.
- Snowflake DB Secrets Engine: Keypair based authentication is now supported.
- GCP Auth Engine: Support for non-public GCP endpoints has been added.
- Non-Disruptive Intermediate/Root Certificate Rotation: Allow import, generation and configuration of any number of keys and/or issuers within a PKI mount, providing operators the ability to rotate certificates in place without affecting existing client configurations.
- Key import for Transit: Allow import of private key material to be used in Transit secrets engine.
- KMIP Improvements: Implement operations Query, Import, Encrypt and Decrypt. Improve operations Locate, Add Attribute, Get Attributes and Get Attribute List to handle most supported attributes.
- ADP Tokenization: Add support for convergent tokenization as well as token lookup for some configurations of tokenization transforms.
See the Changelog at [6] for the full list of improvements and bug fixes.
See the Feature Deprecation Notice and Plans page [10] for our upcoming feature deprecation plans.
OSS [8] and Enterprise [9] Docker images will be available soon.
---
Upgrading
See [7] for general upgrade instructions.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [11].
We hope you enjoy Vault 1.11.0-rc1, 1.10.4, 1.9.7, and 1.8.12!
Sincerely, The Vault Team
[1]
https://releases.hashicorp.com/vault/1.11.0-rc1[2]
https://releases.hashicorp.com/vault/1.10.4[3]
https://releases.hashicorp.com/vault/1.9.7[4]
https://releases.hashicorp.com/vault/1.8.12[5]
https://www.hashicorp.com/security[6]
https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#1110-rc1[7]
https://www.vaultproject.io/docs/upgrading[8]
https://hub.docker.com/r/hashicorp/vault[9]
https://hub.docker.com/r/hashicorp/vault-enterprise[10]
https://vaultproject.io/docs/deprecation[11]
https://discuss.hashicorp.com/c/vault[12]
https://www.vaultproject.io/docs/upgrading/upgrade-to-1.10.x