Vault 1.15.4, 1.14.8, and 1.13.12 released!

Skip to first unread message

Dec 8, 2023, 4:25:03 PM12/8/23
to Vault

Hi folks,

The Vault team is announcing the release of 1.15.4, as well as Vault 1.14.8 and 1.13.12.

There is important security content in these releases; see the SECURITY section of the Changelog at [5] for details. Upgrading is strongly recommended.

Community Edition binaries can be downloaded at [1, 2, 3]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing and do not use the public issue tracker. Our security policy and our PGP key can be found at [4].

The major security fix in the release is:

  • Request handling: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see CVE-2023-6337 & HCSEC-2023-34)

Other major features and improvements in the release include:

  • Identity: Fixes an issue causing problems resolving duplicate entities on performance replica clusters.

See the Changelog at [5] for the full list of improvements and bug fixes.

See the Feature Deprecation Notice and Plans page [10] for our upcoming feature deprecation plans.

Community [8] and Enterprise [9] Docker images will be available soon.



See [6] for general upgrade instructions and [7] for upgrade instructions and known issues.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [11].

We hope you enjoy Vault 1.15.4!

Sincerely, The Vault Team











Reply all
Reply to author
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages