Vault 1.15.4, 1.14.8, and 1.13.12 released!

45 views
Skip to first unread message

val...@hashicorp.com

unread,
Dec 8, 2023, 4:25:03 PM12/8/23
to Vault

Hi folks,


The Vault team is announcing the release of 1.15.4, as well as Vault 1.14.8 and 1.13.12.


There is important security content in these releases; see the SECURITY section of the Changelog at [5] for details. Upgrading is strongly recommended.


Community Edition binaries can be downloaded at [1, 2, 3]. Enterprise binaries are available to customers as well.


As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing secu...@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [4].


The major security fix in the release is:

  • Request handling: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see CVE-2023-6337 & HCSEC-2023-34)


Other major features and improvements in the release include:


  • Identity: Fixes an issue causing problems resolving duplicate entities on performance replica clusters.



See the Changelog at [5] for the full list of improvements and bug fixes.


See the Feature Deprecation Notice and Plans page [10] for our upcoming feature deprecation plans.


Community [8] and Enterprise [9] Docker images will be available soon.


---


Upgrading


See [6] for general upgrade instructions and [7] for upgrade instructions and known issues.


As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [11].


We hope you enjoy Vault 1.15.4!


Sincerely, The Vault Team


[1] https://releases.hashicorp.com/vault/1.15.4

[2] https://releases.hashicorp.com/vault/1.14.8

[3] https://releases.hashicorp.com/vault/1.13.12

[4] https://www.hashicorp.com/security

[5] https://github.com/hashicorp/vault/blob/main/CHANGELOG.md 

[6] https://developer.hashicorp.com/vault/docs/upgrading

[7] https://developer.hashicorp.com/vault/docs/release-notes/1.15.0

[8] https://hub.docker.com/r/hashicorp/vault

[9] https://hub.docker.com/r/hashicorp/vault-enterprise

[10] https://developer.hashicorp.com/vault/docs/deprecation

[11] https://discuss.hashicorp.com/c/vault
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages