Vault 1.21.0, 1.20.5, 1.19.11, 1.16.27 released!

7 views
Skip to first unread message

Tony Wittinger

unread,
Oct 23, 2025, 2:52:59 PM (14 days ago) Oct 23
to Vault

Hi all,


The Vault team is announcing the release of Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27. 


The 1.21 Community Edition and Enterprise editions are available on our releases portal [1,10].


As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing secu...@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].


Major upgrade considerations for Vault 1.21 are:

  • Allowed/Denied Parameters Evaluation: We’ve made some changes to how allowed and denied parameters are evaluated in Vault Access Control Lists. Some login requests that previously succeeded may fail.


The major features and improvements in Vault 1.21 are:


  • Vault SPIFFE Auth Method (Enterprise):  Vault supports SPIFFE Auth Method and supports X509 and JWT based SVIDS. Vault also supports SVID minting for authenticated clients and provides Certificate based SVIDS.

  • KV v2 Version Attribution: Vault now includes attribution metadata for versioned KV secrets. This allows lookup of attribution information for each version of KV v2 secrets from CLI and API.

  • MFA TOTP Self-Enrollment: Login MFA now supports scanning QR codes for users to self-enroll in MFA.

  • Secret Recovery Enhancements: Added support for automatic loading from automated snapshots, recover secrets as a copy instead of replace, and made UX improvements.

  • Fix bug related to caching in AWS auth methods



See the Changelog at [3] for the full list of improvements and bug fixes.


See the Feature Deprecation Notice and Plans page [8] for our upcoming feature deprecation plans.


Community [6] and Enterprise [7] Docker images will be available soon.


---


Upgrading


See [4] for general upgrade instructions and [5] for upgrade instructions and known issues.


As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [9].


We hope you enjoy Vault 1.21.0!


Sincerely, The Vault Team


[1] https://releases.hashicorp.com/vault/1.21.0

[2] https://www.hashicorp.com/security

[3] https://github.com/hashicorp/vault/blob/main/CHANGELOG.md 

[4] https://developer.hashicorp.com/vault/docs/upgrading

[5] https://developer.hashicorp.com/vault/docs/updates/release-notes

[6] https://hub.docker.com/r/hashicorp/vault

[7] https://hub.docker.com/r/hashicorp/vault-enterprise

[8] https://developer.hashicorp.com/vault/docs/deprecation

[9] https://discuss.hashicorp.com/c/vault

[10] https://releases.hashicorp.com/vault/1.21.0+ent


Reply all
Reply to author
Forward
0 new messages