[ANN] Vault 1.4.1

Hi folks,

The Vault team is happy to announce the release of Vault 1.4.1!

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

The key fixes and improvements in this release are enumerated below. We recommend that users of integrated storage upgrade to 1.4.1.

  • AWS Auth Method Fix : An issue was introduced in 1.3.2 and is described at [5]. We have changed the default set of metadata fields to reduce the storage writes as identity metadata changes, and made the metadata configurable

  • GCP Auth Method Metadata : We have made the GCP authentication alias naming and metadata fields configurable

  • Azure Auth Method : Azure VMs may now login using user-assigned identities

  • MongoDB Secrets Engine : We fixed an issue with MongoDB connection handling that was generating context deadline errors

  • Batch Deletion of Identities : We have added a batch deletion API for identity entities

  • Num Entities Metric : We have added a telemetry metric to show the number of entities

  • Operation Token OTP : The UI can now provide a One Time Password during the Operation Token generation process

  • Integrated Storage Snapshot Fix : We discovered and addressed an issue with Integrated Storage snapshots, where a node could fail to install a snapshot but write metadata from the snapshot, causing the FSM to become out of sync.

See the Changelog at [3] for the full list of improvements and bug fixes.

OSS [6] and Enterprise [7] Docker images will be available soon.


Upgrading:

See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum.

We hope you enjoy Vault 1.4.1!

Sincerely,

The Vault Team

[1] https://releases.hashicorp.com/vault/1.4.1/

[2] https://www.hashicorp.com/security.html

[3] https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#141-april-30-2020

[4] https://www.vaultproject.io/docs/install/upgrade.html

[5] https://www.vaultproject.io/docs/upgrading/upgrade-to-1.3.2

[6] https://hub.docker.com/_/vault

[7] https://hub.docker.com/r/hashicorp/vault-enterprise

2 Likes