The Vault team is happy to announce the release of Vault 1.4.2!
There is security content in this release; see the SECURITY section of the Changelog at  for details.
Open-source binaries can be downloaded at . Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing firstname.lastname@example.org and do not use the public issue tracker. Our security policy and our PGP key can be found at .
The key fixes and improvements in this release are enumerated below.
- [SECURITY] Proxy Environment Logging: We restricted what we log from proxy environment configuration to avoid displaying username and password information
- [SECURITY] GCP Secrets TTL: Fix a regression in 1.4.0 where the system TTLs were being used instead of the configured backend TTLs for dynamic service accounts.
- AWS Auth Token Renewal fix: Fix a regression in 1.4.1 where tokens created with AWS Auth could not be renewed
- Local Mount Filtering: We addressed an issue where an allowlist of mounts would hide local mounts on a performance secondary
- Transform fix: Fixed an issue with the Transform Secrets Engine for accessing cached entries, like those from performance standby nodes
- Integrated Storage fixes: There are a few fixes for Integrated Storage, see the changelog for details
- LDAP Regression Fix: Fix 1.4.0 regression that could result in auth failures when LDAP auth config includes upndomain
See the Changelog at  for the full list of improvements and bug fixes.
OSS  and Enterprise  Docker images will be available soon.
See  for general upgrade instructions.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at .
We hope you enjoy Vault 1.4.2!
Sincerely,The Vault Team