[ANN] Vault 1.4.2

Hi folks,

The Vault team is happy to announce the release of Vault 1.4.2!

There is security content in this release; see the SECURITY section of the Changelog at [3] for details.

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

The key fixes and improvements in this release are enumerated below.

  • [SECURITY] Proxy Environment Logging: We restricted what we log from proxy environment configuration to avoid displaying username and password information
  • [SECURITY] GCP Secrets TTL: Fix a regression in 1.4.0 where the system TTLs were being used instead of the configured backend TTLs for dynamic service accounts.
  • AWS Auth Token Renewal fix: Fix a regression in 1.4.1 where tokens created with AWS Auth could not be renewed
  • Local Mount Filtering: We addressed an issue where an allowlist of mounts would hide local mounts on a performance secondary
  • Transform fix: Fixed an issue with the Transform Secrets Engine for accessing cached entries, like those from performance standby nodes
  • Integrated Storage fixes: There are a few fixes for Integrated Storage, see the changelog for details
  • LDAP Regression Fix: Fix 1.4.0 regression that could result in auth failures when LDAP auth config includes upndomain

See the Changelog at [3] for the full list of improvements and bug fixes.

OSS [5] and Enterprise [6] Docker images will be available soon.


Upgrading

See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].

We hope you enjoy Vault 1.4.2!

Sincerely,The Vault Team

[1] https://releases.hashicorp.com/vault/1.4.2/
[2] https://www.hashicorp.com/security
[3] https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020
[4] https://www.vaultproject.io/docs/upgrading
[5] https://hub.docker.com/_/vault
[6] https://hub.docker.com/r/hashicorp/vault-enterprise
[7] https://discuss.hashicorp.com/c/vault

1 Like