Hi folks,
The Vault team is happy to announce the release of Vault 1.4.3!
Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].
This release includes a fix for a serious issue that can cause Enterprise Vault to seal itself and not be able to unseal after rotations or updates to its unseal keys. Users of OSS Vault, Shamir unseal, and Transit Auto Unseal are not impacted by this issue. The issue impacts at least Vault 1.0 through 1.4.2 and we strongly recommend upgrading to 1.3.7 or 1.4.3. If you are running an affected version, we recommend avoiding seal migrations, rekeys, and key rotations in the external seal KMS, and we recommend taking a storage backup prior to key rotation.
The other key fixes and improvements in this release are enumerated below.
- AWS Auth Web Identity Support: We’ve added support for AWS Web Identities, which will be used in the credentials chain if present.
- Database Creds Generation Fix: We fixed an issue where performance standbys couldn’t handle database credential generation requests after a root credential rotation.
- GCP Secrets Scope Fix: We addressed an issue where token scopes weren’t being updated if bindings didn’t change.
- OCI Auth Fix: Users of the Oracle Cloud Infrastructure (OCI) auth method can now authenticate when the plugin backend is mounted at a non-default path.
- Integrated Storage Metric: We added a new metric for integrated storage to show how large KV entries are.
See the Changelog at [3] for the full list of improvements and bug fixes.
OSS [5] and Enterprise [6] Docker images will be available soon.
Upgrading
See [4] for general upgrade instructions.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].
We hope you enjoy Vault 1.4.3!
Sincerely,The Vault Team
[1] https://releases.hashicorp.com/vault/1.4.3/
[2] https://www.hashicorp.com/security
[3] https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#143
[4] https://www.vaultproject.io/docs/upgrading
[5] https://hub.docker.com/_/vault
[6] https://hub.docker.com/r/hashicorp/vault-enterprise
[7] https://discuss.hashicorp.com/c/vault