The Vault team is happy to announce the release of Vault 1.5.4!
There is security content pertaining to batch token expiration in this release; see the SECURITY section of the Changelog at  for details.
Open-source binaries can be downloaded at . Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing firstname.lastname@example.org and do not use the public issue tracker. Our security policy and our PGP key can be found at .
Key fixes and improvements in this release are enumerated below.
- Replication : We fixed a bug which prevented replication from functioning when filtered path evaluation failed
- UI : We fixed a bug where a dropdown for identity/entity management did not reflect actual policies
- Kubernetes Auth Engine : We added an option to disable defaulting to the local CA cert and service account JWT
- Plugin Reload : We fixed two issues related to cluster-wide plugin reload cleanup
- Metrics : We’ve disabled usage metrics collection on performance standby nodes and fixed a crash if metrics collection encountered zero-length keys in KV store
- GCP Secrets Engine: We added a check for 403 during rollbacks to prevent repeated deletion calls
- AWS Credentials : We added X-Amz-Content_sha256 as a default STS request header
See the Changelog at  for the full list of improvements and bug fixes.
OSS  and Enterprise  Docker images will be available soon.
See  for general upgrade instructions.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at .
We hope you enjoy Vault 1.5.4!
Sincerely, The Vault Team