[ANN] Vault 1.6.1 Released

Hi folks,

The Vault team is happy to announce the release of Vault 1.6.1!

There is security content pertaining to Sentinel EGP in Vault Enterprise and the LDAP auth method in this release; see the SECURITY section of the Changelog at [3] for details.

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

Key fixes and improvements in this release are enumerated below.

  • Auto Snapshots : Fixed a bug with integrated storage auto snapshots to AWS S3 with KMS
  • JWT Authentication : Fix bound_claims validation against provider-specific groups and user info claims
  • MongoDB Atlas Database : Sanitize private_key value when reading the config
  • MySQL Database : Fix issue where DisplayName within generated usernames was the incorrect length
  • Resource Quota Fix : 1.6.1 includes a fix for the upgrade path from 1.5 to 1.6 for resource quotas
  • Vault Usage CLI : We have added a CLI command for Vault Client Counting

See the Changelog at [3] for the full list of improvements and bug fixes.

OSS [5] and Enterprise [6] Docker images will be available soon.


Upgrading

See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].

We hope you enjoy Vault 1.6.1!

Sincerely, The Vault Team

[1] https://releases.hashicorp.com/vault/1.6.1/
[2] https://www.hashicorp.com/security
[3] https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161
[4] https://www.vaultproject.io/docs/upgrading
[5] https://hub.docker.com/_/vault
[6] https://hub.docker.com/r/hashicorp/vault-enterprise
[7] https://discuss.hashicorp.com/c/vault

2 Likes