[ANN] Vault 1.7.1 Released

Hi folks,

The Vault team is happy to announce the release of Vault 1.7.1!

There is security content pertaining to the PKI CRL and Cassandra Database and Storage backends in this release; see the SECURITY section of the Changelog at [3] for details.

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

The key fixes and improvements in this release are:

  • Core : Add a “tls_max_version” listener config option
  • Storage : Fix the cleanup of storage entries from cubbyholes within namespaces
  • DynamoDB Storage : Fix handling of throttled batch write requests
  • Identity : Fix a potential deadlock in the entity merge endpoint
  • Replication : Fix a bug where mounts created within a namespace might not appear on performance secondaries
  • Cassandra Secrets Engine : Allow password rotations containing special characters
  • OIDC Auth : Allow providing service account JSON in G Suite provider config
  • UI : Fix a bug in displaying the namespace upon login

See the Changelog at [3] for the full list of improvements and bug fixes.

OSS [5] and Enterprise [6] Docker images will be available soon.


See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].

We hope you enjoy Vault 1.7.1!

Sincerely, The Vault Team

[1] https://releases.hashicorp.com/vault/1.7.1
[2] Security at HashiCorp
[3] vault/CHANGELOG.md at master · hashicorp/vault · GitHub
[4] Upgrading Vault - Guides | Vault by HashiCorp
[5] Docker Hub
[6] Docker Hub
[7] https://discuss.hashicorp.com/c/vault