Hi folks,
The Vault team is happy to announce the release of Vault 1.7.2!
There is security content pertaining to token expiry under some circumstances in this release; see the SECURITY section of the Changelog at [3] for details.
Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].
The key fixes and improvements in this release are:
- Core : We added an option to allow hostname and Raft node ID to be returned in response headers
- Core : We fixed a bug that prevented password policies from being used within namespaces
- Integrated Storage: We fixed a bug that would cause problems if node IP addresses didn’t match between the internal raft state and the configuration files
- UI : We fixed some namespace-related UI bugs
See the Changelog at [3] for the full list of improvements and bug fixes.
OSS [5] and Enterprise [6] Docker images will be available soon.
Upgrading
See [4] for general upgrade instructions.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].
We hope you enjoy Vault 1.7.2!
Sincerely, The Vault Team
[1] https://releases.hashicorp.com/vault/1.7.2
[2] Security at HashiCorp
[3] vault/CHANGELOG.md at master · hashicorp/vault · GitHub
[4] Upgrading Vault - Guides | Vault by HashiCorp
[5] Docker Hub
[6] Docker Hub
[7] https://discuss.hashicorp.com/c/vault