Vault 1.10.1, 1.9.5, and 1.8.10 released!

Release Notifications
1

Hi folks,

The Vault team is announcing the release of Vault 1.10.1, 1.9.5, and 1.8.10!

Open-source binaries can be downloaded at [1, 2, 3]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [4].

These releases contain fixes to low and informational severity findings identified in a recent third-party security audit.

The key fixes and improvements in 1.10.1 are:

  • Config: We improved our config parsing to add warnings about unused and/or redundant keys.
  • Integrated Storage: Vault 1.10.1 allows for streaming large integrated storage snapshots that would not otherwise fit into allocated memory.
  • Local Aliases Panic: We fixed a panic that could occur during reconciliation of local aliases with entities.
  • MFA: We fixed two MFA panics. One could occur when certain types of login requests were serviced by performance standby nodes. The second was a Duo MFA panic.
  • UI: We fixed a bug on the login page that could prevent logging in via OIDC.

See the Changelog at [5] for the full list of improvements and bug fixes.

See the Feature Deprecation Notice and Plans page [9] for our upcoming feature deprecation plans.

OSS [7] and Enterprise [8] Docker images will be available soon.

Upgrading

See [6] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [10].

We hope you enjoy Vault 1.10.1!

Sincerely, The Vault Team

[1] Vault v1.10.1 Binaries | HashiCorp Releases
[2] Vault v1.9.5 Binaries | HashiCorp Releases
[3] Vault v1.8.10 Binaries | HashiCorp Releases
[4] Security at HashiCorp
[5] vault/CHANGELOG.md at main · hashicorp/vault · GitHub
[6] Upgrading Vault - Guides | Vault by HashiCorp
[7] Docker Hub
[8] Docker Hub
[9] Feature Deprecation Notice | Vault by HashiCorp
[10] Vault - HashiCorp Discuss
[11] Upgrading to Vault 1.10.x - Guides | Vault by HashiCorp