Hi folks,
The Vault team is announcing the release of the Vault 1.11 release candidate, as well as Vault 1.10.4, 1.9.7, and 1.8.12 !
Open-source binaries can be downloaded at [1, 2, 3, 4]. Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [5].
These releases contain fixes to low and informational severity findings identified in a recent third-party security audit.
The major features and improvements in the Vault 1.11 release candidate are:
- Autopilot Improvements (Enterprise) : Autopilot on Vault Enterprise now supports automated upgrades and redundancy zones when using integrated storage.
- Kubernetes Secrets Engine : Add support for generating dynamic Kubernetes service account tokens.
- Consul Secrets Engine : Node and Service identities are now supported.
- Snowflake DB Secrets Engine : Keypair based authentication is now supported.
- GCP Auth Engine : Support for non-public GCP endpoints has been added.
- Non-Disruptive Intermediate/Root Certificate Rotation : Allow import, generation and configuration of any number of keys and/or issuers within a PKI mount, providing operators the ability to rotate certificates in place without affecting existing client configurations.
- Key import for Transit : Allow import of private key material to be used in Transit secrets engine.
- KMIP Improvements : Implement operations Query, Import, Encrypt and Decrypt. Improve operations Locate, Add Attribute, Get Attributes and Get Attribute List to handle most supported attributes.
- ADP Tokenization : Add support for convergent tokenization as well as token lookup for some configurations of tokenization transforms.
See the Changelog at [6] for the full list of improvements and bug fixes.
See the Feature Deprecation Notice and Plans page [10] for our upcoming feature deprecation plans.
OSS [8] and Enterprise [9] Docker images will be available soon.
Upgrading
See [7] for general upgrade instructions.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [11].
We hope you enjoy Vault 1.11.0-rc1, 1.10.4, 1.9.7, and 1.8.12!
Sincerely, The Vault Team
[1] Vault v1.11.0-rc1 Binaries | HashiCorp Releases
[2] Vault v1.10.4 Binaries | HashiCorp Releases
[3] Vault v1.9.7 Binaries | HashiCorp Releases
[4] Vault v1.8.12 Binaries | HashiCorp Releases
[5] Security at HashiCorp
[6] vault/CHANGELOG.md at main · hashicorp/vault · GitHub
[7] Upgrading Vault - Guides | Vault by HashiCorp
[8] Docker Hub
[9] Docker Hub
[10] Feature Deprecation Notice | Vault by HashiCorp
[11] Vault - HashiCorp Discuss
[12] Upgrading to Vault 1.10.x - Guides | Vault by HashiCorp