Vault 1.12.3, 1.11.7, and 1.10.10 released!

Release Notifications
1

Hi folks,

The Vault team is announcing the release of Vault 1.12.3, 1.11.7, and 1.10.10.

Open-source binaries can be downloaded at [1, 2, 3]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [4].

There are some upcoming changes in Vault 1.13, and in Consul 1.14 that will affect some Vault users:

  • AliCloud Auth Method: The AliCloud auth plugin will now require the role parameter on login. This has always been documented as a required field but the requirement will now be enforced.
  • Consul: If you are using Vault with Consul storage, and the Consul servers are using Consul on Kubernetes, when you upgrade to Consul 1.14 you will need to edit your helm chart. Full instructions are available on the Consul documentation [11].
  • Log XI Environment Variable: We are removing an undocumented environment variable (LOGXI_FORMAT). Any users of that environment variable should switch to the VAULT_LOG_FORMAT environment variable.
  • Replication (Enterprise): In 1.12, we fixed a race condition in the merkle-sync/merkle-diff process but the improvement is disabled by default. In 1.13 the improvement will be enabled by default for Integrated Storage users, and users of Consul 1.14+.

Note that we have updated the Go Version to 1.19.4 for all of the Vault releases.

The major features and improvements in 1.12.3 are:

  • Lease Expiration: Fixed a panic on performance standbys when an irrevocable lease gets deleted
  • Quotas: Fixed a deadlock and an issue with quota exempt paths

See the Changelog at [5] for the full list of improvements and bug fixes.

See the Feature Deprecation Notice and Plans page [9] for our full upcoming feature deprecation plans.

Verified publisher OSS [7] and Enterprise [8] Docker images are also available.

Upgrading

See [6] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [10].

We hope you enjoy Vault 1.12.3!

Sincerely, The Vault Team

[1] Vault v1.12.3 Binaries | HashiCorp Releases
[2] Vault v1.11.7 Binaries | HashiCorp Releases
[3] Vault v1.10.10 Binaries | HashiCorp Releases
[4] Security at HashiCorp
[5] https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#1123
[6] Upgrading Vault - Guides | Vault | HashiCorp Developer
[7] Docker
[8] Docker
[9] Feature Deprecation Notice | Vault | HashiCorp Developer
[10] Vault - HashiCorp Discuss
[11] Upgrading Consul on Kubernetes Components | Consul | HashiCorp Developer