Vault 1.15.4, 1.14.8, and 1.13.12 released!

Hi folks,

The Vault team is announcing the release of 1.15.4, as well as Vault 1.14.8 and 1.13.12.

There is important security content in these releases; see the SECURITY section of the Changelog at [5] for details. Upgrading is strongly recommended.

Community Edition binaries can be downloaded at [1, 2, 3]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing and do not use the public issue tracker. Our security policy and our PGP key can be found at [4].

The major security fix in the release is:

  • Request handling: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see CVE-2023-6337 & HCSEC-2023-34)

Other major features and improvements in the release include:

  • Identity: Fixes an issue causing problems resolving duplicate entities on performance replica clusters.

See the Changelog at [5] for the full list of improvements and bug fixes.

See the Feature Deprecation Notice and Plans page [10] for our upcoming feature deprecation plans.

Community [8] and Enterprise [9] Docker images will be available soon.


See [6] for general upgrade instructions and [7] for upgrade instructions and known issues.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [11].

We hope you enjoy Vault 1.15.4!

Sincerely, The Vault Team