Vault 1.15.4, 1.14.8, and 1.13.12 released!

Release Notifications
1

Hi folks,

The Vault team is announcing the release of 1.15.4, as well as Vault 1.14.8 and 1.13.12.

There is important security content in these releases; see the SECURITY section of the Changelog at [5] for details. Upgrading is strongly recommended.

Community Edition binaries can be downloaded at [1, 2, 3]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [4].

The major security fix in the release is:

  • Request handling: Fixes an issue present in both Vault and Vault Enterprise since Vault 1.12.0, where Vault is vulnerable to a denial of service through memory exhaustion of the host when handling large HTTP requests from a client. (see CVE-2023-6337 & HCSEC-2023-34)

Other major features and improvements in the release include:

  • Identity: Fixes an issue causing problems resolving duplicate entities on performance replica clusters.

See the Changelog at [5] for the full list of improvements and bug fixes.

See the Feature Deprecation Notice and Plans page [10] for our upcoming feature deprecation plans.

Community [8] and Enterprise [9] Docker images will be available soon.

Upgrading

See [6] for general upgrade instructions and [7] for upgrade instructions and known issues.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [11].

We hope you enjoy Vault 1.15.4!

Sincerely, The Vault Team

[1] https://releases.hashicorp.com/vault/1.15.4

[2] https://releases.hashicorp.com/vault/1.14.8

[3] https://releases.hashicorp.com/vault/1.13.12

[4] https://www.hashicorp.com/security

[5] https://github.com/hashicorp/vault/blob/main/CHANGELOG.md

[6] https://developer.hashicorp.com/vault/docs/upgrading

[7] https://developer.hashicorp.com/vault/docs/release-notes/1.15.0

[8] https://hub.docker.com/r/hashicorp/vault

[9] https://hub.docker.com/r/hashicorp/vault-enterprise

[10] https://developer.hashicorp.com/vault/docs/deprecation

[11] https://discuss.hashicorp.com/c/vault