Vault 1.17.2, 1.16.6, and 1.15.12 released!

Hi all,

The Vault team is announcing the release of 1.17.2, as well as Vault 1.16.6 and 1.15.12 Enterprise.

The Community Edition binary can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

The major features and improvements in these releases are:

  • Fixed issue with transit engine CMAC implementation wherein the input value was also being returned with the CMAC value.
  • Fixed an issue with an upstream Go panic when FIPS versions of Vault attempted to create a TLS connection using an older set of RSA cipher suites
  • Fixed an issue with a panic in vault-plugin-secrets-azure when an Azure role is unassigned during a WAL Rollback.
  • In 1.16.6 and 1.15.12 we reverted a change in the way JWT “aud” claims were validated for the jwt auth method. This addresses an issue in 1.15.9, 1.15.10, 1.15.11, 1.16.3, 1.16.4, and 1.16.5 where some JWT configurations that previously worked would fail to login due to stricter matching of the “aud” claim.

See the Changelog at [3] for the full list of improvements and bug fixes.

See the Feature Deprecation Notice and Plans page [8] for our upcoming feature deprecation plans.

Community [6] and Enterprise [7] Docker images will be available soon.


See [4] for general upgrade instructions and [5] for upgrade instructions and known issues.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [9].

Sincerely, The Vault Team

[1] Vault v1.17.2 Binaries | HashiCorp Releases

[2] Security at HashiCorp


[4] Upgrading Vault - Guides | Vault | HashiCorp Developer

[5] Release Notes | Vault | HashiCorp Developer



[8] Deprecation notices | Vault | HashiCorp Developer

[9] Vault - HashiCorp Discuss