Hi all,
The Vault team is announcing the release of 1.17.5, as well as Vault Enterprise 1.16.9. There is security content in these releases.
The Community Edition binary can be downloaded at [1]. Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].
The major features and improvements in these releases are:
SECURITY:
- core/audit: fix regression where client tokens and token accessors were being displayed in the audit log in plaintext [HCSEC-2024-18]
See the Changelog at [3] for the full list of improvements and bug fixes.
See the Feature Deprecation Notice and Plans page [8] for our upcoming feature deprecation plans.
Community [6] and Enterprise [7] Docker images will be available soon.
Upgrading
See [4] for general upgrade instructions and [5] for upgrade instructions and known issues.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [9].
Sincerely, The Vault Team
[1] Vault v1.17.5 Binaries | HashiCorp Releases
[3] vault/CHANGELOG.md at main · hashicorp/vault · GitHub
[4] https://developer.hashicorp.com/vault/docs/upgrading
[5] Release Notes | Vault | HashiCorp Developer
[6] https://hub.docker.com/r/hashicorp/vault
[7] https://hub.docker.com/r/hashicorp/vault-enterprise