Hi all,
The Vault team is announcing the release of Vault Community Edition 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, and 1.16.20.
The 1.19.3 Community Edition binary can be downloaded at [1]. Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].
These releases address a vulnerability introduced in Vault 0.3.0, where the KV v2 plugin may expose sensitive data in the audit and server logs when processing malformed payloads during secret creation or update operations via the Vault REST API. For more information, refer to the disclosure bulletin, HCSEC-2025-09 [11].
These releases address the known issue introduced in Vault 1.16.16, 1.17.12, 1.18.5, and 1.19.0 that automatically rotates existing database secrets engine static roles once when upgrading to an affected version. More information can be found at [10].
Deprecation warning for single-factor password authentication for the Snowflake database plugin. The Snowflake database plugin will use key-pair authentication going forward.
See the Changelog at [3] for the full list of improvements and bug fixes.
See the Feature Deprecation Notice and Plans page [8] for our upcoming feature deprecation plans.
Community [6] and Enterprise [7] Docker images will be available soon.
Upgrading
See [4] for general upgrade instructions and [5] for upgrade instructions and known issues.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [9].
We hope you enjoy Vault 1.19.3!
Sincerely, The Vault Team
[1] Vault v1.19.3 Binaries | HashiCorp Releases
[2] Security at HashiCorp
[3] vault/CHANGELOG.md at main · hashicorp/vault · GitHub
[4] Upgrade Vault | Vault | HashiCorp Developer
[5] https://developer.hashicorp.com/vault/docs/v1.19.x/release-notes
[6] https://hub.docker.com/r/hashicorp/vault
[7] https://hub.docker.com/r/hashicorp/vault-enterprise
[8] Deprecation notices | Vault | HashiCorp Developer
[9] Vault - HashiCorp Discuss
[10] https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.19.x
[11] https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin