Vault 1.7.8 released

Hi folks,

The Vault team is announcing the release of Vault 1.7.8!

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

There is security content in this release. Vault 1.7.8 addresses CVE-2021-44716 [9] by upgrading Vault’s Go version from Go 1.15.15 to Go 1.16.12 . Alternative mitigations of the CVE were unsuccessful for Vault. Please examine the Go Release Notes [10] for 1.16 before upgrading to Vault 1.7.8.

See the Changelog at [3] for the full list of improvements and bug fixes.

See the Feature Deprecation Notice and Plans page [8] for our upcoming feature deprecation plans.

OSS [5] and Enterprise [6] Docker images will be available soon.


See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].

We hope you enjoy Vault 1.7.8!

Sincerely, The Vault Team

[1] Vault v1.7.8 Binaries | HashiCorp Releases
[2] Security at HashiCorp
[3] vault/ at main · hashicorp/vault · GitHub
[4] Upgrading Vault - Guides | Vault by HashiCorp
[5] Docker Hub
[6] Docker Hub
[7] Vault - HashiCorp Discuss
[8] Feature Deprecation Notice | Vault by HashiCorp
[10] Go 1.16 Release Notes - The Go Programming Language