releases.shpreview
HashiCorp/Vault/v1.15.5

v1.15.5

January 30, 2024VaultView original ↗
$npx -y @buildinternet/releases show rel_UTTbk7uhqB3XmU6Svsjm_

1.15.5

January 31, 2024

SECURITY:

  • audit: Fix bug where use of 'log_raw' option could result in other devices logging raw audit data [GH-24968] [HCSEC-2024-01]

CHANGES:

  • core: Bump Go version to 1.21.5.
  • database/snowflake: Update plugin to v0.9.1 [GH-25020]
  • secrets/ad: Update plugin to v0.16.2 [GH-25058]
  • secrets/openldap: Update plugin to v0.11.3 [GH-25040]

IMPROVEMENTS:

  • command/server: display logs on startup immediately if disable-gated-logs flag is set [GH-24280]
  • core/activity: Include secret_syncs in activity log responses [GH-24710]
  • oidc/provider: Adds code_challenge_methods_supported to OpenID Connect Metadata [GH-24979]
  • storage/raft: Upgrade to bbolt 1.3.8, along with an extra patch to reduce time scanning large freelist maps. [GH-24010]
  • sys (enterprise): Adds the chroot_namespace field to this sys/internal/ui/resultant-acl endpoint, which exposes the value of the chroot namespace from the listener config.
  • ui: latest version of chrome does not automatically redirect back to the app after authentication unless triggered by the user, hence added a link to redirect back to the app. [GH-18513]

BUG FIXES:

  • audit/socket: Provide socket based audit backends with 'prefix' configuration option when supplied. [GH-25004]
  • audit: Fix bug where use of 'log_raw' option could result in other devices logging raw audit data [GH-24968]
  • auth/saml (enterprise): Fixes support for Microsoft Entra ID enterprise applications
  • core (enterprise): fix a potential deadlock if an error is received twice from underlying storage for the same key
  • core: upgrade github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 to support azure workload identities. [GH-24954]
  • helper/pkcs7: Fix slice out-of-bounds panic [GH-24891]
  • kmip (enterprise): Only return a Server Correlation Value to clients using KMIP version 1.4.
  • plugins: fix panic when registering containerized plugin with a custom runtime on a perf standby
  • ui: Allows users to dismiss the resultant-acl banner. [GH-25106]
  • ui: Correctly handle redirects from pre 1.15.0 Kv v2 edit, create, and show urls. [GH-24339]
  • ui: Fixed minor bugs with database secrets engine [GH-24947]
  • ui: Fixes input for jwks_ca_pem when configuring a JWT auth method [GH-24697]
  • ui: Fixes policy input toolbar scrolling by default [GH-23297]
  • ui: The UI can now be used to create or update database roles by operator without permission on the database connection. [GH-24660]
  • ui: fix KV v2 details view defaulting to JSON view when secret value includes { [GH-24513]
  • ui: fix incorrectly calculated capabilities on PKI issuer endpoints [GH-24686]
  • ui: fix issue where kv v2 capabilities checks were not passing in the full secret path if secret was inside a directory. [GH-24404]
  • ui: fix navigation items shown to user when chroot_namespace configured [GH-24492]

Fetched April 8, 2026