releases.shpreview
HashiCorp/Vault

Vault

Mon
Wed
Fri
JulAugSepOctNovDecJanFebMarAprMayJunJul
Less
More
Releases5Avg2/moVersionsv2.0.0 to v2.0.3
v2.0.3

LIST requests with a trailing slash now correctly respect more-specific deny policies, fixing an ACL bypass where a request to LIST kv/private/ could skip a deny on kv/*. Also introduces beta support for AI agents in Enterprise, including an agent registry and OAuth resource server capabilities. Plus a constant-time recovery token comparison and several security fixes across RADIUS, SPIFFE, and transform.

Read more →
v2.0.2

Vault containers no longer have the cap_ipc_lock capability, preventing calls to mlock() for memory locking—operators should set disable_mlock = true in configuration and disable swapping at runtime. SSH RSA key sizes are now limited to a maximum of 8192 bits (CVE-2026-39829). Also fixed plugin signature verification failures with expired PGP keys and a transit key version dropdown state issue.

Read more →

SECURITY:

  • Upgrade cloudflare/circl to v1.6.3 to resolve CVE-2026-1229
  • Upgrade filippo.io/edwards25519 to v1.1.1 to resolve GO-2026-4503
  • vault/sdk: Upgrade cloudflare/circl to v1.6.3 to resolve CVE-2026-1229
  • vault/sdk: Upgrade go.opentelemetry.io/otel/sdk to…
Read more →

February 05, 2026

SECURITY:

auth/cert: ensure that the certificate being renewed matches the certificate attached to the session.

CHANGES:

core: Bump Go version to 1.25.6

FEATURES:

UI: Hashi-Built External Plugin Support: Recognize and support…

Read more →

1.21.2

January 07, 2026

CHANGES:

  • auth/oci: bump plugin to v0.20.1
  • core: Bump Go version to 1.25.5
  • packaging: Container images are now exported using a compressed OCI image layout.
  • packaging: UBI container images are now built on the UBI 10 minimal…
Read more →

1.21.1

November 20, 2025

SECURITY:

  • auth/aws: fix an issue where a user may be able to bypass authentication to Vault due to incorrect caching of the AWS client
  • ui: disable scarf analytics for ui builds

CHANGES:

  • auth/kubernetes: Update plugin to…
Read more →
August 06, 2025

SECURITY:

  • auth/ldap: fix MFA/TOTP enforcement bypass when username_as_alias is enabled…
Read more →

1.20.0

June 25, 2025

SECURITY:

  • core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. [GH-30794]

CHANGES:

  • UI: remove outdated and unneeded js string…
Read more →

1.20.0-rc1

June 11, 2025

SECURITY:

  • core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. [GH-30794]

CHANGES:

  • UI: remove outdated and unneeded js string…
Read more →

1.19.4

May 16, 2025

CHANGES:

  • Update vault-plugin-auth-cf to v0.20.1 [GH-30586]
  • auth/azure: Update plugin to v0.20.4 [GH-30543]
  • core: Bump Go version to…
Read more →
Last Checked
22h ago
Latest
v2.0.3
Tracking since Feb 6, 2023