Vault

Vault containers no longer have the cap_ipc_lock capability, preventing calls to mlock() for memory locking—operators should set disable_mlock = true in configuration and disable swapping at runtime. SSH RSA key sizes are now limited to a maximum of 8192 bits (CVE-2026-39829). Also fixed plugin signature verification failures with expired PGP keys and a transit key version dropdown state issue.

SECURITY:

• Upgrade cloudflare/circl to v1.6.3 to resolve CVE-2026-1229
• Upgrade filippo.io/edwards25519 to v1.1.1 to resolve GO-2026-4503 ...

February 05, 2026

SECURITY:

auth/cert: ensure that the certificate being renewed matches the certificate attached to the session.

**CHAN...

1.21.2

January 07, 2026

CHANGES:

• auth/oci: bump plugin to v0.20.1
• core: Bump Go version to 1.25.5
• packaging: Container images ar...

1.21.1

November 20, 2025

SECURITY:

• auth/aws: fix an issue where a user may be able to bypass authentication to Vault due to incorrect ...

August 06, 2025

SECURITY:

• auth/ldap: fix MFA/TOTP enforcement bypass when username_as_alias is enabled [[GH-31427](https://github.com/hash...

1.20.0

June 25, 2025

SECURITY:

• core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. ...

1.19.5

May 30, 2025

Enterprise LTS: Vault Enterprise 1.19 is a [Long-Term Support (LTS)](https://developer.hashicorp.com/vault/docs/ent...

1.19.4

May 16, 2025

CHANGES:

• Update vault-plugin-auth-cf to v0.20.1 [GH-30586]
• aut...

1.19.3

April 30, 2025

CHANGES:

• auth/jwt: Update plugin to v0.23.2 [GH-30434]

BUG F...

1.19.2

April 18, 2025

CHANGES:

• core: Bump Go version to 1.23.7
• core: Bump Go version to 1.23.8
• secrets/openldap: Update plugin ...

1.19.1

April 4, 2025

Enterprise LTS: Vault Enterprise 1.19 is a [Long-Term Support (LTS)](https://developer.hashicorp.com/vault/docs/en...

1.19.0

March 5, 2025

Enterprise LTS: Vault Enterprise 1.19 is a [Long-Term Support (LTS)](https://developer.hashicorp.com/vault/docs/en...