Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Releases: hashicorp/vault

v1.21.0

22 Oct 20:29
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.21.0
818ca8b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.21.0 Latest
Latest 
[VAULT-40260] This is an automated pull request to build all artifact…
Assets 2
Loading

v1.21.0-rc1

10 Oct 00:53
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.21.0-rc1
27ff647
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.21.0-rc1 Pre-release
Pre-release 
[VAULT-40007] This is an automated pull request to build all artifact…
Loading

v1.20.4

24 Sep 20:43
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.20.4
55bd8f1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.20.4 
[VAULT-39673] This is an automated pull request to build all artifact…
Loading

v1.20.3

28 Aug 18:21
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.20.3
7665ff2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.20.3 
[VAULT-39259] This is an automated pull request to build all artifact…
Loading

v1.20.2

06 Aug 04:09
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.20.2
824d129
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.20.2

August 06, 2025

SECURITY:

BUG FIXES:

  • agent/template: Fixed issue where templates would not render correctly if namespaces was provided by config, and the namespace and mount path of the secret were the same. [GH-31392]
  • identity/mfa: revert cache entry change from #31217 and document cache entry values [GH-31421]
Loading

v1.20.1

24 Jul 20:10
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.20.1
b403b1a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.20.1 
[VAULT-38326] This is an automated pull request to build all artifact…
Loading

v1.20.0

25 Jun 13:57
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.20.0
6fdd6b5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.20.0

1.20.0

June 25, 2025

SECURITY:

  • core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. [GH-30794]

CHANGES:

  • UI: remove outdated and unneeded js string extensions [GH-29834]
  • activity (enterprise): The sys/internal/counters/activity endpoint will return actual values for new clients in the current month.
  • activity (enterprise): provided values for start_time and end_time in sys/internal/counters/activity are aligned to the corresponding billing period.
  • activity: provided value for end_time in sys/internal/counters/activity is now capped at the end of the last completed month. [GH-30164]
  • api: Update the default API client to check for the Retry-After header and, if it exists, wait for the specified duration before retrying the request. [GH-30887]
  • auth/alicloud: Update plugin to v0.21.0 [GH-30810]
  • auth/azure: Update plugin to v0.20.2. Login requires resource_group_name, vm_name, and vmss_name to match token claims [GH-30052]
  • auth/azure: Update plugin to v0.20.3 [GH-30082]
  • auth/azure: Update plugin to v0.20.4 [GH-30543]
  • auth/azure: Update plugin to v0.21.0 [GH-30872]
  • auth/azure: Update plugin to v0.21.1 [GH-31010]
  • auth/cf: Update plugin to v0.20.1 [GH-30583]
  • auth/cf: Update plugin to v0.21.0 [GH-30842]
  • auth/gcp: Update plugin to v0.20.2 [GH-30081]
  • auth/jwt: Update plugin to v0.23.2 [GH-30431]
  • auth/jwt: Update plugin to v0.24.1 [GH-30876]
  • auth/kerberos: Update plugin to v0.15.0 [GH-30845]
  • auth/kubernetes: Update plugin to v0.22.1 [GH-30910]
  • auth/oci: Update plugin to v0.19.0 [GH-30841]
  • auth/saml: Update plugin to v0.6.0
  • core: Bump Go version to 1.24.4.
  • core: Verify that the client IP address extracted from an X-Forwarded-For header is a valid IPv4 or IPv6 address [GH-29774]
  • database/couchbase: Update plugin to v0.14.0 [GH-30836]
  • database/elasticsearch: Update plugin to v0.18.0 [GH-30796]
  • database/mongodbatlas: Update plugin to v0.15.0 [GH-30856]
  • database/redis-elasticache: Update plugin to v0.7.0 [GH-30785]
  • database/redis: Update plugin to v0.6.0 [GH-30797]
  • database/snowflake: Update plugin to v0.14.0 [GH-30748]
  • database/snowflake: Update plugin to v0.14.1 [GH-30868]
  • logical/system: add ent stub for plugin catalog handling [GH-30890]
  • quotas/rate-limit: Round up the Retry-After value to the nearest second when calculating the retry delay. [GH-30887]
  • secrets/ad: Update plugin to v0.21.0 [GH-30819]
  • secrets/alicloud: Update plugin to v0.20.0 [GH-30809]
  • secrets/azure: Update plugin to v0.21.2 [GH-30037]
  • secrets/azure: Update plugin to v0.21.3 [GH-30083]
  • secrets/azure: Update plugin to v0.22.0 [GH-30832]
  • secrets/gcp: Update plugin to v0.21.2 [GH-29970]
  • secrets/gcp: Update plugin to v0.21.3 [GH-30080]
  • secrets/gcp: Update plugin to v0.22.0 [GH-30846]
  • secrets/gcpkms: Update plugin to v0.21.0 [GH-30835]
  • secrets/kubernetes: Update plugin to v0.11.0 [GH-30855]
  • secrets/kv: Update plugin to v0.24.0 [GH-30826]
  • secrets/mongodbatlas: Update plugin to v0.15.0 [GH-30860]
  • secrets/openldap: Update plugin to v0.15.2 [GH-30079]
  • secrets/openldap: Update plugin to v0.15.4 [GH-30279]
  • secrets/openldap: Update plugin to v0.16.0 [GH-30844]
  • secrets/terraform: Update plugin to v0.12.0 [GH-30905]
  • server: disable_mlock configuration option is now required for integrated storage and no longer has a default. If you are using the default value with integrated storage, you must now explicitly set disable_mlock to true or false or Vault server will fail to start. [GH-29974]
  • ui/activity: Replaces mount and namespace attribution charts with a table to allow sorting
    client count data by namespace, mount_path, mount_type or number of clients for
    a selected month. [GH-30678]
  • ui: Client count side nav link 'Vault Usage Metrics' renamed to 'Client Usage' [GH-30765]
  • ui: Client counting "running total" charts now reflect new clients only [GH-30506]
  • ui: Removed FormError component (not used) [GH-34699]
  • ui: Selecting a different method in the login form no longer updates the /vault/auth?with= query parameter [GH-30500]
  • ui: /vault/auth?with= query parameter now exclusively refers to the auth mount path and renders a simplified form [GH-30500]

FEATURES:

  • Auto Irrevocable Lease Removal (Enterprise): Add the Vault Enterprise configuration param, remove_irrevocable_lease_after. When set to a non-zero value, this will automatically delete irrevocable leases after the configured duration exceeds the lease's expire time. The minimum duration allowed for this field is two days. [GH-30703]
  • Development Cluster Configuration (Enterprise): Added development_cluster as a field to Vault's utilization reports.
    The field is configurable via HCL and indicates whether the cluster is being used in a development environment, defaults to false if not set. [GH-30659]
  • Entity-based and collective rate limit quotas (Enterprise): Add new group_by field to the rate limit quota API to support different grouping modes.
  • Login form customization (Enterprise): Adds support to choose a default and/or backup auth methods for the web UI login form to streamline the web UI login experience. [GH-30700]
  • Plugin Downloads: Support automatically downloading official HashiCorp secret and auth plugins from releases.hashicorp.com (beta)
  • SSH Key Signing Improvements (Enterprise): Add support for using managed keys to sign SSH keys in the SSH secrets engine.
  • Secret Recovery from Snapshot (Enterprise): Adds a framework to load an integrated storage
    snapshot into Vault and read, list, and recover KV v1 and cubbyhole secrets from the snapshot. [GH-30739]
  • UI Secrets Engines: TOTP secrets engine is now supported. [GH-29751]
  • UI Telemetry: Add Posthog for UI telemetry tracking on Vault Dedicated managed clusters [GH-30425]
  • Vault Namespace Picker: Updating the Vault Namespace Picker to enable search functionality, allow direct navigation to nested namespaces and improve accessibility. [GH-30490]
  • Vault PKI SCEP Server (Enterprise): Support for the Simple Certificate Enrollment Protocol (SCEP) has been added to the Vault PKI Plugin. This allows standard SCEP clients to request certificates from a Vault server with no knowledge of Vault APIs.

IMPROVEMENTS:

  • activity (enterprise): Added vault.client.billing_period.activity telemetry metric to emit information about the total number of distinct clients used in the current billing period.
  • activity: mount_type was added to the API response of sys/internal/counters/activity [GH-30071]
  • activity: mount_type was added to the API response of sys/internal/counters/activity
  • api (enterprise): Added a new API, /sys/utilization-report, giving a snapshot overview of Vault's utilization at a high level.
  • api/client: Add Cert auth method support. This allows the client to authenticate using a client certificate. [GH-29546]
  • core (en...
Read more
Loading

v1.20.0-rc2

17 Jun 20:20
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.20.0-rc2
2b4cfe1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.20.0-rc2 Pre-release
Pre-release 
[VAULT-37186] This is an automated pull request to build all artifact…
Loading

v1.20.0-rc1

12 Jun 00:00
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.20.0-rc1
83157a2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.20.0-rc1 Pre-release
Pre-release

1.20.0-rc1

June 11, 2025

SECURITY:

  • core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. [GH-30794]

CHANGES:

  • UI: remove outdated and unneeded js string extensions [GH-29834]
  • activity (enterprise): The sys/internal/counters/activity endpoint will return actual values for new clients in the current month.
  • activity (enterprise): provided values for start_time and end_time in sys/internal/counters/activity are aligned to the corresponding billing period.
  • activity: provided value for end_time in sys/internal/counters/activity is now capped at the end of the last completed month. [GH-30164]
  • auth/alicloud: Update plugin to v0.21.0 [GH-30810]
  • auth/azure: Update plugin to v0.20.2. Login requires resource_group_name, vm_name, and vmss_name to match token claims [GH-30052]
  • auth/azure: Update plugin to v0.20.3 [GH-30082]
  • auth/azure: Update plugin to v0.20.4 [GH-30543]
  • auth/cf: Update plugin to v0.20.1 [GH-30583]
  • auth/cf: Update plugin to v0.21.0 [GH-30842]
  • auth/gcp: Update plugin to v0.20.2 [GH-30081]
  • auth/jwt: Update plugin to v0.23.2 [GH-30431]
  • auth/jwt: Update plugin to v0.24.1 [GH-30876]
  • auth/kerberos: Update plugin to v0.15.0 [GH-30845]
  • auth/kubernetes: Update plugin to v0.22.1 [GH-30910]
  • auth/oci: Update plugin to v0.19.0 [GH-30841]
  • auth/saml: Update plugin to v0.6.0
  • core: Bump Go version to 1.24.4
  • core: Verify that the client IP address extracted from an X-Forwarded-For header is a valid IPv4 or IPv6 address [GH-29774]
  • database/couchbase: Update plugin to v0.14.0 [GH-30836]
  • database/elasticsearch: Update plugin to v0.18.0 [GH-30796]
  • database/mongodbatlas: Update plugin to v0.15.0 [GH-30856]
  • database/redis-elasticache: Update plugin to v0.7.0 [GH-30785]
  • database/redis: Update plugin to v0.6.0 [GH-30797]
  • database/snowflake: Update plugin to v0.14.0 [GH-30748]
  • secrets/ad: Update plugin to v0.21.0 [GH-30819]
  • secrets/alicloud: Update plugin to v0.20.0 [GH-30809]
  • secrets/azure: Update plugin to v0.21.2 [GH-30037]
  • secrets/azure: Update plugin to v0.21.3 [GH-30083]
  • secrets/azure: Update plugin to v0.22.0 [GH-30832]
  • secrets/gcp: Update plugin to v0.21.2 [GH-29970]
  • secrets/gcp: Update plugin to v0.21.3 [GH-30080]
  • secrets/gcp: Update plugin to v0.22.0 [GH-30846]
  • secrets/gcpkms: Update plugin to v0.21.0 [GH-30835]
  • secrets/kubernetes: Update plugin to v0.11.0 [GH-30855]
  • secrets/kv: Update plugin to v0.24.0 [GH-30826]
  • secrets/openldap: Update plugin to v0.15.2 [GH-30079]
  • secrets/openldap: Update plugin to v0.15.4 [GH-30279]
  • secrets/openldap: Update plugin to v0.16.0 [GH-30844]
  • server: disable_mlock configuration option is now required for integrated storage and no longer has a default. If you are using the default value with integrated storage, you must now explicitly set disable_mlock to true or false or Vault server will fail to start. [GH-29974]
  • ui/activity: Replaces mount and namespace attribution charts with a table to allow sorting
    client count data by namespace, mount_path, mount_type or number of clients for
    a selected month. [GH-30678]
  • ui: Client count side nav link 'Vault Usage Metrics' renamed to 'Client Usage' [GH-30765]
  • ui: Client counting "running total" charts now reflect new clients only [GH-30506]
  • ui: Removed FormError component (not used) [GH-34699]
  • ui: Selecting a different method in the login form no longer updates the /vault/auth?with= query parameter [GH-30500]
  • ui: /vault/auth?with= query parameter now exclusively refers to the auth mount path and renders a simplified form [GH-30500]

FEATURES:

  • Auto Irrevocable Lease Removal (Enterprise): Add the Vault Enterprise configuration param, remove_irrevocable_lease_after. When set to a non-zero value, this will automatically delete irrevocable leases after the configured duration exceeds the lease's expire time. The minimum duration allowed for this field is two days. [GH-30703]
  • Development Cluster Configuration (enterprise): Added development_cluster as a field to Vault's utilization reports.
    The field is configurable via HCL and indicates whether the cluster is being used in a development environment, defaults to false if not set. [GH-30659]
  • Entity-based and collective rate limit quotas (enterprise): Add new group_by field to the rate limit quota API to support different grouping modes.
  • Login form customization (enterprise): Adds support to choose a default and/or backup auth methods for the web UI login form to streamline the web UI login experience. [GH-30700]
  • Secret Recovery from Snapshot (Enterprise): Adds a framework to load an integrated storage snapshot into Vault and read, list, and recover KV v1 and cubbyhole secrets from the snapshot.
  • SSH Key Signing Improvements (Enterprise): Add support for using managed keys to sign SSH keys in the SSH secrets engine.
  • UI Secrets Engines: TOTP secrets engine is now supported. [GH-29751]
  • UI Telemetry: add Posthog for UI telemetry tracking on HashiCorp Cloud-managed clusters [GH-30425]
  • Vault Namespace Picker: Updating the Vault Namespace Picker to enable search functionality, allow direct navigation to nested namespaces and improve accessibility. [GH-30490]
  • Vault PKI SCEP Server (Enterprise): Support for the Simple Certificate Enrollment Protocol (SCEP) has been added to the Vault PKI Plugin. This allows standard SCEP clients to request certificates from a Vault server with no knowledge of Vault APIs.

IMPROVEMENTS:

  • activity (enterprise): Added vault.client.billing_period.activity telemetry metric to emit information about the total number of distinct clients used in the current billing period.
  • activity: mount_type was added to the API response of sys/internal/counters/activity [GH-30071]
  • api (enterprise): Added a new API, /sys/utilization-report, giving a snapshot overview of Vault's utilization at a high level.
  • api/client: Add Cert auth method support. This allows the client to authenticate using a client certificate. [GH-29546]
  • core (enterprise): allow a root token to relock a namespace locked by the Namespace API Lock feature.
  • core (enterprise): Updated code and documentation to support FIPS 140-3 compliant algorithms.
  • core (enterprise): report errors from the underlying seal when getting entropy.
  • core (enterprise): update to FIPS 140-3 cryptographic module in the FIPS builds.
  • core/metrics: added a new telemetry metric, vault.core.response_status_code, with two labels, code, and type, detailing the status codes of all responses to requests that Vault handles. [GH-30354]
  • core: Updated code and documentation to support FIPS 140-3 compliant algorithms. [GH-30576]
  • core: support for X25519MLKEM768 (post quantum key agreement) in the Go TLS stack. [GH-30603]
  • events: Add vault_index to an event's metadata if the metadata contains modified=true, to support client consistency controls when reading from Vault in response to an event where storage was modified. [GH-30725]
  • physical/postgres: Adds support to authenticate with the PostgreSQL Backend server with cloud based identities (AWS IAM, Azure MSI and GCP IA...
Read more
Loading

v1.19.5

29 May 22:59
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.19.5
7010adf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.19.5

1.19.5

May 30, 2025

Enterprise LTS: Vault Enterprise 1.19 is a Long-Term Support (LTS) release.

CHANGES:

  • database/snowflake: Update plugin to v0.13.1 [GH-30775]

IMPROVEMENTS:

  • plugins: Support registration of CE plugins with extracted artifact directory. [GH-30673]

BUG FIXES:

  • ui: Fix broken link to Hashicorp Vault developer site in the Web REPL help. [GH-30670]
Loading