Vault - Package Updates

Package Updates

[1.80.1]

• Update vault to 1.19.1
• Full Changelog

Package Updates

[1.80.2]

• Update vault to 1.19.2
• Full Changelog
• core: Bump Go version to 1.23.8
• secrets/openldap: Update plugin to v0.15.4 [GH-30279]
• secrets/openldap: Prevent static role rotation on upgrade when NextVaultRotation is nil. Fixes an issue where static roles were unexpectedly rotated after upgrade due to a missing NextVaultRotation value. Now sets it to either LastVaultRotation + RotationPeriod or now + RotationPeriod. [GH-30265]
• secrets/pki (enterprise): Address a parsing bug that rejected CMPv2 requests containing a validity field.
• secrets/pki: fix a bug where key_usage was ignored when generating root certificates, and signing certain intermediate certificates. [GH-30034]
• secrets/transit: fix a panic when rotating on a managed key returns an error [GH-30214]

Package Updates

[1.80.3]

• Update vault to 1.19.3
• Full Changelog

Package Updates

[1.80.4]

• Update vault to 1.19.4
• Full Changelog
• Update vault-plugin-auth-cf to v0.20.1 GH-30586]
• auth/azure: Update plugin to v0.20.4 GH-30543]
• core: Bump Go version to 1.24.3.
• Namespaces (enterprise): allow a root token to relock a namespace
• core (enterprise): update to FIPS 140-3 cryptographic module in the FIPS builds.
• core: Updated code and documentation to support FIPS 140-3 compliant algorithms. GH-30576]
• core: support for X25519MLKEM768 (post quantum key agreement) in the Go TLS stack. GH-30603]
• ui: Replaces all instances of the deprecated event.keyCode with event.key GH-30493]
• core (enterprise): fix a bug where plugin automated root rotations would stop after seal/unseal operations
• plugins (enterprise): Fix an issue where Enterprise plugins can't run on a standby node when it becomes active because standby nodes don't extract the artifact when the plugin is registered. Remove extracting from Vault and require the operator to place the extracted artifact in the plugin directory before registration.

Package Updates

[1.80.5]

• Update vault to 1.19.5
• Full Changelog

Package Updates

[1.81.0]

• Update vault to 1.20.0
• Full Changelog
• core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. [GH-30794],[HCSEC-2025-11]
• UI: remove outdated and unneeded js string extensions [GH-29834]
• activity (enterprise): The sys/internal/counters/activity endpoint will return actual values for new clients in the current month.
• activity (enterprise): provided values for start_time and end_time in sys/internal/counters/activity are aligned to the corresponding billing period.
• activity: provided value for end_time in sys/internal/counters/activity is now capped at the end of the last completed month. [GH-30164]
• api: Update the default API client to check for the Retry-After header and, if it exists, wait for the specified duration before retrying the request. [GH-30887]
• auth/alicloud: Update plugin to v0.21.0 [GH-30810]
• auth/azure: Update plugin to v0.20.2. Login requires resource_group_name, vm_name, and vmss_name to match token claims [GH-30052]
• auth/azure: Update plugin to v0.20.3 [GH-30082]
• auth/azure: Update plugin to v0.20.4 [GH-30543]

Package Updates

[1.81.1]

• Update vault to 1.20.1
• Full Changelog

Package Updates

[1.81.2]

• Update vault to 1.20.2
• Full Changelog
• auth/ldap: fix MFA/TOTP enforcement bypass when username_as_alias is enabled [GH-31427,HCSEC-2025-20].
• agent/template: Fixed issue where templates would not render correctly if namespaces was provided by config, and the namespace and mount path of the secret were the same. [GH-31392]
• identity/mfa: revert cache entry change from #​31217 and document cache entry values [GH-31421]

Package Updates

[1.81.3]

• Update vault to 1.20.3
• Full Changelog
• core: Bump Go version to 1.24.6. (ce56e14e)
• http: Add JSON configurable limits to HTTP handling for JSON payloads: max_json_depth, max_json_string_value_length, max_json_object_entry_count, max_json_array_element_count. [GH-31069]
• sdk: Upgrade to go-secure-stdlib/plugincontainer@v0.4.2, which also bumps github.com/docker/docker to v28.3.3+incompatible (8f172169)
• secrets/openldap (enterprise): update plugin to v0.16.1
• auth/ldap: add explicit logging to rotations in ldap [GH-31401]
• core (enterprise): improve rotation manager logging to include specific lines for rotation success and failure
• secrets/database: log password rotation success (info) and failure (error). Some relevant log lines have been updated to include "path" fields. [GH-31402]
• secrets/transit: add logging on both success and failure of key rotation [GH-31420]
• ui: Use the Helios Design System Code Block component for all readonly code editors and use its Code Editor component for all other code editors [GH-30188]
• core (enterprise): fix a bug where issuing a token in a namespace used root auth configuration instead of namespace auth configuration