--- layout: docs page_title: "Vault release notes" description: >- Key updates for the latest major Vault release --- # Vault release notes - **Version**: 1.19.x - **GA date**: 2025-03-05 @include 'release-notes/intro.mdx' ## Previous releases - Vault 1.18.x [release notes](/vault/docs/v1.18.x/release-notes/1.18.0) and [important changes](/vault/docs/v1.18.x/upgrading/upgrade-to-1.18.x) - Vault 1.17.x [release notes](/vault/docs/v1.17.x/release-notes/1.17.0) and [important changes](/vault/docs/v1.17.x/upgrading/upgrade-to-1.17.x) - Vault 1.16.x [release notes](/vault/docs/v1.16.x/release-notes/1.16.1) and [important changes](/vault/docs/v1.16.x/upgrading/upgrade-to-1.16.x) ## Important changes | Change | Affected releases | Description |---------------- | ------------------------------ | ----------- | Support change | 1.16.x | 1.16.x moves to [long term support](/vault/docs/enterprise/lts) and 1.19 becomes the current LTS version. | New behavior | 1.19.x | [Transit support for Ed25519ph and Ed25519ctx signatures](/vault/docs/updates/important-changes#ed25519) | New behavior | 1.19.x | [Identity system duplicate cleanup](/vault/docs/updates/important-changes##dedupe) | Breaking change | 1.19.x | [Security improvement for LDAP user DN search with `upndomain`](/vault/docs/updates/important-changes#ldap) | Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Duplicate unseal/seal wrap HSM keys](/vault/docs/updates/important-changes##hsm-keys) | New behavior | 1.19.x | [Anonymized cluster data returned with license utilization](/vault/docs/updates/important-changes#anon-data) | New behavior | 1.19.x | [Uppercase values are no longer forced to lower case](/vault/docs/updates/important-changes#case-sensitive) | Known issue | 1.19.x | [Login/token renewal failures after group changes](/vault/docs/updates/important-changes#group-writes) | New behavior | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Strict validation for Azure auth login requests](/vault/docs/updates/important-changes#strict-azure) | Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Unexpected LDAP static role rotations on upgrade](/vault/docs/updates/important-changes#ldap-static-role-rotations) | Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Unexpected DB static role rotations on upgrade](/vault/docs/updates/important-changes#db-static-role-rotations) | Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Vault log file missing subsystem logs](/vault/docs/updates/important-changes#missing-logs) | Known issue | 1.19.x | [Automated rotation stops after unseal](/vault/docs/updates/important-changes#rotation-stops) | Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Azure Auth fails to authenticate Uniform VMSS instances](/vault/docs/updates/important-changes#azure-vmss) | Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [External Vault Enterprise plugins can't run on a standby node when it becomes active](/vault/docs/updates/important-changes#external-enterprise-plugins) ## Feature deprecations and EOL Deprecated in 1.19.x | Retired in 1.19.x -------------------- | --------------- None | [Active Directory plugin](/vault/docs/deprecation#ad-secrets-engine) @include 'release-notes/deprecation-note.mdx' ## Vault companion updates Companion updates are Vault updates that live outside the main Vault binary. **None**. ## Community updates Follow the learn more links for more information, or browse the list of [Vault tutorials updated to highlight changes for the most recent GA release](/vault/tutorials/new-release).
Release Update Description
Faster availability after restart GA Identity loading on restart is up to 40% faster and Vault logs include new diagnostic information to troubleshoot cluster slowness with the `post_unseal_trace_directory` configuration setting.

Learn more: `post_unseal_trace_directory` parameter details
Raft integrated storage ENHANCED Corrects a previous issue with Raft nodes generating stale data by preventing stale nodes from servicing requests to the cluster.
## Enterprise updates
Release Update Description
Identity ENHANCED Opt-in resolution of accidental duplicates in the identity system with a gated feature to force deduplication.

Learn more: Find and resolve duplicate Vault identities
Autopilot ENHANCED Improved upgrade stability with better cluster leadership reconciliation.

Learn more: Autopilot overview
Database support ENHANCED Onboard static database accounts without immediate rotation, precise timing, or coordinating with maintenance windows.

Learn more: Onboarding static DB users
Events ENHANCED Vault now sends event notifications to subscribers on all Vault nodes within a cluster.
ENHANCED Notification subscriptions for secret deletion no longer requires a root token.
Plugin support ENHANCED Run Vault Enterprise plugins external to Vault. Running plugins externally is useful in deployments when the plugin requires different environment variable values than the Vault binary.
Automated root credential rotation GA Use a rotation manager to regularly rotate credentials for AWS ( secrets,   authN ), Azure ( secrets,   authN ), GCP ( secrets,   authN ), LDAP ( secrets,   authN ), and DB plugins   without manual intervention.
AWS plugin ENHANCED Vault now supports AWS static role credentials for multiple AWS accounts with a single mount path to better manage AWS credentials at scale.

Learn more: STS AssumeRole
GUI support for WIF plugin configuration GA Use the Vault GUI to enable and configure WIF with  AWS,  Azure, and  GCP
PKI: Constrained CA support GA Use the PKI plugin to instantiate intermediate CAs with customer defined constraints (permitted URI , IPs, excluded DNS, etc.) and delegate PKI administration.

Learn more: PKI plugin API