--- layout: docs page_title: "1.19.0 release notes" description: |- Key updates for Vault 1.19.0 --- # Vault 1.19.0 release notes **GA date:** 2025-03-05 @include 'release-notes/intro.mdx' ## Important changes | Change | Description |---------------------------------------------- |------------ | Support change (1.16.x) | 1.16.x moves to [long term support](/vault/docs/enterprise/lts) and 1.19 becomes the current LTS version. | New behavior (1.19.0) | [Changed behavior for Ed25519 signatures in Transit plugin](/vault/docs/upgrading/upgrade-to-1.19.x#ed25519) | New behavior (1.19.0) | [Duplicate identity cleanup and forced deduplication](/vault/docs/upgrading/upgrade-to-1.19.x#dedupe) | Breaking change (1.19) | [LDAP security improvement impacting user DN search with `upndomain`](/vault/docs/upgrading/upgrade-to-1.19.x#ldap-user-dn-search-with-upndomain) | New behavior (1.19.0) | [Anonymized cluster data returned with license utilization](/vault/docs/upgrading/upgrade-to-1.19.x#anon-data) | Known issue (1.19.x, 1.18.x, 1.17.x, 1.16.x) | [Duplicate HSM keys creation when migrating to HSM from Shamir](/vault/docs/upgrading/upgrade-to-1.19.x#hsm-keys) | New behavior (1.19.0) | [Uppercase values are no longer forced to lower case](/vault/docs/upgrading/upgrade-to-1.19.x#case-sensitive) ## Feature deprecations and EOL Deprecated in 1.19.x | Retired in 1.19.x -------------------- | --------------- None | [Active Directory plugin](/vault/docs/deprecation#ad-secrets-engine) @include 'release-notes/deprecation-note.mdx' ## Vault companion updates Companion updates are Vault updates that live outside the main Vault binary. **None**. ## Community updates Follow the learn more links for more information, or browse the list of [Vault tutorials updated to highlight changes for the most recent GA release](/vault/tutorials/new-release).
Release Update Description
Faster availability after restart GA Identity loading on restart is up to 40% faster and Vault logs include new diagnostic information to troubleshoot cluster slowness with the `post_unseal_trace_directory` configuration setting.

Learn more: `post_unseal_trace_directory` parameter details
Raft integrated storage ENHANCED Corrects a previous issue with Raft nodes generating stale data by preventing stale nodes from servicing requests to the cluster.
## Enterprise updates
Release Update Description
Identity ENHANCED Opt-in resolution of accidental duplicates in the identity system with a gated feature to force deduplication.

Learn more: Find and resolve duplicate Vault identities
Autopilot ENHANCED Improved upgrade stability with better cluster leadership reconciliation.

Learn more: Autopilot overview
Database support ENHANCED Onboard static database accounts without immediate rotation, precise timing, or coordinating with maintenance windows.

Learn more: Onboarding static DB users
Events ENHANCED Vault now sends event notifications to subscribers on all Vault nodes within a cluster.
ENHANCED Notification subscriptions for secret deletion no longer requires a root token.
Plugin support ENHANCED Run Vault Enterprise plugins external to Vault. Running plugins externally is useful in deployments when the plugin requires different environment variable values than the Vault binary.
Automated root credential rotation GA Use a rotation manager to regularly rotate credentials for AWS ( secrets,   authN ), Azure ( secrets,   authN ), GCP ( secrets,   authN ), LDAP ( secrets,   authN ), and DB plugins   without manual intervention.
AWS plugin ENHANCED Vault now supports AWS static role credentials for multiple AWS accounts with a single mount path to better manage AWS credentials at scale.

Learn more: STS AssumeRole
GUI support for WIF plugin configuration GA Use the Vault GUI to enable and configure WIF with  AWS,  Azure, and  GCP
PKI: Constrained CA support GA Use the PKI plugin to instantiate intermediate CAs with customer defined constraints (permitted URI , IPs, excluded DNS, etc.) and delegate PKI administration.

Learn more: PKI plugin API