mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-23 23:51:08 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/docs/updates/release-notes.mdx
Thy Ton 10dafbdf65
write known issues for follower nodes failure to extract ent plugins (#30628) 
---------

Co-authored-by: helenfufu <25168806+helenfufu@users.noreply.github.com
2025-05-16 13:01:17 -07:00

261 lines
10 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: "Vault release notes"
description: >-
Key updates for the latest major Vault release
---
# Vault release notes
- **Version**: 1.19.x
- **GA date**: 2025-03-05
@include 'release-notes/intro.mdx'
## Previous releases
- Vault 1.18.x [release notes](/vault/docs/v1.18.x/release-notes/1.18.0) and
[important changes](/vault/docs/v1.18.x/upgrading/upgrade-to-1.18.x)
- Vault 1.17.x [release notes](/vault/docs/v1.17.x/release-notes/1.17.0) and
[important changes](/vault/docs/v1.17.x/upgrading/upgrade-to-1.17.x)
- Vault 1.16.x [release notes](/vault/docs/v1.16.x/release-notes/1.16.1) and
[important changes](/vault/docs/v1.16.x/upgrading/upgrade-to-1.16.x)
## Important changes
| Change | Affected releases | Description
|---------------- | ------------------------------ | -----------
| Support change | 1.16.x | 1.16.x moves to [long term support](/vault/docs/enterprise/lts) and 1.19 becomes the current LTS version.
| New behavior | 1.19.x | [Transit support for Ed25519ph and Ed25519ctx signatures](/vault/docs/updates/important-changes#ed25519)
| New behavior | 1.19.x | [Identity system duplicate cleanup](/vault/docs/updates/important-changes##dedupe)
| Breaking change | 1.19.x | [Security improvement for LDAP user DN search with `upndomain`](/vault/docs/updates/important-changes#ldap)
| Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Duplicate unseal/seal wrap HSM keys](/vault/docs/updates/important-changes##hsm-keys)
| New behavior | 1.19.x | [Anonymized cluster data returned with license utilization](/vault/docs/updates/important-changes#anon-data)
| New behavior | 1.19.x | [Uppercase values are no longer forced to lower case](/vault/docs/updates/important-changes#case-sensitive)
| Known issue | 1.19.x | [Login/token renewal failures after group changes](/vault/docs/updates/important-changes#group-writes)
| New behavior | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Strict validation for Azure auth login requests](/vault/docs/updates/important-changes#strict-azure)
| Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Unexpected LDAP static role rotations on upgrade](/vault/docs/updates/important-changes#ldap-static-role-rotations)
| Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Unexpected DB static role rotations on upgrade](/vault/docs/updates/important-changes#db-static-role-rotations)
| Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Vault log file missing subsystem logs](/vault/docs/updates/important-changes#missing-logs)
| Known issue | 1.19.x | [Automated rotation stops after unseal](/vault/docs/updates/important-changes#rotation-stops)
| Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Azure Auth fails to authenticate Uniform VMSS instances](/vault/docs/updates/important-changes#azure-vmss)
| Known issue | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [External Vault Enterprise plugins can't run on a standby node when it becomes active](/vault/docs/updates/important-changes#external-enterprise-plugins)
## Feature deprecations and EOL
Deprecated in 1.19.x | Retired in 1.19.x
-------------------- | ---------------
None | [Active Directory plugin](/vault/docs/deprecation#ad-secrets-engine)
@include 'release-notes/deprecation-note.mdx'
## Vault companion updates
Companion updates are Vault updates that live outside the main Vault binary.
**None**.
## Community updates
Follow the learn more links for more information, or browse the list of
[Vault tutorials updated to highlight changes for the most recent GA release](/vault/tutorials/new-release).
<table>
<thead>
<tr>
<th style={{verticalAlign: 'middle'}}>Release</th>
<th style={{verticalAlign: 'middle'}}>Update</th>
<th style={{verticalAlign: 'middle'}}>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{verticalAlign: 'middle'}}>
Faster availability after restart
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
<td style={{verticalAlign: 'middle'}}>
Identity loading on restart is up to 40% faster and Vault logs include new
diagnostic information to troubleshoot cluster slowness with the
`post_unseal_trace_directory` configuration setting.
<br /><br />
Learn more: <a href="/vault/docs/configuration#enable_post_unseal_trace">`post_unseal_trace_directory` parameter details</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Raft integrated storage
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Corrects a previous issue with Raft nodes generating stale data by
preventing stale nodes from servicing requests to the cluster.
</td>
</tr>
</tbody>
</table>
## Enterprise updates
<table>
<thead>
<tr>
<th style={{verticalAlign: 'middle'}}>Release</th>
<th style={{verticalAlign: 'middle'}}>Update</th>
<th style={{verticalAlign: 'middle'}}>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{verticalAlign: 'middle'}}>
Identity
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Opt-in resolution of accidental duplicates in the identity system with a
gated feature to force deduplication.
<br /><br />
Learn more: <a href="/vault/docs/upgrading/deduplication">Find and resolve duplicate Vault identities</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Autopilot
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Improved upgrade stability with better cluster leadership reconciliation.
<br /><br />
Learn more: <a href="/vault/docs/concepts/integrated-storage/autopilot">Autopilot overview</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Database support
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Onboard static database accounts without immediate rotation, precise
timing, or coordinating with maintenance windows.
<br /><br />
Learn more: <a href="/vault/docs/secrets/databases#onboarding-static-database-users">Onboarding static DB users</a>
</td>
</tr>
<tr>
<td rowSpan={2} style={{verticalAlign: 'middle'}}>
Events
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Vault now sends event notifications to subscribers on all Vault nodes
within a cluster.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Notification subscriptions for secret deletion no longer requires a root
token.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Plugin support
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Run Vault Enterprise plugins external to Vault. Running plugins externally
is useful in deployments when the plugin requires different environment
variable values than the Vault binary.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Automated root credential rotation
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
<td style={{verticalAlign: 'middle'}}>
Use a rotation manager to regularly rotate credentials for
AWS (
<a href="/vault/docs/secrets/aws#schedule-based-root-credential-rotation">secrets</a>,
&nbsp;
<a href="/vault/docs/auth/aws#schedule-based-root-credential-rotation">authN</a>
),
Azure (
<a href="/vault/docs/secrets/azure#root-credential-rotation">secrets</a>,
&nbsp;
<a href="/vault/api-docs/auth/azure#rotate-root">authN</a>
),
GCP (
<a href="/vault/docs/secrets/gcp#root-credential-rotation">secrets</a>,
&nbsp;
<a href="/vault/api-docs/auth/gcp#rotate-root-credentials">authN</a>
),
LDAP (
<a href="/vault/docs/secrets/ldap#root-credential-rotation">secrets</a>,
&nbsp;
<a href="/vault/docs/auth/ldap#root-credential-rotation">authN</a>
),
and <a href="/vault/docs/secrets/databases#schedule-based-static-role-rotation">DB plugins</a>
&nbsp;
without manual intervention.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
AWS plugin
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Vault now supports AWS static role credentials for multiple AWS accounts
with a single mount path to better manage AWS credentials at scale.
<br /><br />
Learn more: <a href="/vault/docs/secrets/aws#sts-assumerole">STS AssumeRole</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
GUI support for WIF plugin configuration
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
<td style={{verticalAlign: 'middle'}}>
Use the Vault GUI to enable and configure WIF with
&nbsp;<a href="/vault/docs/secrets/aws#setup">AWS</a>,
&nbsp;<a href="/vault/docs/secrets/aws#setup">Azure</a>, and
&nbsp;<a href="/vault/docs/secrets/gcp#setup">GCP</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
PKI: Constrained CA support
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
<td style={{verticalAlign: 'middle'}}>
Use the PKI plugin to instantiate intermediate CAs with customer defined
constraints (permitted URI , IPs, excluded DNS, etc.) and delegate PKI
administration.
<br /><br />
Learn more: <a href="/vault/api-docs/secret/pki">PKI plugin API</a>
</td>
</tr>
</tbody>
</table>
Reference in New Issue View Git Blame Copy Permalink