mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-23 23:51:08 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/docs/release-notes/1.19.0.mdx
Sarah Chavis 4383f5bb9c
make AD secrets plugin EOL (#29923)
2025-03-13 15:14:36 -07:00

245 lines
8.4 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: "1.19.0 release notes"
description: |-
Key updates for Vault 1.19.0
---
# Vault 1.19.0 release notes
**GA date:** 2025-03-05
@include 'release-notes/intro.mdx'
## Important changes
| Change | Description
|---------------------------------------------- |------------
| Support change (1.16.x) | 1.16.x moves to [long term support](/vault/docs/enterprise/lts) and 1.19 becomes the current LTS version.
| New behavior (1.19.0) | [Changed behavior for Ed25519 signatures in Transit plugin](/vault/docs/upgrading/upgrade-to-1.19.x#ed25519)
| New behavior (1.19.0) | [Duplicate identity cleanup and forced deduplication](/vault/docs/upgrading/upgrade-to-1.19.x#dedupe)
| Breaking change (1.19) | [LDAP security improvement impacting user DN search with `upndomain`](/vault/docs/upgrading/upgrade-to-1.19.x#ldap-user-dn-search-with-upndomain)
| New behavior (1.19.0) | [Anonymized cluster data returned with license utilization](/vault/docs/upgrading/upgrade-to-1.19.x#anon-data)
| Known issue (1.19.x, 1.18.x, 1.17.x, 1.16.x) | [Duplicate HSM keys creation when migrating to HSM from Shamir](/vault/docs/upgrading/upgrade-to-1.19.x#hsm-keys)
| New behavior (1.19.0) | [Uppercase values are no longer forced to lower case](/vault/docs/upgrading/upgrade-to-1.19.x#case-sensitive)
## Feature deprecations and EOL
Deprecated in 1.19.x | Retired in 1.19.x
-------------------- | ---------------
None | [Active Directory plugin](/vault/docs/deprecation#ad-secrets-engine)
@include 'release-notes/deprecation-note.mdx'
## Vault companion updates
Companion updates are Vault updates that live outside the main Vault binary.
**None**.
## Community updates
Follow the learn more links for more information, or browse the list of
[Vault tutorials updated to highlight changes for the most recent GA release](/vault/tutorials/new-release).
<table>
<thead>
<tr>
<th style={{verticalAlign: 'middle'}}>Release</th>
<th style={{verticalAlign: 'middle'}}>Update</th>
<th style={{verticalAlign: 'middle'}}>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{verticalAlign: 'middle'}}>
Faster availability after restart
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
<td style={{verticalAlign: 'middle'}}>
Identity loading on restart is up to 40% faster and Vault logs include new
diagnostic information to troubleshoot cluster slowness with the
`post_unseal_trace_directory` configuration setting.
<br /><br />
Learn more: <a href="/vault/docs/configuration#enable_post_unseal_trace">`post_unseal_trace_directory` parameter details</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Raft integrated storage
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Corrects a previous issue with Raft nodes generating stale data by
preventing stale nodes from servicing requests to the cluster.
</td>
</tr>
</tbody>
</table>
## Enterprise updates
<table>
<thead>
<tr>
<th style={{verticalAlign: 'middle'}}>Release</th>
<th style={{verticalAlign: 'middle'}}>Update</th>
<th style={{verticalAlign: 'middle'}}>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{verticalAlign: 'middle'}}>
Identity
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Opt-in resolution of accidental duplicates in the identity system with a
gated feature to force deduplication.
<br /><br />
Learn more: <a href="/vault/docs/upgrading/deduplication">Find and resolve duplicate Vault identities</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Autopilot
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Improved upgrade stability with better cluster leadership reconciliation.
<br /><br />
Learn more: <a href="/vault/docs/concepts/integrated-storage/autopilot">Autopilot overview</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Database support
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Onboard static database accounts without immediate rotation, precise
timing, or coordinating with maintenance windows.
<br /><br />
Learn more: <a href="/vault/docs/secrets/databases#onboarding-static-database-users">Onboarding static DB users</a>
</td>
</tr>
<tr>
<td rowSpan={2} style={{verticalAlign: 'middle'}}>
Events
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Vault now sends event notifications to subscribers on all Vault nodes
within a cluster.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Notification subscriptions for secret deletion no longer requires a root
token.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Plugin support
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Run Vault Enterprise plugins external to Vault. Running plugins externally
is useful in deployments when the plugin requires different environment
variable values than the Vault binary.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Automated root credential rotation
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
<td style={{verticalAlign: 'middle'}}>
Use a rotation manager to regularly rotate credentials for
AWS (
<a href="/vault/docs/secrets/aws#schedule-based-root-credential-rotation">secrets</a>,
&nbsp;
<a href="/vault/docs/auth/aws#schedule-based-root-credential-rotation">authN</a>
),
Azure (
<a href="/vault/docs/secrets/azure#root-credential-rotation">secrets</a>,
&nbsp;
<a href="/vault/api-docs/auth/azure#rotate-root">authN</a>
),
GCP (
<a href="/vault/docs/secrets/gcp#root-credential-rotation">secrets</a>,
&nbsp;
<a href="/vault/api-docs/auth/gcp#rotate-root-credentials">authN</a>
),
LDAP (
<a href="/vault/docs/secrets/ldap#root-credential-rotation">secrets</a>,
&nbsp;
<a href="/vault/docs/auth/ldap#root-credential-rotation">authN</a>
),
and <a href="/vault/docs/secrets/databases#schedule-based-static-role-rotation">DB plugins</a>
&nbsp;
without manual intervention.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
AWS plugin
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
<td style={{verticalAlign: 'middle'}}>
Vault now supports AWS static role credentials for multiple AWS accounts
with a single mount path to better manage AWS credentials at scale.
<br /><br />
Learn more: <a href="/vault/docs/secrets/aws#sts-assumerole">STS AssumeRole</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
GUI support for WIF plugin configuration
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
<td style={{verticalAlign: 'middle'}}>
Use the Vault GUI to enable and configure WIF with
&nbsp;<a href="/vault/docs/secrets/aws#setup">AWS</a>,
&nbsp;<a href="/vault/docs/secrets/aws#setup">Azure</a>, and
&nbsp;<a href="/vault/docs/secrets/gcp#setup">GCP</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
PKI: Constrained CA support
</td>
<td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
<td style={{verticalAlign: 'middle'}}>
Use the PKI plugin to instantiate intermediate CAs with customer defined
constraints (permitted URI , IPs, excluded DNS, etc.) and delegate PKI
administration.
<br /><br />
Learn more: <a href="/vault/api-docs/secret/pki">PKI plugin API</a>
</td>
</tr>
</tbody>
</table>
Reference in New Issue View Git Blame Copy Permalink