Skip to content

Latest commit

 

History

History
262 lines (231 loc) · 11.5 KB

1.16.1.mdx

File metadata and controls

262 lines (231 loc) · 11.5 KB
layout page_title description
docs
1.16.1 release notes
Key updates for Vault 1.16.1

Vault 1.16.1 release notes

GA date: 2024-04-04

@include 'release-notes/intro.mdx'

Important changes

Version Change
1.16.0+ Existing clusters do not show the current Vault version in UI by default
1.16.0+ Default LCQ enabled when upgrading pre-1.9
1.16.0+ External plugin environment variables take precedence over server variables
1.16.0+ LDAP auth entity alias names no longer include upndomain
1.16.0+ Secrets Sync now requires a one-time flag to operate
1.16.0+ Azure secrets engine role creation failing
1.16.1 - 1.16.3 New nodes added by autopilot upgrades provisioned with the wrong version
1.15.8+ Autopilot upgrade for Vault Enterprise fails
1.16.5 Listener stops listening on untrusted upstream connection with particular config settings
1.16.3 - 1.16.6 Vault standby nodes not deleting removed entity-aliases from in-memory database
0.7.0+ Duplicate identity groups created
Known Issue (0.7.0+) Manual entity merges fail
Known Issue (1.16.7-1.16.8) Some values in the audit logs not hmac'd properly
New default (1.16.13) Vault product usage metrics reporting
Deprecation (1.16.13) default_report_months is deprecated for the sys/internal/counters API
Known Issue (1.16.16) Authorization failures using Azure federated identity credentials
Known issue (1.16.16) Unexpected static role rotations on upgrade

Vault companion updates

Companion updates are Vault updates that live outside the main Vault binary.

Release Update Description
Vault Secrets Operator (v0.5) ENHANCED Use templating to format, transform, and decode secrets before syncing to Kubernetes secret.

Learn more: Secret data transformation

Core updates

Follow the learn more links for more information, or browse the list of Vault tutorials updated to highlight changes for the most recent GA release.

Release Update Description
Endpoint hardening ENHANCED Minimize network exposure by selectively redacting select fields like IP addresses, cluster names, and Vault version from the HTTP responses of your Vault server.

Learn more:  redact_addresses parameter
External plugins GA Run external plugins in their own container with native container platform controls.

Learn more: Containerize Vault plugins

Enterprise updates

Release Update Description
Long-term support GA Reduce risk and operational overhead with Vault Enterprise Long-Term Support (LTS) releases.

Learn more: LTS overview
Vault GUI GA Configure custom messages and display those messages to targeted users in the Vault GUI.

Learn more: Custom UI messages
Audit logging GA Filter audit logs to write data to different destinations based on the content.

Learn more: Filter syntax for audit results
Static secret caching GA Use Vault Proxy to cache static secrets for a set period of time and receive event notifications when secrets change.

Learn more: Vault Proxy static secret caching
Event notifications GA Subscribe to notifications for various events in Vault. Includes support for filtering, permissions, and cluster configurations with K-V secrets.

Learn more: Events
Public Key Infrastructure (PKI) BETA Automate certificate lifecycle management for IoT/EST enabled devices with native EST protocol support

Learn more: Enrollment over Secure Transport (EST)
Default lease count quotas GA New server deployments automatically create a lease count quota in the root namespace with a 300K limit.

Learn more: Lease count quotas
License utilization reporting ENHANCED Use the Vault CLI to bundle and report usage data to HashiCorp for clusters that do not report license utilization data automatically.

Learn more: Manual license utilization reporting
Secrets sync GA Sync Key Value (KV) v2 data between Vault and secrets managers from AWS, Azure, Google Cloud Platform (GCP), GitHub, and Vercel.

Learn more: Secrets Sync
AWS plugin GA Use automatic identity tokes for workload identity federation authentication flows with the AWS secret engine without explicitly configuring sensitive security credentials.

Learn more: AWS secrets engine

Feature deprecations and EOL

Deprecated in 1.16 Retired in 1.16
None None

@include 'release-notes/deprecation-note.mdx'