From 9684cd55ffde42a952e2122b36de7d6f74e19423 Mon Sep 17 00:00:00 2001 From: Vault Automation Date: Thu, 5 Feb 2026 18:41:52 -0500 Subject: [PATCH] Update CHANGELOG.md for versions 1.21.3, 1.20.8, 1.19.14, and 1.16.30 (#12205) (#12222) * Update CHANGELOG.md for versions 1.21.3, 1.20.8, 1.19.14, and 1.16.30 Added release notes for version 1.21.3, 1.20.8, 1.19.14, and 1.16.30 Enterprise, including security updates, changes, features, improvements, and bug fixes. * Update CHANGELOG for version 1.19.14 Added new security, changes, improvements, and bug fixes for version 1.19.14. * Fix formatting issues in CHANGELOG.md Removed extra newlines in CHANGELOG.md to improve formatting. Co-authored-by: Tony Wittinger --- CHANGELOG.md | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b215d598e1..27472494ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,38 @@ - [v1.0.0 - v1.9.10](CHANGELOG-pre-v1.10.md) - [v0.11.6 and earlier](CHANGELOG-v0.md) +## 1.21.3 +### February 05, 2026 + +SECURITY: + +* auth/cert: ensure that the certificate being renewed matches the certificate attached to the session. + +CHANGES: + +* core: Bump Go version to 1.25.6 + +FEATURES: + +* **UI: Hashi-Built External Plugin Support**: Recognize and support Hashi-built plugins when run as external binaries + +IMPROVEMENTS: + +* core/managed-keys (enterprise): Allow GCP managed keys to leverage workload identity federation credentials +* sdk: Add alias_metadata to tokenutil fields that auth method roles use. +* secret-sync (enterprise): Added telemetry counters for reconciliation loop operations, including the number of corrections detected, retry attempts, and operation outcomes (success or failure with internal/external cause labels). +* secret-sync (enterprise): Added telemetry counters for sync/unsync operations with status breakdown by destination type, and exposed operation counters in the destinations list API response. + +BUG FIXES: + +* agent: Fix Vault Agent discarding cached tokens on transient server errors instead of retrying +* core (enterprise): Fix crash when seal HSM is disconnected +* default-auth: Fix issue when specifying "root" explicitly in Default Auth UI +* identity: Fix issue where Vault may consume more memory than intended under heavy authentication load. +* secrets/pki (enterprise): Fix SCEP related digest errors when requests contained compound octet strings +* ui: Fixes login form so `?with=` query param correctly displays only the specified mount when multiple mounts of the same auth type are configured with `listing_visibility="unauth"` +* ui: Reverts Kubernetes CA Certificate auth method configuration form field type to file selector + ## 1.21.2 ### January 07, 2026 @@ -295,6 +327,31 @@ BUG FIXES: * ui: Revert camelizing of parameters returned from `sys/internal/ui/mounts` so mount paths match serve value * ui: Fixes permissions for hiding and showing sidebar navigation items for policies that include special characters: `+`, `*` +## 1.20.8 Enterprise +### February 05, 2026 + +SECURITY: + +* auth/cert: ensure that the certificate being renewed matches the certificate attached to the session. + +CHANGES: + +* core: Bump Go version to 1.25.6 + +IMPROVEMENTS: + +* core/managed-keys (enterprise): Allow GCP managed keys to leverage workload identity federation credentials +* secret-sync (enterprise): Added telemetry counters for reconciliation loop operations, including the number of corrections detected,retry attempts, and operation outcomes (success or failure with internal/external cause labels). +* secret-sync (enterprise): Added telemetry counters for sync/unsync operations with status breakdown by destination type, and exposed operation counters in the destinations list API response. + +BUG FIXES: + +* agent: Fix Vault Agent discarding cached tokens on transient server errors instead of retrying +* core (enterprise): Fix crash when seal HSM is disconnected +* default-auth: Fix issue when specifying "root" explicitly in Default Auth UI +* identity: Fix issue where Vault may consume more memory than intended under heavy authentication load. +* secrets/pki (enterprise): Fix SCEP related digest errors when requests contained compound octet strings + ## 1.20.7 Enterprise ### January 07, 2026 @@ -693,6 +750,29 @@ intermediate certificates. [[GH-30034](https://github.com/hashicorp/vault/pull/3 * ui: MFA methods now display the namespace path instead of the namespace id. [[GH-29588](https://github.com/hashicorp/vault/pull/29588)] * ui: Redirect users authenticating with Vault as an OIDC provider to log in again when token expires. [[GH-30838](https://github.com/hashicorp/vault/pull/30838)] +## 1.19.14 Enterprise +### February 05, 2026 + +SECURITY: + +* auth/cert: ensure that the certificate being renewed matches the certificate attached to the session. + +CHANGES: + +* core: Bump Go version to 1.25.6 + +IMPROVEMENTS: + +* core/managed-keys (enterprise): Allow GCP managed keys to leverage workload identity federation credentials +* secret-sync (enterprise): Added telemetry counters for reconciliation loop operations, including the number of corrections detected, +retry attempts, and operation outcomes (success or failure with internal/external cause labels). +* secret-sync (enterprise): Added telemetry counters for sync/unsync operations with status breakdown by destination type, and exposed operation counters in the destinations list API response. + +BUG FIXES: + +* agent: Fix Vault Agent discarding cached tokens on transient server errors instead of retrying +* identity: Fix issue where Vault may consume more memory than intended under heavy authentication load. + ## 1.19.13 Enterprise ### January 07, 2026 @@ -2506,6 +2586,29 @@ autopilot to fail to discover new server versions and so not trigger an upgrade. * ui: fixed a bug where the replication pages did not update display when navigating between DR and performance [[GH-26325](https://github.com/hashicorp/vault/pull/26325)] * ui: fixes undefined start time in filename for downloaded client count attribution csv [[GH-26485](https://github.com/hashicorp/vault/pull/26485)] +## 1.16.30 +### February 05, 2026 + +**Enterprise LTS:** Vault Enterprise 1.16 is a [Long-Term Support (LTS)](https://developer.hashicorp.com/vault/docs/enterprise/lts) release. + +SECURITY: + +* auth/cert: ensure that the certificate being renewed matches the certificate attached to the session. + +CHANGES: + +* core: Bump Go version to 1.24.12 + +IMPROVEMENTS: + +* secret-sync (enterprise): Added telemetry counters for reconciliation loop operations, including the number of corrections detected, retry attempts, and operation outcomes (success or failure with internal/external cause labels). +* secret-sync (enterprise): Added telemetry counters for sync/unsync operations with status breakdown by destination type, and exposed operation counters in the destinations list API response. + +BUG FIXES: + +* agent: Fix Vault Agent discarding cached tokens on transient server errors instead of retrying + + ## 1.16.29 Enterprise ### January 07, 2026