vault

Update docker.io/hashicorp/vault Docker tag to v1.20.3

Michi Kofler-Häusler

Michi Kofler-Häusler

2 min read
Update docker.io/hashicorp/vault Docker tag to v1.20.3
Photo by Stefan Steinbauer / Unsplash

No problems upgrading the Hashicorp Vault Docker container with a Docker compose yaml file within Portainer and by means of Portainer DevOps resp. GitOps with dependency update facilitated by Mend's Renovate Bot.

This MR contains the following updates:

Package Update Change
docker.io/hashicorp/vault patch 1.20.2 -> 1.20.3

Release Notes

hashicorp/vault (docker.io/hashicorp/vault)

v1.20.3

Compare Source

August 28, 2025

SECURITY:

  • core: Update github.com/hashicorp/go-getter to fix security vulnerability GHSA-wjrx-6529-hcj3. (8b3a9ce1)

CHANGES:

  • core: Bump Go version to 1.24.6. (ce56e14e)
  • http: Add JSON configurable limits to HTTP handling for JSON payloads: max_json_depth, max_json_string_value_length, max_json_object_entry_count, max_json_array_element_count. [GH-31069]
  • sdk: Upgrade to go-secure-stdlib/plugincontainer@v0.4.2, which also bumps github.com/docker/docker to v28.3.3+incompatible (8f172169)
  • secrets/openldap (enterprise): update plugin to v0.16.1

IMPROVEMENTS:

  • auth/ldap: add explicit logging to rotations in ldap [GH-31401]
  • core (enterprise): improve rotation manager logging to include specific lines for rotation success and failure
  • secrets/database: log password rotation success (info) and failure (error). Some relevant log lines have been updated to include "path" fields. [GH-31402]
  • secrets/transit: add logging on both success and failure of key rotation [GH-31420]
  • ui: Use the Helios Design System Code Block component for all readonly code editors and use its Code Editor component for all other code editors [GH-30188]

BUG FIXES:

  • core (enterprise): fix a bug where issuing a token in a namespace used root auth configuration instead of namespace auth configuration
  • core/metrics: Add service name prefix for core HA metrics to avoid duplicate, zero-value metrics. (91e5f443)
  • core/seal: When Seal-HA is enabled, make it an error to persist the barrier
    keyring when not all seals are healthy. This prevents the possibility of
    failing to unseal when a different subset of seals are healthy than were
    healthy at last write. (bbe64227)
  • raft (enterprise): auto-join will now work in regions that do not support dual-stack (c66baf5e)
  • raft/autopilot: Fixes an issue with enterprise redundancy zones where, if the leader was in a redundancy zone and that leader becomes unavailable, the node would become an unzoned voter. This can artificially inflate the required number of nodes for quorum, leading to a situation where the cluster cannot recover if another leader subsequently becomes unavailable. Vault will now keep an unavailable node in its last known redundancy zone as a non-voter. [GH-31443]
  • replication (enterprise): Fix bug where group updates fail when processed on a
    standby node in a MR secondary cluster.
  • secrets-sync (enterprise): GCP locational KMS keys are no longer incorrectly removed when the location name is all lowercase.
  • secrets/database/postgresql: Support for multiline statements in the rotation_statements field. [GH-31442]
  • ui: Fix DR secondary view from not loading/transitioning. [GH-31478]

Read more

Me on Mastodon - This link is here for verification purposes.