Update docker.io/hashicorp/vault Docker tag to v1.20.4

Update docker.io/hashicorp/vault Docker tag to v1.20.4
Photo by Stefan Steinbauer / Unsplash

No problems upgrading the Hashicorp Vault Docker container with a Docker compose yaml file within Portainer and by means of Portainer DevOps resp. GitOps with dependency update facilitated by Mend's Renovate Bot.

This MR contains the following updates:

Package Update Change
docker.io/hashicorp/vault patch 1.20.3 -> 1.20.4

Release Notes

hashicorp/vault (docker.io/hashicorp/vault)

v1.20.4

Compare Source

September 24, 2025

SECURITY:

  • core: Update github.com/ulikunitz/xz to fix security vulnerability GHSA-25xm-hr59-7c27. (ce4b4264)

CHANGES:

IMPROVEMENTS:

  • Raft: Auto-join will now allow you to enforce IPv4 on networks that allow IPv6 and dual-stack enablement, which is on by default in certain regions. (1fd38796)
  • auth/cert: Support RFC 9440 colon-wrapped Base64 certificates in x_forwarded_for_client_cert_header, to fix TLS certificate auth errors with Google Cloud Application Load Balancer. [GH-31501]
  • secrets/database (enterprise): Add support for reading, listing, and recovering static roles from a loaded snapshot. Also add support for reading static credentials from a loaded snapshot. (24cd1aa5)
  • secrets/ssh: Add support for recovering the SSH plugin CA from a loaded snapshot (enterprise only). (0087af9d)

BUG FIXES:

  • auth/cert: Recover from partially populated caches of trusted certificates if one or more certificates fails to load. [GH-31438]
  • core: Role based quotas now work for cert auth (fc775dea)
  • sys/mounts: enable unsetting allowed_response_headers [GH-31555]
  • ui: Fix page loading error when users navigate away from identity entities and groups list views. (81170963)

Read more

Me on Mastodon - This link is here for verification purposes.