Update docker.io/hashicorp/vault Docker tag to v1.20.4
No problems upgrading the Hashicorp Vault Docker container with a Docker compose yaml file within Portainer and by means of Portainer DevOps resp. GitOps with dependency update facilitated by Mend's Renovate Bot.
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.io/hashicorp/vault | patch | 1.20.3 -> 1.20.4 |
Release Notes
hashicorp/vault (docker.io/hashicorp/vault)
v1.20.4
September 24, 2025
SECURITY:
- core: Update github.com/ulikunitz/xz to fix security vulnerability GHSA-25xm-hr59-7c27. (ce4b4264)
CHANGES:
IMPROVEMENTS:
- Raft: Auto-join will now allow you to enforce IPv4 on networks that allow IPv6 and dual-stack enablement, which is on by default in certain regions. (1fd38796)
- auth/cert: Support RFC 9440 colon-wrapped Base64 certificates in
x_forwarded_for_client_cert_header, to fix TLS certificate auth errors with Google Cloud Application Load Balancer. [GH-31501] - secrets/database (enterprise): Add support for reading, listing, and recovering static roles from a loaded snapshot. Also add support for reading static credentials from a loaded snapshot. (24cd1aa5)
- secrets/ssh: Add support for recovering the SSH plugin CA from a loaded snapshot (enterprise only). (0087af9d)
BUG FIXES:
- auth/cert: Recover from partially populated caches of trusted certificates if one or more certificates fails to load. [GH-31438]
- core: Role based quotas now work for cert auth (fc775dea)
- sys/mounts: enable unsetting allowed_response_headers [GH-31555]
- ui: Fix page loading error when users navigate away from identity entities and groups list views. (81170963)
