v2.0.2
Breaking Changes📦 vaultView on GitHub →
⚠ 2 breaking🐛 2 fixes🔧 3 symbols
Summary
This release removes the `cap_ipc_lock` capability for containerized Vault builds, enforces a maximum RSA key size, and fixes plugin signature verification and UI state bugs.
⚠️ Breaking Changes
- The `cap_ipc_lock` capability is removed from `vault` at build time for containers. Vault in containers can no longer call `mlock()`. Operators must set `disable_mlock = true` in Vault's configuration and should disable swapping to ensure data safety.
- RSA key sizes are now limited to a maximum of 8192 bits due to CVE-2026-39829.
Migration Steps
- If running Vault in a container, set `disable_mlock = true` in Vault's configuration.
- If running Vault in a container, disable swapping to guarantee data safety.
🐛 Bug Fixes
- Fixed plugin signature verification failure when using an expired pgp key during plugin registration.
- Fixed the selected state of the key version dropdown when editing a transit key in the UI.