Vault upgraded to 1.5.4

We have updated our Kubernetes based Vault setups to the latest version 1.5.4 in the past days.

This release contains mostly bug fixes and most notably a security fix for CVE-2020-25816.

Batch Token Expiry: We addressed an issue where batch token leases could outlive their TTL because we were not scheduling the expiration time correctly. This vulnerability affects Vault OSS and Vault Enterprise 1.0 and newer and is fixed in 1.4.7 and 1.5.4 (CVE-2020-25816).

For full details and other changes, please refer to the upstream Vault release notes:

There are no next steps needed. All clusters have been upgraded.