Vault | v2.0.3

Vault v2.0.3 released on 17-06-2026


Vault v2.0.3 is out now. Security-minded users and enterprise customers benefit from targeted hardening around authentication, token handling and template escaping, plus new beta AI agent support for JWT-based access.

See the release notes on the project’s GitHub for full details, upgrade guidance and the complete changelog.

What’s in this release

  • Security hardening: auth/radius gains a case_insensitive_names toggle to avoid username collisions; core now uses constant-time comparison for recovery tokens; secrets/spiffe templates and transform (enterprise) now apply proper escaping and DB-specific quoting.
  • AI Agent Support (Beta, Enterprise): an Agent Registry and support for Vault as an OAuth resource server so OAuth 2.0 JWTs can directly authorise requests for registered agents.
  • Path and ACL behaviour changes: LIST requests with a trailing slash now correctly honour more-specific deny policies (which may change previous outcomes); Vault will redirect non-canonical paths containing /./, /../ or // to a cleaned path instead of rejecting them.

Upgrade notes

  • Policies relying on the previous incorrect LIST behaviour may now be denied; review and test any policies that match patterns like kv/* and verify LIST operations in a staging environment.
  • No rollback guidance is included in the release notes; ensure you have backups and test upgrades (including enterprise plugins and integrations) before applying to production.

Tell us how the upgrade went or report any surprises you hit while testing v2.0.3 — community feedback helps surface issues others will hit.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes