See: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md 0.11.3 (October 8th, 2018) SECURITY: Revocation: A regression in 0.11.2 (OSS) and 0.11.0 (Enterprise) caused lease IDs containing periods (.) to not be revoked properly. Upon startup when revocation is tried again these should now revoke successfully. 0.11.1 (September 6th, 2018) SECURITY: Random Byte Reading in Barrier: Prior to this release, Vault was not properly checking the error code when reading random bytes for the IV for AES operations in its cryptographic barrier. Specifically, this means that such an IV could potentially be zero multiple times, causing nonce re-use and weakening the security of the key. On most platforms this should never happen because reading from kernel random sources is non-blocking and always successful, but there may be platform-specific behavior that has not been accounted for. (Vault has tests to check exactly this, and the tests have never seen nonce re-use.)
Added 0.11.4 to the tree.
I've removed the vulnerable versions and bumped it to 1.0.1