| ```release-note:security |
| Mount Path Disclosure: Vault previously returned different HTTP status codes for |
| existent and non-existent mount paths. This behavior would allow unauthenticated |
| brute force attacks to reveal which paths had valid mounts. This issue affects |
| Vault and Vault Enterprise and is fixed in 1.6.2 (CVE-2020-25594). |
| ``` |
| ```release-note:security |
| IP Address Disclosure: We fixed a vulnerability where, under some error |
| conditions, Vault would return an error message disclosing internal IP |
| addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in |
| 1.6.2 (CVE-2021-3024). |
| ``` |