Skip to content

Releases: hashicorp/consul

v1.19.3 (Enterprise)

31 Oct 14:07
@jm96441n jm96441n
ent-changelog-1.19.3
165f38b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.19.3 (Enterprise)

1.19.3 (Enterprise) (October 29, 2024)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

BREAKING CHANGES:

  • mesh: (Enterprise Only) Enable Envoy HttpConnectionManager.normalize_path by default on inbound traffic to mesh proxies. This resolves CVE-2024-10005.

SECURITY:

  • Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [GH-21704]
  • Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [GH-21711]
  • UI: Remove codemirror linting due to package dependency [GH-21726]
  • Upgrade Go to use 1.22.7. This addresses CVE
    CVE-2024-34155 [GH-21705]
  • Upgrade to support aws/aws-sdk-go v1.55.5 or higher. This resolves CVEs
    CVE-2020-8911 and
    CVE-2020-8912. [GH-21684]
  • mesh: (Enterprise Only) Add contains and ignoreCase to L7 Intentions HTTP header matching criteria to support configuration resilient to variable casing and multiple values. This resolves CVE-2024-10006.
  • mesh: (Enterprise Only) Add http.incoming.requestNormalization to Mesh configuration entry to support inbound service traffic request normalization. This resolves CVE-2024-10005 and CVE-2024-10006.
  • ui: Pin a newer resolution of Braces [GH-21710]
  • ui: Pin a newer resolution of Codemirror [GH-21715]
  • ui: Pin a newer resolution of Markdown-it [GH-21717]
  • ui: Pin a newer resolution of ansi-html [GH-21735]

IMPROVEMENTS:

  • security: upgrade ubi base image to 9.4 [GH-21750]
  • api: remove dependency on proto-public, protobuf, and grpc [GH-21780]
  • xds: configures Envoy to load balance over all instances of an external service configured with hostnames when "envoy_dns_discovery_type" is set to "STRICT_DNS" [GH-21655]

BUG FIXES:

  • jwt-provider: change dns lookup family from the default of AUTO which would prefer ipv6 to ALL if LOGICAL_DNS is used or PREFER_IPV4 if STRICT_DNS is used to gracefully handle transitions to ipv6. [GH-21703]
Assets 2
Loading

v1.18.5 (Enterprise)

31 Oct 14:09
@jm96441n jm96441n
ent-changelog-1.18.5
e694ba9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.18.5 (Enterprise)

1.18.5 Enterprise (October 29, 2024)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.
BREAKING CHANGES:

  • mesh: (Enterprise Only) Enable Envoy HttpConnectionManager.normalize_path by default on inbound traffic to mesh proxies. This resolves CVE-2024-10005.

SECURITY:

  • Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [GH-21704]
  • Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [GH-21711]
  • Upgrade Go to use 1.22.7. This addresses CVE
    CVE-2024-34155 [GH-21705]
  • Upgrade to support aws/aws-sdk-go v1.55.5 or higher. This resolves CVEs
    CVE-2020-8911 and
    CVE-2020-8912. [GH-21684]
  • mesh: (Enterprise Only) Add contains and ignoreCase to L7 Intentions HTTP header matching criteria to support configuration resilient to variable casing and multiple values. This resolves CVE-2024-10006.
  • mesh: (Enterprise Only) Add http.incoming.requestNormalization to Mesh configuration entry to support inbound service traffic request normalization. This resolves CVE-2024-10005 and CVE-2024-10006.
  • ui: Pin a newer resolution of Braces [GH-21710]
  • ui: Pin a newer resolution of Codemirror [GH-21715]
  • ui: Pin a newer resolution of Markdown-it [GH-21717]
  • ui: Pin a newer resolution of ansi-html [GH-21735]

IMPROVEMENTS:

  • security: upgrade ubi base image to 9.4 [GH-21750]
  • api: remove dependency on proto-public, protobuf, and grpc [GH-21780]
  • xds: configures Envoy to load balance over all instances of an external service configured with hostnames when "envoy_dns_discovery_type" is set to "STRICT_DNS" [GH-21655]

BUG FIXES:

  • jwt-provider: change dns lookup family from the default of AUTO which would prefer ipv6 to ALL if LOGICAL_DNS is used or PREFER_IPV4 if STRICT_DNS is used to gracefully handle transitions to ipv6. [GH-21703]
Assets 2
Loading

v1.15.15 (Enterprise)

31 Oct 14:10
@jm96441n jm96441n
ent-changelog-1.15.15
d64fc79
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.15.15 (Enterprise)

1.15.15 Enterprise (October 29, 2024)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

Enterprise LTS: Consul Enterprise 1.15 is a Long-Term Support (LTS) release.
BREAKING CHANGES:

  • mesh: (Enterprise Only) Enable Envoy HttpConnectionManager.normalize_path by default on inbound traffic to mesh proxies. This resolves CVE-2024-10005.

SECURITY:

  • Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [GH-21704]
  • Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [GH-21711]
  • UI: Remove codemirror linting due to package dependency [GH-21726]
  • Upgrade Go to use 1.22.7. This addresses CVE
    CVE-2024-34155 [GH-21705]
  • Upgrade to support aws/aws-sdk-go v1.55.5 or higher. This resolves CVEs
    CVE-2020-8911 and
    CVE-2020-8912. [GH-21684]
  • mesh: (Enterprise Only) Add contains and ignoreCase to L7 Intentions HTTP header matching criteria to support configuration resilient to variable casing and multiple values. This resolves CVE-2024-10006.
  • mesh: (Enterprise Only) Add http.incoming.requestNormalization to Mesh configuration entry to support inbound service traffic request normalization. This resolves CVE-2024-10005 and CVE-2024-10006.
  • ui: Pin a newer resolution of Braces [GH-21710]
  • ui: Pin a newer resolution of Codemirror [GH-21715]
  • ui: Pin a newer resolution of Markdown-it [GH-21717]
  • ui: Pin a newer resolution of ansi-html [GH-21735]

IMPROVEMENTS:

  • security: upgrade ubi base image to 9.4 [GH-21750]
  • xds: configures Envoy to load balance over all instances of an external service configured with hostnames when "envoy_dns_discovery_type" is set to "STRICT_DNS" [GH-21655]
Assets 2
Loading

v1.20.1

30 Oct 17:00
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.20.1
920cc7c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.20.1 Latest
Latest

1.20.1 (October 29, 2024)

BREAKING CHANGES:

  • mesh: Enable Envoy HttpConnectionManager.normalize_path by default on inbound traffic to mesh proxies. This resolves CVE-2024-10005. [GH-21816]

SECURITY:

  • mesh: Add contains and ignoreCase to L7 Intentions HTTP header matching criteria to support configuration resilient to variable casing and multiple values. This resolves CVE-2024-10006. [GH-21816]
  • mesh: Add http.incoming.requestNormalization to Mesh configuration entry to support inbound service traffic request normalization. This resolves CVE-2024-10005 and CVE-2024-10006. [GH-21816]

IMPROVEMENTS:

  • api: remove dependency on proto-public, protobuf, and grpc [GH-21780]
  • snapshot agent: (Enterprise only) Implement Service Principal Auth for snapshot agent on azure.
  • xds: configures Envoy to load balance over all instances of an external service configured with hostnames when "envoy_dns_discovery_type" is set to "STRICT_DNS" [GH-21655]
Assets 2
Loading

v1.20.0

15 Oct 01:20
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.20.0
cddc618
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.20.0

1.20.0 (October 14, 2024)

SECURITY:

  • Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [GH-21704]
  • Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [GH-21711]
  • UI: Remove codemirror linting due to package dependency [GH-21726]
  • Upgrade Go to use 1.22.7. This addresses CVE
    CVE-2024-34155 [GH-21705]
  • Upgrade to support aws/aws-sdk-go v1.55.5 or higher. This resolves CVEs
    CVE-2020-8911 and
    CVE-2020-8912. [GH-21684]
  • ui: Pin a newer resolution of Braces [GH-21710]
  • ui: Pin a newer resolution of Codemirror [GH-21715]
  • ui: Pin a newer resolution of Markdown-it [GH-21717]
  • ui: Pin a newer resolution of ansi-html [GH-21735]

FEATURES:

  • grafana: added the dashboards service-to-service dashboard, service dashboard, and consul dataplane dashboard [GH-21806]
  • server: remove v2 tenancy, catalog, and mesh experiments [GH-21592]

IMPROVEMENTS:

  • security: upgrade ubi base image to 9.4 [GH-21750]
  • connect: Add Envoy 1.31 and 1.30 to support matrix [GH-21616]

BUG FIXES:

  • jwt-provider: change dns lookup family from the default of AUTO which would prefer ipv6 to ALL if LOGICAL_DNS is used or PREFER_IPV4 if STRICT_DNS is used to gracefully handle transitions to ipv6. [GH-21703]
Assets 2
Loading

v1.20.0-rc1

20 Sep 15:42
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.20.0-rc1
f0004df
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.20.0-rc1 Pre-release
Pre-release

1.20.0-rc1 (September 19, 2024)

SECURITY:

  • Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [GH-21704]
  • Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [GH-21711]
  • UI: Remove codemirror linting due to package dependency [GH-21726]
  • Upgrade Go to use 1.22.7. This addresses CVE
    CVE-2024-34155 [GH-21705]
  • Upgrade to support aws/aws-sdk-go v1.55.5 or higher. This resolves CVEs
    CVE-2020-8911 and
    CVE-2020-8912. [GH-21684]
  • ui: Pin a newer resolution of Braces [GH-21710]
  • ui: Pin a newer resolution of Codemirror [GH-21715]
  • ui: Pin a newer resolution of Markdown-it [GH-21717]
  • ui: Pin a newer resolution of ansi-html [GH-21735]

FEATURES:

  • server: remove v2 tenancy, catalog, and mesh experiments [GH-21592]

IMPROVEMENTS:

  • security: upgrade ubi base image to 9.4 [GH-21750]
  • connect: Add Envoy 1.31 and 1.30 to support matrix [GH-21616]

BUG FIXES:

  • jwt-provider: change dns lookup family from the default of AUTO which would prefer ipv6 to ALL if LOGICAL_DNS is used or PREFER_IPV4 if STRICT_DNS is used to gracefully handle transitions to ipv6. [GH-21703]
Assets 2
Loading

v1.19.2

27 Aug 20:38
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering
v1.19.2
048f193
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.19.2

1.19.2 (August 26, 2024)

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0 [GH-21588]

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]

BUG FIXES:

  • api-gateway: (Enterprise only) ensure clusters are properly created for JWT providers with a remote URI for the JWKS endpoint [GH-21604]
Assets 2
Loading

v1.18.4 (Enterprise)

27 Aug 23:50
@jmurret jmurret
ent-changelog-1.18.4
60e2379
Compare
Choose a tag to compare
v1.18.4 (Enterprise)

1.18.4 Enterprise (August 26, 2024)

Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]
Assets 2
Loading

v1.17.7 (Enterprise)

27 Aug 23:51
@jmurret jmurret
ent-changelog-1.17.7
008a273
Compare
Choose a tag to compare
v1.17.7 (Enterprise)

1.17.7 Enterprise (August 26, 2024)

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]
Assets 2
Loading

v1.15.14 (Enterprise)

27 Aug 23:52
@jmurret jmurret
ent-changelog-1.15.14
77dba1e
Compare
Choose a tag to compare
v1.15.14 (Enterprise)

1.15.14 Enterprise (August 26, 2024)

Enterprise LTS: Consul Enterprise 1.15 is a Long-Term Support (LTS) release.

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0 [GH-21588]

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]
Assets 2
Loading