Consul - v1.10.9

1.10.9 (February 28, 2022)

SECURITY:

• agent: Use SHA256 instead of MD5 to generate persistence file names.

FEATURES:

• ca: support using an external root CA with the vault CA provider [GH-11910]

IMPROVEMENTS:

• connect: Update supported Envoy versions to include 1.18.6 [GH-12450]
• connect: update Envoy supported version of 1.20 to 1.20.2 [GH-12434]
• debug: reduce the capture time for trace to only a single interval instead of the full duration to make trace.out easier to open without running into OOM errors. [GH-12359]
• raft: add additional logging of snapshot restore progress [GH-12325]
• rpc: improve blocking queries for items that do not exist, by continuing to block until they exist (or the timeout). [GH-12110]
• sentinel: (Enterprise Only) Sentinel now uses SHA256 to generate policy ids
• server: conditionally avoid writing a config entry to raft if it was already the same [GH-12321]
• server: suppress spurious blocking query returns where multiple config entries are involved [GH-12362]

BUG FIXES:

• agent: Parse datacenter from Create/Delete requests for AuthMethods and BindingRules. [GH-12370]
• areas: (Enterprise Only) Fixes a bug when using Yamux pool ( for servers version 1.7.3 and later), the entire pool was locked while connecting to a remote location, which could potentially take a long time. [GH-1368]
• raft: fixed a race condition in leadership transfer that could result in reelection of the current leader [GH-12325]
• server: (Enterprise only) Namespace deletion will now attempt to delete as many namespaced config entries as possible instead of halting on the first deletion that failed.
• server: partly fix config entry replication issue that prevents replication in some circumstances [GH-12307]
• ui: Ensure we always display the Policy default preview in the Namespace editing form [GH-12316]
• xds: Fixed Envoy http features such as outlier detection and retry policy not working correctly with transparent proxy. [GH-12385]