Consul - v1.12.5
Security
1.12.5 (September 20, 2022)
SECURITY:
- auto-config: Added input validation for auto-config JWT authorization checks. Prior to this change, it was possible for malicious actors to construct requests which incorrectly pass custom JWT claim validation for the
AutoConfig.InitialConfiguration
endpoint. Now, only a subset of characters are allowed for the input before evaluating the bexpr. [GH-14577] - connect: Added URI length checks to ConnectCA CSR requests. Prior to this change, it was possible for a malicious actor to designate multiple SAN URI values in a call to the
ConnectCA.Sign
endpoint. The endpoint now only allows for exactly one SAN URI to be specified. [GH-14579]
IMPROVEMENTS:
- envoy: adds additional Envoy outlier ejection parameters to passive health check configurations. [GH-14238]
- metrics: add labels of segment, partition, network area, network (lan or wan) to serf and memberlist metrics [GH-14161]
- snapshot agent: (Enterprise only) Add support for path-based addressing when using s3 backend.
- ui: Reuse connections for requests to /v1/internal/ui/metrics-proxy/ [GH-14521]
BUG FIXES:
- ca: Fixed a bug with the Vault CA provider where the intermediate PKI mount and leaf cert role were not being updated when the CA configuration was changed. [GH-14516]
- cli: When launching a sidecar proxy with
consul connect envoy
orconsul connect proxy
, the-sidecar-for
service ID argument is now treated as case-insensitive. [GH-14034] - connect: Fixed a bug where old root CAs would be removed from the primary datacenter after switching providers and restarting the cluster. [GH-14598]
- connect: Fixed an issue where intermediate certificates could build up in the root CA because they were never being pruned after expiring. [GH-14429]
- ui: Removed Overview page from HCP instalations [GH-14606]
Security
Security wording was detected, but no CVEs were found.
Details
date
Sept. 20, 2022, 8:18 p.m.
name
v1.12.5
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Consul releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!