Consul - v1.14.3

Security

1.14.3 (December 13, 2022)

SECURITY:

  • Upgrade to use Go 1.19.4. This resolves a vulnerability where restricted files can be read on Windows. CVE-2022-41720 [GH-15705]
  • Upgrades golang.org/x/net to prevent a denial of service by excessive memory usage caused by HTTP2 requests. CVE-2022-41717 [GH-15737]

FEATURES:

  • ui: Add field for fallback server addresses to peer token generation form [GH-15555]

IMPROVEMENTS:

  • connect: ensure all vault connect CA tests use limited privilege tokens [GH-15669]

BUG FIXES:

  • connect: Fix issue where DialedDirectly configuration was not used by Consul Dataplane. [GH-15760]
  • connect: Fix peering failovers ignoring local mesh gateway configuration. [GH-15690]
  • connect: Fixed issue where using Vault 1.11+ as CA provider in a secondary datacenter would eventually break Intermediate CAs [GH-15661]

Details

date
Dec. 14, 2022, 6:28 p.m.
name
v1.14.3
type
Patch
👇
Register or login to:
  • 🔍View and search all Consul releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or