Overview All releases

Version History

v1.18.1 v1.18.0 v1.18.0-rc1 v1.17.4 v1.17.3 v1.17.2 v1.17.1

v1.17.0

v1.17.0-rc1 v1.16.7 v1.16.6 v1.16.5 v1.16.4 v1.16.3 v1.16.2 v1.16.1 v1.16.0 v1.16.0-rc1 v1.15.11 v1.15.10 v1.15.9 v1.15.8 v1.15.7 v1.15.6 v1.15.5 v1.15.4 v1.15.3 v1.15.2 v1.15.1 v1.15.0 v1.14.11 v1.14.10 v1.14.9 v1.14.8 v1.14.7 v1.14.6 v1.14.5 v1.14.4 v1.14.3 v1.14.2 v1.14.1 v1.14.0

v1.14.0-beta1

v1.13.9 v1.13.8 v1.13.7 v1.13.6 v1.13.5 v1.13.4 v1.13.3 v1.13.2 v1.13.1 v1.13.0

v1.13.0-alpha2

v1.13.0-alpha1

v1.12.9 v1.12.8 v1.12.7 v1.12.6 v1.12.5 v1.12.4 v1.12.3 v1.12.2 v1.12.1 v1.12.0

v1.12.0-beta1

v1.11.11 v1.11.10 v1.11.9 v1.11.8 v1.11.7 v1.11.6 v1.11.5 v1.11.4 v1.11.3 v1.11.2

v1.11.1

v1.11.0

v1.11.0-rc

v1.11.0-beta3

v1.11.0-beta2

v1.11.0-beta1

v1.11.0-alpha

v1.10.12 v1.10.11 v1.10.10 v1.10.9 v1.10.8 v1.10.7

v1.10.6

v1.10.5

v1.10.4

v1.10.3

v1.10.2

v1.10.1

v1.10.1-beta1

v1.10.0

v1.10.0-rc2

v1.10.0-rc

v1.10.0-beta4

v1.10.0-beta3

v1.10.0-beta2

v1.10.0-beta1

v1.10.0-alpha

v1.9.17 v1.9.16 v1.9.15 v1.9.14

v1.9.13

v1.9.12

v1.9.11

v1.9.10

v1.9.9

v1.9.8

v1.9.7

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc1

v1.9.0-beta3

v1.9.0-beta2

v1.9.0-beta1

v1.8.19

v1.8.18

v1.8.17

v1.8.16

v1.8.15

v1.8.14

v1.8.13

v1.8.12

v1.8.11

v1.8.11-beta2

v1.8.11-beta1

v1.8.10

v1.8.9

v1.8.9-beta1

v1.8.8

v1.8.7

v1.8.7-beta1

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc1

v1.8.0-beta2

v1.8.0-beta1

v1.7.14

v1.7.13

v1.7.12

v1.7.11

v1.7.10

v1.7.9

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.6.10

v1.6.9

v1.6.8

v1.6.7

v1.6.6

Consul - v1.17.0

Security

1.17.0 (October 31, 2023)

BREAKING CHANGES:

api: RaftLeaderTransfer now requires an id string. An empty string can be specified to keep the old behavior. [GH-17107]
audit-logging: (Enterprise only) allowing timestamp based filename only on rotation. initially the filename will be just file.json [GH-18668]

SECURITY:

Update golang.org/x/net to v0.17.0 to address CVE-2023-39325
/ CVE-2023-44487(x/net/http2). [GH-19225]
Upgrade Go to 1.20.10.
This resolves vulnerability CVE-2023-39325
/ CVE-2023-44487(net/http). [GH-19225]
Upgrade google.golang.org/grpc to 1.56.3.
This resolves vulnerability CVE-2023-44487. [GH-19414]
connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address CVE-2023-44487 [GH-19275]

FEATURE PREVIEW: Catalog v2

This release provides the ability to preview Consul's v2 Catalog and Resource API if enabled. The new model supports
multi-port application deployments with only a single Envoy proxy. Note that the v1 and v2 catalogs are not cross
compatible, and not all Consul features are available within this v2 feature preview. See the v2 Catalog and Resource
API documentation for more information. The v2 Catalog and
Resources API should be considered a feature preview within this release and should not be used in production
environments.

Limitations
* The v2 catalog API feature preview does not support connections with client agents. As a result, it is only available for Kubernetes deployments, which use Consul dataplanes instead of client agents.
* The v1 and v2 catalog APIs cannot run concurrently.
* The Consul UI does not support multi-port services or the v2 catalog API in this release.
* HCP Consul does not support multi-port services or the v2 catalog API in this release.

Significant Pull Requests
* [Catalog resource controllers]
* [Mesh resource controllers]
* [Auth resource controllers]
* [V2 Protobufs]

FEATURES:

Support custom watches on the Consul Controller framework. [GH-18439]
Windows: support consul connect envoy command on Windows [GH-17694]
acl: Add BindRule support for templated policies. Add new BindType: templated-policy and BindVar field for templated policy variables. [GH-18719]
acl: Add new acl.tokens.dns config field which specifies the token used implicitly during dns checks. [GH-17936]
acl: Added ACL Templated policies to simplify getting the right ACL token. [GH-18708]
acl: Adds a new ACL rule for workload identities [GH-18769]
acl: Adds workload identity templated policy [GH-19077]
api-gateway: Add support for response header modifiers on http-route configuration entry [GH-18646]
api-gateway: add retry and timeout filters [GH-18324]
cli: Add bind-var flag to consul acl binding-rule for templated policy variables. [GH-18719]
cli: Add consul acl templated-policy commands to read, list and preview templated policies. [GH-18816]
config-entry(api-gateway): (Enterprise only) Add GatewayPolicy to APIGateway Config Entry listeners
config-entry(api-gateway): (Enterprise only) Add JWTFilter to HTTPRoute Filters
dataplane: Allow getting bootstrap parameters when using V2 APIs [GH-18504]
gateway: (Enterprise only) Add JWT authentication and authorization to APIGateway Listeners and HTTPRoutes.
mesh: (Enterprise only) Adds rate limiting config to service-defaults [GH-18583]
xds: Add a built-in Envoy extension that appends OpenTelemetry Access Logging (otel-access-logging) to the HTTP Connection Manager filter. [GH-18336]
xds: Add support for patching outbound listeners to the built-in Envoy External Authorization extension. [GH-18336]

IMPROVEMENTS:

raft: upgrade raft-wal library version to 0.4.1. [GH-19314]
xds: Use downstream protocol when connecting to local app [GH-18573]
Windows: Integration tests for Consul Windows VMs [GH-18007]
acl: Use templated policy to generate synthetic policies for tokens/roles with node and/or service identities [GH-18813]
api: added CheckRegisterOpts to Agent API [GH-18943]
api: added Token field to ServiceRegisterOpts type in Agent API [GH-18983]
ca: Vault CA provider config no longer requires root_pki_path for secondary datacenters [GH-17831]
cli: Added -templated-policy, -templated-policy-file, -replace-templated-policy, -append-templated-policy, -replace-templated-policy-file, -append-templated-policy-file and -var flags for creating or updating tokens/roles. [GH-18708]
config: Add new tls.defaults.verify_server_hostname configuration option. This specifies the default value for any interfaces that support the verify_server_hostname option. [GH-17155]
connect: update supported envoy versions to 1.24.10, 1.25.9, 1.26.4, 1.27.0 [GH-18300]
ui: Use Community verbiage [GH-18560]

BUG FIXES:

api: add custom marshal/unmarshal for ServiceResolverConfigEntry.RequestTimeout so config entries that set this field can be read using the API. [GH-19031]
ca: ensure Vault CA provider respects Vault Enterprise namespace configuration. [GH-19095]
catalog api: fixes a bug with catalog api where filter query parameter was not working correctly for the /v1/catalog/services endpoint [GH-18322]
connect: (Enterprise only) Fix bug where incorrect service-defaults entries were fetched to determine an upstream's protocol whenever the upstream did not explicitly define the namespace / partition. When this bug occurs, upstreams would use the protocol from a service-default entry in the default namespace / partition, rather than their own namespace / partition.
connect: Fix bug where uncleanly closed xDS connections would influence connection balancing for too long and prevent envoy instances from starting. Two new configuration fields
performance.grpc_keepalive_timeout and performance.grpc_keepalive_interval now exist to allow for configuration on how often these dead connections will be cleaned up. [GH-19339]
dev-mode: Fix dev mode has new line in responses. Now new line is added only when url has pretty query parameter. [GH-18367]
dns: (Enterprise only) Fix bug where sameness group queries did not correctly inherit the agent's partition.
docs: fix list of telemetry metrics [GH-17593]
gateways: Fix a bug where a service in a peered datacenter could not access an external node service through a terminating gateway [GH-18959]
server: (Enterprise Only) Fixed an issue where snake case keys were rejected when configuring the control-plane-request-limit config entry
telemetry: emit consul version metric on a regular interval. [GH-6876]
tlsutil: Default setting of ServerName field in outgoing TLS configuration for checks now handled by crypto/tls. [GH-17481]

Security

Details

date

Nov. 3, 2023, 5:36 p.m.

name

v1.17.0

type

Minor

official page

https://github.com/hashicorp/consul/releases/tag/v1.17.0

👇

🔍View and search all Consul releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity