1.17.0 (October 31, 2023)
- api: RaftLeaderTransfer now requires an id string. An empty string can be specified to keep the old behavior. [GH-17107]
- audit-logging: (Enterprise only) allowing timestamp based filename only on rotation. initially the filename will be just file.json [GH-18668]
golang.org/x/netto v0.17.0 to address CVE-2023-39325
- Upgrade Go to 1.20.10.
This resolves vulnerability CVE-2023-39325
This resolves vulnerability CVE-2023-44487. [GH-19414]
- connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address CVE-2023-44487 [GH-19275]
FEATURE PREVIEW: Catalog v2
This release provides the ability to preview Consul's v2 Catalog and Resource API if enabled. The new model supports
multi-port application deployments with only a single Envoy proxy. Note that the v1 and v2 catalogs are not cross
compatible, and not all Consul features are available within this v2 feature preview. See the v2 Catalog and Resource
API documentation for more information. The v2 Catalog and
Resources API should be considered a feature preview within this release and should not be used in production
* The v2 catalog API feature preview does not support connections with client agents. As a result, it is only available for Kubernetes deployments, which use Consul dataplanes instead of client agents.
* The v1 and v2 catalog APIs cannot run concurrently.
* The Consul UI does not support multi-port services or the v2 catalog API in this release.
* HCP Consul does not support multi-port services or the v2 catalog API in this release.
- Support custom watches on the Consul Controller framework. [GH-18439]
- Windows: support consul connect envoy command on Windows [GH-17694]
- acl: Add BindRule support for templated policies. Add new BindType: templated-policy and BindVar field for templated policy variables. [GH-18719]
- acl: Add new
acl.tokens.dnsconfig field which specifies the token used implicitly during dns checks. [GH-17936]
- acl: Added ACL Templated policies to simplify getting the right ACL token. [GH-18708]
- acl: Adds a new ACL rule for workload identities [GH-18769]
- acl: Adds workload identity templated policy [GH-19077]
- api-gateway: Add support for response header modifiers on http-route configuration entry [GH-18646]
- api-gateway: add retry and timeout filters [GH-18324]
- cli: Add
consul acl binding-rulefor templated policy variables. [GH-18719]
- cli: Add
consul acl templated-policycommands to read, list and preview templated policies. [GH-18816]
- config-entry(api-gateway): (Enterprise only) Add GatewayPolicy to APIGateway Config Entry listeners
- config-entry(api-gateway): (Enterprise only) Add JWTFilter to HTTPRoute Filters
- dataplane: Allow getting bootstrap parameters when using V2 APIs [GH-18504]
- gateway: (Enterprise only) Add JWT authentication and authorization to APIGateway Listeners and HTTPRoutes.
- mesh: (Enterprise only) Adds rate limiting config to service-defaults [GH-18583]
- xds: Add a built-in Envoy extension that appends OpenTelemetry Access Logging (otel-access-logging) to the HTTP Connection Manager filter. [GH-18336]
- xds: Add support for patching outbound listeners to the built-in Envoy External Authorization extension. [GH-18336]
- raft: upgrade raft-wal library version to 0.4.1. [GH-19314]
- xds: Use downstream protocol when connecting to local app [GH-18573]
- Windows: Integration tests for Consul Windows VMs [GH-18007]
- acl: Use templated policy to generate synthetic policies for tokens/roles with node and/or service identities [GH-18813]
- api: added
CheckRegisterOptsto Agent API [GH-18943]
- api: added
ServiceRegisterOptstype in Agent API [GH-18983]
- ca: Vault CA provider config no longer requires root_pki_path for secondary datacenters [GH-17831]
- cli: Added
-varflags for creating or updating tokens/roles. [GH-18708]
- config: Add new
tls.defaults.verify_server_hostnameconfiguration option. This specifies the default value for any interfaces that support the
- connect: update supported envoy versions to 1.24.10, 1.25.9, 1.26.4, 1.27.0 [GH-18300]
- ui: Use Community verbiage [GH-18560]
- api: add custom marshal/unmarshal for ServiceResolverConfigEntry.RequestTimeout so config entries that set this field can be read using the API. [GH-19031]
- ca: ensure Vault CA provider respects Vault Enterprise namespace configuration. [GH-19095]
- catalog api: fixes a bug with catalog api where filter query parameter was not working correctly for the
- connect: (Enterprise only) Fix bug where incorrect service-defaults entries were fetched to determine an upstream's protocol whenever the upstream did not explicitly define the namespace / partition. When this bug occurs, upstreams would use the protocol from a service-default entry in the default namespace / partition, rather than their own namespace / partition.
- connect: Fix bug where uncleanly closed xDS connections would influence connection balancing for too long and prevent envoy instances from starting. Two new configuration fields
performance.grpc_keepalive_intervalnow exist to allow for configuration on how often these dead connections will be cleaned up. [GH-19339]
- dev-mode: Fix dev mode has new line in responses. Now new line is added only when url has pretty query parameter. [GH-18367]
- dns: (Enterprise only) Fix bug where sameness group queries did not correctly inherit the agent's partition.
- docs: fix list of telemetry metrics [GH-17593]
- gateways: Fix a bug where a service in a peered datacenter could not access an external node service through a terminating gateway [GH-18959]
- server: (Enterprise Only) Fixed an issue where snake case keys were rejected when configuring the control-plane-request-limit config entry
- telemetry: emit consul version metric on a regular interval. [GH-6876]
- tlsutil: Default setting of ServerName field in outgoing TLS configuration for checks now handled by crypto/tls. [GH-17481]
- 🔍View and search all Consul releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!