Overview All releases

Version History

v1.18.1 v1.18.0 v1.18.0-rc1 v1.17.4 v1.17.3 v1.17.2

v1.17.1

v1.17.0 v1.17.0-rc1 v1.16.7 v1.16.6 v1.16.5 v1.16.4 v1.16.3 v1.16.2 v1.16.1 v1.16.0 v1.16.0-rc1 v1.15.11 v1.15.10 v1.15.9 v1.15.8 v1.15.7 v1.15.6 v1.15.5 v1.15.4 v1.15.3 v1.15.2 v1.15.1 v1.15.0 v1.14.11 v1.14.10 v1.14.9 v1.14.8 v1.14.7 v1.14.6 v1.14.5 v1.14.4 v1.14.3 v1.14.2 v1.14.1 v1.14.0

v1.14.0-beta1

v1.13.9 v1.13.8 v1.13.7 v1.13.6 v1.13.5 v1.13.4 v1.13.3 v1.13.2 v1.13.1 v1.13.0

v1.13.0-alpha2

v1.13.0-alpha1

v1.12.9 v1.12.8 v1.12.7 v1.12.6 v1.12.5 v1.12.4 v1.12.3 v1.12.2 v1.12.1 v1.12.0

v1.12.0-beta1

v1.11.11 v1.11.10 v1.11.9 v1.11.8 v1.11.7 v1.11.6 v1.11.5 v1.11.4 v1.11.3 v1.11.2

v1.11.1

v1.11.0

v1.11.0-rc

v1.11.0-beta3

v1.11.0-beta2

v1.11.0-beta1

v1.11.0-alpha

v1.10.12 v1.10.11 v1.10.10 v1.10.9 v1.10.8 v1.10.7

v1.10.6

v1.10.5

v1.10.4

v1.10.3

v1.10.2

v1.10.1

v1.10.1-beta1

v1.10.0

v1.10.0-rc2

v1.10.0-rc

v1.10.0-beta4

v1.10.0-beta3

v1.10.0-beta2

v1.10.0-beta1

v1.10.0-alpha

v1.9.17 v1.9.16 v1.9.15 v1.9.14

v1.9.13

v1.9.12

v1.9.11

v1.9.10

v1.9.9

v1.9.8

v1.9.7

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc1

v1.9.0-beta3

v1.9.0-beta2

v1.9.0-beta1

v1.8.19

v1.8.18

v1.8.17

v1.8.16

v1.8.15

v1.8.14

v1.8.13

v1.8.12

v1.8.11

v1.8.11-beta2

v1.8.11-beta1

v1.8.10

v1.8.9

v1.8.9-beta1

v1.8.8

v1.8.7

v1.8.7-beta1

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc1

v1.8.0-beta2

v1.8.0-beta1

v1.7.14

v1.7.13

v1.7.12

v1.7.11

v1.7.10

v1.7.9

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.6.10

v1.6.9

v1.6.8

v1.6.7

v1.6.6

Consul - v1.17.1

Security

1.17.1 (December 12, 2023)

SECURITY:

Update github.com/golang-jwt/jwt/v4 to v4.5.0 to address PRISMA-2022-0270. [GH-19705]
Upgrade to use Go 1.20.12. This resolves CVEs
CVE-2023-45283: (path/filepath) recognize \??\ as a Root Local Device path prefix (Windows)
CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows)
CVE-2023-39326: (net/http) limit chunked data overhead
CVE-2023-45285: (cmd/go) go get may unexpectedly fallback to insecure git [GH-19840]
connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address CVE-2023-44487 [GH-19274]

FEATURES:

acl: Adds nomad client templated policy [GH-19827]
cli: Adds new subcommand peering exported-services to list services exported to a peer . Refer to the CLI docs for more information. [GH-19821]

IMPROVEMENTS:

mesh: parse the proxy-defaults protocol when write the config-entry to avoid parsing it when compiling the discovery chain. [GH-19829]
wan-federation: use a hash to diff config entries when replicating in the secondary DC to avoid unnecessary writes.. [GH-19795]
Replaces UI Side Nav with Helios Design System Side Nav. Adds dc/partition/namespace searching in Side Nav. [GH-19342]
acl: add api-gateway templated policy [GH-19728]
acl: add templated policy descriptions [GH-19735]
api: Add support for listing ACL tokens by service name when using templated policies. [GH-19666]
cli: stop simultaneous usage of -templated-policy and -templated-policy-file when creating a role or token. [GH-19389]
cloud: push additional server TLS metadata to HCP [GH-19682]
connect: Default stats_flush_interval to 60 seconds when using the Consul Telemetry Collector, unless custom stats sink are present or an explicit flush interval is configured. [GH-19663]
metrics: increment consul.client.rpc.failed if RPC fails because no servers are accessible [GH-19721]
metrics: modify consul.client.rpc metric to exclude internal retries for consistency with consul.client.rpc.exceeded and consul.client.rpc.failed [GH-19721]
ui: move nspace and partitions requests into their selector menus [GH-19594]

BUG FIXES:

CLI: fix a panic when deleting a non existing policy by name. [GH-19679]
Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. [GH-19268]
ca: Fix bug with Vault CA provider where renewing a retracted token would cause retries in a tight loop, degrading performance. [GH-19285]
ca: Fix bug with Vault CA provider where token renewal goroutines could leak if CA failed to initialize. [GH-19285]
connect: Solves an issue where two upstream services with the same name in different namespaces were not getting routed to correctly by API Gateways. [GH-19860]
federation: (Enterprise Only) Fixed an issue where namespace reconciliation could result into the secondary having dangling instances of namespaces marked for deletion
ui: clear peer on home logo link [GH-19549]
ui: fix being able to view peered services from non-default namnespaces [GH-19586]
ui: stop manually reconciling services if peering is enabled [GH-19907]
wan-federation: Fix a bug where servers wan-federated through mesh-gateways could crash due to overlapping LAN IP addresses. [GH-19503]
xds: Add configurable xds_fetch_timeout_ms option to proxy registrations that allows users to prevent endpoints from dropping when they have proxies with a large number of upstreams. [GH-19871]
xds: ensure child resources are re-sent to Envoy when the parent is updated even if the child already has pending updates. [GH-19866]

Security

Details

date

Dec. 14, 2023, 10:54 p.m.

name

v1.17.1

type

Patch

official page

https://github.com/hashicorp/consul/releases/tag/v1.17.1

👇

🔍View and search all Consul releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity