Consul - v1.17.4
Security
1.17.4 Enterprise (March 26, 2024)
SECURITY:
- Update
google.golang.org/protobuf
to v1.33.0 to address CVE-2024-24786. [GH-20801] - Update the Consul Build Go base image to
alpine3.19
. This resolves CVEs
CVE-2023-52425
CVE-2023-52426 [GH-20812] - Upgrade to use Go
1.21.8
. This resolves CVEs
CVE-2024-24783 (crypto/x509
).
CVE-2023-45290 (net/http
).
CVE-2023-45289 (net/http
,net/http/cookiejar
).
CVE-2024-24785 (html/template
).
CVE-2024-24784 (net/mail
). [GH-20812]
IMPROVEMENTS:
- api: Randomize the returned server list for the WatchServers gRPC endpoint. [GH-20866]
- snapshot agent: (Enterprise only) Add support for multiple snapshot destinations using the
backup_destinations
config file object.
BUG FIXES:
- connect: Fix issue where Consul-dataplane xDS sessions would not utilize the streaming backend for wan-federated queries. [GH-20868]
- connect: Fix potential goroutine leak in xDS stream handling. [GH-20866]
- connect: Fix xDS deadlock that could result in proxies being unable to start. [GH-20867]
- dns: SERVFAIL when resolving not found PTR records. [GH-20679]
- ingress-gateway: (Enterprise Only) Fix a bug where on update, Ingress Gateways lost all upstreams for listeners with wildcard services in a different namespace.
- snapshot-agent: (Enterprise only) Fix a bug with static AWS credentials where one of the key id or secret key is provided via config file and the other is provided via an environment variable.
Details
date
March 27, 2024, 9:01 p.m.
name
v1.17.4 (Enterprise)
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Consul releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!