Consul - v1.18.0
Security
BREAKING CHANGES:
- config-entries: Allow disabling request and idle timeouts with negative values in service router and service resolver config entries. [GH-19992]
- telemetry: Adds fix to always use the value of
telemetry.disable_hostname
when determining whether to prefix gauge-type metrics with the hostname of the Consul agent. Previously, if only the default metric sink was enabled, this configuration was ignored and always treated astrue
, even though its default value isfalse
. [GH-20312]
SECURITY:
- Update
golang.org/x/crypto
to v0.17.0 to address CVE-2023-48795. [GH-20023] - connect: Update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address CVE-2023-44487 [GH-19306]
- mesh: Update Envoy versions to 1.28.1, 1.27.3, and 1.26.7 to address CVE-2024-23324, CVE-2024-23325, CVE-2024-23322, CVE-2024-23323, CVE-2024-23327, CVE-2023-44487, GH-20589], CVE-2023-44487, and [GH-19879]
FEATURES:
- acl: add policy bindtype to binding rules. [GH-19499]
- agent: Introduces a new agent config default_intention_policy to decouple the default intention behavior from ACLs [GH-20544]
- agent: add fault injection filter support [GH-7513]
- cloud: Adds new API/CLI to initiate and manage linking a Consul cluster to HCP Consul Central [GH-20312]
- dns: adds experimental support for a refactored DNS server that is v1 and v2 Catalog compatible.
Usev2dns
in theexperiments
agent config to enable.
It will automatically be enabled when using theresource-apis
(Catalog v2) experiment.
The new DNS implementation will be the default in Consul 1.19.
See the Consul 1.18.x Release Notes for deprecated DNS features. [GH-20643] - ui: Added a banner to let users link their clusters to HCP [GH-20275]
- ui: Adds a redirect and warning message around unavailable UI with V2 enabled [GH-20359]
- ui: adds V2CatalogEnabled to config that is passed to the ui [GH-20353]
- v2: prevent use of the v2 experiments in secondary datacenters for now [GH-20299]
IMPROVEMENTS:
- cloud: unconditionally add Access-Control-Expose-Headers HTTP header [GH-20220]
- connect: Replace usage of deprecated Envoy field
envoy.config.core.v3.HeaderValueOption.append
. [GH-20078] - connect: Replace usage of deprecated Envoy fields
envoy.config.route.v3.HeaderMatcher.safe_regex_match
andenvoy.type.matcher.v3.RegexMatcher.google_re2
. [GH-20013] - docs: add Link API documentation [GH-20308]
- resource: lowercase names enforced for v2 resources only. [GH-19218]
BUG FIXES:
- dns: SERVFAIL when resolving not found PTR records. [GH-20679]
- raft: Fix panic during downgrade from enterprise to oss. [GH-19311]
- server: Ensure controllers are automatically restarted on internal stream errors. [GH-20642]
- server: Ensure internal streams are properly terminated on snapshot restore. [GH-20642]
- snapshot-agent: (Enterprise only) Fix a bug with static AWS credentials where one of the key id or secret key is provided via config file and the other is provided via an environment variable.
Details
date
Feb. 27, 2024, 9:03 p.m.
name
v1.18.0
type
Minor
official page
👇
Register or login to:
- 🔍View and search all Consul releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!