All Versions
76
Latest Version
Avg Release Cycle
30 days
Latest Release
16 days ago

Changelog History
Page 1

  • v1.7.2

    March 16, 2020

    πŸ‘Œ IMPROVEMENTS:

    • πŸ”§ agent: add option to configure max request length for /v1/txn endpoint [GH-7388]
    • πŸ— build: bump the expected go language version of the main module to 1.13 [GH-7429]
    • πŸ’» agent: add http_config.response header to the UI headers [GH-7369]
    • agent: Added documentation and error messages related to kv_max_value_size option [GH-7405]]
    • agent: Take Prometheus MIME-type header into account [GH-7371]]

    πŸ›  BUGFIXES:

    • ⚑️ acl: Updated token resolution so managed service provider token applies to all endpoints. [GH-7431]
    • πŸ›  agent: Fixed error output when agent crashes early [GH-7411]
    • agent: Handle bars in node names when displaying lists in CLI like consul members [GH-6652]]
    • agent: Avoid discarding health check status on consul reload [GH-7345]]
    • network areas: (Consul Enterprise only) - Fixed compatibility issues with network areas and v1.4.0+ ACLs as well as network areas and namespaces. The issue was that secondary datacenters connected to the primary via a network area were not properly detecting that the primary DC supported those other features.
    • πŸ›  sessions: Fixed backwards incompatibility with 1.6.x and earlier [GH-7395][GH-7399]
    • πŸ›  sessions: Fixed backwards incompatibility with 1.6.x and earlier [GH-7395][GH-7398]
    • πŸ’» ui: Fixed a DOM refreshing bug on the node detail page which forced an scroll reset [GH-7365][GH-7377]
    • πŸ’» ui: Fix blocking query requests for the coordinates API requests [GH-7378]
    • πŸ’» ui: Enable recovery from an unreachable datacenter [GH-7404]
  • v1.7.1

    February 20, 2020

    πŸ‘Œ IMPROVEMENTS:

    • agent: sensible keyring error [GH-7272]
    • agent: add server raft.{last,applied}_index gauges [GH-6694]
    • πŸ— build: Switched to compile with Go 1.13.7 [GH-7262]
    • config: increase http_max_conns_per_client default to 200 [GH-7289]
    • πŸ‘ tls: support TLS 1.3 [GH-7325]

    πŸ›  BUGFIXES:

    • acl: (Consul Enterprise only) Fixed an issue that prevented remote policy and role resolution from working when namespace policy or role defaults were configured.
    • πŸ“œ dns: Fixed an issue that could cause the DNS server to consume excessive CPU resources when trying to parse IPv6 recursor addresses: [GH-6120]
    • πŸ”§ dns: Fixed an issue that caused Consul to setup a root zone handler when no alt_domain was configured. [GH-7323]
    • πŸ›  sessions: Fixed an issue that was causing deletions of a non-existent session to return a 500 when ACLs were enabled. [GH-6840]
    • πŸ”§ xds: Fix envoy retryOn behavior when multiple behaviors are configured [GH-7280]
    • πŸ”§ xds: Mesh Gateway fixes to prevent configuring extra clusters and for properly handling a service-resolvers default subset. [GH-7294]
    • πŸ’» ui: Gracefully cope with errors in discovery-chain when connect is disabled [GH-7291]
  • v1.7.0

    February 11, 2020

    NOTES:

    • 🏁 cli: Our Windows 32-bit and 64-bit executables for this version and up will be signed with a HashiCorp certificate. Windows users will no longer see a warning about an "unknown publisher" when running our software.

    • πŸš€ cli: Our darwin releases for this version and up will be signed and notarized according to Apple's requirements.

    πŸš€ Prior to this release, MacOS 10.15+ users attempting to run our software may see the error: "'consul' cannot be opened because the developer cannot be verified." This error affected all MacOS 10.15+ users who downloaded our software directly via web browsers, and was caused by changes to Apple's third-party software requirements.

    ⬆️ MacOS 10.15+ users should plan to upgrade to 1.7.0+.

    πŸ”’ SECURITY:

    • ⚑️ dns: Updated miekg/dns dependency to fix a memory leak and CVE-2019-19794. [GH-6984], [GH-7252]
    • ⚑️ updated to compile with [Go 1.12.16] which includes a fix for CVE-2020-0601 on windows [GH-7153]

    πŸ’₯ BREAKING CHANGES:

    • http: The HTTP API no longer accepts JSON fields that are unknown to it. Instead errors will be returned with 400 status codes [GH-6874]
    • dns: PTR record queries now return answers that contain the Consul datacenter as a label between service and the domain. [GH-6909]
    • agent: The ACL requirement for the agent/force-leave endpoint is now operator:write rather than agent:write. [GH-7033]
    • πŸ”Š logging: Switch over to using go-hclog and allow emitting either structured or unstructured logs. This changes the log format quite a bit and could break any log parsing users may have in place. [GH-1249][GH-7130]
    • intentions: Change the ACL requirement and enforcement for wildcard rules. Previously this would look for an ACL rule that would grant access to the service/intention *. Now, in order to write a wildcard intention requires write access to all intentions and reading a wildcard intention requires read access to any intention that would match. Additionally intention listing and reading allow access if the requester can read either side of the intention whereas before it only allowed it for permissions on the destination side. [GH-7028]
    • telemetry: consul.rpc.query has changed to only measure the start of srv.blockingQuery() calls. In certain rare cases where there are lots of idempotent updates this will cause the metric to report lower than before. The counter should now provides more meaningful behavior that maps to the rate of client-initiated requests. [GH-7224]

    πŸ”‹ FEATURES:

    • Namespaces (Consul Enterprise only) This version adds namespacing to Consul. Namespaces help reduce operational challenges by removing restrictions around uniqueness of resource names across distinct teams, and enable operators to provide self-service through delegation of administrative privileges. Namespace support was added to:
      • ACLs
      • Key/Value Store
      • Sessions
      • Catalog
      • Connect
      • UI [GH6639]
    • πŸ‘ agent: Add Cloud Auto-join support for Tencent Cloud [GH-6818]
    • πŸ“„ connect: Added a new CA provider allowing Connect certificates to be managed by AWS ACM Private CA.
    • πŸ”§ connect: Allow configuration of upstream connection limits in Envoy [GH-6829]
    • πŸ’» ui: Adds UI support for Exposed Checks [GH6575]
    • πŸ’» ui: Visualisation of the Discovery Chain [GH6746]

    πŸ‘Œ IMPROVEMENTS:

    • acl: Use constant time comparison when checking for the ACL agent master token. [GH-6943]
    • acl: Add accessorID of token when ops are denied by ACL system [GH-7117]
    • πŸ”§ agent: default the primary_datacenter to the datacenter if not configured [GH-7111]
    • πŸ”§ agent: configurable MaxQueryTime and DefaultQueryTime [GH-3777]
    • agent: do not deregister service checks twice [GH-6168]
    • 🚚 agent: remove service sidecars in cleanupRegistration [GH-7022]
    • agent: setup grpc server with auto_encrypt certs and add -https-port [GH-7086
    • ⚑️ agent: some check types now support configuring a number of consecutive failure and success before the check status is updated in the catalog. [GH-5739]
    • 🚚 agent: clients should only attempt to remove pruned nodes once per call [GH-6591]
    • πŸ”§ agent: Consul HTTP checks can now send a configurable body in the request. [GH-6602]
    • agent: increase watchLimit to 8192. [GH-7200]
    • api: A new /v1/catalog/node-services/:node endpoint was added that mirrors the existing /v1/catalog/node/:node endpoint but has a response structure that contains a slice of services instead of a map of service ids to services. This new endpoint allows retrieving all services in all namespaces for a node. [GH-7115]
    • api: add option to set TLS options in-memory for API client [GH-7093]
    • πŸ“¦ api: add replace-existing-checks param to the api package [GH-7136]
    • πŸ”§ auto_encrypt: set dns and ip san for k8s and provide configuration [GH-6944]
    • cli: improve the file safety of 'consul tls' subcommands [GH-7186]
    • cli: give feedback to CLI user on forceleave command if node does not exist [GH-6841]
    • connect: Envoy's whole stats endpoint can now be exposed to allow integrations like DataDog agent [GH-7070]
    • connect: check if intermediate cert needs to be renewed. [GH-6835]
    • πŸ”§ connect: Allow inlining of the TLS certificate in the Envoy configuration. [GH-6360]
    • dns: Improvement to enable dual stack IPv4/IPv6 addressing of services and lookup via DNS [GH-6531]
    • πŸ”’ lock: consul lock will now receive shutdown signals during the lock-acquisition process. [GH-5909]
    • raft: increase raft notify buffer [GH-6863]
    • ⚑️ raft: update raft to v1.1.2 [GH-7079]
    • router: do not surface left servers [GH-6420]
    • 🌲 rpc: log method when a server/server RPC call fails [GH-4548]
    • sentinel: (Consul Enterprise only) The Sentinel framework was upgraded to v0.13.0. See the Sentinel Release Notes for more information.
    • telemetry: Added consul.rpc.queries_blocking gauge to measure the current number of in-flight blocking queries. [GH-7224]
    • 0️⃣ ui: Discovery chain improvements for clarifying the default router [GH-7222]
    • πŸ’» ui: Added unique browser titles to each page [GH-7118]
    • ⚑️ ui: Add live updates/blocking queries to the Intention listing page [GH-7161]
    • πŸ’» ui: Use more consistent icons with other HashiCorp products in the UI [GH-6851]
    • πŸ’» ui: Improvements to the Discovery Chain visualisation in respect to redirects [GH-7036]
    • πŸ’» ui: Improvement keyboard navigation of the main menu [GH-7090]
    • πŸ”Š ui: New row confirmation dialogs [GH-7007]
    • πŸ’» ui: Various visual CSS amends and alterations [GH6495] [[GH6881]](https://github.com/hashicorp/consul/
    • πŸ’» ui: Hides the Routing tab for a service proxy [GH-7195]
    • πŸ’» ui: Add ability to search nodes listing page with IP Address [GH-7204]
    • xds: mesh gateway CDS requests are now allowed to receive an empty CDS reply [GH-6787]
    • βœ… xds: Verified integration test suite with Envoy 1.12.2 & 1.13.0 [GH-6947]
    • agent: Added ACL token for Consul managed service providers [GH-7218]

    πŸ›  BUGFIXES:

    • agent: fix watch event behavior [GH-5265]
    • πŸ”€ agent: ensure node info sync and full sync [GH-7189]
    • πŸ›  autopilot: Fixed dead server removal condition to use correct failure tolerance. [GH-4017]
    • cli: services register command now correctly registers an unamed healthcheck [GH-6800]
    • πŸš€ cli: remove -dev from consul version in ARM builds in the 1.6.2 release [GH-6875]
    • cli: ui_content_path config option fix [GH-6601]
    • πŸ“œ config: Fixed a bug that caused some config parsing to be case-sensitive: [GH-7191]
    • connect: CAs can now use RSA keys correctly to sign EC leafs [GH-6638]
    • connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index [GH-7011]
    • ⚑️ connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison [GH-7012]
    • connect: use correct subject key id for leaf certificates. [GH-7091]
    • 🌲 log: handle discard all logfiles properly [GH-6945]
    • ⚑️ state: restore a few more service-kind index updates so blocking in ServiceDump works in more cases [GH-6948]
    • tls: fix behavior related to auto_encrypt and verify_incoming (#6899) [GH-6811]
    • πŸ’» ui: Ensure the main navigation menu is closed on click [GH-7164]
    • ⚑️ ui: Ensure KV flags are passed through to Consul on update [GH-7216]
    • πŸ’» ui: Fix positioning of active icon in main navigation menu [GH-7233]
    • πŸ’» ui: Ensure the Namespace property is sent to Consul in OSS [GH-7238]
    • 🚚 ui: Remove the Policy/Service Identity selector from namespace policy form [GH-7124]
    • πŸ’» ui: Fix positioning of active icon in the selected menu item [GH-7148]
    • πŸ“œ ui: Discovery-Chain: Improve parsing of redirects [GH-7174]
    • πŸ’» ui: Fix styling of β€˜duplicate intention’ error message [GH6936]
  • v1.7.0-beta4

    January 31, 2020

    πŸ”’ SECURITY

    • agent: mitigate potential DoS vector allowing unbounded server resource usage from unauthenticated connections [GH-7159]
    • acl: add ACL enforcement to the v1/agent/health/service/* endpoints [GH-7160]

    πŸ‘Œ IMPROVEMENTS:

    • πŸ”Š logging: Switch over to using go-hclog and allow emitting either structured or unstructured logs. [GH-1249][GH-7130]

    πŸ›  BUGFIXES:

    • acl: (Consul Enterprise only) intention:write privileges are now granted by the namespace-management policy that is injected into each new namespace.
    • πŸ“œ config: Fixed a bug that caused some config parsing to be case-sensitive: [GH-7191]
    • connect: (Consul Enterprise only) Fixed a bug that caused Envoy intention authorization to improperly request authorization in the default namespace.
    • connect: (Consul Enterprise only) Fixed bugs that caused the intention CLI interface to not properly handle namespaces in the strings passed as its arguments.
    • 🚚 ui: Remove the Policy/Service Identity selector from namespace policy form [GH-7124]
    • πŸ’» ui: Fix positioning of active icon in the selected menu item [GH-7148]
    • πŸ“œ ui: Discovery-Chain: Improve parsing of redirects [GH-7174]

    πŸ‘Œ IMPROVEMENTS:

    • cli: improve the file safety of 'consul tls' subcommands [GH-7186]
    • πŸ’» ui: Added unique browser titles to each page [GH-7118]
    • ⚑️ ui: Add live updates/blocking queries to the Intention listing page [GH-7161]
  • v1.7.0-beta3

    January 24, 2020

    πŸ’₯ BREAKING CHANGES:

    • agent: The ACL requirement for the agent/force-leave endpoint is now operator:write rather than agent:write. [GH-7033]
    • intentions: Change the ACL requirement and enforcement for wildcard rules. Previously this would look for an ACL rule that would grant access to the service/intention *. Now, in order to write a wildcard intention requires write access to all intentions and reading a wildcard intention requires read access to any intention that would match. Additionally intention listing and reading allow access if the requester can read either side of the intention whereas before it only allowed it for permissions on the destination side. [GH-7028]

    πŸ”‹ FEATURES:

    • acl: (Consul Enterprise only) auth methods defined in the default namespace gained the ability to create tokens in alternate namespaces. This capability was implemented for all existing auth methods.
    • connect: (Consul Enterprise only) Namespaces are now fully functional with Connect and Configuration Entries.

    πŸ‘Œ IMPROVEMENTS:

    • πŸ”§ agent: default the primary_datacenter to the datacenter if not configured [GH-7111]
    • πŸ”§ agent: configurable MaxQueryTime and DefaultQueryTime [GH-3777]
    • agent: do not deregister service checks twice [GH-6168]
    • 🚚 agent: remove service sidecars in cleanupRegistration [GH-7022]
    • agent: setup grpc server with auto_encrypt certs and add -https-port [GH-7086
    • api: A new /v1/catalog/node-services/:node endpoint was added that mirrors the existing /v1/catalog/node/:node endpoint but has a response structure that contains a slice of services instead of a map of service ids to services. This new endpoint allow retrieving all services in all namespaces for a node. [GH-7115]
    • πŸ”§ auto_encrypt: set dns and ip san for k8s and provide configuration [GH-6944]
    • connect: check if intermediate cert needs to be renewed. [GH-6835]
    • dns: Improvement to enable dual stack IPv4/IPv6 addressing of services and lookup via DNS [GH-6531]
    • πŸ”’ lock: consul lock will now receive shutdown signals during the lock-acquisition process. [GH-5909]
    • raft: increase raft notify buffer [GH-6863]
    • ⚑️ raft: update raft to v1.1.2 [GH-7079]
    • 🌲 rpc: log method when a server/server RPC call fails [GH-4548]
    • πŸ’» ui: Use more consistent icons with other HashiCorp products in the UI [GH-6851]
    • πŸ’» ui: Improvements to the Discovery Chain visualisation in respect to redirects [GH-7036]
    • πŸ’» ui: Improvement keyboard navigation of the main menu [GH-7090]
    • πŸ”Š ui: New row confirmation dialogs [GH-7007]

    πŸ›  BUGFIXES:

    • connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index [GH-7011]
    • ⚑️ connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison [GH-7012]
    • connect: use correct subject key id for leaf certificates. [GH-7091]
  • v1.7.0-beta2

    December 20, 2019

    πŸ”‹ FEATURES:

    πŸ‘Œ IMPROVEMENTS:

    • acl: Use constant time comparison when checking for the ACL agent master token. [GH-6943]
    • api: (Consul Enterprise only) The API client will now configure the HTTP Client's configured default namespace to the value of the CONSUL_NAMESPACE environment variable if not explicitly overridden.
    • πŸ”§ connect: Allow inlining of the TLS certificate in the Envoy configuration. [GH-6360]
    • namespaces: (Consul Enterprise only) The desired namespace will be defaulted to the namespace of the ACL token used for an HTTP/RPC request if no other namespace is explicitly set.
    • namespaces: (Consul Enterprise only) Allow for creating and resolving tokens not linked to any roles, policies or service identities. These tokens can be granted access based on the default policies and roles associated with the tokens namespace.
    • πŸ’» ui: Various visual CSS amends and alterations [GH6495] [GH6881]

    πŸ› BUG FIXES

    • api: (Consul Enterprise only) The Meta field was added into the Namespace struct definition within the API module. Previously the HTTP accepted this field, it was just missing from the API client.
    • πŸ›  autopilot: Fixed dead server removal condition to use correct failure tolerance. [GH-4017]
    • cli: (Consul Enterprise only) Changed the CLI parameter used to specify the namespace from -ns to `-namespace.
    • dns: (Consul Enterprise only) Fixed an issue resulting in the dns_config.prefer_namespace configuration to not work properly.
    • ⚑️ dns: Updated miekg/dns dependency to fix a memory leak. [GH-6748]
    • 🌲 log: handle discard all logfiles properly [GH-6945]
    • ⚑️ state: restore a few more service-kind index updates so blocking in ServiceDump works in more cases [GH-6948]
    • πŸ’» ui: Fix styling of β€˜duplicate intention’ error message [GH6936]
  • v1.7.0-beta1

    December 10, 2019

    NOTES:

    • πŸš€ cli: Our darwin releases for this version and up will be signed and notarized according to Apple's requirements.

    πŸš€ Prior to this release, MacOS 10.15+ users attempting to run our software may see the error: "'consul' cannot be opened because the developer cannot be verified." This error affected all MacOS 10.15+ users who downloaded our software directly via web browsers, and was caused by changes to Apple's third-party software requirements.

    ⬆️ MacOS 10.15+ users should plan to upgrade to 1.7.0+.

    πŸ’₯ BREAKING CHANGES:

    • http: The HTTP API no longer accepts JSON fields that are unknown to it. Instead errors will be returned with 400 status codes [GH-6874]
    • dns: PTR record queries now return answers that contain the Consul datacenter as a label between service and the domain. [GH-6909]

    πŸ”‹ FEATURES

    • Namespaces (Consul Enterprise only) This version adds namespacing to Consul. Namespaces help reduce operational challenges by removing restrictions around uniqueness of resource names across distinct teams, and enable operators to provide self-service through delegation of administrative privileges.
    • GCP Snapshot Storage (Consul Enterprise only). This allows for Consul snapshots (created as backup for disaster recovery) to be stored in GCP
    • πŸ“„ connect: Added a new CA provider allowing Connect certificates to be managed by AWS ACM Private CA.
    • πŸ”§ connect: Allow configuration of upstream connection limits in Envoy [GH-6829]
    • πŸ‘ agent: Add Cloud Auto-join support for Tencent Cloud [GH-6818]

    πŸ‘Œ IMPROVEMENTS

    • ⚑️ agent: some check types now support configuring a number of consecutive failure and success before the check status is updated in the catalog. [GH-5739]
    • 🚚 agent: clients should only attempt to remove pruned nodes once per call [GH-6591]
    • cli: give feedback to CLI user on forceleave command if node does not exist [GH-6841]
    • router: do not surface left servers [GH-6420]
    • sentinel: (Consul Enterprise only) The Sentinel framework was upgraded to v0.13.0. See the Sentinel Release Notes for more information.
    • xds: mesh gateway CDS requests are now allowed to receive an empty CDS reply [GH-6787]

    πŸ› BUG FIXES

    • πŸš€ cli: remove -dev from consul version in ARM builds in the 1.6.2 release [GH-6875]
    • cli: ui_content_path config option fix [GH-6601]
    • agent: fix watch event behavior [GH-5265]
    • connect: CAs can now use RSA keys correctly to sign EC leafs [GH-6638]
    • cli: services register command now correctly registers an unamed healthcheck [GH-6800]
    • tls: fix behavior related to auto_encrypt and verify_incoming (#6899) [GH-6811]
  • v1.6.4

    February 20, 2020

    πŸ”’ SECURITY:

    • ⚑️ dns: Updated miekg/dns dependency to fix a memory leak and CVE-2019-19794. [GH-6984], [GH-7261]
  • v1.6.3

    January 30, 2020

    πŸ”’ SECURITY

    • agent: mitigate potential DoS vector allowing unbounded server resource usage from unauthenticated connections [GH-7159]
    • acl: add ACL enforcement to the v1/agent/health/service/* endpoints [GH-7160]

    πŸ‘Œ IMPROVEMENTS

    • tls: auto_encrypt and verify_incoming [GH-6811]

    πŸ› BUG FIXES

    • agent: output proper HTTP status codes for Txn requests that are too large [GH-7158]
    • connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index [GH-7011]
    • ⚑️ connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison [GH-7012]
  • v1.6.2

    November 13, 2019

    πŸ”’ SECURITY

    • ⚑️ Updated to compile with Go 1.12.13 which includes a fix for CVE-2019-17596 in [Go 1.12.11] [GH-6319]

    πŸ”‹ FEATURES

    • agent: store check type in catalog [GH-6561]
    • ⚑️ agent: update force-leave to allow for complete removal of members [GH-6571]
    • ⚑️ agent: updates to the agent token trigger anti-entropy full syncs [GH-6577]
    • πŸ‘ snapshot agent (Consul Enterprise): Added support for saving snapshots to Google Cloud Storage.
    • connect: Added proxy config stanza to allow exposing HTTP paths through Envoy for non-Connect-enabled services [GH-5396]

    πŸ‘Œ IMPROVEMENTS

    • ⬆️ licensing (Consul Enterprise): Increase initial server temporary license duration to 6 hours to allow for longer upgrades/migrations.
    • server: ensure the primary datacenter and ACL datacenter match [GH-6634]
    • βœ… sdk: ignore panics due to stray goroutines logging after a test completes [GH-6632]
    • agent: allow mesh gateways to initialize even if there are no connect services registered yet [GH-6576]
    • 🐎 agent: endpoint performance improvements, Txn endpoint in particular. [GH-6680]
    • βœ… sdk: add NewTestServerT, deprecate NewTestServer in testutil to prevent nil point dereference [GH-6761]
    • agent: auto_encrypt provided TLS certificates can now be used to enable HTTPS on clients [GH-6489]
    • ⚑️ sentinel (Consul Enterprise): update to v0.13.0, see Sentinel changelog for more details

    πŸ› BUG FIXES

    • πŸš€ ARM release binaries: Starting with v1.6.2, Consul will ship three separate versions of ARM builds. The previous ARM binaries of Consul could potentially crash due to the way the Go runtime manages internal pointers to its Go routine management constructs and how it keeps track of them especially during signal handling. From v1.6.2 forward, it is recommended to use:
      • consul_{version}_linux_armelv5.zip for all 32-bit armel systems
      • consul_{version}_linux_armhfv6.zip for all armhf systems with v6+ architecture
      • consul_{version}_linux_arm64.zip for all v8 64-bit architectures
    • πŸ“œ agent: Parse the HTTP Authorization header as case-insensitive. [GH-6568]
    • agent: minimum quorum check added to Autopilot with minQuorum option [GH-6654]
    • agent: cache notifications work after error if the underlying RPC returns index=1 [GH-6547]
    • agent: tolerate more failure scenarios during service registration with central config enabled [GH-6472]
    • 🚚 cache: remove data race in agent cache [GH-6470]
    • connect: connect CA Roots in secondary datacenters should use a SigningKeyID derived from their local intermediate [GH-6513]
    • connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs [GH-6492]
    • connect: intermediate CA certs generated with the vault provider lack URI SANs [GH-6491]
    • πŸ”€ debug: Fix a bug in sync.WaitGroup usage. [GH-6649]
    • xds: tcp services using the discovery chain should not assume RDS during LDS [GH-6623]
    • πŸ’» ui: Fix a bug where switching datacenters using the datacenter menu would lead to an empty service listing [GH-6555]