consul v1.10.1 Release Notes

Release Date: 2021-07-15 // 5 months ago
  • KNOWN ISSUES:

    • The change to enable streaming by default uncovered an incompatibility between streaming and WAN federation over mesh gateways causing traffic to fall back to attempting a direct WAN connection rather than transiting through the gateways. We currently suggest explicitly setting use_streaming_backend=false if using WAN federation over mesh gateways when upgrading to 1.10.1 and are working to address this issue in a future patch release.

    ๐Ÿ”’ SECURITY:

    • xds: ensure envoy verifies the subject alternative name for upstreams CVE-2021-32574 [GH-10621]
    • 0๏ธโƒฃ xds: ensure single L7 deny intention with default deny policy does not result in allow action CVE-2021-36213 [GH-10619]

    ๐Ÿ”‹ FEATURES:

    • ๐Ÿง cli: allow running redirect-traffic command in a provided Linux namespace. [GH-10564]
    • ๐Ÿง sdk: allow applying iptables rules in a provided Linux namespace. [GH-10564]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • acl: Return secret ID when listing tokens if accessor has acl:write [GH-10546]
    • 0๏ธโƒฃ structs: prevent service-defaults upstream configs from using wildcard names or namespaces [GH-10475]
    • ๐Ÿšš ui: Move all CSS icons to use standard CSS custom properties rather than SASS variables [GH-10298]

    ๐Ÿ—„ DEPRECATIONS:

    • ๐Ÿšš connect/ca: remove the RotationPeriod field from the Consul CA provider, it was not used for anything. [GH-10552]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ”€ agent: fix a panic on 32-bit platforms caused by misaligned struct fields used with sync/atomic. [GH-10515]
    • ๐Ÿ›  ca: Fixed a bug that returned a malformed certificate chain when the certificate did not having a trailing newline. [GH-10411]
    • 0๏ธโƒฃ checks: fixes the default ServerName used with TLS health checks. [GH-10490]
    • ๐Ÿ›  connect/proxy: fixes logic bug preventing builtin/native proxy from starting upstream listeners [GH-10486]
    • streaming: fix a bug that was preventing streaming from being enabled. [GH-10514]
    • ui: (Enterprise only) Ensure permissions are checked based on the actively selected namespace [GH-10608]
    • ๐Ÿ’ป ui: Ensure in-folder KVs are created in the correct folder [GH-10569]
    • ๐Ÿ’ป ui: Fix KV editor syntax highlighting [GH-10605]
    • ๐Ÿ’ป ui: Send service name down to Stats to properly call endpoint for Upstreams and Downstreams metrics [GH-10535]
    • ๐Ÿ’ป ui: Show ACLs disabled page at Tokens page instead of 403 error when ACLs are disabled [GH-10604]
    • 0๏ธโƒฃ ui: Use the token's namespace instead of the default namespace when not specifying a namespace in the URL [GH-10503]