consul v1.10.1 Release Notes
Release Date: 2021-07-15 // over 2 years ago-
KNOWN ISSUES:
- The change to enable streaming by default uncovered an incompatibility between streaming and WAN federation over mesh gateways causing traffic to fall back to attempting a direct WAN connection rather than transiting through the gateways. We currently suggest explicitly setting
use_streaming_backend=false
if using WAN federation over mesh gateways when upgrading to 1.10.1 and are working to address this issue in a future patch release.
๐ SECURITY:
- xds: ensure envoy verifies the subject alternative name for upstreams CVE-2021-32574 [GH-10621]
- 0๏ธโฃ xds: ensure single L7 deny intention with default deny policy does not result in allow action CVE-2021-36213 [GH-10619]
๐ FEATURES:
- ๐ง cli: allow running
redirect-traffic
command in a provided Linux namespace. [GH-10564] - ๐ง sdk: allow applying
iptables
rules in a provided Linux namespace. [GH-10564]
๐ IMPROVEMENTS:
- acl: Return secret ID when listing tokens if accessor has
acl:write
[GH-10546] - 0๏ธโฃ structs: prevent service-defaults upstream configs from using wildcard names or namespaces [GH-10475]
- ๐ ui: Move all CSS icons to use standard CSS custom properties rather than SASS variables [GH-10298]
๐ DEPRECATIONS:
- ๐ connect/ca: remove the
RotationPeriod
field from the Consul CA provider, it was not used for anything. [GH-10552]
๐ BUG FIXES:
- ๐ agent: fix a panic on 32-bit platforms caused by misaligned struct fields used with sync/atomic. [GH-10515]
- ๐ ca: Fixed a bug that returned a malformed certificate chain when the certificate did not having a trailing newline. [GH-10411]
- 0๏ธโฃ checks: fixes the default ServerName used with TLS health checks. [GH-10490]
- ๐ connect/proxy: fixes logic bug preventing builtin/native proxy from starting upstream listeners [GH-10486]
- streaming: fix a bug that was preventing streaming from being enabled. [GH-10514]
- ui: (Enterprise only) Ensure permissions are checked based on the actively selected namespace [GH-10608]
- ๐ป ui: Ensure in-folder KVs are created in the correct folder [GH-10569]
- ๐ป ui: Fix KV editor syntax highlighting [GH-10605]
- ๐ป ui: Send service name down to Stats to properly call endpoint for Upstreams and Downstreams metrics [GH-10535]
- ๐ป ui: Show ACLs disabled page at Tokens page instead of 403 error when ACLs are disabled [GH-10604]
- 0๏ธโฃ ui: Use the token's namespace instead of the default namespace when not specifying a namespace in the URL [GH-10503]
- The change to enable streaming by default uncovered an incompatibility between streaming and WAN federation over mesh gateways causing traffic to fall back to attempting a direct WAN connection rather than transiting through the gateways. We currently suggest explicitly setting