consul v1.4.3 Release Notes
Release Date: 2019-03-05 // about 5 years ago-
๐ SECURITY:
- ๐ Fixed a potential privilege escalation issue with the Consul 1.4.X ACL system when ACL token replication was enabled. (CVE-2019-8336) [GH-5423]
๐ BUG FIXES:
- ๐ agent: Fixed a bug that could cause invalid memberlist protocol versions to propagate throughout the cluster. [GH-3217]
- ๐ server: Fixed a race condition during server initialization and leadership monitoring. [GH-5322]
- agent: only enable TLS on gRPC if the HTTPS API port is enabled [GH-5287]
- 0๏ธโฃ agent: Fixed default log file permissions. [GH-5346]
- ๐ api: Fixed bug where
/connect/intentions
endpoint didn't returnX-Consul-Index
[GH-5355] - ๐ agent: Ensure that reaped servers are removed from RPC routing. [GH-5317]
- acl: Fix potential race condition when listing or retrieving ACL tokens. [GH-5412]
- ๐ agent: Fixed race condition that could turn up while registering services on the local agent. [GH-4998]
๐ FEATURES:
- prepared queries: Enable ServiceMeta filtering for prepared queries. [GH-5291]
- dns: Enabled caching of RPC responses within the DNS server. [GH-5300]
๐ IMPROVEMENTS:
- agent: Check ACLs more often for xDS stream endpoints. [GH-5237]
- ๐ connect: Sidecar services now inherit tags and service metadata of the parent service by default. [GH-5291]
- connect: Envoy proxies can now have cluster-specific config overrides via new "escape hatches": [GH-5308]
- agent: Added opt-in ACL token persistence for tokens set with the agent/token/* endpoints: [GH-5328]
- 0๏ธโฃ agent: Default to requiring protocol version 1.2 for TLS connections. The docs previously said this was going to be the default in 0.8+ but it had been left at 1.0 until now. [GH-5340]