ยซ Changelog History


consul v1.4.3 Release Notes

Release Date: 2019-03-05 // about 5 years ago

  • ๐Ÿ”’ SECURITY:

    • ๐Ÿ›  Fixed a potential privilege escalation issue with the Consul 1.4.X ACL system when ACL token replication was enabled. (CVE-2019-8336) [GH-5423]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  agent: Fixed a bug that could cause invalid memberlist protocol versions to propagate throughout the cluster. [GH-3217]
    • ๐Ÿ›  server: Fixed a race condition during server initialization and leadership monitoring. [GH-5322]
    • agent: only enable TLS on gRPC if the HTTPS API port is enabled [GH-5287]
    • 0๏ธโƒฃ agent: Fixed default log file permissions. [GH-5346]
    • ๐Ÿ›  api: Fixed bug where /connect/intentions endpoint didn't return X-Consul-Index [GH-5355]
    • ๐Ÿšš agent: Ensure that reaped servers are removed from RPC routing. [GH-5317]
    • acl: Fix potential race condition when listing or retrieving ACL tokens. [GH-5412]
    • ๐Ÿ›  agent: Fixed race condition that could turn up while registering services on the local agent. [GH-4998]

    ๐Ÿ”‹ FEATURES:

    • prepared queries: Enable ServiceMeta filtering for prepared queries. [GH-5291]
    • dns: Enabled caching of RPC responses within the DNS server. [GH-5300]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • agent: Check ACLs more often for xDS stream endpoints. [GH-5237]
    • ๐Ÿ“‡ connect: Sidecar services now inherit tags and service metadata of the parent service by default. [GH-5291]
    • connect: Envoy proxies can now have cluster-specific config overrides via new "escape hatches": [GH-5308]
    • agent: Added opt-in ACL token persistence for tokens set with the agent/token/* endpoints: [GH-5328]
    • 0๏ธโƒฃ agent: Default to requiring protocol version 1.2 for TLS connections. The docs previously said this was going to be the default in 0.8+ but it had been left at 1.0 until now. [GH-5340]