consul v1.8.5 Release Notes

Release Date: 2020-10-23 // over 3 years ago
  • 1.8.5 (October 23, 2020)

    ๐Ÿ”’ SECURITY:

    • ๐Ÿ›  Fix Consul Enterprise Namespace Config Entry Replication DoS. Previously an operator with service:write ACL permissions in a Consul Enterprise cluster could write a malicious config entry that caused infinite raft writes due to issues with the namespace replication logic. [CVE-2020-25201] [GH-9024]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • api: The v1/connect/ca/roots endpoint now accepts a pem=true query parameter and will return a PEM encoded certificate chain of
      all the certificates that would normally be in the JSON version of the response. [GH-8774]
    • ๐Ÿ‘ connect: The Vault provider will now automatically renew the lease of the token used, if supported. [GH-8560]
    • ๐Ÿš€ connect: update supported envoy releases to 1.14.5, 1.13.6, 1.12.7, 1.11.2 for 1.8.x [GH-8999]

    ๐Ÿ› BUG FIXES:

    • agent: when enable_central_service_config is enabled ensure agent reload doesn't revert check state to critical [GH-8747]
    • ๐Ÿ›  connect: Fixed an issue where the Vault intermediate was not renewed in the primary datacenter. [GH-8784]
    • connect: fix Vault provider not respecting IntermediateCertTTL [GH-8646]
    • connect: fix connect sidecars registered via the API not being automatically deregistered with their parent service after an agent restart by persisting the LocallyRegisteredAsSidecar property. [GH-8924]
    • ๐Ÿ›  fixed a bug that caused logs to be flooded with [WARN] agent.router: Non-server in server-only area [GH-8685]
    • ๐Ÿ’ป ui: show correct datacenter for gateways [GH-8704]