All Versions
183
Latest Version
Avg Release Cycle
29 days
Latest Release
556 days ago

Changelog History
Page 15

  • v1.1.1 Changes

    November 27, 2018

    ๐Ÿ”’ SECURITY:

  • v1.1.0 Changes

    May 08, 2019

    ๐Ÿ”‹ FEATURES:

    • ๐Ÿ’ป UI: The web UI has been completely redesigned and rebuilt and is in an opt-in beta period. ๐Ÿ’ป Setting the CONSUL_UI_BETA environment variable to 1 or true will replace the existing UI ๐Ÿš€ with the new one. The existing UI will be deprecated and removed in a future release. [GH-4086]
    • ๐Ÿ‘€ api: Added support for Prometheus client format in metrics endpoint with ?format=prometheus (see docs) [GH-4014]
    • agent: New Cloud Auto-join provider: Joyent Triton. [GH-4108]
    • agent: (Consul Enterprise) Implemented license management with license propagation within a datacenter.

    ๐Ÿ’ฅ BREAKING CHANGES:

    • ๐Ÿšš agent: The following previously deprecated fields and config options have been removed [GH-4097]:
      • CheckID has been removed from config file check definitions (use id instead).
      • script has been removed from config file check definitions (use args instead).
      • enableTagOverride is no longer valid in service definitions (use enable_tag_override instead).
      • The deprecated set of metric names (beginning with consul.consul.) has been removed along with the enable_deprecated_names option from the metrics configuration.

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐ŸŽ agent: Improve DNS performance on large clusters [GH-4036]
    • agent: start_join, start_join_wan, retry_join, retry_join_wan config params now all support go-sockaddr templates [GH-4102]
    • server: Added new configuration options raft_snapshot_interval and raft_snapshot_threshold to allow operators to configure how often servers take raft snapshots. The default values for these have been tuned for large and busy clusters with high write load. [GH-4105]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿšฆ agent: Only call signal.Notify once during agent startup [PR-4024]
    • ๐Ÿ‘ agent: Add support for the new Service Meta field in agent config [GH-4045]
    • ๐Ÿ‘ api: Add support for the new Service Meta field in API client [GH-4045]
    • โšก๏ธ agent: Updated serf library for two bug fixes - allow enough time for leave intents to propagate [GH-510] and preventing a deadlock [GH-507]
    • ๐Ÿšง agent: When node-level checks (e.g. maintenance mode) were deleted, some watchers currently in between blocking calls may have missed the change in index. See [GH-3970]
  • v1.0.8 Changes

    November 27, 2018

    ๐Ÿ”’ SECURITY:

  • v1.0.7 Changes

    April 13, 2018

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ— build: Bumped Go version to 1.10 [GH-3988]
    • agent: Blocking queries on service-specific health and catalog endpoints now return a per-service X-Consul-Index improving watch performance on very busy clusters. [GH-3890]. Note this may break blocking clients that relied on undocumented implementation details as noted in the upgrade docs.
    • agent: All endpoints now respond to OPTIONS requests. [GH-3885]
    • โšก๏ธ agent: List of supported TLS cipher suites updated to include newer options, [GH-3962]
    • agent: WAN federation can now be disabled by setting the serf WAN port to -1. [GH-3984]
    • ๐Ÿ“‡ agent: Added support for specifying metadata during service registration. [GH-3881]
    • agent: Added a new discover-max-stale config option to enable stale requests for service discovery endpoints. [GH-4004]
    • ๐Ÿ”ง agent: (Consul Enterprise) Added a new option to the snapshot agent for configuring the S3 endpoint.
    • dns: Introduced a new config param to limit the number of A/AAAA records returned. [GH-3940]
    • ๐Ÿ›  dns: Upgrade vendored DNS library to pick up bugfixes and improvements. [GH-3978]
    • ๐ŸŽ server: Updated yamux library to pick up a performance improvement. [GH-3982]
    • ๐Ÿ‘ server: Add near=_ip support for prepared queries [GH-3798]
    • ๐Ÿ‘ api: Add support for GZIP compression in HTTP responses. [GH-3687]
    • api: Add IgnoreCheckIDs to Prepared Query definition to allow temporarily bypassing faulty health checks [GH-3727]

    ๐Ÿ› BUG FIXES:

    • โšก๏ธ agent: Fixed an issue where the coordinate update endpoint was not correctly parsing the ACL token. [GH-3892]
    • ๐Ÿ›  agent: Fixed an issue where consul monitor couldn't be terminated until the first log line is delivered [GH-3891]
    • โš  agent: Added warnings for when a node name isn't a valid DNS name and when the node name, a service name or service tags would exceed the allowed lengths for DNS names [GH-3854]
    • agent: Added truncation of TCP DNS responses to prevent errors for exceeding message size limits [GH-3850]
    • ๐Ÿ“œ agent: Added -config-format flag to validate command to specify the syntax that should be used for parsing the config [GH-3996]
    • agent: HTTP Checks now report the HTTP method used instead of always reporting as a GET
    • ๐Ÿ›  server: Fixed an issue where the leader could miss clean up after a leadership transition. [GH-3909]
  • v1.0.6 Changes

    February 09, 2018

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  agent: Fixed a panic when using the Azure provider for retry-join. [GH-3875]
    • ๐Ÿ›  agent: Fixed a panic when querying Consul's DNS interface over TCP. [GH-3877]
  • v1.0.5 Changes

    February 07, 2018

    ๐Ÿš€ NOTE ON SKIPPED RELEASE 1.0.4:

    ๐Ÿš€ We found [GH-3867] after cutting the 1.0.4 release and pushing the 1.0.4 release tag, so we decided to scuttle that release and push 1.0.5 instead with a fix for that issue.

    ๐Ÿ”’ SECURITY:

    • โšก๏ธ dns: Updated DNS vendor library to pick up bug fix in the DNS server where an open idle connection blocks the accept loop. [GH-3859]

    ๐Ÿ”‹ FEATURES:

    • ๐Ÿ‘ agent: Added support for gRPC health checks that probe the standard gRPC health endpoint. [GH-3073]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • โšก๏ธ agent: (Consul Enterprise) The disable_update_check option to disable Checkpoint now defaults to true (this is only in the Enterprise version).
    • ๐Ÿ— build: Bumped Go version to 1.9.3. [GH-3837]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  agent: (Consul Enterprise) Fixed an issue where the snapshot agent's HTTP client config was being ignored in favor of the HTTP command-line flags.
    • ๐Ÿ›  agent: Fixed an issue where health checks added to services with tags would cause extra periodic writes to the Consul servers, even if nothing had changed. This could cause extra churn on downstream applications like consul-template or Fabio. [GH-3845]
    • ๐Ÿ”€ agent: Fixed several areas where reading from catalog, health, or agent HTTP endpoints could make unintended mofidications to Consul's state in a way that would cause unnecessary anti-entropy syncs back to the Consul servers. This could cause extra churn on downstream applications like consul-template or Fabio. [GH-3867]
    • ๐Ÿ›  agent: Fixed an issue where Serf events for failed Consul servers weren't being proactively processed by the RPC router. This would prvent Consul from proactively choosing a new server, and would instead wait for a failed RPC request before choosing a new server. This exposed clients to a failed request, when often the proactive switching would avoid that. [GH-3864]
  • v1.0.3 Changes

    January 24, 2018

    ๐Ÿ”’ SECURITY:

    • ๐Ÿ’ป ui: Patched handlebars JS to escape = to prevent potential XSS issues. [GH-3733]

    ๐Ÿ’ฅ BREAKING CHANGES:

    • โšก๏ธ agent: Updated Consul's HTTP server to ban all URLs containing non-printable characters (a bad request status will be returned for these cases). This affects some user-facing areas like key/value entry key names which are carried in URLs. [GH-3762]

    ๐Ÿ”‹ FEATURES:

    • ๐Ÿ‘ agent: Added retry-join support for Azure Virtual Machine Scale Sets. [GH-3824]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • agent: Added agent-side telemetry around Catalog APIs to provide insight on Consul's operation from the user's perspecive. [GH-3765]
    • agent: Added the NodeID field back to the /v1/agent/self endpoint's Config block. [GH-3778]
    • api: Added missing CheckID and Name fields to API client's AgentServiceCheck structure so that IDs and names can be set when registering checks with services. [GH-3788]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  agent: Fixed an issue where config file symlinks were not being interpreted correctly. [GH-3753]
    • agent: Ignore malformed leftover service/check files and warn about them instead of refusing to start. [GH-1221]
    • agent: Enforce a valid port for the Serf WAN since it can't be disabled. [GH-3817]
    • โšก๏ธ agent: Stopped looging messages about zero RTTs when updating network coordinates since they are not harmful to the algorithm. Since we are still trying to find the root cause of these zero measurements, we added new metrics counters so these are still observable. [GH-3789]
    • ๐Ÿ›  server: Fixed a crash when POST-ing an empty body to the /v1/query endpoint. [GH-3791]
    • ๐Ÿšš server: (Consul Enterprise) Fixed an issue where unhealthy servers were not replaced in a redundancy zone by autopilot (servers previously needed to be removed in order for a replacement to occur).
    • ๐Ÿ’ป ui: Added a URI escape around key/value keys so that it's not possible to create unexpected partial key names when entering characters like ? inside a key. [GH-3760]
  • v1.0.2 Changes

    December 15, 2017

    ๐Ÿ‘Œ IMPROVEMENTS:

    • โšก๏ธ agent: Updated Serf to activate a new feature that resizes its internal message broadcast queue size based on the cluster size. This helps control the amount of memory used by the agent, but prevents spurious warnings about dropped messages in very large Consul clusters. The intent queue warnings have also been disabled since queue telemetry was already available and a simple fixed limit isn't applicable to all clusters, so it could cause a high rate of warnings about intent queue depth that were not useful or indicative of an actual issue. [GH-3705]
    • โšก๏ธ agent: Updates posener/complete library to 1.0, which allows autocomplete for flags after an equal sign, and simplifies autocomplete functions. [GH-3646]

    ๐Ÿ› BUG FIXES:

    • โšก๏ธ agent: Updated memberlist to pull in a fix for negative RTT measurements and their associated log messages about rejected coordinates. [GH-3704]
    • ๐Ÿ“‡ agent: Fixed an issue where node metadata specified via command line arguments overrode node metadata specified by configuration files, instead of merging as was done in versions of Consul prior to 1.0. [GH-3716]
    • ๐Ÿ›  agent: Fixed an issue with the /v1/session/create API where it wasn't possible to create a session without the serfHealth check. This is now possible again by including the checks key in the JSON body with an empty list. [GH-3732]
    • โšก๏ธ agent: Fixed an issue with anti-entropy syncing where checks for services with tags would cause periodic updates to the catalog, even when nothing had changed, causing the Raft index to grow slowly (~2 minutes per node per check) over time, and causing unnecessary writes and wake ups for blocking queries. [GH-3642], [GH-3259]
    • ๐Ÿ‘ cli: Added missing support for -base64 option to consul kv get command. [GH-3736]
    • ๐Ÿ›  server: Fixed an issue with KV store tombstone tracking where bin tracking was being confused by monotonic time information carried in time stamps, resulting in many unnecessary bins. [GH-3670]
    • ๐Ÿ›  server: (Consul Enterprise) Fixed an issue with Network Segments where servers would not properly flood-join each other into all segments.
    • ๐Ÿ”ง server: Fixed an issue where it wasn't possible to disable Autopilot's dead server cleanup behavior using configuration files. [GH-3730]
    • โช server: Removed the 60 second timeout when restoring snapshots, which could cause large restores to fail on slower servers. [GH-3326]
    • ๐Ÿ›  server: Fixed a goroutine leak during keyring operations when errors are encountered. [GH-3728]
  • v1.0.1 Changes

    November 20, 2017

    ๐Ÿ”‹ FEATURES:

    • ๐Ÿ†• New Auto Join Cloud Providers: Retry join support was added for Aliyun (Alibaba Cloud), Digital Ocean, OpenStack, and Scaleway. Instance metadata can be used with these to make it easy to form Consul clusters. [GH-3634]
    • ๐Ÿ‘ HTTP/2 Support: If TLS is enabled on a Consul agent it will automatically negotiate to use HTTP/2 for suitably configured clients accessing the client API. This allows clients to multiplex requests over the same TCP connection, such as multiple, simultaneous blocking queries. [GH-3657]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • โœ… agent: (Consul Enterprise) Added AWS KMS support for S3 snapshots using the snapshot agent.
    • ๐Ÿ”ง agent: Watches in the Consul agent can now be configured to invoke an HTTP endpoint instead of an executable. [GH-3305]
    • agent: Added a new -config-format command line option which can be set to hcl or json to specify the format of configuration files. This is useful for cases where the file name cannot be controlled in order to provide the required extension. [GH-3620]
    • agent: DNS recursors can now be specified as go-sockaddr templates. [GH-2932]
    • agent: Serf snapshots no longer save network coordinate information. This enables recovery from errors upon agent restart. [GH-489]
    • โšก๏ธ agent: Added defensive code to prevent out of range ping times from infecting network coordinates. Updates to the coordinate system with negative round trip times or round trip times higher than 10 seconds will log an error but will be ignored.
    • ๐Ÿ“œ agent: The agent now warns when there are extra unparsed command line arguments and refuses to start. [GH-3397]
    • โšก๏ธ agent: Updated go-sockaddr library to get CoreOS route detection fixes and the new mask functionality. [GH-3633]
    • agent: Added a new enable_agent_tls_for_checks configuration option that allows HTTP health checks for services requiring 2-way TLS to be checked using the agent's credentials. [GH-3364]
    • ๐Ÿšš agent: Made logging of health check status more uniform and moved log entries with full check output from DEBUG to TRACE level for less noise. [GH-3683]
    • ๐Ÿ— build: Consul is now built with Go 1.9.2. [GH-3663]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ”ง agent: Consul 1.0 shipped with an issue where Args was erroneously named ScriptArgs for health check definitions in the /v1/agent/check/register and /v1/agent/service/register APIs. Added code to accept Args so that the JSON format matches that of health checks in configuration files. The ScriptArgs form will still be supported for backwards compatibility. [GH-3587]
    • ๐Ÿš‘ agent: Docker container checks running on Linux could get into a flapping state because the Docker agent seems to close the connection prematurely even though the body is transferred. This caused a "connection reset by peer" error which put the check into critical state. As of Consul 1.0.1 the "connection reset by peer" error is ignored for the /exec/<execID>/start command of the Docker API. [GH-3576]
    • agent: Added new form of consul.http.* metrics that were accidentally left out of Consul 1.0. [GH-3654]
    • ๐Ÿ›  agent: Fixed an issue with the server manager where periodic server client connection rebalancing could select a failed server. This affects agents in client mode, as well as servers talking to other servers, including over the WAN. [GH-3463]
    • agent: IPv6 addresses without port numbers and without surrounding brackets are now properly handled for joins. This affects all join types, but in particular this was discovered with AWS joins where the APIs return addresses formatted this way. [GH-3671]
    • ๐Ÿ›  agent: Fixed a rare startup panic of the Consul agent related to the LAN Serf instance ordering with the router manager. [GH-3680]
    • ๐Ÿ‘ป agent: Added back an exception for the snapshot_agent config key so that those configs can again live alongside Consul's configs. [GH-3678]
    • ๐Ÿ›  dns: Fixed an issue were components of a host name near the datacenter could be quietly ignored (eg. foo.service.dc1.extra.consul would silently ignore .extra); now an NXDOMAIN error will be returned. [GH-3200]
    • โšก๏ธ server: Fixed an issue where performing rolling updates of Consul servers could result in an outage from old servers remaining in the cluster. Consul's Autopilot would normally remove old servers when new ones come online, but it was also waiting to promote servers to voters in pairs to maintain an odd quorum size. The pairwise promotion feature was removed so that servers become voters as soon as they are stable, allowing Autopilot to remove old servers in a safer way. When upgrading from Consul 1.0, you may need to manually force-leave old servers as part of a rolling update to Consul 1.0.1. [GH-3611]
    • ๐Ÿ›  server: Fixed a deadlock where tombstone garbage collection for the KV store could block other KV operations, stalling writes on the leader. [GH-3700]
  • v1.0.0 Changes

    October 16, 2017

    ๐Ÿ”’ SECURITY:

    • ๐Ÿ’ป ui: Fixed an XSS issue with Consul's built-in web UI where node names were not being properly escaped. [GH-3578]

    ๐Ÿ’ฅ BREAKING CHANGES:

    • 0๏ธโƒฃ Raft Protocol Now Defaults to 3: The -raft-protocol default has been changed from 2 to 3, enabling all Autopilot features by default. Version 3 requires Consul running 0.8.0 or newer on all servers in order to work, so if you are upgrading with older servers in a cluster then you will need to set this back to 2 in order to upgrade. See Raft Protocol Version Compatibility for more details. Also the format of peers.json used for outage recovery is different when running with the lastest Raft protocol. See Manual Recovery Using peers.json for a description of the required format. [GH-3477]
    • Config Files Require an Extension: As part of supporting the HCL format for Consul's config files, an .hcl or .json extension is required for all config files loaded by Consul, even when using the -config-file argument to specify a file directly. [GH-3480]
    • ๐Ÿšš Deprecated Options Have Been Removed: All of Consul's previously deprecated command line flags and config options have been removed, so these will need to be mapped to their equivalents before upgrading. [GH-3480]

      Detailed List of Removed Options and their Equivalents

      Removed Option Equivalent
      -atlas None, Atlas is no longer supported.
      -atlas-token None, Atlas is no longer supported.
      -atlas-join None, Atlas is no longer supported.
      -atlas-endpoint None, Atlas is no longer supported.
      -dc -datacenter
      -retry-join-azure-tag-name -retry-join
      -retry-join-azure-tag-value -retry-join
      -retry-join-ec2-region -retry-join
      -retry-join-ec2-tag-key -retry-join
      -retry-join-ec2-tag-value -retry-join
      -retry-join-gce-credentials-file -retry-join
      -retry-join-gce-project-name -retry-join
      -retry-join-gce-tag-name -retry-join
      -retry-join-gce-zone-pattern -retry-join
      addresses.rpc None, the RPC server for CLI commands is no longer supported.
      advertise_addrs ports with advertise_addr and/or advertise_addr_wan
      atlas_infrastructure None, Atlas is no longer supported.
      atlas_token None, Atlas is no longer supported.
      atlas_acl_token None, Atlas is no longer supported.
      atlas_join None, Atlas is no longer supported.
      atlas_endpoint None, Atlas is no longer supported.
      dogstatsd_addr telemetry.dogstatsd_addr
      dogstatsd_tags telemetry.dogstatsd_tags
      http_api_response_headers http_config.response_headers
      ports.rpc None, the RPC server for CLI commands is no longer supported.
      recursor recursors
      retry_join_azure -retry-join
      retry_join_ec2 -retry-join
      retry_join_gce -retry-join
      statsd_addr telemetry.statsd_address
      statsite_addr telemetry.statsite_address
      statsite_prefix telemetry.metrics_prefix
      telemetry.statsite_prefix telemetry.metrics_prefix
      (service definitions) serviceid service_id
      (service definitions) dockercontainerid docker_container_id
      (service definitions) tlsskipverify tls_skip_verify
      (service definitions) deregistercriticalserviceafter deregister_critical_service_after
    • statsite_prefix Renamed to metrics_prefix: Since the statsite_prefix configuration option applied to all telemetry providers, statsite_prefix was renamed to metrics_prefix. Configuration files will need to be updated when upgrading to this version of Consul. [GH-3498]

    • advertise_addrs Removed: This configuration option was removed since it was redundant with advertise_addr and advertise_addr_wan in combination with ports and also wrongly stated that you could configure both host and port. [GH-3516]

    • Escaping Behavior Changed for go-discover Configs: The format for -retry-join and -retry-join-wan values that use go-discover Cloud auto joining has changed. Values in key=val sequences must no longer be URL encoded and can be provided as literals as long as they do not contain spaces, backslashes \ or double quotes ". If values contain these characters then use double quotes as in "some key"="some value". Special characters within a double quoted string can be escaped with a backslash \. [GH-3417]

    • HTTP Verbs are Enforced in Many HTTP APIs: Many endpoints in the HTTP API that previously took any HTTP verb now check for specific HTTP verbs and enforce them. This may break clients relying on the old behavior. [GH-3405]

      Detailed List of Updated Endpoints and Required HTTP Verbs

      Endpoint Required HTTP Verb
      /v1/acl/info GET
      /v1/acl/list GET
      /v1/acl/replication GET
      /v1/agent/check/deregister PUT
      /v1/agent/check/fail PUT
      /v1/agent/check/pass PUT
      /v1/agent/check/register PUT
      /v1/agent/check/warn PUT
      /v1/agent/checks GET
      /v1/agent/force-leave PUT
      /v1/agent/join PUT
      /v1/agent/members GET
      /v1/agent/metrics GET
      /v1/agent/self GET
      /v1/agent/service/register PUT
      /v1/agent/service/deregister PUT
      /v1/agent/services GET
      /v1/catalog/datacenters GET
      /v1/catalog/deregister PUT
      /v1/catalog/node GET
      /v1/catalog/nodes GET
      /v1/catalog/register PUT
      /v1/catalog/service GET
      /v1/catalog/services GET
      /v1/coordinate/datacenters GET
      /v1/coordinate/nodes GET
      /v1/health/checks GET
      /v1/health/node GET
      /v1/health/service GET
      /v1/health/state GET
      /v1/internal/ui/node GET
      /v1/internal/ui/nodes GET
      /v1/internal/ui/services GET
      /v1/session/info GET
      /v1/session/list GET
      /v1/session/node GET
      /v1/status/leader GET
      /v1/status/peers GET
      /v1/operator/area/:uuid/members GET
      /v1/operator/area/:uuid/join PUT
    • Unauthorized KV Requests Return 403: When ACLs are enabled, reading a key with an unauthorized token returns a 403. This previously returned a 404 response.

    • Config Section of Agent Self Endpoint has Changed: The /v1/agent/self endpoint's Config section has often been in flux as it was directly returning one of Consul's internal data structures. This configuration structure has been moved under DebugConfig, and is documents as for debugging use and subject to change, and a small set of elements of Config have been maintained and documented. See Read Configuration endpoint documentation for details. [GH-3532]

    • ๐Ÿšš Deprecated configtest Command Removed: The configtest command was deprecated and has been superseded by the validate command.

    • ๐Ÿšš Undocumented Flags in validate Command Removed: The validate command supported the -config-file and -config-dir command line flags but did not document them. This support has been removed since the flags are not required.

    • โšก๏ธ Metric Names Updated: Metric names no longer start with consul.consul. To help with transitioning dashboards and other metric consumers, the field enable_deprecated_names has been added to the telemetry section of the config, which will enable metrics with the old naming scheme to be sent alongside the new ones. [GH-3535]

      Detailed List of Affected Metrics by Prefix

      Prefix
      consul.consul.acl
      consul.consul.autopilot
      consul.consul.catalog
      consul.consul.fsm
      consul.consul.health
      consul.consul.http
      consul.consul.kvs
      consul.consul.leader
      consul.consul.prepared-query
      consul.consul.rpc
      consul.consul.session
      consul.consul.session_ttl
      consul.consul.txn
    • Checks Validated On Agent Startup: Consul agents now validate health check definitions in their configuration and will fail at startup if any checks are invalid. In previous versions of Consul, invalid health checks would get skipped. [GH-3559]

    ๐Ÿ”‹ FEATURES:

    • ๐Ÿ‘Œ Support for HCL Config Files: Consul now supports HashiCorp's HCL format for config files. This is easier to work with than JSON and supports comments. As part of this change, all config files will need to have either an .hcl or .json extension in order to specify their format. [GH-3480]
    • ๐Ÿ‘Œ Support for Binding to Multiple Addresses: Consul now supports binding to multiple addresses for its HTTP, HTTPS, and DNS services. You can provide a space-separated list of addresses to -client and addresses configurations, or specify a go-sockaddr template that resolves to multiple addresses. [GH-3480]
    • ๐Ÿ‘Œ Support for RFC1464 DNS TXT records: Consul DNS responses now contain the node meta data encoded according to RFC1464 as TXT records. [GH-3343]
    • ๐Ÿ‘Œ Support for Running Subproccesses Directly Without a Shell: Consul agent checks and watches now support an args configuration which is a list of arguments to run for the subprocess, which runs the subprocess directly without a shell. The old script and handler configurations are now deprecated (specify a shell explicitly if you require one). A -shell=false option is also available on consul lock, consul watch, and consul exec to run the subprocesses associated with those without a shell. [GH-3509]
    • Sentinel Integration: (Consul Enterprise) Consul's ACL system integrates with Sentinel to enable code policies that apply to KV writes.

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ‘ agent: Added support to detect public IPv4 and IPv6 addresses on AWS. [GH-3471]
    • ๐Ÿ”ง agent: Improved /v1/operator/raft/configuration endpoint which allows Consul to avoid an extra agent RPC call for the consul operator raft list-peers command. [GH-3449]
    • ๐Ÿ‘€ agent: Improved ACL system for the KV store to support list permissions. This behavior can be opted in. For more information, see the ACL Guide. [GH-3511]
    • โšก๏ธ agent: Updates miekg/dns library to later version to pick up bug fixes and improvements. [GH-3547]
    • ๐ŸŽ agent: Added automatic retries to the RPC path, and a brief RPC drain time when servers leave. These changes make Consul more robust during graceful leaves of Consul servers, such as during upgrades, and help shield applications from "no leader" errors. These are configured with new performance options. [GH-3514]
    • agent: Added a new discard_check_output agent-level configuration option that can be used to trade off write load to the Consul servers vs. visibility of health check output. This is reloadable so it can be toggled without fully restarting the agent. [GH-3562]
    • โšก๏ธ api: Updated the API client to ride out network errors when monitoring locks and semaphores. [GH-3553]
    • โšก๏ธ build: Updated Go toolchain to version 1.9.1. [GH-3537]
    • ๐Ÿ”’ cli: consul lock and consul watch commands will forward TERM and KILL signals to their child subprocess. [GH-3509]
    • ๐Ÿ“„ cli: Added support for autocompletion. [GH-3412]
    • โšก๏ธ server: Updated BoltDB to final version 1.3.1. [GH-3502]
    • server: Improved dead member reap algorithm to fix edge cases where servers could get left behind. [GH-3452]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  agent: Fixed an issue where disabling both the http and https interfaces would cause a watch-related error on agent startup, even when no watches were defined. [GH-3425]
    • ๐Ÿ agent: Added an additional step to kill health check scripts that timeout on all platforms except Windows, and added a wait so that it's not possible to run multiple instances of the same health check script at the same time. [GH-3565]
    • cli: If the consul operator raft list-peers command encounters an error it will now exit with a non-zero exit code. [GH-3513]
    • cli: CLI commands will now show help for all of their arguments. [GH-3536]
    • ๐Ÿ›  server: Fixed an issue where the leader server could get into a state where it was no longer performing the periodic leader loop duties and unable to serve consistent reads after a barrier timeout error. [GH-3545]