All Versions
183
Latest Version
Avg Release Cycle
29 days
Latest Release
1027 days ago

Changelog History
Page 8

  • v1.8.14 Changes

    July 15, 2021

    ๐Ÿ”’ SECURITY:

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  ca: Fixed a bug that returned a malformed certificate chain when the certificate did not having a trailing newline. [GH-10411]

  • v1.8.13 Changes

    June 21, 2021

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ”Š debug: capture a single stream of logs, and single pprof profile and trace for the whole duration [GH-10279]
    • licensing: (Enterprise Only) In order to have forward compatibility with Consul Enterprise v1.10, the ability to parse licenses from the configuration or environment has been added. This can be specified with the license_path configuration, the CONSUL_LICENSE environment variable or the CONSUL_LICENSE_PATH environment variable. On server agents this configuration will be ignored. Client agents and the snapshot agent will use the configured license instead of automatically retrieving one. [GH-10442]
    • โšก๏ธ monitoring: optimize the monitoring endpoint to avoid losing logs when under high load. [GH-10368]

    ๐Ÿ› BUG FIXES:

    • license: (Enterprise only) Fixed an issue that would cause client agents on versions before 1.10 to not be able to retrieve the license from a 1.10+ server. [GH-10432]
    • ๐Ÿ”Š monitor: fix monitor to produce json format logs when requested [GH-10358]

  • v1.8.12 Changes

    June 04, 2021

    ๐Ÿ› BUG FIXES:

    • ๐ŸŒฒ agent: fix logging output by removing leading whitespace from every log line [GH-10338]
    • ๐Ÿšš cli: removes the need to set debug_enabled=true to collect debug data from the CLI. Now the CLI behaves the same way as the API and accepts either an ACL token with operator:read, or debug_enabled=true. [GH-10273]
    • ๐Ÿ›  envoy: fixes a bug where a large envoy config could cause the consul connect envoy command to deadlock when attempting to start envoy. [GH-10324]
    • namespaces: (Enterprise only) fixes a problem where the logs would contain many warnings about namespaces not being licensed.

  • v1.8.11 Changes

    June 03, 2021

    ๐Ÿ‘Œ IMPROVEMENTS:

    • areas: (Enterprise only) Use server agent's gossip_wan config when setting memberlist configuration for network areas. Previously they used memberlists WAN defaults.
    • cli: added a -force-without-cross-signing flag to the ca set-config command. ๐Ÿ‘ connect/ca: The ForceWithoutCrossSigning field will now work as expected for CA providers that support cross signing. [GH-9672]
    • โšก๏ธ connect: update supported envoy versions to 1.14.7, 1.13.7, 1.12.7, 1.11.2 [GH-10106]
    • telemetry: Add new metrics for status of secondary datacenter replication. [GH-10073]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ—„ agent: ensure we hash the non-deprecated upstream fields on ServiceConfigRequest [GH-10240]
    • 0๏ธโƒฃ api: include the default value of raft settings in the output of /v1/agent/self [GH-8812]
    • areas: (Enterprise only) Revert to the 10s dial timeout used before connection pooling was introduced in 1.7.3.
    • areas: (Enterprise only) Selectively merge gossip_wan config for network areas to avoid attempting to enable gossip encryption where it was not intended or necessary.
    • 0๏ธโƒฃ local: agents will no longer persist the default user token along with a service or check. [GH-10188]
    • server: ensure that central service config flattening properly resets the state each time [GH-10239]

  • v1.8.10 Changes

    April 15, 2021

    ๐Ÿ”’ SECURITY:

    • โž• Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864 [GH-10023]
    • ๐Ÿ“œ audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  areas: Fixes a bug which would prevent newer servers in a network areas from connecting to servers running a version of Consul prior to 1.7.3.
    • ๐Ÿ›  audit-logging: (Enterprise only) Fixed an issue that resulted in usage of the agent master token or managed service provider tokens from being resolved properly. [GH-10013]
    • ๐Ÿ”Š command: when generating envoy bootstrap configs to stdout do not mix informational logs into the json [GH-9980]
    • โž• config: correct config key from advertise_addr_ipv6 to advertise_addr_wan_ipv6 [GH-9851]
    • ๐Ÿ›  snapshot: fixes a bug that would cause snapshots to be missing all but the first ACL Auth Method. [GH-10025]

  • v1.8.9 Changes

    March 04, 2021

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ‘ cli: Add new -cluster-id and common-name to consul tls ca create to support creating a CA for Consul Connect. [GH-9585]
    • connect: if the token given to the vault provider returns no data avoid a panic [GH-9806]
    • ๐Ÿš€ connect: update supported envoy point releases to 1.14.6, 1.13.7, 1.12.7, 1.11.2 [GH-9739]
    • license: (Enterprise only) Temporary client license duration was increased from 30m to 6h.
    • server: use the presense of stored federation state data as a sign that we already activated the federation state feature flag [GH-9519]
    • ๐Ÿ‘ xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel [GH-9765]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿšš api: Remove trailing periods from the gateway internal HTTP API endpoint [GH-9752]
    • ๐Ÿ”Š cache: Prevent spamming the logs for days when a cached request encounters an "ACL not found" error. [GH-9738]
    • connect: connect CA Roots in the primary datacenter should use a SigningKeyID derived from their local intermediate [GH-9428]
    • proxycfg: avoid potential deadlock in delivering proxy snapshot to watchers. [GH-9689]
    • 0๏ธโƒฃ server: When wan federating via mesh gateways after initial federation default to using the local mesh gateways unless the heuristic indicates a bypass is required. [GH-9528]
    • server: When wan federating via mesh gateways only do heuristic primary DC bypass on the leader. [GH-9366]
    • xds: deduplicate mesh gateway listeners by address in a stable way to prevent some LDS churn [GH-9650]
    • xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists; also prevent some flaps in terminating gateways as well [GH-9651]

  • v1.8.8 Changes

    January 22, 2021

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  connect: Fixed a bug in the AWS PCA Connect CA provider that could cause the intermediate PKI path to be deleted after reconfiguring the CA [GH-9498]
    • ๐Ÿ›  connect: Fixed a bug in the Vault Connect CA provider that could cause the intermediate PKI path to be deleted after reconfiguring the CA [GH-9498]
    • โšก๏ธ connect: Fixed an issue that would prevent updating the Connect CA configuration if the CA provider didn't complete initialization previously. [GH-9498]
    • ๐Ÿ›  leader: Fixed a bug that could cause Connect CA initialization failures from allowing leader establishment to complete resulting in potentially infinite leader elections. [GH-9498]
    • rpc: Prevent misleading RPC error claiming the lack of a leader when Raft is ok but there are issues with client agents gossiping with the leader. [GH-9487]
    • ๐Ÿ’ป ui: ensure namespace is used for node API requests [GH-9488]

  • v1.8.7 Changes

    December 10, 2020

    1.8.7 (December 10, 2020)

    ๐Ÿ› BUG FIXES:

    • acl: global tokens created by auth methods now correctly replicate to secondary datacenters [GH-9351]
    • โšก๏ธ connect: fixes a case when updating the CA config in a secondary datacenter to correctly trigger the creation of a new intermediate certificate [GH-9009]
    • connect: only unset the active root in a secondary datacenter when a new one is replacing it [GH-9318]
    • ๐Ÿ‘€ license: (Enterprise only) Fixed an issue where the UI would see Namespaces and SSO as licensed when they were not.
    • license: (Enterprise only) Fixed an issue where warnings about Namespaces being unlicensed would be emitted erroneously.
    • namespace: (Enterprise Only) Fixed a bug that could case snapshot restoration to fail when it contained a namespace marked for deletion while still containing other resources in that namespace. [GH-9156]
    • namespace: (Enterprise Only) Fixed an issue where namespaced services and checks were not being deleted when the containing namespace was deleted.
    • namespaces: (Enterprise only) Prevent stalling of replication in secondary datacenters due to conflicts between the namespace replicator and other replicators. [GH-9271]

  • v1.8.7-beta1 Changes

    December 03, 2020

    1.8.7-beta1 (December 03, 2020)

    ๐Ÿ› BUG FIXES:

    • โšก๏ธ connect: fixes a case when updating the CA config in a secondary datacenter to correctly trigger the creation of a new intermediate certificate [GH-9009]
    • connect: only unset the active root in a secondary datacenter when a new one is replacing it [GH-9318]
    • ๐Ÿ‘€ license: (Enterprise only) Fixed an issue where the UI would see Namespaces and SSO as licensed when they were not.
    • license: (Enterprise only) Fixed an issue where warnings about Namespaces being unlicensed would be emitted erroneously.
    • namespace: (Enterprise Only) Fixed a bug that could case snapshot restoration to fail when it contained a namespace marked for deletion while still containing other resources in that namespace. [GH-9156]
    • namespace: (Enterprise Only) Fixed an issue where namespaced services and checks were not being deleted when the containing namespace was deleted.

  • v1.8.6 Changes

    November 19, 2020

    1.8.6 (November 19, 2020)

    ๐Ÿ”’ SECURITY:

    • ๐Ÿ”ง Increase the permissions to read from the /connect/ca/configuration endpoint to operator:write. Previously Connect CA configuration, including the private key, set via this endpoint could be read back by an operator with operator:read privileges. CVE-2020-28053 [GH-9240]