All Versions
Latest Version
Avg Release Cycle
28 days
Latest Release
17 days ago

Changelog History
Page 2

  • v1.6.5

    April 14, 2020

    ๐Ÿ› BUG FIXES:

    • agent: (Consul Enterprise only) Fixed several bugs related to Network Area and Network Segment compatibility with other features caused by incorrectly doing version or serf tag checking. [GH-7551]
  • v1.6.4

    February 20, 2020

    ๐Ÿ”’ SECURITY:

    • โšก๏ธ dns: Updated miekg/dns dependency to fix a memory leak and CVE-2019-19794. [GH-6984], [GH-7261]
  • v1.6.3

    January 30, 2020


    • agent: mitigate potential DoS vector allowing unbounded server resource usage from unauthenticated connections [GH-7159]
    • acl: add ACL enforcement to the v1/agent/health/service/* endpoints [GH-7160]


    • tls: auto_encrypt and verify_incoming [GH-6811]

    ๐Ÿ› BUG FIXES

    • agent: output proper HTTP status codes for Txn requests that are too large [GH-7158]
    • connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index [GH-7011]
    • โšก๏ธ connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison [GH-7012]
  • v1.6.2

    November 13, 2019


    • โšก๏ธ Updated to compile with Go 1.12.13 which includes a fix for CVE-2019-17596 in [Go 1.12.11] [GH-6319]


    • agent: store check type in catalog [GH-6561]
    • โšก๏ธ agent: update force-leave to allow for complete removal of members [GH-6571]
    • โšก๏ธ agent: updates to the agent token trigger anti-entropy full syncs [GH-6577]
    • ๐Ÿ‘ snapshot agent (Consul Enterprise): Added support for saving snapshots to Google Cloud Storage.
    • connect: Added proxy config stanza to allow exposing HTTP paths through Envoy for non-Connect-enabled services [GH-5396]


    • โฌ†๏ธ licensing (Consul Enterprise): Increase initial server temporary license duration to 6 hours to allow for longer upgrades/migrations.
    • server: ensure the primary datacenter and ACL datacenter match [GH-6634]
    • โœ… sdk: ignore panics due to stray goroutines logging after a test completes [GH-6632]
    • agent: allow mesh gateways to initialize even if there are no connect services registered yet [GH-6576]
    • ๐ŸŽ agent: endpoint performance improvements, Txn endpoint in particular. [GH-6680]
    • โœ… sdk: add NewTestServerT, deprecate NewTestServer in testutil to prevent nil point dereference [GH-6761]
    • agent: auto_encrypt provided TLS certificates can now be used to enable HTTPS on clients [GH-6489]
    • โšก๏ธ sentinel (Consul Enterprise): update to v0.13.0, see Sentinel changelog for more details

    ๐Ÿ› BUG FIXES

    • ๐Ÿš€ ARM release binaries: Starting with v1.6.2, Consul will ship three separate versions of ARM builds. The previous ARM binaries of Consul could potentially crash due to the way the Go runtime manages internal pointers to its Go routine management constructs and how it keeps track of them especially during signal handling. From v1.6.2 forward, it is recommended to use:
      • consul_{version} for all 32-bit armel systems
      • consul_{version} for all armhf systems with v6+ architecture
      • consul_{version} for all v8 64-bit architectures
    • ๐Ÿ“œ agent: Parse the HTTP Authorization header as case-insensitive. [GH-6568]
    • agent: minimum quorum check added to Autopilot with minQuorum option [GH-6654]
    • agent: cache notifications work after error if the underlying RPC returns index=1 [GH-6547]
    • agent: tolerate more failure scenarios during service registration with central config enabled [GH-6472]
    • ๐Ÿšš cache: remove data race in agent cache [GH-6470]
    • connect: connect CA Roots in secondary datacenters should use a SigningKeyID derived from their local intermediate [GH-6513]
    • connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs [GH-6492]
    • connect: intermediate CA certs generated with the vault provider lack URI SANs [GH-6491]
    • ๐Ÿ”€ debug: Fix a bug in sync.WaitGroup usage. [GH-6649]
    • xds: tcp services using the discovery chain should not assume RDS during LDS [GH-6623]
    • ๐Ÿ’ป ui: Fix a bug where switching datacenters using the datacenter menu would lead to an empty service listing [GH-6555]
  • v1.6.1

    September 12, 2019


    • agent: Distinguish between DC not existing and not being available [GH-6399]
    • agent: Added replace-existing-checks param to service registration endpoint to replace existing checks when re-registering a service. [GH-4905]
    • auto_encrypt: verify_incoming_rpc is good enough for auto_encrypt.allow_tls [GH-6376]
    • connect: Ensure that a secondary CA's intermediate certificate will show in the various API endpoints CA Roots output [GH-6333]
    • ๐Ÿ’ป ui: Reconcile ember-data store [GH-5745]
    • ๐Ÿ’ป ui: Allow text selection of clickable elements and their contents without then jumping the user to the linked page [GH-5770]
    • ๐Ÿ’ป ui: Adds the ability to frontend search instances by address (ip:port) [GH-5993]
    • ๐Ÿ’ป ui: Add CheckID to the output panels of healthchecks [GH-6195]
    • 0๏ธโƒฃ ui: Enable blocking queries by default [GH-6194]
    • txn: don't try to decode request bodies > raft.SuggestedMaxDataSize [GH-6422]

    ๐Ÿ› BUG FIXES

    • network areas (Consul Enterprise): Ensure that TCP based transport for network area memberlist propgates failed nodes properly [GH-6479]
    • network areas (Consul Enterprise): make sure network areas are left as well when consul is leaving [GH-6453]
    • ๐Ÿšš ui: Show the correct message when a session has been removed from a KV [GH-6167]
    • ๐Ÿ’ป ui: Ensure KV sessions visually aren't shared between multiple KV's [GH-6166]
    • tls: make sure auto_encrypt has private key type and bits [GH-6392]


    • ๐Ÿ’ป ui: Add leader icon for node listing view to call out which node is the current leader [GH-6265]
  • v1.6.0

    July 26, 2019

    ๐Ÿ”’ SECURITY:

    • โšก๏ธ Updated to compile with Go 1.12.8 which mitigates CVE-2019-9512 and CVE-2019-9514 for the builtin HTTP server [GH-6319]
    • โšก๏ธ Updated the dependency to v1.23.0 to mitigate CVE-2019-9512, CVE-2019-9514, and CVE-2019-9515 for the gRPC server. [GH-6320]


    • ๐Ÿšš connect: remove deprecated managed proxies and ProxyDestination config [GH-6220]

    ๐Ÿ”‹ FEATURES:

    • ๐Ÿ‘ Connect Envoy Supports L7 Routing: Additional configuration entry types service-router, service-resolver, and service-splitter, allow for configuring Envoy sidecars to enable reliability and deployment patterns at L7 such as HTTP path-based routing, traffic shifting, and advanced failover capabilities. For more information see the L7 traffic management docs.
    • Mesh Gateways: Envoy can now be run as a gateway to route Connect traffic across datacenters using SNI headers, allowing connectivty across platforms and clouds and other complex network topologies. Read more in the mesh gateway docs.
    • Intention & CA Replication: In order to enable connecitivty for services across datacenters, Connect intentions are now replicated and the Connect CA cross-signs from the primary_datacenter. This feature was previously part of Consul Enterprise.
    • agent: add local-only parameter to operator/keyring list requests to force queries to only hit local servers. [GH-6279]
    • connect: expose an API endpoint to compile the discovery chain [GH-6248]
    • ๐Ÿ“ฆ connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package [GH-6340]
    • 0๏ธโƒฃ connect: introduce ExternalSNI field on service-defaults [GH-6324]
    • xds: allow http match criteria to be applied to routes on services using grpc protocols [GH-6149]


    • agent: Added tagged addressing to services similar to the already present Node tagged addressing [GH-5965]
    • ๐Ÿ”ง agent: health checks: change long timeout behavior to use to user-configured timeout value [GH-6094]
    • api: Display allowed HTTP CIDR information nicely [GH-6029]
    • โšก๏ธ api: Update filtering language to include substring and regular expression matching on string values [GH-6190]
    • 0๏ธโƒฃ connect: added a new -bind-address cli option for envoy to create a mapping of the desired bind addresses to use instead of the default rules or tagged addresses [GH-6107]
    • connect: allow L7 routers to match on http methods [GH-6164]
    • connect: change router syntax for matching query parameters to resemble the syntax for matching paths and headers for consistency. [GH-6163]
    • connect: detect and prevent circular discovery chain references [GH-6246]
    • connect: ensure time.Duration fields retain their human readable forms in the API [GH-6348]
    • ๐Ÿ”ง connect: reconcile how upstream configuration works with discovery chains [GH-6225]
    • connect: rework how the service resolver subset OnlyPassing flag works [GH-6173]
    • connect: simplify the compiled discovery chain data structures [GH-6242]
    • โœ… connect: validate and test more of the L7 config entries [GH-6156]
    • ๐Ÿ‘ gossip: increase size of gossip key generated by keygen to 32 bytes and document support for AES 256 [GH-6244]
    • ๐Ÿ‘ license (enterprise): Added license endpoint support to the API client [GH-6268]
    • xds: improve how envoy metrics are emitted [GH-6312]
    • โœ… xds: Verified integration test suite with Envoy 1.11.1 [GH-6347]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  acl: Fixed a bug that could prevent transition from legacy ACL mode to new ACL mode [GH-6332
    • agent: blocking central config RPCs iterations should not interfere with each other [GH-6316]
    • agent: fix an issue that could cause a panic while transferring leadership due to replication [GH-6104]
    • api: Fix a bug where the service tagged addresses were not being returned through the v1/agent/service/:service api. [GH-6299]
    • ๐Ÿ—„ api: un-deprecate api.DecodeConfigEntry [GH-6278]
    • auto_encrypt: use server-port [GH-6287]
    • โšก๏ธ autopilot: update to also remove failed nodes from WAN gossip pool [GH-6028]
    • cli: ensure that the json form of config entries can be submitted with 'consul config write' [GH-6290]
    • ๐Ÿ›  cli: Fixed bindable IP detection with the connect envoy command. [GH-6238]
    • config: Ensure that all config entry writes are transparently forwarded to the primary datacneter. [GH-6327]
    • connect: allow 'envoy_cluster_json' escape hatch to continue to function [GH-6378]
    • connect: allow mesh gateways to use central config [GH-6302]
    • connect: ensure intention replication continues to work when the replication ACL token changes [GH-6288]
    • connect: ensure local dc connections do not use the gateway [GH-6085]
    • 0๏ธโƒฃ connect: fix bug in service-resolver redirects if the destination uses a default resolver [GH-6122]
    • ๐Ÿ›  connect: Fixed a bug that would prevent CA replication/initializing in a secondary DC from working when ACLs were enabled. [GH-6192]
    • ๐Ÿ›  connect : Fixed a regression that broken xds endpoint generation for prepared query upstreams. [GH-6236]
    • connect: fix failover through a mesh gateway to a remote datacenter [GH-6259]
    • connect: resolve issue where MeshGatewayConfig could be returned empty [GH-6093]
    • โšก๏ธ connect: updating a service-defaults config entry should leave an unset protocol alone [GH-6342]
    • connect: validate upstreams and prevent duplicates [GH-6224]
    • server: if inserting bootstrap config entries fails don't silence the errors [GH-6256]
    • snapshot: fix TCP half-close implementation for TLS connections [GH-6216]


    • auto_encrypt: clients with auto_encrypt enabled won't be able to start because of [GH-6391]. There is a fix, but it came too late and we couldn't include it in the release. It will be part of 1.6.1 and we recommend that if you are using auto_encrypt you postpone the update.
  • v1.6.0-rc1

    August 13, 2019
  • v1.6.0-beta3

    July 26, 2019
  • v1.6.0-beta2

    July 15, 2019
  • v1.6.0-beta1

    July 08, 2019