Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
SECURITY:
ubi9-minimal:9.3
as the base image. [GH-20014]IMPROVEMENTS:
BUG FIXES:
KNOWN ISSUES:
SECURITY:
ubi9-minimal:9.3
as the base image. [GH-20014]IMPROVEMENTS:
match_subject_alt_names
in favor of match_typed_subject_alt_names
. [GH-19954]envoy.config.router.v3.WeightedCluster.total_weight
. [GH-20011]envoy.config.cluster.v3.Cluster.http_protocol_options
[GH-20010]envoy.config.cluster.v3.Cluster.http2_protocol_options
, envoy.config.bootstrap.v3.Admin.access_log_path
[GH-19940]envoy.extensions.filters.http.lua.v3.Lua.inline_code
[GH-20012]DEPRECATIONS:
-admin-access-log-path
flag from consul connect envoy
command in favor of: -admin-access-log-config
. [GH-19943]BUG FIXES:
SECURITY:
github.com/golang-jwt/jwt/v4
to v4.5.0 to address PRISMA-2022-0270. [GH-19705]path/filepath
) recognize ??\ as a Root Local Device path prefix (Windows)
CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows)
CVE-2023-39326: (net/http
) limit chunked data overhead
CVE-2023-45285: (cmd/go
) go get may unexpectedly fallback to insecure git [GH-19840]IMPROVEMENTS:
stats_flush_interval
to 60 seconds when using the Consul Telemetry Collector, unless custom stats sink are present or an explicit flush interval is configured. [GH-19663]BUG FIXES:
xds_fetch_timeout_ms
option to proxy registrations that allows users to prevent endpoints from dropping when they have proxies with a large number of upstreams. [GH-19871]SECURITY:
github.com/golang-jwt/jwt/v4
to v4.5.0 to address PRISMA-2022-0270. [GH-19705]path/filepath
) recognize ??\ as a Root Local Device path prefix (Windows)
CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows)
CVE-2023-39326: (net/http
) limit chunked data overhead
CVE-2023-45285: (cmd/go
) go get may unexpectedly fallback to insecure git [GH-19840]IMPROVEMENTS:
stats_flush_interval
to 60 seconds when using the Consul Telemetry Collector, unless custom stats sink are present or an explicit flush interval is configured. [GH-19663]BUG FIXES:
xds_fetch_timeout_ms
option to proxy registrations that allows users to prevent endpoints from dropping when they have proxies with a large number of upstreams. [GH-19871]SECURITY:
github.com/golang-jwt/jwt/v4
to v4.5.0 to address PRISMA-2022-0270. [GH-19705]path/filepath
) recognize ??\ as a Root Local Device path prefix (Windows)
CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows)
CVE-2023-39326: (net/http
) limit chunked data overhead
CVE-2023-45285: (cmd/go
) go get may unexpectedly fallback to insecure git [GH-19840]FEATURES:
peering exported-services
to list services exported to a peer . Refer to the CLI docs for more information. [GH-19821]IMPROVEMENTS:
stats_flush_interval
to 60 seconds when using the Consul Telemetry Collector, unless custom stats sink are present or an explicit flush interval is configured. [GH-19663]BUG FIXES:
xds_fetch_timeout_ms
option to proxy registrations that allows users to prevent endpoints from dropping when they have proxies with a large number of upstreams. [GH-19871]BREAKING CHANGES:
DEPRECATIONS:
-admin-access-log-path
flag from consul connect envoy
command in favor of: -admin-access-log-config
. [GH-15946]SECURITY:
golang.org/x/net
to v0.17.0 to address CVE-2023-39325
/ CVE-2023-44487(x/net/http2
). [GH-19225]net/http
). [GH-19225]google.golang.org/grpc
to 1.56.3.
This resolves vulnerability CVE-2023-44487. [GH-19414]FEATURE PREVIEW: Catalog v2
This release provides the ability to preview Consul's v2 Catalog and Resource API if enabled. The new model supports multi-port application deployments with only a single Envoy proxy. Note that the v1 and v2 catalogs are not cross compatible, and not all Consul features are available within this v2 feature preview. See the v2 Catalog and Resource API documentation for more information. The v2 Catalog and Resources API should be considered a feature preview within this release and should not be used in production environments.
Limitations
Significant Pull Requests
FEATURES:
acl.tokens.dns
config field which specifies the token used implicitly during dns checks. [GH-17936]bind-var
flag to consul acl binding-rule
for templated policy variables. [GH-18719]consul acl templated-policy
commands to read, list and preview templated policies. [GH-18816]IMPROVEMENTS:
CheckRegisterOpts
to Agent API [GH-18943]Token
field to ServiceRegisterOpts
type in Agent API [GH-18983]-templated-policy
, -templated-policy-file
, -replace-templated-policy
, -append-templated-policy
, -replace-templated-policy-file
, -append-templated-policy-file
and -var
flags for creating or updating tokens/roles. [GH-18708]tls.defaults.verify_server_hostname
configuration option. This specifies the default value for any interfaces that support the verify_server_hostname
option. [GH-17155]BUG FIXES:
/v1/catalog/services
endpoint [GH-18322]performance.grpc_keepalive_timeout
and performance.grpc_keepalive_interval
now exist to allow for configuration on how often these dead connections will be cleaned up. [GH-19339]SECURITY:
golang.org/x/net
to v0.17.0 to address CVE-2023-39325
/ CVE-2023-44487(x/net/http2
). [GH-19225]net/http
). [GH-19225]google.golang.org/grpc
to 1.56.3.
This resolves vulnerability CVE-2023-44487. [GH-19414]BUG FIXES:
/v1/catalog/services
endpoint [GH-18322]performance.grpc_keepalive_timeout
and performance.grpc_keepalive_interval
now exist to allow for configuration on how often these dead connections will be cleaned up. [GH-19339]SECURITY:
golang.org/x/net
to v0.17.0 to address CVE-2023-39325
/ CVE-2023-44487(x/net/http2
). [GH-19225]net/http
). [GH-19225]google.golang.org/grpc
to 1.56.3.
This resolves vulnerability CVE-2023-44487. [GH-19414]BUG FIXES:
/v1/catalog/services
endpoint [GH-18322]performance.grpc_keepalive_timeout
and performance.grpc_keepalive_interval
now exist to allow for configuration on how often these dead connections will be cleaned up. [GH-19339]SECURITY:
golang.org/x/net
to v0.17.0 to address CVE-2023-39325
/ CVE-2023-44487(x/net/http2
). [GH-19225]net/http
). [GH-19225]google.golang.org/grpc
to 1.56.3.
This resolves vulnerability CVE-2023-44487. [GH-19414]BUG FIXES:
/v1/catalog/services
endpoint [GH-18322]performance.grpc_keepalive_timeout
and performance.grpc_keepalive_interval
now exist to allow for configuration on how often these dead connections will be cleaned up. [GH-19339]BREAKING CHANGES:
FEATURE PREVIEW: Catalog v2
This release provides the ability to preview Consul's v2 Catalog and Resource API if enabled. The new model supports multi-port application deployments with only a single Envoy proxy. Note that the v1 and v2 catalogs are not cross compatible, and not all Consul features are available within this v2 feature preview. See the v2 Catalog and Resource API documentation for more information. The v2 Catalog and Resources API should be considered a feature preview within this release and should not be used in production environments.
Limitations
Known Issues
Significant Pull Requests
FEATURES:
acl.tokens.dns
config field which specifies the token used implicitly during dns checks. [GH-17936]bind-var
flag to consul acl binding-rule
for templated policy variables. [GH-18719]consul acl templated-policy
commands to read, list and preview templated policies. [GH-18816]IMPROVEMENTS:
CheckRegisterOpts
to Agent API [GH-18943]Token
field to ServiceRegisterOpts
type in Agent API [GH-18983]-templated-policy
, -templated-policy-file
, -replace-templated-policy
, -append-templated-policy
, -replace-templated-policy-file
, -append-templated-policy-file
and -var
flags for creating or updating tokens/roles. [GH-18708]tls.defaults.verify_server_hostname
configuration option. This specifies the default value for any interfaces that support the verify_server_hostname
option. [GH-17155]BUG FIXES: