Skip to content

v1.8.5
Compare
Choose a tag to compare
@hashicorp-ci hashicorp-ci released this 23 Oct 21:08
v1.8.5
1e03567

1.8.5 (October 23, 2020)

SECURITY:

  • Fix Consul Enterprise Namespace Config Entry Replication DoS. Previously an operator with service:write ACL permissions in a Consul Enterprise cluster could write a malicious config entry that caused infinite raft writes due to issues with the namespace replication logic. [CVE-2020-25201] [GH-9024]

IMPROVEMENTS:

  • api: The v1/connect/ca/roots endpoint now accepts a pem=true query parameter and will return a PEM encoded certificate chain of
    all the certificates that would normally be in the JSON version of the response. [GH-8774]
  • connect: The Vault provider will now automatically renew the lease of the token used, if supported. [GH-8560]
  • connect: update supported envoy releases to 1.14.5, 1.13.6, 1.12.7, 1.11.2 for 1.8.x [GH-8999]

BUG FIXES:

  • agent: when enable_central_service_config is enabled ensure agent reload doesn't revert check state to critical [GH-8747]
  • connect: Fixed an issue where the Vault intermediate was not renewed in the primary datacenter. [GH-8784]
  • connect: fix Vault provider not respecting IntermediateCertTTL [GH-8646]
  • connect: fix connect sidecars registered via the API not being automatically deregistered with their parent service after an agent restart by persisting the LocallyRegisteredAsSidecar property. [GH-8924]
  • fixed a bug that caused logs to be flooded with [WARN] agent.router: Non-server in server-only area [GH-8685]
  • ui: show correct datacenter for gateways [GH-8704]
Assets 2
Loading