All Versions
183
Latest Version
Avg Release Cycle
29 days
Latest Release
808 days ago
Changelog History
Page 3
Changelog History
Page 3
-
v1.11.1 Changes
December 15, 2021๐ SECURITY:
- โฌ๏ธ ci: Upgrade golang.org/x/net to address CVE-2021-44716 [GH-11854]
๐ FEATURES:
- ๐ Admin Partitions (Consul Enterprise only) This version adds admin partitions, a new entity defining administrative and networking boundaries within a Consul deployment. For more information refer to the Admin Partition documentation. [GH-11855]
- networking: (Enterprise Only) Make
segment_limit
configurable, cap at 256.
๐ BUG FIXES:
- ๐ป ui: Fixes an issue with the version footer wandering when scrolling [GH-11850]
-
v1.11.0 Changes
December 14, 2021๐ฅ BREAKING CHANGES:
- โฌ๏ธ acl: The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that nothing is still using the legacy ACL system. See the Migrate Legacy ACL Tokens Learn Guide for more information. [GH-11232]
- cli:
consul acl set-agent-token master
has been replaced withconsul acl set-agent-token recovery
[GH-11669]
๐ SECURITY:
- namespaces: (Enterprise only) Creating or editing namespaces that include default ACL policies or ACL roles now requires
acl:write
permission in the default namespace. This change fixes CVE-2021-41805. - rpc: authorize raft requests CVE-2021-37219 [GH-10925]
๐ FEATURES:
- ๐ Admin Partitions (Consul Enterprise only) This version adds admin partitions, a new entity defining administrative and networking boundaries within a Consul deployment. For more information refer to the Admin Partition documentation.
- ๐ง ca: Add a configurable TTL for Connect CA root certificates. The configuration is supported by the Vault and Consul providers. [GH-11428]
- ๐ง ca: Add a configurable TTL to the AWS ACM Private CA provider root certificate. [GH-11449]
- ๐ health-checks: add support for h2c in http2 ping health checks [GH-10690]
- ๐ป ui: Add UI support to use Vault as an external source for a service [GH-10769]
- ๐ป ui: Adding support of Consul API Gateway as an external source. [GH-11371]
- ๐ป ui: Adds a copy button to each composite row in tokens list page, if Secret ID returns an actual ID [GH-10735]
- ๐ป ui: Adds visible Consul version information [GH-11803]
- ๐ป ui: Topology - New views for scenarios where no dependencies exist or ACLs are disabled [GH-11280]
๐ IMPROVEMENTS:
- acls: Show AuthMethodNamespace when reading/listing ACL tokens. [GH-10598]
- acl: replication routine to report the last error message. [GH-10612]
- agent: add variation of force-leave that exclusively works on the WAN [GH-11722]
- ๐ง api: Enable setting query options on agent health and maintenance endpoints. [GH-10691]
- api: responses that contain only a partial subset of results, due to filtering by ACL policies, may now include an
X-Consul-Results-Filtered-By-ACLs
header [GH-11569] - checks: add failures_before_warning setting for interval checks. [GH-10969]
- โฌ๏ธ ci: Upgrade to use Go 1.17.5 [GH-11799]
- ๐ง ci: Allow configuring graceful stop in testutil. [GH-10566]
- ๐ cli: Add
-cas
and-modify-index
flags to theconsul config delete
command to support Check-And-Set (CAS) deletion of config entries [GH-11419] - config: (Enterprise Only) Allow specifying permission mode for audit logs. [GH-10732]
- ๐ config: Support Check-And-Set (CAS) deletion of config entries [GH-11419]
- config: add
dns_config.recursor_strategy
flag to control the order which DNS recursors are queried [GH-10611] - config: warn the user if client_addr is empty because client services won't be listening [GH-11461]
- connect/ca: cease including the common name field in generated x509 non-CA certificates [GH-10424]
- connect: Add low-level feature to allow an Ingress to retrieve TLS certificates from SDS. [GH-10903]
- connect: Consul will now generate a unique virtual IP for each connect-enabled service (this will also differ across namespace/partition in Enterprise). [GH-11724]
- โ connect: Support Vault auth methods for the Connect CA Vault provider. Currently, we support any non-deprecated auth methods the latest version of Vault supports (v1.8.5), which include AppRole, AliCloud, AWS, Azure, Cloud Foundry, GitHub, Google Cloud, JWT/OIDC, Kerberos, Kubernetes, LDAP, Oracle Cloud Infrastructure, Okta, Radius, TLS Certificates, and Username & Password. [GH-11573]
- ๐ connect: Support manipulating HTTP headers in the mesh. [GH-10613]
- ๐ง connect: add Namespace configuration setting for Vault CA provider [GH-11477]
- connect: ingress gateways may now enable built-in TLS for a subset of listeners. [GH-11163]
- connect: service-resolver subset filters are validated for valid go-bexpr syntax on write [GH-11293]
- โก๏ธ connect: update supported envoy versions to 1.19.1, 1.18.4, 1.17.4, 1.16.5 [GH-11115]
- โก๏ธ connect: update supported envoy versions to 1.20.0, 1.19.1, 1.18.4, 1.17.4 [GH-11277]
- debug: Add a new /v1/agent/metrics/stream API endpoint for streaming of metrics [GH-10399]
- debug: rename cluster capture target to members, to be more consistent with the terms used by the API. [GH-10804]
- dns: Added a
virtual
endpoint for querying the assigned virtual IP for a service. [GH-11725] - ๐ http: when a URL path is not found, include a message with the 404 status code to help the user understand why (e.g., HTTP API endpoint path not prefixed with /v1/) [GH-11818]
- ๐ง raft: Added a configuration to disable boltdb freelist syncing [GH-11720]
- ๐ raft: Emit boltdb related performance metrics [GH-11720]
- raft: Use bbolt instead of the legacy boltdb implementation [GH-11720]
- ๐ sdk: Add support for iptable rules that allow DNS lookup redirection to Consul DNS. [GH-11480]
- segments: (Enterprise only) ensure that the serf_lan_allowed_cidrs applies to network segments [GH-11495]
- telemetry: add a new
agent.tls.cert.expiry
metric for tracking when the Agent TLS certificate expires. [GH-10768] - telemetry: add a new
mesh.active-root-ca.expiry
metric for tracking when the root certificate expires. [GH-9924] - telemetry: added metrics to track certificates expiry. [GH-10504]
- types: add TLSVersion and TLSCipherSuite [GH-11645]
- ๐ป ui: Change partition URL segment prefix from
-
to_
[GH-11801] - ๐ป ui: Add upstream icons for upstreams and upstream instances [GH-11556]
- ๐ป ui: Add uri guard to prevent future URL encoding issues [GH-11117]
- ๐ ui: Move the majority of our SASS variables to use native CSS custom properties [GH-11200]
- ๐ ui: Removed informational panel from the namespace selector menu when editing namespaces [GH-11130]
- โก๏ธ ui: Update UI browser support to 'roughly ~2 years back' [GH-11505]
- โก๏ธ ui: Update global notification styling [GH-11577]
- ๐ป ui: added copy to clipboard button in code editor toolbars [GH-11474]
๐ DEPRECATIONS:
- ๐ api:
/v1/agent/token/agent_master
is deprecated and will be removed in a future major release - use/v1/agent/token/agent_recovery
instead [GH-11669] - config:
acl.tokens.master
has been renamed toacl.tokens.initial_management
, andacl.tokens.agent_master
has been renamed toacl.tokens.agent_recovery
- the old field names are now deprecated and will be removed in a future major release [GH-11665] - tls: With the upgrade to Go 1.17, the ordering of
tls_cipher_suites
will no longer be honored, andtls_prefer_server_cipher_suites
is now ignored. [GH-11364]
๐ BUG FIXES:
- acl: (Enterprise only) fix namespace and namespace_prefix policy evaluation when both govern an authz request
- โก๏ธ api: Fix default values used for optional fields in autopilot configuration update (POST to
/v1/operator/autopilot/configuration
) [GH-10558] [GH-10559] - api: ensure new partition fields are omit empty for compatibility with older versions of consul [GH-11585]
- areas: (Enterprise Only) Fixes a bug when using Yamux pool ( for servers version 1.7.3 and later), the entire pool was locked while connecting to a remote location, which could potentially take a long time.
- areas: (Enterprise only) make the gRPC server tracker network area aware [GH-11748]
- ๐ ca: fixes a bug that caused non blocking leaf cert queries to return the same cached response regardless of ca rotation or leaf cert expiry [GH-11693]
- ๐ ca: fixes a bug that caused the SigningKeyID to be wrong in the primary DC, when the Vault provider is used, after a CA config creates a new root. [GH-11672]
- ๐ ca: fixes a bug that caused the intermediate cert used to sign leaf certs to be missing from the /connect/ca/roots API response when the Vault provider was used. [GH-11671]
- check root and intermediate CA expiry before using it to sign a leaf certificate. [GH-10500]
- connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots [GH-10330]
- โก๏ธ connect/ca: require new vault mount points when updating the key type/bits for the vault connect CA provider [GH-10331]
- ๐ connect: fix race causing xDS generation to lock up when discovery chains are tracked for services that are no longer upstreams. [GH-11826]
- ๐ dns: Fixed an issue where on DNS requests made with .alt_domain response was returned as .domain [GH-11348]
- dns: return an empty answer when asked for an addr dns with type other then A and AAAA. [GH-10401]
- ๐ macos: fixes building with a non-Apple LLVM (such as installed via Homebrew) [GH-11586]
- namespaces: (Enterprise only) ensure the namespace replicator doesn't replicate deleted namespaces
- proxycfg: ensure all of the watches are canceled if they are cancelable [GH-11824]
- snapshot: (Enterprise only) fixed a bug where the snapshot agent would ignore the
license_path
setting in config files - ๐ป ui: Change partitions to expect [] from the listing API [GH-11791]
- ๐ป ui: Don't offer to save an intention with a source/destination wildcard partition [GH-11804]
- ๐ป ui: Ensure all types of data get reconciled with the backend data [GH-11237]
- ๐ป ui: Ensure dc selector correctly shows the currently selected dc [GH-11380]
- ๐ป ui: Ensure we check intention permissions for specific services when deciding whether to show action buttons for per service intention actions [GH-11409]
- ๐ป ui: Ensure we filter tokens by policy when showing which tokens use a certain policy whilst editing a policy [GH-11311]
- ๐ป ui: Ensure we show a readonly designed page for readonly intentions [GH-11767]
- ๐ป ui: Filter the global intentions list by the currently selected parition rather than a wildcard [GH-11475]
- ๐ป ui: Fix inline-code brand styling [GH-11578]
- ๐ป ui: Fix visual issue with slight table header overflow [GH-11670]
- ๐ป ui: Fixes an issue where under some circumstances after logging we present the ๐ฒ data loaded previous to you logging in. [GH-11681]
- ๐ป ui: Gracefully recover from non-existant DC errors [GH-11077]
- ui: Include
Service.Namespace
into available variables fordashboard_url_templates
[GH-11640] - โช ui: Revert to depending on the backend, 'post-user-action', to report ๐ป permissions errors rather than using UI capabilities 'pre-user-action' [GH-11520]
- 0๏ธโฃ ui: Topology - Fix up Default Allow and Permissive Intentions notices [GH-11216]
- ๐ป ui: code editor styling (layout consistency + wide screen support) [GH-11474]
- ๐ use the MaxQueryTime instead of RPCHoldTimeout for blocking RPC queries [GH-8978]. [GH-10299]
- ๐ windows: fixes arm and arm64 builds [GH-11586]
NOTES:
- Renamed the
agent_master
field toagent_recovery
in theacl-tokens.json
file in which tokens are persisted on-disk (whenacl.enable_token_persistence
is enabled) [GH-11744]
-
v1.11.0-beta2 Changes
November 02, 2021๐ฅ BREAKING CHANGES:
- โฌ๏ธ acl: The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that nothing is still using the legacy ACL system. See the Migrate Legacy ACL Tokens Learn Guide for more information. [GH-11232]
๐ IMPROVEMENTS:
- ๐ agent: for various /v1/agent endpoints parse the partition parameter on the request [GH-11444]
- ๐จ agent: refactor the agent delegate interface to be partition friendly [GH-11429]
- ๐ cli: Add
-cas
and-modify-index
flags to theconsul config delete
command to support Check-And-Set (CAS) deletion of config entries [GH-11419] - โก๏ธ cli: update consul members output to display partitions and sort the results usefully [GH-11446]
- ๐ config: Allow ${} style interpolation for UI Dashboard template URLs [GH-11328]
- ๐ config: Support Check-And-Set (CAS) deletion of config entries [GH-11419]
- connect: (Enterprise only) add support for dialing upstreams in remote partitions through mesh gateways. [GH-11431]
- connect: (Enterprise only) updates ServiceRead and NodeRead to account for the partition-exports config entry. [GH-11433]
- connect: ingress gateways may now enable built-in TLS for a subset of listeners. [GH-11163]
- connect: service-resolver subset filters are validated for valid go-bexpr syntax on write [GH-11293]
- โก๏ธ connect: update supported envoy versions to 1.20.0, 1.19.1, 1.18.4, 1.17.4 [GH-11277]
๐ DEPRECATIONS:
- tls: With the upgrade to Go 1.17, the ordering of
tls_cipher_suites
will no longer be honored, andtls_prefer_server_cipher_suites
is now ignored. [GH-11364]
๐ BUG FIXES:
- ๐ api: fixed backwards compatibility issue with AgentService SocketPath field. [GH-11318]
- ๐ dns: Fixed an issue where on DNS requests made with .alt_domain response was returned as .domain [GH-11348]
- raft: do not trigger an election if not part of the servers list. [GH-11375]
- rpc: only attempt to authorize the DNSName in the client cert when verify_incoming_rpc=true [GH-11255]
- telemetry: fixes a bug with Prometheus consul_autopilot_failure_tolerance metric where 0 is reported instead of NaN on follower servers. [GH-11399]
- ๐ป ui: Ensure dc selector correctly shows the currently selected dc [GH-11380]
- ๐ป ui: Ensure we filter tokens by policy when showing which tokens use a certain policy whilst editing a policy [GH-11311]
-
v1.11.0-beta1 Changes
October 15, 2021๐ FEATURES:
- partitions: allow for partition queries to be forwarded [GH-11099]
- sso/oidc: (Enterprise only) Add support for providing acr_values in OIDC auth flow [GH-11026]
- ๐ป ui: Added initial support for admin partition CRUD [GH-11188]
๐ IMPROVEMENTS:
- api: add partition field to acl structs [GH-11080]
- audit-logging: (Enterprise Only) Audit logs will now include select HTTP headers in each logs payload. Those headers are:
Forwarded
,Via
,X-Forwarded-For
,X-Forwarded-Host
andX-Forwarded-Proto
. [GH-11107] - connect: Add low-level feature to allow an Ingress to retrieve TLS certificates from SDS. [GH-10903]
- โก๏ธ connect: update supported envoy versions to 1.19.1, 1.18.4, 1.17.4, 1.16.5 [GH-11115]
- state: reads of partitions now accept an optional memdb.WatchSet
- telemetry: Add new metrics for the count of KV entries in the Consul store. [GH-11090]
- ๐ง telemetry: Add new metrics for the count of connect service instances and configuration entries. [GH-11222]
- ๐ป ui: Add initial support for partitions to intentions [GH-11129]
- ๐ป ui: Add uri guard to prevent future URL encoding issues [GH-11117]
- ๐ ui: Move the majority of our SASS variables to use native CSS custom properties [GH-11200]
- ๐ ui: Removed informational panel from the namespace selector menu when editing namespaces [GH-11130]
๐ BUG FIXES:
- acl: (Enterprise only) Fix bug in 'consul members' filtering with partitions. [GH-11263]
- acl: (Enterprise only) ensure that auth methods with namespace rules work with partitions [GH-11323]
- ๐ acl: fixes the fallback behaviour of down_policy with setting extend-cache/async-cache when the token is not cached. [GH-11136]
- connect: Fix upstream listener escape hatch for prepared queries [GH-11109]
- grpc: strip local ACL tokens from RPCs during forwarding if crossing datacenters [GH-11099]
- server: (Enterprise only) Ensure that servers leave network segments when leaving other gossip pools
- telemetry: Consul Clients no longer emit Autopilot metrics. [GH-11241]
- telemetry: fixes a bug with Prometheus consul_autopilot_healthy metric where 0 is reported instead of NaN on servers. [GH-11231]
- ui: (Enterprise Only) Fix saving intentions with namespaced source/destination [GH-11095]
- โ ui: Don't show a CRD warning for read-only intentions [GH-11149]
- ๐ป ui: Ensure all types of data get reconciled with the backend data [GH-11237]
- ๐ ui: Fixed styling of Role remove dialog on the Token edit page [GH-11298]
- ๐ป ui: Gracefully recover from non-existant DC errors [GH-11077]
- ๐ป ui: Ignore reported permissions for KV area meaning the KV is always enabled for both read/write access if the HTTP API allows. [GH-10916]
- 0๏ธโฃ ui: Topology - Fix up Default Allow and Permissive Intentions notices [GH-11216]
- ๐ป ui: hide create button for policies/roles/namespace if users token has no write permissions to those areas [GH-10914]
- xds: ensure the active streams counters are 64 bit aligned on 32 bit systems [GH-11085]
- โก๏ธ xds: fixed a bug where Envoy sidecars could enter a state where they failed to receive xds updates from Consul [GH-10987]
- ๐ Fixing SOA record to return proper domain when alt domain in use. [GH-10431]
-
v1.11.0-alpha Changes
September 16, 2021๐ SECURITY:
- rpc: authorize raft requests CVE-2021-37219 [GH-10925]
๐ FEATURES:
- config: add agent config flag for enterprise clients to indicate they wish to join a particular partition [GH-10572]
- ๐ connect: include optional partition prefixes in SPIFFE identifiers [GH-10507]
- partitions: (Enterprise only) Adds admin partitions, a new feature to enhance Consul's multitenancy capabilites.
- ๐ป ui: Add UI support to use Vault as an external source for a service [GH-10769]
- ๐ป ui: Adds a copy button to each composite row in tokens list page, if Secret ID returns an actual ID [GH-10735]
๐ IMPROVEMENTS:
- acl: replication routine to report the last error message. [GH-10612]
- ๐ง api: Enable setting query options on agent health and maintenance endpoints. [GH-10691]
- checks: add failures_before_warning setting for interval checks. [GH-10969]
- config: (Enterprise Only) Allow specifying permission mode for audit logs. [GH-10732]
- config: add
dns_config.recursor_strategy
flag to control the order which DNS recursors are queried [GH-10611] - connect/ca: cease including the common name field in generated x509 non-CA certificates [GH-10424]
- ๐ connect: Support manipulating HTTP headers in the mesh. [GH-10613]
- โก๏ธ connect: update supported envoy versions to 1.18.4, 1.17.4, 1.16.5 [GH-10961]
- debug: Add a new /v1/agent/metrics/stream API endpoint for streaming of metrics [GH-10399]
- debug: rename cluster capture target to members, to be more consistent with the terms used by the API. [GH-10804]
- structs: prohibit config entries from referencing more than one partition at a time [GH-10478]
- telemetry: add a new
agent.tls.cert.expiry
metric for tracking when the Agent TLS certificate expires. [GH-10768] - telemetry: add a new
mesh.active-root-ca.expiry
metric for tracking when the root certificate expires. [GH-9924]
๐ DEPRECATIONS:
- ๐ง config: the
ports.grpc
andaddresses.grpc
configuration settings have been renamed toports.xds
andaddresses.xds
to better match their function. [GH-10588]
๐ BUG FIXES:
- โก๏ธ api: Fix default values used for optional fields in autopilot configuration update (POST to
/v1/operator/autopilot/configuration
) [GH-10558] [GH-10559] - โช api: Revert early out errors from license APIs to allow v1.10+ clients to manage licenses on older servers [GH-10952]
- check root and intermediate CA expiry before using it to sign a leaf certificate. [GH-10500]
- connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots [GH-10330]
- โก๏ธ connect/ca: require new vault mount points when updating the key type/bits for the vault connect CA provider [GH-10331]
- dns: return an empty answer when asked for an addr dns with type other then A and AAAA. [GH-10401]
- tls: consider presented intermediates during server connection tls handshake. [GH-10964]
- ๐ use the MaxQueryTime instead of RPCHoldTimeout for blocking RPC queries [GH-8978]. [GH-10299]
-
v1.10.12 Changes
July 13, 2022 -
v1.10.11 Changes
May 25, 2022๐ SECURITY:
- agent: Use SHA256 instead of MD5 to generate persistence file names.
๐ IMPROVEMENTS:
- sentinel: (Enterprise Only) Sentinel now uses SHA256 to generate policy ids
๐ BUG FIXES:
- ๐ Fix a bug when configuring an
add_headers
directive namedHost
the header is not set forv1/internal/ui/metrics-proxy/
endpoint. [GH-13071] - areas: (Enterprise Only) Fixes a bug when using Yamux pool ( for servers version 1.7.3 and later), the entire pool was locked while connecting to a remote location, which could potentially take a long time. [GH-1368]
- ca: fix a bug that caused a non blocking leaf cert query after a locking leaf cert query to block [GH-12820]
- health: ensure /v1/health/service/:service endpoint returns the most recent results when a filter is used with streaming #12640 [GH-12640]
- snapshot-agent: (Enterprise only) Fix a bug where providing the ACL token to the snapshot agent via a CLI or ENV variable without a license configured results in an error during license auto-retrieval.
NOTES:
- ci: change action to pull v1 instead of main [GH-12846]
-
v1.10.10 Changes
April 13, 2022๐ SECURITY:
- ๐ agent: Added a new check field,
disable_redirects
, that allows for disabling the following of redirects for HTTP checks. The intention is to default this to true in a future release so that redirects must explicitly be enabled. [GH-12685] - ๐ง connect: Properly set SNI when configured for services behind a terminating gateway. [GH-12672]
๐ IMPROVEMENTS:
- โฑ xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections [GH-12711]
๐ DEPRECATIONS:
- tls: With the upgrade to Go 1.17, the ordering of
tls_cipher_suites
will no longer be honored, andtls_prefer_server_cipher_suites
is now ignored. [GH-12766]
๐ BUG FIXES:
- ๐ง connect/ca: cancel old Vault renewal on CA configuration. Provide a 1 - 6 second backoff on repeated token renewal requests to prevent overwhelming Vault. [GH-12607]
- โฌ๏ธ raft: upgrade to v1.3.6 which fixes a bug where a read replica node could attempt bootstrapping raft and prevent other nodes from bootstrapping at all [GH-12496]
- ๐ replication: Fixed a bug which could prevent ACL replication from continuing successfully after a leader election. [GH-12565]
- server: fix spurious blocking query suppression for discovery chains [GH-12512]
- ๐ agent: Added a new check field,
-
v1.10.9 Changes
February 28, 2022๐ SECURITY:
- agent: Use SHA256 instead of MD5 to generate persistence file names.
๐ FEATURES:
- ๐ ca: support using an external root CA with the vault CA provider [GH-11910]
๐ IMPROVEMENTS:
- โก๏ธ connect: Update supported Envoy versions to include 1.18.6 [GH-12450]
- โก๏ธ connect: update Envoy supported version of 1.20 to 1.20.2 [GH-12434]
- debug: reduce the capture time for trace to only a single interval instead of the full duration to make trace.out easier to open without running into OOM errors. [GH-12359]
- โช raft: add additional logging of snapshot restore progress [GH-12325]
- โฑ rpc: improve blocking queries for items that do not exist, by continuing to block until they exist (or the timeout). [GH-12110]
- sentinel: (Enterprise Only) Sentinel now uses SHA256 to generate policy ids
- server: conditionally avoid writing a config entry to raft if it was already the same [GH-12321]
- server: suppress spurious blocking query returns where multiple config entries are involved [GH-12362]
๐ BUG FIXES:
- ๐ agent: Parse datacenter from Create/Delete requests for AuthMethods and BindingRules. [GH-12370]
- areas: (Enterprise Only) Fixes a bug when using Yamux pool ( for servers version 1.7.3 and later), the entire pool was locked while connecting to a remote location, which could potentially take a long time. [GH-1368]
- ๐ raft: fixed a race condition in leadership transfer that could result in reelection of the current leader [GH-12325]
- server: (Enterprise only) Namespace deletion will now attempt to delete as many namespaced config entries as possible instead of halting on the first deletion that failed.
- server: partly fix config entry replication issue that prevents replication in some circumstances [GH-12307]
- 0๏ธโฃ ui: Ensure we always display the Policy default preview in the Namespace editing form [GH-12316]
- ๐ xds: Fixed Envoy http features such as outlier detection and retry policy not working correctly with transparent proxy. [GH-12385]
-
v1.10.8 Changes
February 11, 2022๐ SECURITY:
- agent: Use SHA256 instead of MD5 to generate persistence file names.
๐ IMPROVEMENTS:
- raft: Consul leaders will attempt to transfer leadership to another server as part of gracefully leaving the cluster. [GH-11376]
- sentinel: (Enterprise Only) Sentinel now uses SHA256 to generate policy ids
๐ BUG FIXES:
- ๐ Fix a data race when a service is added while the agent is shutting down.. [GH-12302]
- areas: (Enterprise Only) Fixes a bug when using Yamux pool ( for servers version 1.7.3 and later), the entire pool was locked while connecting to a remote location, which could potentially take a long time. [GH-1368]
- config-entry: fix a panic when creating an ingress gateway config-entry and a proxy service instance, where both providedthe same upstream and downstrem mapping. [GH-12277]
- config: include all config errors in the error message, previously some could be hidden. [GH-11918]
- ๐ connect: fixes bug where passthrough addressses for transparent proxies dialed directly weren't being cleaned up. [GH-12223]
- ๐ memberlist: fixes a bug which prevented members from joining a cluster with large amounts of churn [GH-253] [GH-12047]
- snapshot: the
snapshot save
command now saves the snapshot with read permission for only the current user. [GH-11918] - xds: allow only one outstanding delta request at a time [GH-12236]
- xds: fix for delta xDS reconnect bug in LDS/CDS [GH-12174]
- xds: prevents tight loop where the Consul client agent would repeatedly re-send config that Envoy has rejected. [GH-12195]a