All Versions
80
Latest Version
Avg Release Cycle
28 days
Latest Release
4 days ago

Changelog History
Page 1

  • v1.8.0-beta2

    May 21, 2020

    1.8.0-beta2 (May 21, 2020)

    πŸ‘Œ IMPROVEMENTS:

    • xds: Ingress gateways now respect the same binding options as mesh and terminating gateways [GH-7924]

    πŸ›  BUGFIXES:

    • πŸ”§ xds: Fixed bug where deleting a gateway config entry did not correctly remove xDS configuration from the envoy proxy [GH-7898]
    • πŸ’» ui: Quote service names when filtering intentions to prevent 500 errors when accessing a service [GH-7896] [GH-7888]
    • πŸ’» ui: Miscellaneous amends for Safari and Firefox [GH-7904] [GH-7907]
    • ui: Ensure a value is always passed to CONSUL_SSO_ENABLED [GH-7913]
    • agent: Preserve ModifyIndex for unchanged entry in KV transaciton [GH-7832]
    • 0️⃣ agent: use default resolver scheme for gRPC dialing [GH-7617]
  • v1.8.0-beta1

    May 14, 2020

    πŸ”‹ FEATURES:

    • Terminating Gateway: Envoy can now be run as a gateway to enable services in a Consul service mesh to connect to external services through their local proxy. Terminating gateways unlock several of the benefits of a service mesh in the cases where a sidecar proxy cannot be deployed alongside services such as legacy applications or managed cloud databases.
    • Ingress Gateway: Envoy can now be run as a gateway to ingress traffic into the Consul service mesh, enabling a more incremental transition for applications.
    • WAN Federation over Mesh Gateways: Allows Consul datacenters to federate by forwarding WAN gossip and RPC traffic through Mesh Gateways rather than requiring the servers to be exposed to the WAN directly.
    • 🌐 JSON Web Token (JWT) Auth Method: Allows exchanging a signed JWT from a trusted external identity provider for a Consul ACL token.
    • Single Sign-On (SSO) [Enterprise]: Lets an operator configure Consul to use an external OpenID Connect (OIDC) provider to automatically handle the lifecycle of creating, distributing and managing ACL tokens for performing CLI operations or accessing the UI.
    • 🌲 Audit Logging [Enterprise]: Adds instrumentation to record a trail of events (both attempted and authorized) by users of Consul’s HTTP API for purposes of regulatory compliance.

    • acl: add DisplayName field to auth methods [GH-7769]

    • acl: add MaxTokenTTL field to auth methods [GH-7779]

    • πŸ”§ agent/xds: add support for configuring passive health checks [GH-7713]

    • ⚑️ cli: Add -config flag to "acl authmethod update/create" [GH-7776]

    • πŸ“š ui: Help menu to provide further documentation/learn links [GH-7310]

    • ui: (Consul Enterprise only) SSO support [GH-7742] [GH-7771] [GH-7790]

    • πŸ’» ui: Support for termininating and ingress gateways [GH-7858] [GH-7865]

    πŸ‘Œ IMPROVEMENTS:

    • acl: change authmethod.Validator to take a logger [GH-7758]
    • agent: show warning when enable_script_checks is enabled without safety net [GH-7437]
    • πŸ‘ api: Added filtering support to the v1/connect/intentions endpoint. [GH-7478]
    • auto_encrypt: add validations for auto_encrypt.{tls,allow_tls} [GH-7704]
    • πŸ— build: switched to compile with Go 1.14.1 [GH-7481]
    • config: validate system limits against limits.http_max_conns_per_client [GH-7434]
    • πŸ‘ connect: support envoy 1.12.3, 1.13.1, and 1.14.1. Envoy 1.10 is no longer officially supported. [GH-7380],[GH-7624]
    • connect: add DNSSAN and IPSAN to cache key for ConnectCALeafRequest [GH-7597]
    • license: (Consul Enterprise only) Update licensing to align with the current modules licensing structure.
    • 🌲 logging: catch problems with the log destination earlier by creating the file immediately [GH-7469]
    • πŸ‘ proxycfg: support path exposed with non-HTTP2 protocol [GH-7510]
    • 🚚 tls: remove old ciphers [GH-7282]
    • πŸ’» ui: Show the last 8 characters of AccessorIDs in listing views [GH-7327]
    • πŸ’» ui: Make all tabs within the UI linkable/bookmarkable and include in history [GH-7592]
    • πŸ’» ui: Redesign of all service pages [GH-7605] [GH-7632] [GH-7655] [GH-7683]
    • πŸ’» ui: Show intentions per individual service [GH-7615]
    • πŸ’» ui: Improved login/logout flow [GH-7790]
    • βͺ ui: Revert search to search as you type, add sort control for the service listing page [GH-7489]
    • πŸ’» ui: Omit proxy services from the service listing view and mark services as being proxied [GH-7820]
    • πŸ’» ui: Display proxies in a proxy info tab with the service instance detail page [GH-7745]

    πŸ›  BUGFIXES:

    • agent: (Consul Enterprise only) Fixed several bugs related to Network Area and Network Segment compatibility with other features caused by incorrectly doing version or serf tag checking. [GH-7491]
    • agent: rewrite checks with proxy address, not local service address [GH-7518]
    • cli: enable TLS when CONSUL_HTTP_ADDR has an https scheme [GH-7608]
    • license: (Consul Enterprise only) Fixed a bug that would cause a license reset request to only be applied on the leader server.
    • sdk: Fix race condition in freeport [GH-7567]
    • server: strip local ACL tokens from RPCs during forwarding if crossing datacenters [GH-7419]

    KNOWN ISSUES:

    • πŸ’» ui: service pages in the UI for services with non-alphanumeric characters will not render. They instead show a page that says The backend responded with an error and Error 500. [GH-7896]
  • v1.7.3

    May 05, 2020

    πŸ‘Œ IMPROVEMENTS:

    • acl: (Consul Enterprise only) - Disable the ACL.Bootstrap RPC endpoints when managed service provider tokens are in use. [GH-7614]
    • acl: (Consul Enterprise only) - Consul agents will now use the first managed service provider token for the agents token when any are present.
    • acl: Added a v1/acl/policy/name/:name HTTP endpoint to read a policy by name. [GH-6615]
    • acl: Added JSON format output to all of the ACL CLI commands. [GH-7141]
    • ⚑️ agent/xds: Update mesh gateway to use the service resolver connect timeout when configured [GH-6370]
    • 🌲 cli: Log "newer version available" message at INFO level [GH-7457]
    • πŸ”§ config: Consul Enterprise specific configuration are now parseable in OSS but will emit warnings about them not being used. [GH-7714
    • network areas: (Consul Enterprise only) - Network areas are using memberlist with TCP and for every message a new connection was established. Now the connections multiplexed with yamux, which means that way fewer connections are created.
    • network segments: (Consul Enterprise only) - The segment configuration is no longer stored in serf node tags. There is now an RPC endpoint for the same information, which means that the number of network segment is no longer limited by node meta tag size.
    • snapshot agent: (Consul Enterprise only) - Azure has different environments, of which it was only possible to use the public one so far. A new flag was added so that every other environment can be used as well, like Azure China.

    πŸ›  BUGFIXES:

    • agent: don't let left nodes hold onto their node-id [GH-7775]
    • agent: (Consul Enterprise only) Fixed several bugs related to Network Area ann Network Segment compatibility with other features caused by incorrectly doing version or serf tag checking. [GH-7491]
    • cli: ensure that 'snapshot save' is fsync safe and also only writes to the requested file on success [GH-7698]
    • βͺ cli: fix usage of gzip.Reader to better detect corrupt snapshots during save/restore [GH-7697]
    • connect: Fix panic when validating a service-router config entry with no destination [GH-7783]
    • namespace: (Consul Enterprise only) Fixed several bugs where results from multiple namespaces would be returned when only a single namespace was being queried when the token making the request had permissions to see all of them.
    • snapshot agent (Consul Enterprise only): Ensure snapshots persisted with the local backend are fsync safe and also only writes to the requested file on success.
    • snapshot agent (Consul Enterprise only): Verify integrity of snapshots locally before storing with the configured backend.
    • πŸ’» ui: Ensure blocking queries are used in the service instance page instead of polling [GH-7543]
    • πŸ’» ui: Fix a refreshing/rescrolling issue for the healthcheck listings [GH-7550] [GH-7365]
    • πŸ’» ui: Fix token duplication action bug [GH-7552]
    • πŸ’» ui: Lazily detect HTTP protocol along with a fallback for non-detection [GH-7644] [GH-7643]
    • 0️⃣ ui: Ensure KV names using 'special' terms within the default namespace are editable when the URL doesn't include the default namespace [GH-7734]
    • xds: Fix flapping of mesh gateway connect-service watches [GH-7575]
  • v1.7.2

    March 16, 2020

    πŸ‘Œ IMPROVEMENTS:

    • πŸ”§ agent: add option to configure max request length for /v1/txn endpoint [GH-7388]
    • πŸ— build: bump the expected go language version of the main module to 1.13 [GH-7429]
    • πŸ’» agent: add http_config.response header to the UI headers [GH-7369]
    • agent: Added documentation and error messages related to kv_max_value_size option [GH-7405]]
    • agent: Take Prometheus MIME-type header into account [GH-7371]]

    πŸ›  BUGFIXES:

    • ⚑️ acl: Updated token resolution so managed service provider token applies to all endpoints. [GH-7431]
    • πŸ›  agent: Fixed error output when agent crashes early [GH-7411]
    • agent: Handle bars in node names when displaying lists in CLI like consul members [GH-6652]]
    • agent: Avoid discarding health check status on consul reload [GH-7345]]
    • network areas: (Consul Enterprise only) - Fixed compatibility issues with network areas and v1.4.0+ ACLs as well as network areas and namespaces. The issue was that secondary datacenters connected to the primary via a network area were not properly detecting that the primary DC supported those other features.
    • πŸ›  sessions: Fixed backwards incompatibility with 1.6.x and earlier [GH-7395][GH-7399]
    • πŸ›  sessions: Fixed backwards incompatibility with 1.6.x and earlier [GH-7395][GH-7398]
    • πŸ’» ui: Fixed a DOM refreshing bug on the node detail page which forced an scroll reset [GH-7365][GH-7377]
    • πŸ’» ui: Fix blocking query requests for the coordinates API requests [GH-7378]
    • πŸ’» ui: Enable recovery from an unreachable datacenter [GH-7404]
  • v1.7.1

    February 20, 2020

    πŸ‘Œ IMPROVEMENTS:

    • agent: sensible keyring error [GH-7272]
    • agent: add server raft.{last,applied}_index gauges [GH-6694]
    • πŸ— build: Switched to compile with Go 1.13.7 [GH-7262]
    • config: increase http_max_conns_per_client default to 200 [GH-7289]
    • πŸ‘ tls: support TLS 1.3 [GH-7325]

    πŸ›  BUGFIXES:

    • acl: (Consul Enterprise only) Fixed an issue that prevented remote policy and role resolution from working when namespace policy or role defaults were configured.
    • πŸ“œ dns: Fixed an issue that could cause the DNS server to consume excessive CPU resources when trying to parse IPv6 recursor addresses: [GH-6120]
    • πŸ”§ dns: Fixed an issue that caused Consul to setup a root zone handler when no alt_domain was configured. [GH-7323]
    • πŸ›  sessions: Fixed an issue that was causing deletions of a non-existent session to return a 500 when ACLs were enabled. [GH-6840]
    • πŸ”§ xds: Fix envoy retryOn behavior when multiple behaviors are configured [GH-7280]
    • πŸ”§ xds: Mesh Gateway fixes to prevent configuring extra clusters and for properly handling a service-resolvers default subset. [GH-7294]
    • πŸ’» ui: Gracefully cope with errors in discovery-chain when connect is disabled [GH-7291]
  • v1.7.0

    February 11, 2020

    NOTES:

    • 🏁 cli: Our Windows 32-bit and 64-bit executables for this version and up will be signed with a HashiCorp certificate. Windows users will no longer see a warning about an "unknown publisher" when running our software.

    • πŸš€ cli: Our darwin releases for this version and up will be signed and notarized according to Apple's requirements.

    πŸš€ Prior to this release, MacOS 10.15+ users attempting to run our software may see the error: "'consul' cannot be opened because the developer cannot be verified." This error affected all MacOS 10.15+ users who downloaded our software directly via web browsers, and was caused by changes to Apple's third-party software requirements.

    ⬆️ MacOS 10.15+ users should plan to upgrade to 1.7.0+.

    πŸ”’ SECURITY:

    • ⚑️ dns: Updated miekg/dns dependency to fix a memory leak and CVE-2019-19794. [GH-6984], [GH-7252]
    • ⚑️ updated to compile with [Go 1.12.16] which includes a fix for CVE-2020-0601 on windows [GH-7153]

    πŸ’₯ BREAKING CHANGES:

    • http: The HTTP API no longer accepts JSON fields that are unknown to it. Instead errors will be returned with 400 status codes [GH-6874]
    • dns: PTR record queries now return answers that contain the Consul datacenter as a label between service and the domain. [GH-6909]
    • agent: The ACL requirement for the agent/force-leave endpoint is now operator:write rather than agent:write. [GH-7033]
    • πŸ”Š logging: Switch over to using go-hclog and allow emitting either structured or unstructured logs. This changes the log format quite a bit and could break any log parsing users may have in place. [GH-1249][GH-7130]
    • intentions: Change the ACL requirement and enforcement for wildcard rules. Previously this would look for an ACL rule that would grant access to the service/intention *. Now, in order to write a wildcard intention requires write access to all intentions and reading a wildcard intention requires read access to any intention that would match. Additionally intention listing and reading allow access if the requester can read either side of the intention whereas before it only allowed it for permissions on the destination side. [GH-7028]
    • telemetry: consul.rpc.query has changed to only measure the start of srv.blockingQuery() calls. In certain rare cases where there are lots of idempotent updates this will cause the metric to report lower than before. The counter should now provides more meaningful behavior that maps to the rate of client-initiated requests. [GH-7224]

    πŸ”‹ FEATURES:

    • Namespaces (Consul Enterprise only) This version adds namespacing to Consul. Namespaces help reduce operational challenges by removing restrictions around uniqueness of resource names across distinct teams, and enable operators to provide self-service through delegation of administrative privileges. Namespace support was added to:
      • ACLs
      • Key/Value Store
      • Sessions
      • Catalog
      • Connect
      • UI [GH6639]
    • πŸ‘ agent: Add Cloud Auto-join support for Tencent Cloud [GH-6818]
    • πŸ“„ connect: Added a new CA provider allowing Connect certificates to be managed by AWS ACM Private CA.
    • πŸ”§ connect: Allow configuration of upstream connection limits in Envoy [GH-6829]
    • πŸ’» ui: Adds UI support for Exposed Checks [GH6575]
    • πŸ’» ui: Visualisation of the Discovery Chain [GH6746]

    πŸ‘Œ IMPROVEMENTS:

    • acl: Use constant time comparison when checking for the ACL agent master token. [GH-6943]
    • acl: Add accessorID of token when ops are denied by ACL system [GH-7117]
    • πŸ”§ agent: default the primary_datacenter to the datacenter if not configured [GH-7111]
    • πŸ”§ agent: configurable MaxQueryTime and DefaultQueryTime [GH-3777]
    • agent: do not deregister service checks twice [GH-6168]
    • 🚚 agent: remove service sidecars in cleanupRegistration [GH-7022]
    • agent: setup grpc server with auto_encrypt certs and add -https-port [GH-7086
    • ⚑️ agent: some check types now support configuring a number of consecutive failure and success before the check status is updated in the catalog. [GH-5739]
    • 🚚 agent: clients should only attempt to remove pruned nodes once per call [GH-6591]
    • πŸ”§ agent: Consul HTTP checks can now send a configurable body in the request. [GH-6602]
    • agent: increase watchLimit to 8192. [GH-7200]
    • api: A new /v1/catalog/node-services/:node endpoint was added that mirrors the existing /v1/catalog/node/:node endpoint but has a response structure that contains a slice of services instead of a map of service ids to services. This new endpoint allows retrieving all services in all namespaces for a node. [GH-7115]
    • api: add option to set TLS options in-memory for API client [GH-7093]
    • πŸ“¦ api: add replace-existing-checks param to the api package [GH-7136]
    • πŸ”§ auto_encrypt: set dns and ip san for k8s and provide configuration [GH-6944]
    • cli: improve the file safety of 'consul tls' subcommands [GH-7186]
    • cli: give feedback to CLI user on forceleave command if node does not exist [GH-6841]
    • connect: Envoy's whole stats endpoint can now be exposed to allow integrations like DataDog agent [GH-7070]
    • connect: check if intermediate cert needs to be renewed. [GH-6835]
    • πŸ”§ connect: Allow inlining of the TLS certificate in the Envoy configuration. [GH-6360]
    • dns: Improvement to enable dual stack IPv4/IPv6 addressing of services and lookup via DNS [GH-6531]
    • πŸ”’ lock: consul lock will now receive shutdown signals during the lock-acquisition process. [GH-5909]
    • raft: increase raft notify buffer [GH-6863]
    • ⚑️ raft: update raft to v1.1.2 [GH-7079]
    • router: do not surface left servers [GH-6420]
    • 🌲 rpc: log method when a server/server RPC call fails [GH-4548]
    • sentinel: (Consul Enterprise only) The Sentinel framework was upgraded to v0.13.0. See the Sentinel Release Notes for more information.
    • telemetry: Added consul.rpc.queries_blocking gauge to measure the current number of in-flight blocking queries. [GH-7224]
    • 0️⃣ ui: Discovery chain improvements for clarifying the default router [GH-7222]
    • πŸ’» ui: Added unique browser titles to each page [GH-7118]
    • ⚑️ ui: Add live updates/blocking queries to the Intention listing page [GH-7161]
    • πŸ’» ui: Use more consistent icons with other HashiCorp products in the UI [GH-6851]
    • πŸ’» ui: Improvements to the Discovery Chain visualisation in respect to redirects [GH-7036]
    • πŸ’» ui: Improvement keyboard navigation of the main menu [GH-7090]
    • πŸ”Š ui: New row confirmation dialogs [GH-7007]
    • πŸ’» ui: Various visual CSS amends and alterations [GH6495] [[GH6881]](https://github.com/hashicorp/consul/
    • πŸ’» ui: Hides the Routing tab for a service proxy [GH-7195]
    • πŸ’» ui: Add ability to search nodes listing page with IP Address [GH-7204]
    • xds: mesh gateway CDS requests are now allowed to receive an empty CDS reply [GH-6787]
    • βœ… xds: Verified integration test suite with Envoy 1.12.2 & 1.13.0 [GH-6947]
    • agent: Added ACL token for Consul managed service providers [GH-7218]

    πŸ›  BUGFIXES:

    • agent: fix watch event behavior [GH-5265]
    • πŸ”€ agent: ensure node info sync and full sync [GH-7189]
    • πŸ›  autopilot: Fixed dead server removal condition to use correct failure tolerance. [GH-4017]
    • cli: services register command now correctly registers an unamed healthcheck [GH-6800]
    • πŸš€ cli: remove -dev from consul version in ARM builds in the 1.6.2 release [GH-6875]
    • cli: ui_content_path config option fix [GH-6601]
    • πŸ“œ config: Fixed a bug that caused some config parsing to be case-sensitive: [GH-7191]
    • connect: CAs can now use RSA keys correctly to sign EC leafs [GH-6638]
    • connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index [GH-7011]
    • ⚑️ connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison [GH-7012]
    • connect: use correct subject key id for leaf certificates. [GH-7091]
    • 🌲 log: handle discard all logfiles properly [GH-6945]
    • ⚑️ state: restore a few more service-kind index updates so blocking in ServiceDump works in more cases [GH-6948]
    • tls: fix behavior related to auto_encrypt and verify_incoming (#6899) [GH-6811]
    • πŸ’» ui: Ensure the main navigation menu is closed on click [GH-7164]
    • ⚑️ ui: Ensure KV flags are passed through to Consul on update [GH-7216]
    • πŸ’» ui: Fix positioning of active icon in main navigation menu [GH-7233]
    • πŸ’» ui: Ensure the Namespace property is sent to Consul in OSS [GH-7238]
    • 🚚 ui: Remove the Policy/Service Identity selector from namespace policy form [GH-7124]
    • πŸ’» ui: Fix positioning of active icon in the selected menu item [GH-7148]
    • πŸ“œ ui: Discovery-Chain: Improve parsing of redirects [GH-7174]
    • πŸ’» ui: Fix styling of β€˜duplicate intention’ error message [GH6936]
  • v1.7.0-beta4

    January 31, 2020

    πŸ”’ SECURITY

    • agent: mitigate potential DoS vector allowing unbounded server resource usage from unauthenticated connections [GH-7159]
    • acl: add ACL enforcement to the v1/agent/health/service/* endpoints [GH-7160]

    πŸ‘Œ IMPROVEMENTS:

    • πŸ”Š logging: Switch over to using go-hclog and allow emitting either structured or unstructured logs. [GH-1249][GH-7130]

    πŸ›  BUGFIXES:

    • acl: (Consul Enterprise only) intention:write privileges are now granted by the namespace-management policy that is injected into each new namespace.
    • πŸ“œ config: Fixed a bug that caused some config parsing to be case-sensitive: [GH-7191]
    • connect: (Consul Enterprise only) Fixed a bug that caused Envoy intention authorization to improperly request authorization in the default namespace.
    • connect: (Consul Enterprise only) Fixed bugs that caused the intention CLI interface to not properly handle namespaces in the strings passed as its arguments.
    • 🚚 ui: Remove the Policy/Service Identity selector from namespace policy form [GH-7124]
    • πŸ’» ui: Fix positioning of active icon in the selected menu item [GH-7148]
    • πŸ“œ ui: Discovery-Chain: Improve parsing of redirects [GH-7174]

    πŸ‘Œ IMPROVEMENTS:

    • cli: improve the file safety of 'consul tls' subcommands [GH-7186]
    • πŸ’» ui: Added unique browser titles to each page [GH-7118]
    • ⚑️ ui: Add live updates/blocking queries to the Intention listing page [GH-7161]
  • v1.7.0-beta3

    January 24, 2020

    πŸ’₯ BREAKING CHANGES:

    • agent: The ACL requirement for the agent/force-leave endpoint is now operator:write rather than agent:write. [GH-7033]
    • intentions: Change the ACL requirement and enforcement for wildcard rules. Previously this would look for an ACL rule that would grant access to the service/intention *. Now, in order to write a wildcard intention requires write access to all intentions and reading a wildcard intention requires read access to any intention that would match. Additionally intention listing and reading allow access if the requester can read either side of the intention whereas before it only allowed it for permissions on the destination side. [GH-7028]

    πŸ”‹ FEATURES:

    • acl: (Consul Enterprise only) auth methods defined in the default namespace gained the ability to create tokens in alternate namespaces. This capability was implemented for all existing auth methods.
    • connect: (Consul Enterprise only) Namespaces are now fully functional with Connect and Configuration Entries.

    πŸ‘Œ IMPROVEMENTS:

    • πŸ”§ agent: default the primary_datacenter to the datacenter if not configured [GH-7111]
    • πŸ”§ agent: configurable MaxQueryTime and DefaultQueryTime [GH-3777]
    • agent: do not deregister service checks twice [GH-6168]
    • 🚚 agent: remove service sidecars in cleanupRegistration [GH-7022]
    • agent: setup grpc server with auto_encrypt certs and add -https-port [GH-7086
    • api: A new /v1/catalog/node-services/:node endpoint was added that mirrors the existing /v1/catalog/node/:node endpoint but has a response structure that contains a slice of services instead of a map of service ids to services. This new endpoint allow retrieving all services in all namespaces for a node. [GH-7115]
    • πŸ”§ auto_encrypt: set dns and ip san for k8s and provide configuration [GH-6944]
    • connect: check if intermediate cert needs to be renewed. [GH-6835]
    • dns: Improvement to enable dual stack IPv4/IPv6 addressing of services and lookup via DNS [GH-6531]
    • πŸ”’ lock: consul lock will now receive shutdown signals during the lock-acquisition process. [GH-5909]
    • raft: increase raft notify buffer [GH-6863]
    • ⚑️ raft: update raft to v1.1.2 [GH-7079]
    • 🌲 rpc: log method when a server/server RPC call fails [GH-4548]
    • πŸ’» ui: Use more consistent icons with other HashiCorp products in the UI [GH-6851]
    • πŸ’» ui: Improvements to the Discovery Chain visualisation in respect to redirects [GH-7036]
    • πŸ’» ui: Improvement keyboard navigation of the main menu [GH-7090]
    • πŸ”Š ui: New row confirmation dialogs [GH-7007]

    πŸ›  BUGFIXES:

    • connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index [GH-7011]
    • ⚑️ connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison [GH-7012]
    • connect: use correct subject key id for leaf certificates. [GH-7091]
  • v1.7.0-beta2

    December 20, 2019

    πŸ”‹ FEATURES:

    πŸ‘Œ IMPROVEMENTS:

    • acl: Use constant time comparison when checking for the ACL agent master token. [GH-6943]
    • api: (Consul Enterprise only) The API client will now configure the HTTP Client's configured default namespace to the value of the CONSUL_NAMESPACE environment variable if not explicitly overridden.
    • πŸ”§ connect: Allow inlining of the TLS certificate in the Envoy configuration. [GH-6360]
    • namespaces: (Consul Enterprise only) The desired namespace will be defaulted to the namespace of the ACL token used for an HTTP/RPC request if no other namespace is explicitly set.
    • namespaces: (Consul Enterprise only) Allow for creating and resolving tokens not linked to any roles, policies or service identities. These tokens can be granted access based on the default policies and roles associated with the tokens namespace.
    • πŸ’» ui: Various visual CSS amends and alterations [GH6495] [GH6881]

    πŸ› BUG FIXES

    • api: (Consul Enterprise only) The Meta field was added into the Namespace struct definition within the API module. Previously the HTTP accepted this field, it was just missing from the API client.
    • πŸ›  autopilot: Fixed dead server removal condition to use correct failure tolerance. [GH-4017]
    • cli: (Consul Enterprise only) Changed the CLI parameter used to specify the namespace from -ns to `-namespace.
    • dns: (Consul Enterprise only) Fixed an issue resulting in the dns_config.prefer_namespace configuration to not work properly.
    • ⚑️ dns: Updated miekg/dns dependency to fix a memory leak. [GH-6748]
    • 🌲 log: handle discard all logfiles properly [GH-6945]
    • ⚑️ state: restore a few more service-kind index updates so blocking in ServiceDump works in more cases [GH-6948]
    • πŸ’» ui: Fix styling of β€˜duplicate intention’ error message [GH6936]
  • v1.7.0-beta1

    December 10, 2019

    NOTES:

    • πŸš€ cli: Our darwin releases for this version and up will be signed and notarized according to Apple's requirements.

    πŸš€ Prior to this release, MacOS 10.15+ users attempting to run our software may see the error: "'consul' cannot be opened because the developer cannot be verified." This error affected all MacOS 10.15+ users who downloaded our software directly via web browsers, and was caused by changes to Apple's third-party software requirements.

    ⬆️ MacOS 10.15+ users should plan to upgrade to 1.7.0+.

    πŸ’₯ BREAKING CHANGES:

    • http: The HTTP API no longer accepts JSON fields that are unknown to it. Instead errors will be returned with 400 status codes [GH-6874]
    • dns: PTR record queries now return answers that contain the Consul datacenter as a label between service and the domain. [GH-6909]

    πŸ”‹ FEATURES

    • Namespaces (Consul Enterprise only) This version adds namespacing to Consul. Namespaces help reduce operational challenges by removing restrictions around uniqueness of resource names across distinct teams, and enable operators to provide self-service through delegation of administrative privileges.
    • GCP Snapshot Storage (Consul Enterprise only). This allows for Consul snapshots (created as backup for disaster recovery) to be stored in GCP
    • πŸ“„ connect: Added a new CA provider allowing Connect certificates to be managed by AWS ACM Private CA.
    • πŸ”§ connect: Allow configuration of upstream connection limits in Envoy [GH-6829]
    • πŸ‘ agent: Add Cloud Auto-join support for Tencent Cloud [GH-6818]

    πŸ‘Œ IMPROVEMENTS

    • ⚑️ agent: some check types now support configuring a number of consecutive failure and success before the check status is updated in the catalog. [GH-5739]
    • 🚚 agent: clients should only attempt to remove pruned nodes once per call [GH-6591]
    • cli: give feedback to CLI user on forceleave command if node does not exist [GH-6841]
    • router: do not surface left servers [GH-6420]
    • sentinel: (Consul Enterprise only) The Sentinel framework was upgraded to v0.13.0. See the Sentinel Release Notes for more information.
    • xds: mesh gateway CDS requests are now allowed to receive an empty CDS reply [GH-6787]

    πŸ› BUG FIXES

    • πŸš€ cli: remove -dev from consul version in ARM builds in the 1.6.2 release [GH-6875]
    • cli: ui_content_path config option fix [GH-6601]
    • agent: fix watch event behavior [GH-5265]
    • connect: CAs can now use RSA keys correctly to sign EC leafs [GH-6638]
    • cli: services register command now correctly registers an unamed healthcheck [GH-6800]
    • tls: fix behavior related to auto_encrypt and verify_incoming (#6899) [GH-6811]