1.2.0 (June 28, 2023)
FEATURES:
- Add support for configuring Consul server-side rate limiting [GH-2166]
- api-gateway: Add API Gateway for Consul on Kubernetes leveraging Consul native API Gateway configuration. [GH-2152]
- crd: Add
mutualTLSModeto the ProxyDefaults and ServiceDefaults CRDs andallowEnablingPermissiveMutualTLSto the Mesh CRD to support configuring permissive mutual TLS. [GH-2100] - helm: Add
JWTProviderCRD for configuring thejwt-providerconfig entry. [GH-2209] - helm: Update the ServiceIntentions CRD to support
JWTfields. [GH-2213]
IMPROVEMENTS:
- cli: update minimum go version for project to 1.20. [GH-2102]
- control-plane: add FIPS support [GH-2165]
- control-plane: server ACL Init always appends both, the secrets from the serviceAccount's secretRefs and the one created by the Helm chart, to support Openshift secret handling. [GH-1770]
- control-plane: set agent localities on Consul servers to the server node's
topology.kubernetes.io/regionlabel. [GH-2093] - control-plane: update alpine to 3.17 in the Docker image. [GH-1934]
- control-plane: update minimum go version for project to 1.20. [GH-2102]
- helm: Kubernetes v1.27 is now supported. Minimum tested version of Kubernetes is now v1.24. [GH-2304]
- helm: Update the default amount of memory used by the connect-inject controller so that its less likely to get OOM killed. [GH-2249]
- helm: add failover policy field to service resolver and proxy default CRDs [GH-2030]
- helm: add samenessGroup CRD [GH-2048]
- helm: add samenessGroup field to exported services CRD [GH-2075]
- helm: add samenessGroup field to service resolver CRD [GH-2086]
- helm: add samenessGroup field to source intention CRD [GH-2097]
- helm: update
imageConsulDataplanevalue tohashicorp/consul-dataplane:1.2.0[GH-2476] - helm: update
imagevalue tohashicorp/consul:1.16.0[GH-2476]
SECURITY:
- Update Go-Discover in the container has been updated to address CVE-2020-14040 [GH-2390]
- Bump Dockerfile base image to
alpine:3.18. Resolves CVE-2023-2650 vulnerability in openssl@3.0.8-r4 [GH-2284] - Fix Prometheus CVEs by bumping controller-runtime. [GH-2183]
- Upgrade to use Go 1.20.4.
This resolves vulnerabilities CVE-2023-24537(go/scanner),
CVE-2023-24538(html/template),
CVE-2023-24534(net/textproto) and
CVE-2023-24536(mime/multipart).
Also,golang.org/x/nethas been updated to v0.7.0 to resolve CVEs CVE-2022-41721
, CVE-2022-27664 and [CVE-2022-41723
](GHSA-vvpx-j8f3-3w6h
.) [GH-2102]
BUG FIXES:
- control-plane: Fix casing of the Enforce Consecutive 5xx field on Service Defaults and acceptance test fixtures. [GH-2266]
- control-plane: fix issue where consul-connect-injector acl token was unintentionally being deleted and not recreated when a container was restarted due to a livenessProbe failure. [GH-1914]