1.2.5 (Jan 25, 2024)
SECURITY:
- Update
golang.org/x/cryptoto v0.17.0 to address CVE-2023-48795. [GH-3442] - Upgrade to use
ubi-minimal:9.3for OpenShift container images. [GH-3418]
IMPROVEMENTS:
- Upgrade to use Go 1.21.6. [GH-3478]
- control-plane: Add new
consul.hashicorp.com/sidecar-proxy-startup-failure-secondsandconsul.hashicorp.com/sidecar-proxy-liveness-failure-secondsannotations that allow users to manually configure startup and liveness probes for Envoy sidecar proxies. [GH-3450] - control-plane: reduce Consul Catalog API requests required for endpoints reconcile in large clusters [GH-3322]
- cni: When CNI is enabled, set ReadOnlyRootFilesystem=true and AllowPrivilegeEscalation=false for mesh pod init containers and AllowPrivilegeEscalation=false for consul-dataplane containers (ReadOnlyRootFilesystem was already true for consul-dataplane containers). [GH-3498]
BUG FIXES:
- api-gateway: fix issue where deleting an http-route in a non-default namespace would not remove the route from Consul. [GH-3440]