1.3.5 (May 20, 2024)
SECURITY:
- Upgrade Go to use 1.21.10. This addresses CVEs
CVE-2024-24787 and
CVE-2024-24788 [GH-3980] - Upgrade
helm/v3to 3.14.4. This resolves the following security vulnerabilities:
CVE-2024-25620
CVE-2024-26147 [GH-3935] - Upgrade to use Go
1.21.9. This resolves CVE
CVE-2023-45288 (http2). [GH-3902] - Upgrade to use golang.org/x/net
v0.24.0. This resolves CVE
CVE-2023-45288 (x/net). [GH-3902]
FEATURES:
- Add support for configuring graceful startup proxy lifecycle management settings. [GH-3878]
IMPROVEMENTS:
- control-plane: support , and <\n> as upstream separators. [GH-3956]
- ConfigEntries controller: Only error for config entries from different datacenters when the config entries are different [GH-3873]
- control-plane: Remove anyuid Security Context Constraints (SCC) requirement in OpenShift. [GH-3813]
- helm: only create the default Prometheus path annotation when it's not already specified within the component-specific
annotations. For example if theclient.annotationsvalue sets prometheus.io/path annotation, don't overwrite it with
the default value. [GH-3846] - helm: support sync-lb-services-endpoints flag for syncCatalog [GH-3905]
- terminating-gateways: Remove unnecessary permissions from terminating gateways role [GH-3928]
BUG FIXES:
- Create Consul service with mode transparent-proxy even when a cluster IP is not assigned to the service.. [GH-3974]
- api-gateway: Fix order of initialization for creating ACL role/policy to avoid error logs in consul when upgrading between versions. [GH-3918]
- api-gateway: fix bug where multiple logical APIGateways would share the same ACL policy. [GH-4001]
- control-plane: fix a panic when an upstream annotation is malformed. [GH-3956]
- connect-inject: Fixed issue where on restart, if a managed-gateway-acl-role already existed the container would error [GH-3978]