github hashicorp/consul-k8s v1.9.0-rc2
on GitHub

pre-release2 days ago

1.9.0-rc2 (October 16, 2025)

FEATURES:

  • api-gateway: Added boolean annotation "consul.hashicorp.com/enable-consul-dataplane-as-sidecar" for registering consul-dataplane as init container so that consul-dataplane container is initialised and started before application container. Default value is "false" i.e the feature is disabled by default. Also made the probe properties configurable through annotations. [GH-4678]
  • control-plane: Added support to sync multiple ports of a service from k8s to consul. [GH-4778]
  • helm: add dual stack flag for IPv6 support. [GH-4776]
  • ipv6: Addition of ipv6 changes for consul-k8s connect inject and cni [GH-4779]

IMPROVEMENTS:

  • consul-dataplane: now includes both privileged and non-privileged binaries in the image. By default, all use cases use the non-privileged binaries (without NET_BIND_SERVICE). For Ingress, API, and Mesh Gateway use cases, if a privileged port is configured, the privileged binary (with NET_BIND_SERVICE capability) is automatically selected and used. [GH-4745]
  • cni: fixed race conditions with older versions where no cleanup was done for binary. cleanup of cni binary on previous pod deletion to improve security posture [GH-4757]
  • control-plane: updated endpoints controller to use podIP from endpoint object [GH-4809]
  • updated consul image version to 1.22.0-dev [GH-4792]

BUG FIXES:

  • api-gateway: Fixed an issue where the gateway controller failed to detect annotation changes in deployments triggered by rollout restarts, preventing restarts from completing successfully. [GH-4767]
  • control-plane: fix duplicate health check registrations for API Gateways and Mesh Gateways when node assignment is delayed [GH-4715]

SECURITY:

  • cve: upgrade helm.sh/helm/v3 to v3.18.5 to fix CVE-2025-55198, CVE-2025-55199 [GH-4696]
  • go: upgrade go version to 1.25.1 [GH-4762]
  • security: Updated AWS SDK dependencies and added CVE suppressions. Upgraded github.com/aws/aws-sdk-go from v1.38.63 to v1.55.8 in hack/aws-acceptance-test-cleanup utilities and suppressed CVEs: GO-2022-0635 (AWS S3 Crypto SDK - in-band key negotiation issue) GO-2022-0646 (AWS S3 Crypto SDK - CBC padding oracle issue). These vulnerabilities affect only test cleanup utilities in unused S3 crypto components. They do not impact production consul-k8s deployments. [GH-4870]
Check out latest releases or
releases around hashicorp/consul-k8s v1.9.0-rc2

Don't miss a new consul-k8s release

NewReleases is sending notifications on new releases.

Get notifications