2.0.0-rc2 (May 17, 2026)
SECURITY:
- Upgrade to use
x/net0.53.0.
This resolves GO-2026-4918 [GH-5308]
FEATURES:
- api-gateway: add TLS SDS support for Kubernetes API Gateway listeners via listener
tls.options(with gateway-level defaults) and per-backendRouteTLSSDSFilteroverrides; this includes validation for incomplete SDS config and SDS inheritance behavior so route-level overrides can inherit clusterName from listener/global defaults. [GH-5186]
BUG FIXES:
- connect-init: fix incorrect FIPS Consul version check that caused misleading WARN messages in the
consul-connect-inject-initinit container logs even when a fully FIPS-compliant setup was used. The original check queried/v1/agent/versionwith a non-pointer map, so the response was never decoded and both FIPS warnings fired on every pod startup. The fix decodes the endpoint response correctly and checks the returnedFIPSvalue. [GH-5252] - helm-chart: remove redundant template crd-gatewaypolicies-custom.yaml from helm chart templates. [GH-5307]