1.15.16 Enterprise (January 13, 2025)
This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.
Enterprise LTS: Consul Enterprise 1.15 is a Long-Term Support (LTS) release.
SECURITY:
- Removed ability to use bexpr to filter results without ACL read on endpoint [GH-21950]
- Resolved issue where hcl would allow duplicates of the same key in acl policy configuration. [GH-21908]
- Update
github.com/golang-jwt/jwt/v4to v4.5.1 to address GHSA-29wx-vh33-7x7r. [GH-21951] - Update
registry.access.redhat.com/ubi9-minimalimage to 9.5 to address CVE-2024-3596,CVE-2024-2511,CVE-2024-26458. [GH-22011] - api: Enforces strict content-type header validation to protect against XSS vulnerability. [GH-21930]
IMPROVEMENTS:
- Upgrade api submodule to 1.21.4 [GH-22055]
- snapshot agent: (Enterprise only) Implement Service Principal Auth for snapshot agent on azure.
BUG FIXES:
- proxycfg: fix a bug where peered upstreams watches are canceled even when another target needs it. [GH-21871]