1.16.7 Enterprise (March 26, 2024)
This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.
SECURITY:
- Update
google.golang.org/protobufto v1.33.0 to address CVE-2024-24786. [GH-20801] - Update the Consul Build Go base image to
alpine3.19. This resolves CVEs
CVE-2023-52425
CVE-2023-52426 [GH-20812] - Upgrade to use Go
1.21.8. This resolves CVEs
CVE-2024-24783 (crypto/x509).
CVE-2023-45290 (net/http).
CVE-2023-45289 (net/http,net/http/cookiejar).
CVE-2024-24785 (html/template).
CVE-2024-24784 (net/mail). [GH-20812]
IMPROVEMENTS:
- api: Randomize the returned server list for the WatchServers gRPC endpoint. [GH-20866]
- snapshot agent: (Enterprise only) Add support for multiple snapshot destinations using the
backup_destinationsconfig file object.
BUG FIXES:
- connect: Fix issue where Consul-dataplane xDS sessions would not utilize the streaming backend for wan-federated queries. [GH-20868]
- connect: Fix potential goroutine leak in xDS stream handling. [GH-20866]
- connect: Fix xDS deadlock that could result in proxies being unable to start. [GH-20867]
- ingress-gateway: (Enterprise Only) Fix a bug where on update, Ingress Gateways lost all upstreams for listeners with wildcard services in a different namespace.
- snapshot-agent: (Enterprise only) Fix a bug with static AWS credentials where one of the key id or secret key is provided via config file and the other is provided via an environment variable.