1.17.4 Enterprise (March 26, 2024)
SECURITY:
- Update
google.golang.org/protobufto v1.33.0 to address CVE-2024-24786. [GH-20801] - Update the Consul Build Go base image to
alpine3.19. This resolves CVEs
CVE-2023-52425
CVE-2023-52426 [GH-20812] - Upgrade to use Go
1.21.8. This resolves CVEs
CVE-2024-24783 (crypto/x509).
CVE-2023-45290 (net/http).
CVE-2023-45289 (net/http,net/http/cookiejar).
CVE-2024-24785 (html/template).
CVE-2024-24784 (net/mail). [GH-20812]
IMPROVEMENTS:
- api: Randomize the returned server list for the WatchServers gRPC endpoint. [GH-20866]
- snapshot agent: (Enterprise only) Add support for multiple snapshot destinations using the
backup_destinationsconfig file object.
BUG FIXES:
- connect: Fix issue where Consul-dataplane xDS sessions would not utilize the streaming backend for wan-federated queries. [GH-20868]
- connect: Fix potential goroutine leak in xDS stream handling. [GH-20866]
- connect: Fix xDS deadlock that could result in proxies being unable to start. [GH-20867]
- dns: SERVFAIL when resolving not found PTR records. [GH-20679]
- ingress-gateway: (Enterprise Only) Fix a bug where on update, Ingress Gateways lost all upstreams for listeners with wildcard services in a different namespace.
- snapshot-agent: (Enterprise only) Fix a bug with static AWS credentials where one of the key id or secret key is provided via config file and the other is provided via an environment variable.