github hashicorp/consul ent-changelog-1.21.6
v1.21.6 (Enterprise)
on GitHub

latest release: ent-changelog-1.21.7
9 hours ago

1.21.6 Enterprise(October 30, 2025)

SECURITY:

  • security: Adding warning when remote/local script checks are enabled without enabling ACL's [GH-22877]
  • security: Fixed proxied URL path validation to prevent path traversal. [GH-22671]
  • security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacksCVE-2025-11374 [GH-22916]
  • security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves CVE-2025-11375. [GH-22836]
  • security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves CVE-2025-11392. [GH-22850]
  • security: Upgrade golang to 1.25.3. [GH-22926]

FEATURES:

  • install: Updated license information displayed during post-install

IMPROVEMENTS:

  • api: Added a new API (/v1/operator/utilization) to support enterprise API for Manual Snapshot Reporting [GH-22837]
  • cmd: Added new subcommand consul operator utilization [-today-only] [-message] [-y] to generate a bundle with census utilization snapshot. Main flow is implemented in consul-enterprise
    http: Added a new API Handler for /v1/operator/utilization. Core functionality to be implemented in consul-enterprise
    agent: Always enabled census metrics collection with configurable option to export it to Hashicorp Reporting [GH-22843]
  • ui: Fixes computed property override issues currently occurring and in some cases pre-emptively as this has been deprecated in ember v4 [GH-22947]
  • ui: Improved accessibility features in the Consul UI to enhance usability for users with disabilities [GH-22770]
  • ui: Replace yarn with pnpm for package management [GH-22790]
  • ui: Replaced reopen() calls with direct property assignment and subclassing to resolve Ember component reopen deprecation warnings [GH-22971]
  • ui: auth method config values were overflowing. This PR fixes the issue and adds word break for table elements with large content. [GH-22813]
  • ui: removed deprecated Route#renderTemplate usage by introducing DebugLayout component and controller-based conditional rendering for docs routes [GH-22978]
  • ui: removes send action instances as part of https://deprecations.emberjs.com/id/ember-component-send-action/ [GH-22938]
  • ui: replaced ember partials with components as an incremental step to upgrade to ember v4 [GH-22888]

BUG FIXES:

  • cmd: Fix consul operator utilization --help to show only available options without extra parameters. [GH-22912]
  • ui: Allow FQDN to be displayed in the Consul web interface. [GH-22779]
  • ui: fixes the issue where namespaces where disappearing and Welcome to Namespace screen showed up after tab switching [GH-22789]
  • ui: fixes the issue where when doing deletes of multiple tokens or policies, the three dots on the right hand side stops responding after the first delete. [GH-22752]
Check out latest releases or
releases around hashicorp/consul ent-changelog-1.21.6

Don't miss a new consul release

NewReleases is sending notifications on new releases.

Get notifications