1.10.1 (July 15, 2021)
SECURITY:
- xds: ensure envoy verifies the subject alternative name for upstreams CVE-2021-32574 [GH-10621]
- xds: ensure single L7 deny intention with default deny policy does not result in allow action CVE-2021-36213 [GH-10619]
FEATURES:
- cli: allow running
redirect-trafficcommand in a provided Linux namespace. [GH-10564] - sdk: allow applying
iptablesrules in a provided Linux namespace. [GH-10564]
IMPROVEMENTS:
- acl: Return secret ID when listing tokens if accessor has
acl:write[GH-10546] - structs: prevent service-defaults upstream configs from using wildcard names or namespaces [GH-10475]
- ui: Move all CSS icons to use standard CSS custom properties rather than SASS variables [GH-10298]
DEPRECATIONS:
- connect/ca: remove the
RotationPeriodfield from the Consul CA provider, it was not used for anything. [GH-10552]
BUG FIXES:
- agent: fix a panic on 32-bit platforms caused by misaligned struct fields used with sync/atomic. [GH-10515]
- ca: Fixed a bug that returned a malformed certificate chain when the certificate did not having a trailing newline. [GH-10411]
- checks: fixes the default ServerName used with TLS health checks. [GH-10490]
- connect/proxy: fixes logic bug preventing builtin/native proxy from starting upstream listeners [GH-10486]
- streaming: fix a bug that was preventing streaming from being enabled. [GH-10514]
- ui: (Enterprise only) Ensure permissions are checked based on the actively selected namespace [GH-10608]
- ui: Ensure in-folder KVs are created in the correct folder [GH-10569]
- ui: Fix KV editor syntax highlighting [GH-10605]
- ui: Send service name down to Stats to properly call endpoint for Upstreams and Downstreams metrics [GH-10535]
- ui: Show ACLs disabled page at Tokens page instead of 403 error when ACLs are disabled [GH-10604]
- ui: Use the token's namespace instead of the default namespace when not
specifying a namespace in the URL [GH-10503]