1.13.8 (May 16, 2023)
SECURITY:
- Upgrade to use Go 1.20.1.
This resolves vulnerabilities CVE-2022-41724 incrypto/tlsand CVE-2022-41723 innet/http. [GH-16263] - Upgrade to use Go 1.20.4.
This resolves vulnerabilities CVE-2023-24537(go/scanner),
CVE-2023-24538(html/template),
CVE-2023-24534(net/textproto) and
CVE-2023-24536(mime/multipart).
Also,golang.org/x/nethas been updated to v0.7.0 to resolve CVEs CVE-2022-41721, CVE-2022-27664 and CVE-2022-41723 [GH-17240]
IMPROVEMENTS:
- api: updated the go module directive to 1.18. [GH-15297]
- connect: update supported envoy versions to 1.20.7, 1.21.6, 1.22.11, 1.23.8 [GH-16891]
- sdk: updated the go module directive to 1.18. [GH-15297]
BUG FIXES:
- Fix an bug where decoding some Config structs with unset pointer fields could fail with
reflect: call of reflect.Value.Type on zero Value. [GH-17048] - audit-logging: (Enterprise only) Fix a bug where
/agent/monitorand/agent/metricsendpoints return aStreaming not supportederror when audit logs are enabled. This also fixes the delay receiving logs when runningconsul monitoragainst an agent with audit logs enabled. [GH-16700] - ca: Fixes a bug where updating Vault CA Provider config would cause TLS issues in the service mesh [GH-16592]
- connect: Fix multiple inefficient behaviors when querying service health. [GH-17241]
- grpc: ensure grpc resolver correctly uses lan/wan addresses on servers [GH-17270]
- peering: Fixes a bug that can lead to peering service deletes impacting the state of local services [GH-16570]
- xds: Fix possible panic that can when generating clusters before the root certificates have been fetched. [GH-17185]