1.14.7 (May 16, 2023)
SECURITY:
- Upgrade to use Go 1.20.4.
This resolves vulnerabilities CVE-2023-24537(go/scanner),
CVE-2023-24538(html/template),
CVE-2023-24534(net/textproto) and
CVE-2023-24536(mime/multipart).
Also,golang.org/x/nethas been updated to v0.7.0 to resolve CVEs CVE-2022-41721, CVE-2022-27664 and CVE-2022-41723 [GH-17240]
IMPROVEMENTS:
- connect: update supported envoy versions to 1.21.6, 1.22.11, 1.23.8, 1.24.6 [GH-16888]
- envoy: add
MaxEjectionPercentandBaseEjectionTimeto passive health check configs. [GH-15979] - hcp: Add support for linking existing Consul clusters to HCP management plane. [GH-16916]
- logging: change snapshot log header from
agent.server.snapshottoagent.server.raft.snapshot[GH-17236] - peering: allow re-establishing terminated peering from new token without deleting existing peering first. [GH-16776]
BUG FIXES:
- Fix an bug where decoding some Config structs with unset pointer fields could fail with
reflect: call of reflect.Value.Type on zero Value. [GH-17048] - acl: (Enterprise only) Check permissions in correct partition/namespace when resolving service in non-default partition/namespace
- acls: Fix ACL bug that can result in sidecar proxies having incorrect endpoints.
- connect: Fix multiple inefficient behaviors when querying service health. [GH-17241]
- connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-17317]
- grpc: ensure grpc resolver correctly uses lan/wan addresses on servers [GH-17270]
- peering: Fix issue where peer streams could incorrectly deregister services in various scenarios. [GH-17235]
- proxycfg: ensure that an irrecoverable error in proxycfg closes the xds session and triggers a replacement proxycfg watcher [GH-16497]
- xds: Fix possible panic that can when generating clusters before the root certificates have been fetched. [GH-17185]