1.14.9 (August 7, 2023)
SECURITY:
- Update
golang.org/x/netto v0.13.0 to address CVE-2023-3978. [GH-18358] - Upgrade golang.org/x/net to address CVE-2023-29406 [GH-18186]
- Upgrade to use Go 1.20.6.
This resolves CVE-2023-29406(net/http) for uses of the standard library.
A separate change updates dependencies ongolang.org/x/netto use0.12.0. [GH-18190] - Upgrade to use Go 1.20.7.
This resolves vulnerability CVE-2023-29409(crypto/tls). [GH-18358]
FEATURES:
- cli:
consul memberscommand uses-filterexpression to filter members based on bexpr. [GH-18223] - cli:
consul watchcommand uses-filterexpression to filter response from checks, services, nodes, and service. [GH-17780] - reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true [GH-17565]
IMPROVEMENTS:
- Fix some typos in metrics docs [GH-18080]
- acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only) [GH-18319]
- acl: allow for a single slash character in policy names [GH-18319]
- connect: update supported envoy versions to 1.21.6, 1.22.11, 1.23.12, 1.24.10 [GH-18305]
- hcp: Removes requirement for HCP to provide a management token [GH-18140]
- xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager [GH-18150]
BUG FIXES:
- Fix a bug that wrongly trims domains when there is an overlap with DC name. [GH-17160]
- connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters [GH-17846]
- connect: Fix incorrect protocol config merging for transparent proxy implicit upstreams. [GH-17894]
- connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-18024]
- snapshot: fix access denied and handle is invalid when we call snapshot save on windows - skip sync() for folders in windows in
rboyer/safeio#3 [GH-18302]