github hashicorp/consul v1.22.0
on GitHub

6 hours ago

1.22.0 Enterprise (October 24, 2025)

SECURITY:

  • connect: Upgrade Consul's bundled Envoy version to 1.35.3 and remove support for 1.31.10. This update also includes a fix to prevent Envoy (v1.35+) startup failures by only configuring the TLS transport socket when the CA bundle is present. [GH-22824]
  • security: Adding warning when remote/local script checks are enabled without enabling ACL's [GH-22877]
  • security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacksCVE-2025-11374 [GH-22916]
  • security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves CVE-2025-11375. [GH-22836]
  • security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves CVE-2025-11392. [GH-22850]

FEATURES:

  • Added support to register a service in consul with multiple ports [GH-22769]
  • agent: Added IsDualStack utility function to detect if the agent is configured for both IPv4 and IPv6 (dual-stack mode) based on its bind address retrieved from "agent/self" API. [GH-22741]
  • install: Updated license information displayed during post-install
  • ipv6: addtition of ip6tables changes for ipv6 and dual stack support [GH-22787]
  • oidc: add client authentication using JWT assertion and PKCE. default PKCE is enabled. [GH-22732]

IMPROVEMENTS:

  • security: Upgrade golang to 1.25.3. [GH-22926]
  • ui: Fixes computed property override issues currently occurring and in some cases pre-emptively as this has been deprecated in ember v4 [GH-22947]
  • ui: removes send action instances as part of https://deprecations.emberjs.com/id/ember-component-send-action/ [GH-22938]
  • ui: replaced ember partials with components as an incremental step to upgrade to ember v4 [GH-22888]
  • api: Added a new API (/v1/operator/utilization) to support enterprise API for Manual Snapshot Reporting [GH-22837]
  • cmd: Added new subcommand consul operator utilization [-today-only] [-message] [-y] to generate a bundle with census utilization snapshot. Main flow is implemented in consul-enterprise
    http: Added a new API Handler for /v1/operator/utilization. Core functionality to be implemented in consul-enterprise
    agent: Always enabled census metrics collection with configurable option to export it to Hashicorp Reporting [GH-22843]
  • cli: snapshot agent now supports authenticating to Azure Blob Storage using Azure Managed Service Identities (MSI). [GH-11171]
  • command: connect envoy bootstrap defaults to 127.0.0.1 in IPv4-only environment and to ::1 in IPv6/DualStack environment. [GH-22763]
  • connect: default upstream.local_bind_address to ::1 for IPv6 agent bind address [GH-22773]
  • proxy: default proxy.local_service_address to ::1 for IPv6 agent bind address [GH-22772]
  • ui: Improved accessibility features in the Consul UI to enhance usability for users with disabilities [GH-22770]
  • ui: Replace yarn with pnpm for package management [GH-22790]
  • ui: auth method config values were overflowing. This PR fixes the issue and adds word break for table elements with large content. [GH-22813]

BUG FIXES:

  • ui: Allow FQDN to be displayed in the Consul web interface. [GH-22779]
  • ui: fixes the issue where namespaces where disappearing and Welcome to Namespace screen showed up after tab switching [GH-22789]
  • ui: fixes the issue where when doing deletes of multiple tokens or policies, the three dots on the right hand side stops responding after the first delete. [GH-22752]
  • cmd: Fix consul operator utilization --help to show only available options without extra parameters. [GH-22912]
Check out latest releases or
releases around hashicorp/consul v1.22.0

Don't miss a new consul release

NewReleases is sending notifications on new releases.

Get notifications