github hashicorp/consul v1.22.0-rc2
on GitHub

pre-release12 hours ago

1.22.0-rc2 (October 15, 2025)

SECURITY:

  • security: Adding warning when remote/local script checks are enabled without enabling ACL's [GH-22877]
  • security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacksCVE-2025-11374 [GH-22916]
  • security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves CVE-2025-11375. [GH-22836]
  • security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves CVE-2025-11392. [GH-22850]

BUG FIXES:

  • cmd: Fix consul operator utilization --help to show only available options without extra parameters. [GH-22912]
Check out latest releases or
releases around hashicorp/consul v1.22.0-rc2

Don't miss a new consul release

NewReleases is sending notifications on new releases.

Get notifications