1.22.4 (February 18, 2026)
SECURITY:
- security: upgrade go version to 1.25.7 [GH-23204]
- dockerfile: the Consul build Go base image to
alpine3.23[GH-23194] - connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
- security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]
IMPROVEMENTS:
- api-gateway: Fixed "duplicate matcher" errors in Envoy when using multiple file-system certificates on a single TLS listener. The certificates are now consolidated into a single filter chain, allowing Envoy to select the correct one. [GH-23212]
- agent: Fix vault provider failure when signing intermediate CA with isCA=true in CSR [GH-23202]
- cli: Added
--aws-iam-endpointflag toconsul logincommand for AWS IAM auth method to support custom IAM endpoint configuration [GH-23109]