1.8.10 (April 15, 2021)
SECURITY:
- Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864 [GH-10023]
- audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156
BUG FIXES:
- areas: Fixes a bug which would prevent newer servers in a network areas from connecting to servers running a version of Consul prior to 1.7.3.
- audit-logging: (Enterprise only) Fixed an issue that resulted in usage of the agent master token or managed service provider tokens from being resolved properly. [GH-10013]
- command: when generating envoy bootstrap configs to stdout do not mix informational logs into the json [GH-9980]
- config: correct config key from
advertise_addr_ipv6
toadvertise_addr_wan_ipv6
[GH-9851] - snapshot: fixes a bug that would cause snapshots to be missing all but the first ACL Auth Method. [GH-10025]