1.8.15 (August 27, 2021)
SECURITY:
- rpc: authorize raft requests CVE-2021-37219 [GH-10933]
IMPROVEMENTS:
- areas: (Enterprise only) Add 15s timeout to opening streams over pooled connections.
- areas: (Enterprise only) Apply backpressure to area gossip packet ingestion when more than 512 packets are waiting to be ingested.
- areas: (Enterprise only) Make implementation of WriteToAddress non-blocking to avoid slowing down memberlist's packetListen routine.
- deps: update to gogo/protobuf v1.3.2 [GH-10813]
BUG FIXES:
- acl: fixes a bug that prevented the default user token from being used to authorize service registration for connect proxies. [GH-10824]
- ca: fixed a bug when ca provider fail and provider state is stuck in
INITIALIZING
state. [GH-10630] - ca: report an error when setting the ca config fail because of an index check. [GH-10657]
- cli: Ensure the metrics endpoint is accessible when Envoy is configured to use
a non-default admin bind address. [GH-10757] - cli: Fix a bug which prevented initializing a watch when using a namespaced
token. [GH-10795] - connect: proxy upstreams inherit namespace from service if none are defined. [GH-10688]
- dns: fixes a bug with edns truncation where the response could exceed the size limit in some cases. [GH-10009]
- txn: fixes Txn.Apply to properly authorize service registrations. [GH-10798]