1.8.9 (March 04, 2021)
IMPROVEMENTS:
- cli: Add new
-cluster-id
andcommon-name
toconsul tls ca create
to support creating a CA for Consul Connect. [GH-9585] - connect: if the token given to the vault provider returns no data avoid a panic [GH-9806]
- connect: update supported envoy point releases to 1.14.6, 1.13.7, 1.12.7, 1.11.2 [GH-9739]
- license: (Enterprise only) Temporary client license duration was increased from 30m to 6h.
- server: use the presense of stored federation state data as a sign that we already activated the federation state feature flag [GH-9519]
- xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel [GH-9765]
BUG FIXES:
- api: Remove trailing periods from the gateway internal HTTP API endpoint [GH-9752]
- cache: Prevent spamming the logs for days when a cached request encounters an "ACL not found" error. [GH-9738]
- connect: connect CA Roots in the primary datacenter should use a SigningKeyID derived from their local intermediate [GH-9428]
- proxycfg: avoid potential deadlock in delivering proxy snapshot to watchers. [GH-9689]
- server: When wan federating via mesh gateways after initial federation default to using the local mesh gateways unless the heuristic indicates a bypass is required. [GH-9528]
- server: When wan federating via mesh gateways only do heuristic primary DC bypass on the leader. [GH-9366]
- xds: deduplicate mesh gateway listeners by address in a stable way to prevent some LDS churn [GH-9650]
- xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists; also prevent some flaps in terminating gateways as well [GH-9651]