1.9.11 (November 11, 2021)
SECURITY:
- agent: Use SHA256 instead of MD5 to generate persistence file names. [GH-11491]
- namespaces: (Enterprise only) Creating or editing namespaces that include default ACL policies or ACL roles now requires
acl:writepermission in the default namespace. This change fixes CVE-2021-41805.
IMPROVEMENTS:
- ci: Artifact builds will now only run on merges to the release branches or to
main[GH-11417] - ci: The Linux packages are now available for all supported Linux architectures including arm, arm64, 386, and amd64 [GH-11417]
- ci: The Linux packaging service configs and pre/post install scripts are now available under [.release/linux] [GH-11417]
- telemetry: Add new metrics for the count of connect service instances and configuration entries. [GH-11222]
BUG FIXES:
- acl: fixes the fallback behaviour of down_policy with setting extend-cache/async-cache when the token is not cached. [GH-11136]
- rpc: only attempt to authorize the DNSName in the client cert when verify_incoming_rpc=true [GH-11255]
- server: (Enterprise only) Ensure that servers leave network segments when leaving other gossip pools
- ui: Fixed styling of Role remove dialog on the Token edit page [GH-11298]
- xds: fixes a bug where replacing a mesh gateway node used for WAN federation (with another that has a different IP) could leave gateways in the other DC unable to re-establish the connection [GH-11522]