2.0.2 (July 8, 2026)
SECURITY:
- Upgrade alpine base image version to 3.24 to address [CVE-2026-41989], [ALPINE-CVE-2026-2100]. [GH-23711]
- dependency: Upgrade Serf and Memberlist to use the latest versions. [GH-23704]
- xds: Return errors when injecting the L4 intention (RBAC) filter or the mTLS transport socket onto an inbound public listener, so the listener is not served without intention enforcement or mTLS. [GH-23686]
FEATURES:
- config-entry(api-gateway): (Enterprise only) Add ExtAuthzFilter to HTTPRoute Filters and gateway-wide ExtAuthz toggle to the api-gateway config entry [GH-23703]
- config-entry: (Enterprise only) Addition of External Processor (ext_proc) Envoy Extension support to api-gateway and connect-proxy [GH-23705]
IMPROVEMENTS:
- ci: upgrade GitHub Actions that used the deprecated Node 20 runtime to Node 24, and restore GOTOOLCHAIN=auto after setup-go so backward-compatibility and integration test lanes resolve the correct Go toolchain. [GH-23687]
- connect: update support for nomad and vault version to v2.0.3 [GH-23624]
- deps: Migrate
armon/go-metricstohashicorp/go-metricsand update Go dependencies across all modules [GH-23635]
BUG FIXES:
- xds: only emit the client cert SDS block when both CertFile and KeyFile are set. [GH-23679]