v1.9.9
hc-github-team-consul-core
released this
27 Aug 20:56
·
8330 commits
to main
since this release
1.9.9 (August 27, 2021)
SECURITY:
- rpc: authorize raft requests CVE-2021-37219 [GH-10932]
IMPROVEMENTS:
- areas: (Enterprise only) Add 15s timeout to opening streams over pooled connections.
- areas: (Enterprise only) Apply backpressure to area gossip packet ingestion when more than 512 packets are waiting to be ingested.
- areas: (Enterprise only) Make implementation of WriteToAddress non-blocking to avoid slowing down memberlist's packetListen routine.
- deps: update to gogo/protobuf v1.3.2 [GH-10813]
BUG FIXES:
- acl: fixes a bug that prevented the default user token from being used to authorize service registration for connect proxies. [GH-10824]
- ca: fixed a bug when ca provider fail and provider state is stuck in
INITIALIZING
state. [GH-10630] - ca: report an error when setting the ca config fail because of an index check. [GH-10657]
- cli: Ensure the metrics endpoint is accessible when Envoy is configured to use
a non-default admin bind address. [GH-10757] - cli: Fix a bug which prevented initializing a watch when using a namespaced
token. [GH-10795] - connect: proxy upstreams inherit namespace from service if none are defined. [GH-10688]
- dns: fixes a bug with edns truncation where the response could exceed the size limit in some cases. [GH-10009]
- txn: fixes Txn.Apply to properly authorize service registrations. [GH-10798]
- ui: Fix dropdown option duplication in the new intentions form [GH-10706]
- ui: Hide all metrics for ingress gateway services [GH-10858]
- ui: Properly encode non-URL safe characters in OIDC responses [GH-10901]
- ui: fixes a bug with some service failovers not showing the routing tab visualization [GH-10913]