hashicorp/consul (github.com/hashicorp/consul)
### [`v1.18.1`](https://togithub.com/hashicorp/consul/releases/tag/v1.18.1)
[Compare Source](https://togithub.com/hashicorp/consul/compare/v1.18.0...v1.18.1)
#### 1.18.1 (March 26, 2024)
Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.
BREAKING CHANGES:
- ui: Adds a "Link to HCP Consul Central" modal with integration to side-nav and link to HCP banner. There will be an option to disable the Link to HCP banner from the UI in a follow-up release. \[[GH-20474](https://togithub.com/hashicorp/consul/issues/20474)]
SECURITY:
- Update `google.golang.org/protobuf` to v1.33.0 to address [CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786). \[[GH-20801](https://togithub.com/hashicorp/consul/issues/20801)]
- Update the Consul Build Go base image to `alpine3.19`. This resolves CVEs
[CVE-2023-52425](https://nvd.nist.gov/vuln/detail/CVE-2023-52425)
[CVE-2023-52426](https://nvd.nist.gov/vuln/detail/CVE-2023-52426) \[[GH-20812](https://togithub.com/hashicorp/consul/issues/20812)]
- Upgrade to use Go `1.21.8`. This resolves CVEs
[CVE-2024-24783](https://nvd.nist.gov/vuln/detail/CVE-2024-24783) (`crypto/x509`).
[CVE-2023-45290](https://nvd.nist.gov/vuln/detail/CVE-2023-45290) (`net/http`).
[CVE-2023-45289](https://nvd.nist.gov/vuln/detail/CVE-2023-45289) (`net/http`, `net/http/cookiejar`).
[CVE-2024-24785](https://nvd.nist.gov/vuln/detail/CVE-2024-24785) (`html/template`).
[CVE-2024-24784](https://nvd.nist.gov/vuln/detail/CVE-2024-24784) (`net/mail`). \[[GH-20812](https://togithub.com/hashicorp/consul/issues/20812)]
IMPROVEMENTS:
- api: Randomize the returned server list for the WatchServers gRPC endpoint. \[[GH-20866](https://togithub.com/hashicorp/consul/issues/20866)]
- partitions: **(Enterprise only)** Allow disabling of Gossip per Partition \[[GH-20669](https://togithub.com/hashicorp/consul/issues/20669)]
- snapshot agent: **(Enterprise only)** Add support for multiple snapshot destinations using the `backup_destinations` config file object.
- xds: Improved the performance of xDS server side load balancing. Its slightly improved in Consul CE with drastic CPU usage reductions in Consul Enterprise. \[[GH-20672](https://togithub.com/hashicorp/consul/issues/20672)]
BUG FIXES:
- audit-logs: **(Enterprise Only)** Fixes non ASCII characters in audit logs because of gzip. \[[GH-20345](https://togithub.com/hashicorp/consul/issues/20345)]
- connect: Fix issue where Consul-dataplane xDS sessions would not utilize the streaming backend for wan-federated queries. \[[GH-20868](https://togithub.com/hashicorp/consul/issues/20868)]
- connect: Fix potential goroutine leak in xDS stream handling. \[[GH-20866](https://togithub.com/hashicorp/consul/issues/20866)]
- connect: Fix xDS deadlock that could result in proxies being unable to start. \[[GH-20867](https://togithub.com/hashicorp/consul/issues/20867)]
- ingress-gateway: **(Enterprise Only)** Fix a bug where on update, Ingress Gateways lost all upstreams for listeners with wildcard services in a different namespace.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v1.18.0->v1.18.1Release Notes
hashicorp/consul (github.com/hashicorp/consul)
### [`v1.18.1`](https://togithub.com/hashicorp/consul/releases/tag/v1.18.1) [Compare Source](https://togithub.com/hashicorp/consul/compare/v1.18.0...v1.18.1) #### 1.18.1 (March 26, 2024) Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release. BREAKING CHANGES: - ui: Adds a "Link to HCP Consul Central" modal with integration to side-nav and link to HCP banner. There will be an option to disable the Link to HCP banner from the UI in a follow-up release. \[[GH-20474](https://togithub.com/hashicorp/consul/issues/20474)] SECURITY: - Update `google.golang.org/protobuf` to v1.33.0 to address [CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786). \[[GH-20801](https://togithub.com/hashicorp/consul/issues/20801)] - Update the Consul Build Go base image to `alpine3.19`. This resolves CVEs [CVE-2023-52425](https://nvd.nist.gov/vuln/detail/CVE-2023-52425) [CVE-2023-52426](https://nvd.nist.gov/vuln/detail/CVE-2023-52426) \[[GH-20812](https://togithub.com/hashicorp/consul/issues/20812)] - Upgrade to use Go `1.21.8`. This resolves CVEs [CVE-2024-24783](https://nvd.nist.gov/vuln/detail/CVE-2024-24783) (`crypto/x509`). [CVE-2023-45290](https://nvd.nist.gov/vuln/detail/CVE-2023-45290) (`net/http`). [CVE-2023-45289](https://nvd.nist.gov/vuln/detail/CVE-2023-45289) (`net/http`, `net/http/cookiejar`). [CVE-2024-24785](https://nvd.nist.gov/vuln/detail/CVE-2024-24785) (`html/template`). [CVE-2024-24784](https://nvd.nist.gov/vuln/detail/CVE-2024-24784) (`net/mail`). \[[GH-20812](https://togithub.com/hashicorp/consul/issues/20812)] IMPROVEMENTS: - api: Randomize the returned server list for the WatchServers gRPC endpoint. \[[GH-20866](https://togithub.com/hashicorp/consul/issues/20866)] - partitions: **(Enterprise only)** Allow disabling of Gossip per Partition \[[GH-20669](https://togithub.com/hashicorp/consul/issues/20669)] - snapshot agent: **(Enterprise only)** Add support for multiple snapshot destinations using the `backup_destinations` config file object. - xds: Improved the performance of xDS server side load balancing. Its slightly improved in Consul CE with drastic CPU usage reductions in Consul Enterprise. \[[GH-20672](https://togithub.com/hashicorp/consul/issues/20672)] BUG FIXES: - audit-logs: **(Enterprise Only)** Fixes non ASCII characters in audit logs because of gzip. \[[GH-20345](https://togithub.com/hashicorp/consul/issues/20345)] - connect: Fix issue where Consul-dataplane xDS sessions would not utilize the streaming backend for wan-federated queries. \[[GH-20868](https://togithub.com/hashicorp/consul/issues/20868)] - connect: Fix potential goroutine leak in xDS stream handling. \[[GH-20866](https://togithub.com/hashicorp/consul/issues/20866)] - connect: Fix xDS deadlock that could result in proxies being unable to start. \[[GH-20867](https://togithub.com/hashicorp/consul/issues/20867)] - ingress-gateway: **(Enterprise Only)** Fix a bug where on update, Ingress Gateways lost all upstreams for listeners with wildcard services in a different namespace.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.