0f3c998a20
SECURITY: * Fix Consul Enterprise Namespace Config Entry Replication DoS. Previously an operator with service:write ACL permissions in a Consul Enterprise cluster could write a malicious config entry that caused infinite raft writes due to issues with the namespace replication logic. [CVE-2020-25201] [GH-9024] IMPROVEMENTS: * api: The v1/connect/ca/roots endpoint now accepts a pem=true query parameter and will return a PEM encoded certificate chain of all the certificates that would normally be in the JSON version of the response. [GH-8774] * connect: The Vault provider will now automatically renew the lease of the token used, if supported. [GH-8560] * connect: update supported envoy releases to 1.14.5, 1.13.6, 1.12.7, 1.11.2 for 1.8.x [GH-8999] BUG FIXES: * agent: when enable_central_service_config is enabled ensure agent reload doesn't revert check state to critical [GH-8747] * connect: Fixed an issue where the Vault intermediate was not renewed in the primary datacenter. [GH-8784] * connect: fix Vault provider not respecting IntermediateCertTTL [GH-8646] * connect: fix connect sidecars registered via the API not being automatically deregistered with their parent service after an agent restart by persisting the LocallyRegisteredAsSidecar property. [GH-8924] * fixed a bug that caused logs to be flooded with [WARN] agent.router: Non-server in server-only area [GH-8685] * ui: show correct datacenter for gateways [GH-8704] |
||
|---|---|---|
| .. | ||
| DESCR | ||
| Makefile | ||
| PLIST | ||
| distinfo | ||