Skip to content

Latest commit

 

History

History
658 lines (435 loc) · 41 KB

CHANGELOG.md

File metadata and controls

658 lines (435 loc) · 41 KB

1.6.1 (November 1, 2024)

SECURITY:

  • Upgrade to support Envoy 1.32.1. [GH-661]

1.6.0 (October 15, 2024)

SECURITY:

FEATURES:

  • Added the ability to set the -mode flag. Options available are sidecar and dns-proxy. The system defaults to sidecar. When set to sidecar:
  • DNS Server, xDS Server, and Envoy are enabled.
  • The system validates that -consul-dns-bind-addr and equivalent environment variable must be set to the loopback address. When set to dns-proxy:
  • Only DNS Server is enabled. xDS Server and Envoy are disabled.
  • consul-dns-bind-addr and equivalent environment variable can be set to other values besides the loopback address. [GH-571]
  • Removes the dependence on the v2 catalog and "resource-apis" experiment. [GH-565]

IMPROVEMENTS:

  • Update github.com/hashicorp/consul-server-connection-manager to v0.1.9. [GH-595]
  • Update github.com/hashicorp/go-hclog to v1.5.0. [GH-595]

1.6.0-rc1 (September 20, 2024)

SECURITY:

FEATURES:

  • Added the ability to set the -mode flag. Options available are sidecar and dns-proxy. The system defaults to sidecar. When set to sidecar:
  • DNS Server, xDS Server, and Envoy are enabled.
  • The system validates that -consul-dns-bind-addr and equivalent environment variable must be set to the loopback address. When set to dns-proxy:
  • Only DNS Server is enabled. xDS Server and Envoy are disabled.
  • consul-dns-bind-addr and equivalent environment variable can be set to other values besides the loopback address. [GH-571]
  • Removes the dependence on the v2 catalog and "resource-apis" experiment. [GH-565]

IMPROVEMENTS:

  • Update github.com/hashicorp/consul-server-connection-manager to v0.1.9. [GH-595]
  • Update github.com/hashicorp/go-hclog to v1.5.0. [GH-595]

1.5.0 (June 12, 2024)

IMPROVEMENTS:

  • Upgrade Go to use 1.22.4. [GH-529]
  • Upgrade to support Envoy 1.29.5. [GH-533]
  • dns: queries proxied by consul-dataplane now assume the same namespace/partition/ACL token as the service registered to the dataplane instance. [GH-172]

1.4.2 (May 21, 2024)

SECURITY:

IMPROVEMENTS:

  • Upgrade Go to use 1.22.3. [GH-501]

1.3.5 (May 24, 2024)

SECURITY:

IMPROVEMENTS:

  • Upgrade Go to use 1.22.3. [GH-501]

1.2.8 (May 24, 2024)

SECURITY:

IMPROVEMENTS:

  • Upgrade Go to use 1.22.3. [GH-501]

1.1.11 (May 20, 2024)

SECURITY:

IMPROVEMENTS:

  • Upgrade Go to use 1.22.3. [GH-501]

1.4.1 (March 28, 2024)

SECURITY:

1.3.4 (March 28, 2024)

SECURITY:

1.2.7 (March 28, 2024)

SECURITY:

1.1.10 (March 28, 2024)

SECURITY:

1.4.0 (February 28, 2024)

SECURITY:

FEATURES:

  • Add metrics exporting directly to HCP when configured in core. [GH-370]

IMPROVEMENTS:

  • Propagate merged metrics request query params to Envoy to enable metrics filtering. [GH-372]
  • Update Envoy version from 1.27 to 1.28 [GH-416]

BUG FIXES:

  • Exclude Prometheus scrape path query params from Envoy path match s.t. it does not break merged metrics request routing. [GH-372]

1.3.3 (February 14, 2024)

SECURITY:

IMPROVEMENTS:

  • Upgrade to use Go 1.21.7. [GH-411]

1.2.6 (February 14, 2024)

SECURITY:

IMPROVEMENTS:

  • Upgrade to use Go 1.21.7. [GH-411]

1.1.9 (February 14, 2024)

SECURITY:

IMPROVEMENTS:

  • Upgrade to use Go 1.21.7. [GH-411]

1.3.2 (January 24, 2024)

SECURITY:

  • Upgrade OpenShift container images to use ubi9-minimal:9.3 as the base image. [GH-373]

IMPROVEMENTS:

  • Upgrade to use Go 1.21.6. [GH-384]

1.2.5 (January 24, 2024)

SECURITY:

  • Upgrade OpenShift container images to use ubi9-minimal:9.3 as the base image. [GH-373]

IMPROVEMENTS:

  • Upgrade to use Go 1.21.6. [GH-384]

1.1.8 (January 24, 2024)

SECURITY:

  • Upgrade OpenShift container images to use ubi9-minimal:9.3 as the base image. [GH-373]

IMPROVEMENTS:

  • Upgrade to use Go 1.21.6. [GH-384]

1.3.1 (December 18, 2023)

SECURITY:

  • Update Envoy version to 1.27.2 to address CVE-2023-44487 [GH-314]
  • Upgrade to use Go 1.20.12. This resolves CVEs CVE-2023-45283: (path/filepath) recognize ??\ as a Root Local Device path prefix (Windows) CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows) CVE-2023-39326: (net/http) limit chunked data overhead CVE-2023-45285: (cmd/go) go get may unexpectedly fallback to insecure git [GH-353]

BUG FIXES:

  • Fix issue where the internal grpc-proxy would hit the max message size limit for xDS streams with a large amount of configuration. [GH-357]

1.2.4 (December 18, 2023)

SECURITY:

  • Upgrade to use Go 1.20.12. This resolves CVEs CVE-2023-45283: (path/filepath) recognize ??\ as a Root Local Device path prefix (Windows) CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows) CVE-2023-39326: (net/http) limit chunked data overhead CVE-2023-45285: (cmd/go) go get may unexpectedly fallback to insecure git [GH-353]

BUG FIXES:

  • Fix issue where the internal grpc-proxy would hit the max message size limit for xDS streams with a large amount of configuration. [GH-357]

1.1.7 (December 18, 2023)

SECURITY:

  • Upgrade to use Go 1.20.12. This resolves CVEs CVE-2023-45283: (path/filepath) recognize ??\ as a Root Local Device path prefix (Windows) CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows) CVE-2023-39326: (net/http) limit chunked data overhead CVE-2023-45285: (cmd/go) go get may unexpectedly fallback to insecure git [GH-353]

BUG FIXES:

  • Fix issue where the internal grpc-proxy would hit the max message size limit for xDS streams with a large amount of configuration. [GH-357]

1.3.0 (November 6, 2023)

SECURITY:

1.2.3 (November 1, 2023)

SECURITY:

1.1.6 (November 1, 2023)

SECURITY:

1.0.7 (November 1, 2023)

SECURITY:

1.3.0-rc1 (October 10, 2023)

SECURITY:

FEATURES:

  • Add -shutdown-drain-listeners, -shutdown-grace-period, -graceful-shutdown-path and -graceful-port flags to configure proxy lifecycle management settings for the Envoy container. [GH-100]
  • Add HTTP server with configurable port and endpoint path for initiating graceful shutdown. [GH-115]
  • Catch SIGTERM and SIGINT to initate graceful shutdown in accordance with proxy lifecycle management configuration. [GH-130]
  • Make consul dataplane handle bootstrap param response for Catalog and Mesh V2 resources [GH-242]

IMPROVEMENTS:

  • Add graceful_startup endpoint and postStart hook in order to guarantee that dataplane starts up before application container. [GH-239]
  • Add the -config-file flag to support reading configuration options from a JSON file. [GH-164]
  • In order to support Windows, write Envoy bootstrap configuration to a regular file instead of a named pipe. [GH-188]
  • connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [GH-184]

BUG FIXES:

  • Add support for envoy-extra-args. Fixes Envoy extra-args annotation crashing consul-dataplane container. [GH-133]
  • Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [GH-238]
  • Fix a bug where exiting envoy would inadvertently throw an error [GH-175]
  • Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-140]

1.2.2 (September 5, 2023)

SECURITY:

  • Update to Go 1.20.7 and Envoy 1.26.4 within the Dockerfile. [GH-235]

BUG FIXES:

  • Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [GH-238]

1.1.5 (September 5, 2023)

SECURITY:

  • Update to Go 1.20.7 and Envoy 1.25.9 within the Dockerfile. [GH-236]

BUG FIXES:

  • Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [GH-238]

1.0.6 (September 5, 2023)

SECURITY:

  • Update to Go 1.20.7 and Envoy 1.24.10 within the Dockerfile. [GH-237]

BUG FIXES:

  • Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [GH-238]

1.2.1 (August 9, 2023)

SECURITY:

FEATURES:

  • Add -shutdown-drain-listeners, -shutdown-grace-period, -graceful-shutdown-path and -graceful-port flags to configure proxy lifecycle management settings for the Envoy container. [GH-100]
  • Add HTTP server with configurable port and endpoint path for initiating graceful shutdown. [GH-115]
  • Catch SIGTERM and SIGINT to initate graceful shutdown in accordance with proxy lifecycle management configuration. [GH-130]

IMPROVEMENTS:

  • connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [GH-184]

BUG FIXES:

1.1.4 (August 9, 2023)

SECURITY:

IMPROVEMENTS:

  • connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [GH-184]

BUG FIXES:

  • Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-140]

1.0.5 (August 9, 2023)

SECURITY:

IMPROVEMENTS:

  • connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [GH-184]

BUG FIXES:

  • Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-140]

1.2.0 (June 28, 2023)

SECURITY:

  • Update go-discover to 214571b6a5309addf3db7775f4ee8cf4d264fd5f within the Dockerfile. [GH-153]
  • Update to Envoy 1.26.2 within the Dockerfile. [GH-142]
  • Update to Go 1.20.4 and Envoy 1.26.1 within the Dockerfile. [GH-97]

1.1.3 (June 28, 2023)

SECURITY:

  • Update go-discover to 214571b6a5309addf3db7775f4ee8cf4d264fd5f within the Dockerfile. [GH-153]

FEATURES:

  • Add -shutdown-drain-listeners, -shutdown-grace-period, -graceful-shutdown-path and -graceful-port flags to configure proxy lifecycle management settings for the Envoy container. [GH-100]
  • Add HTTP server with configurable port and endpoint path for initiating graceful shutdown. [GH-115]
  • Catch SIGTERM and SIGINT to initate graceful shutdown in accordance with proxy lifecycle management configuration. [GH-130]

BUG FIXES:

1.0.4 (June 28, 2023)

SECURITY:

  • Update go-discover to 214571b6a5309addf3db7775f4ee8cf4d264fd5f within the Dockerfile. [GH-153]

FEATURES:

  • Add -shutdown-drain-listeners, -shutdown-grace-period, -graceful-shutdown-path and -graceful-port flags to configure proxy lifecycle management settings for the Envoy container. [GH-100]
  • Add HTTP server with configurable port and endpoint path for initiating graceful shutdown. [GH-115]
  • Catch SIGTERM and SIGINT to initate graceful shutdown in accordance with proxy lifecycle management configuration. [GH-130]

BUG FIXES:

1.1.2 (June 1, 2023)

BUG FIXES:

  • Reverts #104 fix that caused a downstream error for Ingress/Mesh/Terminating GWs [GH-131]

1.0.3 (June 1, 2023)

SECURITY:

  • Update to UBI base image to 9.2. [GH-125]

IMPROVEMENTS:

  • Update bootstrap configuration to rename envoy_hcp_metrics_bind_socket_dir to envoy_telemetry_collector_bind_socket_dir to remove HCP naming references. [GH-122]

BUG FIXES:

  • Reverts #104 fix that caused a downstream error for Ingress/Mesh/Terminating GWs [GH-131]

1.1.1 (May 31, 2023)

SECURITY:

FEATURES:

  • Add envoy_hcp_metrics_bind_socket_dir flag to configure a directory where a unix socket is created. This enables Envoy metrics collection, which will be forwarded to a HCP metrics collector. [GH-90]

IMPROVEMENTS:

  • Update bootstrap configuration to rename envoy_hcp_metrics_bind_socket_dir to envoy_telemetry_collector_bind_socket_dir to remove HCP naming references. [GH-122]

BUG FIXES:

  • Fix a bug that threw an error when trying to use $HOST_IP with metrics URLs. [GH-106]
  • Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-104]

1.0.2 (May 16, 2023)

SECURITY:

FEATURES:

  • Add envoy_hcp_metrics_bind_socket_dir flag to configure a directory where a unix socket is created. This enables Envoy metrics collection, which will be forwarded to a HCP metrics collector. [GH-90]

IMPROVEMENTS:

  • Update consul-server-connection-manager to version 0.1.2. [GH-77]

BUG FIXES:

  • Fix a bug that threw an error when trying to use $HOST_IP with metrics URLs. [GH-106]
  • Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-104]

1.1.0 (February 23, 2023)

SECURITY:

FEATURES:

IMPROVEMENTS:

  • Update consul-server-connection-manager to version 0.1.2. [GH-74]

1.0.1 (January 27, 2023)

SECURITY:

  • Update to Go 1.19.4 and Envoy 1.24.1 within the Dockerfile. [GH-64]

IMPROVEMENTS:

  • Update consul-server-connection-manager to version 0.1.1. [GH-66]

1.0.0 (November 16, 2022)

Initial release.