v1.1.18

1.1.18 (January 15, 2025)

SECURITY:

• updated golang.org/x/net dependency to 0.34.0 to fix vulnerability [GO-2024-3333] in CLI, CNI, acceptance and control-plane submodule.[PR-4459]

v1.4.8

1.4.8 (January 15, 2025)

BUG FIXES:

• cli: fix issue where the consul-k8s proxy list command does not include API gateways. [GH-4426]
• connect-inject: fix issue where the ACL policy for the connect-injector included the acl = "write" rule twice when namespaces were not enabled. [GH-4434]

SECURITY:

• updated golang.org/x/net dependency to 0.34.0 to fix vulnerability [GO-2024-3333] in CLI, CNI, acceptance and control-plane submodule.[PR-4458]

v1.5.5

1.5.5 (January 10, 2025)

IMPROVEMENTS:

• cli: Introduce gateway list for collecting multiple components of all gateways' configuration by running a single command. [GH-4433]
• cli: Introduce gateway read for collecting multiple components of a gateway's configuration by running a single command. [GH-4432]
• Updated consul/api, envoyextensions & troubleshoot submodules [PR-4456]

BUG FIXES:

• cli: fix issue where the consul-k8s proxy list command does not include API gateways. [GH-4426]
• connect-inject: fix issue where the ACL policy for the connect-injector included the acl = "write" rule twice when namespaces were not enabled. [GH-4434]

SECURITY:

• updated golang.org/x/net dependency to 0.34.0 to fix vulnerability [GO-2024-3333] in CLI, CNI, acceptance and control-plane submodule.[PR-4456]

v1.6.2

1.6.2 (January 7, 2025)

IMPROVEMENTS:

• cli: Introduce gateway list for collecting multiple components of all gateways' configuration by running a single command. [GH-4433]
• cli: Introduce gateway read for collecting multiple components of a gateway's configuration by running a single command. [GH-4432]
• Updated consul/api, envoyextensions & troubleshoot submodules [PR-4451]

BUG FIXES:

• cli: fix issue where the consul-k8s proxy list command does not include API gateways. [GH-4426]
• connect-inject: fix issue where the ACL policy for the connect-injector included the acl = "write" rule twice when namespaces were not enabled. [GH-4434]

SECURITY:

• updated golang.org/x/net dependency to 0.34.0 to fix vulnerability [GO-2024-3333] in CLI, CNI, acceptance and control-plane submodule.[PR-4452]

v1.1.17

1.1.17- (November 4, 2023)

SECURITY:

• Upgrade Go to use 1.22.7. This addresses CVE
  CVE-2024-34155 [GH-4313]
• crd: Add contains and ignoreCase to the Intentions CRD to support configuring L7 Header intentions resilient to variable casing and multiple header values. [GH-4385]
• crd: Add http.incoming.requestNormalization to the Mesh CRD to support configuring service traffic request normalization. [GH-4385]

IMPROVEMENTS:

• helm: Exclude gke namespaces from being connect-injected when the connect-inject: default: true value is set. [GH-4333]

BUG FIXES:

• sync-catalog: Enable the user to purge the registered services by passing parent node and necessary filters. [GH-4255]

v1.6.1

1.6.1 (November 4, 2023)

SECURITY:

• crd: Add contains and ignoreCase to the Intentions CRD to support configuring L7 Header intentions resilient to variable casing and multiple header values. [GH-4385]
• crd: Add http.incoming.requestNormalization to the Mesh CRD to support configuring service traffic request normalization. [GH-4385]

IMPROVEMENTS:

• catalog-sync: Added field to helm chart to purge all services registered with catalog-sync from consul on disabling of catalog-sync. [GH-4378]

BUG FIXES:

• api-gateway: global.imagePullSecrets are now configured on the ServiceAccount for Gateways.

Note: the referenced image pull Secret(s) must be present in the same namespace the Gateway is deployed to. [GH-4316]

• helm: fix issue where the API Gateway GatewayClassConfig tolerations can not be parsed by the Helm chart. [GH-4315]

v1.5.4

1.5.4 (November 4, 2023)

SECURITY:

• Upgrade Go to use 1.22.7. This addresses CVE
  CVE-2024-34155 [GH-4313]
• crd: Add contains and ignoreCase to the Intentions CRD to support configuring L7 Header intentions resilient to variable casing and multiple header values. [GH-4385]
• crd: Add http.incoming.requestNormalization to the Mesh CRD to support configuring service traffic request normalization. [GH-4385]

IMPROVEMENTS:

• connect-inject: remove unnecessary resource permissions from connect-inject ClusterRole [GH-4307]
• helm: Exclude gke namespaces from being connect-injected when the connect-inject: default: true value is set. [GH-4333]

BUG FIXES:

• api-gateway: global.imagePullSecrets are now configured on the ServiceAccount for Gateways.

Note: the referenced image pull Secret(s) must be present in the same namespace the Gateway is deployed to. [GH-4316]

• helm: fix issue where the API Gateway GatewayClassConfig tolerations can not be parsed by the Helm chart. [GH-4315]
• sync-catalog: Enable the user to purge the registered services by passing parent node and necessary filters. [GH-4255]

v1.4.7

1.4.7 (November 4, 2023)

SECURITY:

• Upgrade Go to use 1.22.7. This addresses CVE
  CVE-2024-34155 [GH-4313]
• crd: Add contains and ignoreCase to the Intentions CRD to support configuring L7 Header intentions resilient to variable casing and multiple header values. [GH-4385]
• crd: Add http.incoming.requestNormalization to the Mesh CRD to support configuring service traffic request normalization. [GH-4385]

IMPROVEMENTS:

• connect-inject: remove unnecessary resource permissions from connect-inject ClusterRole [GH-4307]
• helm: Exclude gke namespaces from being connect-injected when the connect-inject: default: true value is set. [GH-4333]

BUG FIXES:

• api-gateway: global.imagePullSecrets are now configured on the ServiceAccount for Gateways.

Note: the referenced image pull Secret(s) must be present in the same namespace the Gateway is deployed to. [GH-4316]

• helm: fix issue where the API Gateway GatewayClassConfig tolerations can not be parsed by the Helm chart. [GH-4315]
• sync-catalog: Enable the user to purge the registered services by passing parent node and necessary filters. [GH-4255]

v1.6.0

1.6.0 (October 16, 2024)

NOTE: Consul K8s 1.6.x is compatible with Consul 1.20.x and Consul Dataplane 1.6.x. Refer to our compatibility matrix for more info.

SECURITY:

• Upgrade Go to use 1.22.7. This addresses CVE
  CVE-2024-34155 [GH-4313]

IMPROVEMENTS:

• dns-proxy: add the ability to deploy a DNS proxy within the kubernetes cluster that forwards DNS requests to the consul server and can be configured with an ACL token and make partition aware DNS requests. [GH-4300]
• sync-catalog: expose prometheus scrape metrics on sync-catalog pods [GH-4212]
• connect-inject: remove unnecessary resource permissions from connect-inject ClusterRole [GH-4307]
• helm: Exclude gke namespaces from being connect-injected when the connect-inject: default: true value is set. [GH-4333]

BUG FIXES:

• control-plane: add missing $HOST_IP environment variable to consul-dataplane sidecar containers [GH-4277]
• helm: Fix ArgoCD hooks related annotations on server-acl-init Job, they must be added at Job definition and not template level. [GH-3989]
• sync-catalog: Enable the user to purge the registered services by passing parent node and necessary filters. [GH-4255]

v1.6.0-rc1

1.6.0-rc1 (September 20, 2024)

SECURITY:

• Upgrade Go to use 1.22.7. This addresses CVE
  CVE-2024-34155 [GH-4313]

IMPROVEMENTS:

• dns-proxy: add the ability to deploy a DNS proxy within the kubernetes cluster that forwards DNS requests to the consul server and can be configured with an ACL token and make partition aware DNS requests. [GH-4300]
• sync-catalog: expose prometheus scrape metrics on sync-catalog pods [GH-4212]
• connect-inject: remove unnecessary resource permissions from connect-inject ClusterRole [GH-4307]
• helm: Exclude gke namespaces from being connect-injected when the connect-inject: default: true value is set. [GH-4333]

BUG FIXES:

• control-plane: add missing $HOST_IP environment variable to consul-dataplane sidecar containers [GH-4277]
• helm: Fix ArgoCD hooks related annotations on server-acl-init Job, they must be added at Job definition and not template level. [GH-3989]
• sync-catalog: Enable the user to purge the registered services by passing parent node and necessary filters. [GH-4255]