Skip to content

v1.10.4
Compare
Choose a tag to compare
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering released this 11 Nov 20:28
v1.10.4
7bbad6f

1.10.4 (November 11, 2021)

SECURITY:

  • agent: Use SHA256 instead of MD5 to generate persistence file names. [GH-11491]
  • namespaces: (Enterprise only) Creating or editing namespaces that include default ACL policies or ACL roles now requires acl:write permission in the default namespace. This change fixes CVE-2021-41805.

IMPROVEMENTS:

  • ci: Artifact builds will now only run on merges to the release branches or to main [GH-11417]
  • ci: The Linux packages are now available for all supported Linux architectures including arm, arm64, 386, and amd64 [GH-11417]
  • ci: The Linux packaging service configs and pre/post install scripts are now available under [.release/linux] [GH-11417]
  • connect/ca: Return an error when querying roots from uninitialized CA. [GH-11514]
  • telemetry: Add new metrics for the count of connect service instances and configuration entries. [GH-11222]

BUG FIXES:

  • acl: fixes the fallback behaviour of down_policy with setting extend-cache/async-cache when the token is not cached. [GH-11136]
  • api: fixed backwards compatibility issue with AgentService SocketPath field. [GH-11318]
  • connect/ca: Allow secondary initialization to resume after being deferred due to unreachable or incompatible primary DC servers. [GH-11514]
  • connect: fix issue with attempting to generate an invalid upstream cluster from UpstreamConfig.Defaults. [GH-11245]
  • raft: do not trigger an election if not part of the servers list. [GH-11375]
  • rpc: only attempt to authorize the DNSName in the client cert when verify_incoming_rpc=true [GH-11255]
  • server: (Enterprise only) Ensure that servers leave network segments when leaving other gossip pools
  • snapshot: (Enterprise only) snapshot agent no longer attempts to refresh its license from the server when a local license is provided (i.e. via config or an environment variable)
  • telemetry: Consul Clients no longer emit Autopilot metrics. [GH-11241]
  • telemetry: fixes a bug with Prometheus consul_autopilot_failure_tolerance metric where 0 is reported instead of NaN on follower servers. [GH-11399]
  • telemetry: fixes a bug with Prometheus consul_autopilot_healthy metric where 0 is reported instead of NaN on servers. [GH-11231]
  • ui: (Enterprise only) When no namespace is selected, make sure to default to the tokens default namespace when requesting permissions [GH-11472]
  • ui: Ensure we check intention permissions for specific services when deciding
    whether to show action buttons for per service intention actions [GH-11270]
  • ui: Fixed styling of Role remove dialog on the Token edit page [GH-11298]
  • xds: fixes a bug where replacing a mesh gateway node used for WAN federation (with another that has a different IP) could leave gateways in the other DC unable to re-establish the connection [GH-11522]
Assets 2
Loading