From 23fc23b78908cdd52c9547401ed3b1099da27b5a Mon Sep 17 00:00:00 2001 From: Curt Bushko Date: Mon, 9 Oct 2023 19:01:04 -0400 Subject: [PATCH] Update CHANGELOG and proto_public for 1.3.0-rc1 (#292) --- .changelog/133.txt | 2 +- CHANGELOG.md | 38 ++++++++++++++++++++++++++++++++++++++ go.mod | 5 +---- go.sum | 4 ++-- 4 files changed, 42 insertions(+), 7 deletions(-) diff --git a/.changelog/133.txt b/.changelog/133.txt index 5b605cbb..a60a5854 100644 --- a/.changelog/133.txt +++ b/.changelog/133.txt @@ -1,3 +1,3 @@ ```release-note:bug -* Add support for envoy-extra-args. Fixes [Envoy extra-args annotation crashing consul-dataplane container](https://github.com/hashicorp/consul-k8s/issues/1846). +Add support for envoy-extra-args. Fixes [Envoy extra-args annotation crashing consul-dataplane container](https://github.com/hashicorp/consul-k8s/issues/1846). ``` diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e153204..5d1b68e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,41 @@ +## 1.3.0-rc1 (October 10, 2023) + +SECURITY: + +* Update to Go 1.20.7 and Envoy 1.26.4 within the Dockerfile. [[GH-235](https://github.com/hashicorp/consul-dataplane/pull/235)] +* Upgrade to use Go 1.20.6 and `x/net/http` 0.12.0. +This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`). [[GH-219](https://github.com/hashicorp/consul-dataplane/pull/219)] +* Upgrade to use Go 1.20.7 and `x/net` 0.13.0. +This resolves [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`) +and [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978)(`net/html`). [[GH-227](https://github.com/hashicorp/consul-dataplane/pull/227)] +* Upgrade to use Go 1.20.8. This resolves CVEs +[CVE-2023-39320](https://github.com/advisories/GHSA-rxv8-v965-v333) (`cmd/go`), +[CVE-2023-39318](https://github.com/advisories/GHSA-vq7j-gx56-rxjh) (`html/template`), +[CVE-2023-39319](https://github.com/advisories/GHSA-vv9m-32rr-3g55) (`html/template`), +[CVE-2023-39321](https://github.com/advisories/GHSA-9v7r-x7cv-v437) (`crypto/tls`), and +[CVE-2023-39322](https://github.com/advisories/GHSA-892h-r6cr-53g4) (`crypto/tls`) [[GH-261](https://github.com/hashicorp/consul-dataplane/pull/261)] + +FEATURES: + +* Add -shutdown-drain-listeners, -shutdown-grace-period, -graceful-shutdown-path and -graceful-port flags to configure proxy lifecycle management settings for the Envoy container. [[GH-100](https://github.com/hashicorp/consul-dataplane/pull/100)] +* Add HTTP server with configurable port and endpoint path for initiating graceful shutdown. [[GH-115](https://github.com/hashicorp/consul-dataplane/pull/115)] +* Catch SIGTERM and SIGINT to initate graceful shutdown in accordance with proxy lifecycle management configuration. [[GH-130](https://github.com/hashicorp/consul-dataplane/pull/130)] +* Make consul dataplane handle bootstrap param response for Catalog and Mesh V2 resources [[GH-242](https://github.com/hashicorp/consul-dataplane/pull/242)] + +IMPROVEMENTS: + +* Add graceful_startup endpoint and postStart hook in order to guarantee that dataplane starts up before application container. [[GH-239](https://github.com/hashicorp/consul-dataplane/pull/239)] +* Add the `-config-file` flag to support reading configuration options from a JSON file. [[GH-164](https://github.com/hashicorp/consul-dataplane/pull/164)] +* In order to support Windows, write Envoy bootstrap configuration to a regular file instead of a named pipe. [[GH-188](https://github.com/hashicorp/consul-dataplane/pull/188)] +* connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [[GH-184](https://github.com/hashicorp/consul-dataplane/pull/184)] + +BUG FIXES: + +* Add support for envoy-extra-args. Fixes [Envoy extra-args annotation crashing consul-dataplane container](https://github.com/hashicorp/consul-k8s/issues/1846). [[GH-133](https://github.com/hashicorp/consul-dataplane/pull/133)] +* Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [[GH-238](https://github.com/hashicorp/consul-dataplane/pull/238)] +* Fix a bug where exiting envoy would inadvertently throw an error [[GH-175](https://github.com/hashicorp/consul-dataplane/pull/175)] +* Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-140](https://github.com/hashicorp/consul-dataplane/pull/140)] + ## 1.2.0 (June 28, 2023) SECURITY: diff --git a/go.mod b/go.mod index 30a1a328..1be23f0a 100644 --- a/go.mod +++ b/go.mod @@ -2,15 +2,12 @@ module github.com/hashicorp/consul-dataplane go 1.20 -// This replace directive is needed because `api` requires 0.4.1 of proto-public but we need an unreleased version -replace github.com/hashicorp/consul/proto-public v0.4.1 => github.com/hashicorp/consul/proto-public v0.1.2-0.20230929231147-632fd65c091c - require ( dario.cat/mergo v1.0.0 github.com/adamthesax/grpc-proxy v0.0.0-20220525203857-13e92d14f87a github.com/armon/go-metrics v0.4.1 github.com/hashicorp/consul-server-connection-manager v0.1.3 - github.com/hashicorp/consul/proto-public v0.4.1 + github.com/hashicorp/consul/proto-public v0.5.1-rc1 github.com/hashicorp/go-hclog v1.2.2 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-rootcerts v1.0.2 diff --git a/go.sum b/go.sum index 9180b81a..41267f07 100644 --- a/go.sum +++ b/go.sum @@ -147,8 +147,8 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/hashicorp/consul-server-connection-manager v0.1.3 h1:fxsZ15XBNNWhV26yBVdCcnxHwSRgf9wqHGS2ZVCQIhc= github.com/hashicorp/consul-server-connection-manager v0.1.3/go.mod h1:Md2IGKaFJ4ek9GUA0pW1S2R60wpquMOUs27GiD9kZd0= -github.com/hashicorp/consul/proto-public v0.1.2-0.20230929231147-632fd65c091c h1:d1ULTfDs6Hha01yfITC55MPGIsQpv0VqQfS45WZHJiY= -github.com/hashicorp/consul/proto-public v0.1.2-0.20230929231147-632fd65c091c/go.mod h1:KAOxsaELPpA7JX10kMeygAskAqsQnu3SPgeruMhYZMU= +github.com/hashicorp/consul/proto-public v0.5.1-rc1 h1:Qa4/SXx6GMWSWr6jAXc+JrXc23XdQZw70h3h9F43X8U= +github.com/hashicorp/consul/proto-public v0.5.1-rc1/go.mod h1:KAOxsaELPpA7JX10kMeygAskAqsQnu3SPgeruMhYZMU= github.com/hashicorp/consul/sdk v0.13.0 h1:lce3nFlpv8humJL8rNrrGHYSKc3q+Kxfeg3Ii1m6ZWU= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=