v1.2.4

1.2.4 (December 18, 2023)

SECURITY:

• Upgrade to use Go 1.20.12. This resolves CVEs
  CVE-2023-45283: (path/filepath) recognize ??\ as a Root Local Device path prefix (Windows)
  CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows)
  CVE-2023-39326: (net/http) limit chunked data overhead
  CVE-2023-45285: (cmd/go) go get may unexpectedly fallback to insecure git [GH-353]

BUG FIXES:

• Fix issue where the internal grpc-proxy would hit the max message size limit for xDS streams with a large amount of configuration. [GH-357]

v1.1.7

1.1.7 (December 18, 2023)

SECURITY:

• Upgrade to use Go 1.20.12. This resolves CVEs
  CVE-2023-45283: (path/filepath) recognize ??\ as a Root Local Device path prefix (Windows)
  CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows)
  CVE-2023-39326: (net/http) limit chunked data overhead
  CVE-2023-45285: (cmd/go) go get may unexpectedly fallback to insecure git [GH-353]

BUG FIXES:

• Fix issue where the internal grpc-proxy would hit the max message size limit for xDS streams with a large amount of configuration. [GH-357]

v1.3.0

1.3.0 (November 6, 2023)

SECURITY:

• Update Envoy version to 1.27.2 to address CVE-2023-44487 [GH-315]
• Upgrade google.golang.org/grpc to 1.56.3.
  This resolves vulnerability CVE-2023-44487. [GH-323]
• Upgrade to use Go 1.20.10 and x/net 0.17.0.
  This resolves CVE-2023-39325
  / CVE-2023-44487. [GH-299]

v1.2.3

1.2.3 (November 1, 2023)

SECURITY:

• Update Envoy version to 1.26.6 to address CVE-2023-44487 [GH-313]
• Upgrade google.golang.org/grpc to 1.56.3.
  This resolves vulnerability CVE-2023-44487. [GH-323]
• Upgrade to use Go 1.20.10 and x/net 0.17.0.
  This resolves CVE-2023-39325
  / CVE-2023-44487. [GH-299]
• Upgrade to use Go 1.20.8. This resolves CVEs
  CVE-2023-39320 (cmd/go),
  CVE-2023-39318 (html/template),
  CVE-2023-39319 (html/template),
  CVE-2023-39321 (crypto/tls), and
  CVE-2023-39322 (crypto/tls) [GH-261]

v1.1.6

1.1.6 (November 1, 2023)

SECURITY:

• Update Envoy version to 1.25.11 to address CVE-2023-44487 [GH-312]
• Upgrade google.golang.org/grpc to 1.56.3.
  This resolves vulnerability CVE-2023-44487. [GH-323]
• Upgrade to use Go 1.20.10 and x/net 0.17.0.
  This resolves CVE-2023-39325
  / CVE-2023-44487. [GH-299]
• Upgrade to use Go 1.20.8. This resolves CVEs
  CVE-2023-39320 (cmd/go),
  CVE-2023-39318 (html/template),
  CVE-2023-39319 (html/template),
  CVE-2023-39321 (crypto/tls), and
  CVE-2023-39322 (crypto/tls) [GH-261]

v1.0.7

1.0.7 (November 1, 2023)

SECURITY:

• Update Envoy version to 1.24.12 to address CVE-2023-44487 [GH-311]
• Upgrade google.golang.org/grpc to 1.56.3.
  This resolves vulnerability CVE-2023-44487. [GH-323]
• Upgrade to use Go 1.20.10 and x/net 0.17.0.
  This resolves CVE-2023-39325
  / CVE-2023-44487. [GH-299]
• Upgrade to use Go 1.20.8. This resolves CVEs
  CVE-2023-39320 (cmd/go),
  CVE-2023-39318 (html/template),
  CVE-2023-39319 (html/template),
  CVE-2023-39321 (crypto/tls), and
  CVE-2023-39322 (crypto/tls) [GH-261]

v1.3.0-rc1

1.3.0-rc1 (October 10, 2023)

SECURITY:

• Update to Go 1.20.7 and Envoy 1.26.4 within the Dockerfile. [GH-235]
• Upgrade to use Go 1.20.6 and x/net/http 0.12.0.
  This resolves CVE-2023-29406(net/http). [GH-219]
• Upgrade to use Go 1.20.7 and x/net 0.13.0.
  This resolves CVE-2023-29409(crypto/tls)
  and CVE-2023-3978(net/html). [GH-227]
• Upgrade to use Go 1.20.8. This resolves CVEs
  CVE-2023-39320 (cmd/go),
  CVE-2023-39318 (html/template),
  CVE-2023-39319 (html/template),
  CVE-2023-39321 (crypto/tls), and
  CVE-2023-39322 (crypto/tls) [GH-261]

FEATURES:

• Add -shutdown-drain-listeners, -shutdown-grace-period, -graceful-shutdown-path and -graceful-port flags to configure proxy lifecycle management settings for the Envoy container. [GH-100]
• Add HTTP server with configurable port and endpoint path for initiating graceful shutdown. [GH-115]
• Catch SIGTERM and SIGINT to initate graceful shutdown in accordance with proxy lifecycle management configuration. [GH-130]
• Make consul dataplane handle bootstrap param response for Catalog and Mesh V2 resources [GH-242]

IMPROVEMENTS:

• Add graceful_startup endpoint and postStart hook in order to guarantee that dataplane starts up before application container. [GH-239]
• Add the -config-file flag to support reading configuration options from a JSON file. [GH-164]
• In order to support Windows, write Envoy bootstrap configuration to a regular file instead of a named pipe. [GH-188]
• connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [GH-184]

BUG FIXES:

• Add support for envoy-extra-args. Fixes Envoy extra-args annotation crashing consul-dataplane container. [GH-133]
• Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [GH-238]
• Fix a bug where exiting envoy would inadvertently throw an error [GH-175]
• Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-140]

v1.2.2

1.2.2 (September 5, 2023)

SECURITY:

• Update to Go 1.20.7 and Envoy 1.26.4 within the Dockerfile. [GH-235]

BUG FIXES:

• Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [GH-238]

v1.1.5

1.1.5 (September 5, 2023)

SECURITY:

• Update to Go 1.20.7 and Envoy 1.25.9 within the Dockerfile. [GH-236]

BUG FIXES:

• Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [GH-238]

v1.0.6

1.0.6 (September 5 2023)

SECURITY:

• Update to Go 1.20.7 and Envoy 1.24.10 within the Dockerfile. [GH-237]

BUG FIXES:

• Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [GH-238]