SECURITY:
- Update Envoy version to 1.27.2 to address CVE-2023-44487 [GH-315]
- Upgrade
google.golang.org/grpcto 1.56.3. This resolves vulnerability CVE-2023-44487. [GH-323] - Upgrade to use Go 1.20.10 and
x/net0.17.0. This resolves CVE-2023-39325 / CVE-2023-44487. [GH-299]
SECURITY:
- Update to Go 1.20.7 and Envoy 1.26.4 within the Dockerfile. [GH-235]
- Upgrade to use Go 1.20.6 and
x/net/http0.12.0. This resolves CVE-2023-29406(net/http). [GH-219] - Upgrade to use Go 1.20.7 and
x/net0.13.0. This resolves CVE-2023-29409(crypto/tls) and CVE-2023-3978(net/html). [GH-227] - Upgrade to use Go 1.20.8. This resolves CVEs
CVE-2023-39320 (
cmd/go), CVE-2023-39318 (html/template), CVE-2023-39319 (html/template), CVE-2023-39321 (crypto/tls), and CVE-2023-39322 (crypto/tls) [GH-261]
FEATURES:
- Add -shutdown-drain-listeners, -shutdown-grace-period, -graceful-shutdown-path and -graceful-port flags to configure proxy lifecycle management settings for the Envoy container. [GH-100]
- Add HTTP server with configurable port and endpoint path for initiating graceful shutdown. [GH-115]
- Catch SIGTERM and SIGINT to initate graceful shutdown in accordance with proxy lifecycle management configuration. [GH-130]
- Make consul dataplane handle bootstrap param response for Catalog and Mesh V2 resources [GH-242]
IMPROVEMENTS:
- Add graceful_startup endpoint and postStart hook in order to guarantee that dataplane starts up before application container. [GH-239]
- Add the
-config-fileflag to support reading configuration options from a JSON file. [GH-164] - In order to support Windows, write Envoy bootstrap configuration to a regular file instead of a named pipe. [GH-188]
- connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [GH-184]
BUG FIXES:
- Add support for envoy-extra-args. Fixes Envoy extra-args annotation crashing consul-dataplane container. [GH-133]
- Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [GH-238]
- Fix a bug where exiting envoy would inadvertently throw an error [GH-175]
- Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-140]
SECURITY:
- Update go-discover to 214571b6a5309addf3db7775f4ee8cf4d264fd5f within the Dockerfile. [GH-153]
- Update to Envoy 1.26.2 within the Dockerfile. [GH-142]
- Update to Go 1.20.4 and Envoy 1.26.1 within the Dockerfile. [GH-97]
BUG FIXES:
- Reverts #104 fix that caused a downstream error for Ingress/Mesh/Terminating GWs [GH-131]
SECURITY:
- Update to UBI base image to 9.2. [GH-125]
IMPROVEMENTS:
- Update bootstrap configuration to rename envoy_hcp_metrics_bind_socket_dir to envoy_telemetry_collector_bind_socket_dir to remove HCP naming references. [GH-122]
BUG FIXES:
- Reverts #104 fix that caused a downstream error for Ingress/Mesh/Terminating GWs [GH-131]
SECURITY:
- Update to Go 1.20.4 and Envoy 1.25.6 within the Dockerfile. [GH-98]
- Update to UBI base image to 9.2. [GH-125]
- Upgrade to use Go 1.20.4.
This resolves vulnerabilities CVE-2023-24537(
go/scanner), CVE-2023-24538(html/template), CVE-2023-24534(net/textproto) and CVE-2023-24536(mime/multipart). [GH-94]
FEATURES:
- Add envoy_hcp_metrics_bind_socket_dir flag to configure a directory where a unix socket is created. This enables Envoy metrics collection, which will be forwarded to a HCP metrics collector. [GH-90]
IMPROVEMENTS:
- Update bootstrap configuration to rename envoy_hcp_metrics_bind_socket_dir to envoy_telemetry_collector_bind_socket_dir to remove HCP naming references. [GH-122]
BUG FIXES:
- Fix a bug that threw an error when trying to use
$HOST_IPwith metrics URLs. [GH-106] - Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-104]
SECURITY:
- Update to Go 1.20.4 and Envoy 1.24.7 within the Dockerfile. [GH-99]
- Upgrade golang/x/net to 0.7.0
This resolves vulnerability CVE-2022-41723 in
x/net[GH-81] - Upgrade to use Go 1.20.1.
This resolves vulnerabilities CVE-2022-41724 in
crypto/tlsand CVE-2022-41723 innet/http. [GH-78] - Upgrade to use Go 1.20.4.
This resolves vulnerabilities CVE-2023-24537(
go/scanner), CVE-2023-24538(html/template), CVE-2023-24534(net/textproto) and CVE-2023-24536(mime/multipart). [GH-94]
FEATURES:
- Add envoy_hcp_metrics_bind_socket_dir flag to configure a directory where a unix socket is created. This enables Envoy metrics collection, which will be forwarded to a HCP metrics collector. [GH-90]
IMPROVEMENTS:
- Update consul-server-connection-manager to version 0.1.2. [GH-77]
BUG FIXES:
- Fix a bug that threw an error when trying to use
$HOST_IPwith metrics URLs. [GH-106] - Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [GH-104]
SECURITY:
- Update Envoy to 1.25.1 within the Dockerfile. [GH-71]
- Upgrade golang/x/net to 0.7.0
This resolves vulnerability CVE-2022-41723 in
x/net[GH-81] - Upgrade to use Go 1.20.1.
This resolves vulnerabilities CVE-2022-41724 in
crypto/tlsand CVE-2022-41723 innet/http. [GH-78]
FEATURES:
- support Envoy admin access logs. [GH-65]
IMPROVEMENTS:
- Update consul-server-connection-manager to version 0.1.2. [GH-74]
SECURITY:
- Update to Go 1.19.4 and Envoy 1.24.1 within the Dockerfile. [GH-64]
IMPROVEMENTS:
- Update consul-server-connection-manager to version 0.1.1. [GH-66]
Initial release.