mirror of https://github.com/status-im/consul.git
Add known issue for GH-20360. (#20420)
This commit is contained in:
parent
24a7b17a6f
commit
70575760c7
|
@ -1,4 +1,9 @@
|
||||||
## 1.17.2 (January 23, 2024)
|
## 1.17.2 (January 23, 2024)
|
||||||
|
|
||||||
|
KNOWN ISSUES:
|
||||||
|
|
||||||
|
* connect: Consul versions 1.17.2 and 1.16.5 perform excessively strict TLS SAN verification on terminating gateways, which prevents connections outside of the mesh to upstream services. Terminating gateway users are advised to avoid deploying these Consul versions. A fix will be present in a future release of Consul 1.17.3 and 1.16.6. [[GH-20360](https://github.com/hashicorp/consul/issues/20360)]
|
||||||
|
|
||||||
SECURITY:
|
SECURITY:
|
||||||
|
|
||||||
* Upgrade OpenShift container images to use `ubi9-minimal:9.3` as the base image. [[GH-20014](https://github.com/hashicorp/consul/issues/20014)]
|
* Upgrade OpenShift container images to use `ubi9-minimal:9.3` as the base image. [[GH-20014](https://github.com/hashicorp/consul/issues/20014)]
|
||||||
|
@ -163,6 +168,10 @@ BUG FIXES:
|
||||||
|
|
||||||
## 1.16.5 (January 23, 2024)
|
## 1.16.5 (January 23, 2024)
|
||||||
|
|
||||||
|
KNOWN ISSUES:
|
||||||
|
|
||||||
|
* connect: Consul versions 1.17.2 and 1.16.5 perform excessively strict TLS SAN verification on terminating gateways, which prevents connections outside of the mesh to upstream services. Terminating gateway users are advised to avoid deploying these Consul versions. A fix will be present in a future release of Consul 1.17.3 and 1.16.6 [[GH-20360](https://github.com/hashicorp/consul/issues/20360)].
|
||||||
|
|
||||||
SECURITY:
|
SECURITY:
|
||||||
|
|
||||||
* Update RSA key generation to use a key size of at least 2048 bits. [[GH-20112](https://github.com/hashicorp/consul/issues/20112)]
|
* Update RSA key generation to use a key size of at least 2048 bits. [[GH-20112](https://github.com/hashicorp/consul/issues/20112)]
|
||||||
|
|
|
@ -68,6 +68,11 @@ For more detailed information, please refer to the [upgrade details page](/consu
|
||||||
|
|
||||||
The following issues are known to exist in the v1.16.x releases:
|
The following issues are known to exist in the v1.16.x releases:
|
||||||
|
|
||||||
|
- v1.16.5 - Excessively strict TLS SAN verification is performed by terminating gateways,
|
||||||
|
which prevents connections outside of the mesh to upstream services. Terminating gateway
|
||||||
|
users are advised to avoid deploying these Consul versions. A fix will be present in a future
|
||||||
|
release of Consul 1.16.6 [[GH-20360](https://github.com/hashicorp/consul/issues/20360)].
|
||||||
|
|
||||||
- v1.16.0 - v1.16.1 may have issues when a snapshot restore is performed
|
- v1.16.0 - v1.16.1 may have issues when a snapshot restore is performed
|
||||||
and the servers are hosting xDS streams. When this bug triggers, it
|
and the servers are hosting xDS streams. When this bug triggers, it
|
||||||
will cause Envoy to incorrectly populate upstream endpoints. It is
|
will cause Envoy to incorrectly populate upstream endpoints. It is
|
||||||
|
|
|
@ -74,6 +74,15 @@ We are pleased to announce the following Consul updates.
|
||||||
|
|
||||||
For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.
|
For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.
|
||||||
|
|
||||||
|
## Known Issues
|
||||||
|
|
||||||
|
The following issues are known to exist in the v1.17.x releases:
|
||||||
|
|
||||||
|
- v1.17.2 - Excessively strict TLS SAN verification is performed by terminating gateways,
|
||||||
|
which prevents connections outside of the mesh to upstream services. Terminating gateway
|
||||||
|
users are advised to avoid deploying these Consul versions. A fix will be present in a future
|
||||||
|
release of Consul 1.17.3 [[GH-20360](https://github.com/hashicorp/consul/issues/20360)].
|
||||||
|
|
||||||
## Changelogs
|
## Changelogs
|
||||||
|
|
||||||
The changelogs for this major release version and any maintenance versions are listed below.
|
The changelogs for this major release version and any maintenance versions are listed below.
|
||||||
|
|
|
@ -15,6 +15,11 @@ This page is used to document those details separately from the standard
|
||||||
upgrade flow.
|
upgrade flow.
|
||||||
|
|
||||||
## Consul 1.17.x
|
## Consul 1.17.x
|
||||||
|
|
||||||
|
### Known issues
|
||||||
|
|
||||||
|
Consul versions 1.17.2 and 1.16.5 perform excessively strict TLS SAN verification on terminating gateways, which prevents connections outside of the mesh to upstream services. Terminating gateway users are advised to avoid deploying these Consul versions. A fix will be present in a future release of Consul 1.17.3 and 1.16.6 [[GH-20360](https://github.com/hashicorp/consul/issues/20360)].
|
||||||
|
|
||||||
#### Audit Log naming changes (Enterprise)
|
#### Audit Log naming changes (Enterprise)
|
||||||
Prior to Consul 1.17.0, audit logs contained timestamps on both the original log file names as well as rotated log file names.
|
Prior to Consul 1.17.0, audit logs contained timestamps on both the original log file names as well as rotated log file names.
|
||||||
After Consul 1.17.0, only timestamps will be included in rotated log file names.
|
After Consul 1.17.0, only timestamps will be included in rotated log file names.
|
||||||
|
@ -34,6 +39,8 @@ service-defaults are configured in each partition and namespace before upgrading
|
||||||
|
|
||||||
### Known issues
|
### Known issues
|
||||||
|
|
||||||
|
Consul versions 1.17.2 and 1.16.5 perform excessively strict TLS SAN verification on terminating gateways, which prevents connections outside of the mesh to upstream services. Terminating gateway users are advised to avoid deploying these Consul versions. A fix will be present in a future release of Consul 1.17.3 and 1.16.6 [[GH-20360](https://github.com/hashicorp/consul/issues/20360)].
|
||||||
|
|
||||||
Service mesh in Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams.
|
Service mesh in Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams.
|
||||||
When this bug triggers, it causes Envoy to incorrectly populate upstream endpoints. To prevent this issue, service mesh users who run agent-less workloads should upgrade Consul to v1.16.2 or later.
|
When this bug triggers, it causes Envoy to incorrectly populate upstream endpoints. To prevent this issue, service mesh users who run agent-less workloads should upgrade Consul to v1.16.2 or later.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue