From 9915b47898f09e59125ec4b8cb8a10d9846316d5 Mon Sep 17 00:00:00 2001 From: Derek Menteer <105233703+hashi-derek@users.noreply.github.com> Date: Fri, 1 Sep 2023 15:30:52 -0500 Subject: [PATCH] Add known issue notice for #18636. (#18650) --- CHANGELOG.md | 8 ++++++++ website/content/docs/release-notes/consul/v1_16_x.mdx | 10 ++++++++++ website/content/docs/upgrading/upgrade-specific.mdx | 6 ++++++ 3 files changed, 24 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9cd1efb506..836d47b334 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## 1.16.1 (August 8, 2023) +KNOWN ISSUES: + +* connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636). + SECURITY: * Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)] @@ -136,6 +140,10 @@ https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp ## 1.16.0 (June 26, 2023) +KNOWN ISSUES: + +* connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636). + BREAKING CHANGES: * api: The `/v1/health/connect/` and `/v1/health/ingress/` endpoints now immediately return 403 "Permission Denied" errors whenever a token with insufficient `service:read` permissions is provided. Prior to this change, the endpoints returned a success code with an empty result list when a token with insufficient permissions was provided. [[GH-17424](https://github.com/hashicorp/consul/issues/17424)] diff --git a/website/content/docs/release-notes/consul/v1_16_x.mdx b/website/content/docs/release-notes/consul/v1_16_x.mdx index 616104a709..0c3c3cf3d5 100644 --- a/website/content/docs/release-notes/consul/v1_16_x.mdx +++ b/website/content/docs/release-notes/consul/v1_16_x.mdx @@ -64,6 +64,16 @@ We are pleased to announce the following Consul updates. For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs. +## Known Issues + +The following issues are known to exist in the v1.16.x releases: + +- v1.16.0 - v1.16.1 may have issues when a snapshot restore is performed + and the servers are hosting xDS streams. When this bug triggers, it + will cause Envoy to incorrectly populate upstream endpoints. It is + currently not recommended for service mesh users running agent-less + workloads to upgrade Consul to these versions. + ## Changelogs The changelogs for this major release version and any maintenance versions are listed below. diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index 26d60291ea..f1e7c590c4 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -16,6 +16,12 @@ upgrade flow. ## Consul 1.16.x +#### Known issues + +Service mesh in Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. +When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. Due to this issue, it is currently not recommended for +service mesh users running agent-less workloads to upgrade Consul to these versions. + #### API health endpoints return different status code Consul versions 1.16.0+ now return an error 403 "Permission denied" status