* server: fix panic when deleting a non existent intention
* add changelog
* Always return an error when deleting non-existent ixn
Co-authored-by: freddygv <gh@freddygv.xyz>
* server: fix panic when deleting a non existent intention
* add changelog
* Always return an error when deleting non-existent ixn
Co-authored-by: freddygv <gh@freddygv.xyz>
* changelog: add post-rc1 entries
* changelog: regenerate entries from LAST_RELEASE_GIT_TAG=v1.8.4, remove beta releases
* changelog: tweak categories for a few entries and add Go 1.15 note
* changelog: apply category changes to CHANGELOG.md
manually remove Go 1.14 upgrade note and two intermediate UI bug fix
entries for the new topology feature
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
--
This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
--
This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
--
This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
* ui: Ensure search is enabled for child items in the ACLs area
* Refactor comparators to reuse some utility functions
* Add search and sorting to the ACLs child selector
* Add tests for searching within child selectors
* Allow sorting by CreateIndex
* ui: Ensure search is enabled for child items in the ACLs area
* Refactor comparators to reuse some utility functions
* Add search and sorting to the ACLs child selector
* Add tests for searching within child selectors
* Allow sorting by CreateIndex
* ui: Fixup service instance healthcheck list not to show ghost check
If the proxy is undefined, then an undefined vaule is appended to the
list of checks
* There are only 6 checks in the mocks so only expect 6
Daniel Nephin
Mike Morris
David Yu
hashicorp-ci
R.B. Boyer
John Cowen
Kit Patella
Freddy
Sabeen Syed
Kenia