v1.20.12 (Enterprise)

1.20.12 (October 30, 2025)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

SECURITY:

security: Adding warning when remote/local script checks are enabled without enabling ACL's [GH-22877]
security: Fixed proxied URL path validation to prevent path traversal. [GH-22671]
security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacksCVE-2025-11374 [GH-22916]
security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves CVE-2025-11375. [GH-22836]
security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves CVE-2025-11392. [GH-22850]

FEATURES:

install: Updated license information displayed during post-install

IMPROVEMENTS:

api: Added a new API (/v1/operator/utilization) to support enterprise API for Manual Snapshot Reporting [GH-22837]
cmd: Added new subcommand consul operator utilization [-today-only] [-message] [-y] to generate a bundle with census utilization snapshot. Main flow is implemented in consul-enterprise http: Added a new API Handler for /v1/operator/utilization. Core functionality to be implemented in consul-enterprise agent: Always enabled census metrics collection with configurable option to export it to Hashicorp Reporting [GH-22843]
security: Upgrade golang to 1.25.3. [GH-22926]
ui: Fixes computed property override issues currently occurring and in some cases pre-emptively as this has been deprecated in ember v4 [GH-22947]
ui: Improved accessibility features in the Consul UI to enhance usability for users with disabilities [GH-22770]
ui: Replace yarn with pnpm for package management [GH-22790]
ui: Replaced reopen() calls with direct property assignment and subclassing to resolve Ember component reopen deprecation warnings [GH-22971]

BUG FIXES:

cmd: Fix consul operator utilization --help to show only available options without extra parameters. [GH-22912]
ui: fixes the issue where namespaces where disappearing and Welcome to Namespace screen showed up after tab switching [GH-22789]
ui: fixes the issue where when doing deletes of multiple tokens or policies, the three dots on the right hand side stops responding after the first delete. [GH-22752]

1.20.12 (October 30, 2025)

SECURITY:

security: Adding warning when remote/local script checks are enabled without enabling ACL's [GH-22877]

security: Fixed proxied URL path validation to prevent path traversal. [GH-22671]

security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacksCVE-2025-11374 [GH-22916]

security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves CVE-2025-11375. [GH-22836]

security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves CVE-2025-11392. [GH-22850]

FEATURES:

install: Updated license information displayed during post-install

IMPROVEMENTS:

api: Added a new API (/v1/operator/utilization) to support enterprise API for Manual Snapshot Reporting [GH-22837]

cmd: Added new subcommand consul operator utilization [-today-only] [-message] [-y] to generate a bundle with census utilization snapshot. Main flow is implemented in consul-enterprise http: Added a new API Handler for /v1/operator/utilization. Core functionality to be implemented in consul-enterprise agent: Always enabled census metrics collection with configurable option to export it to Hashicorp Reporting [GH-22843]

security: Upgrade golang to 1.25.3. [GH-22926]

ui: Fixes computed property override issues currently occurring and in some cases pre-emptively as this has been deprecated in ember v4 [GH-22947]

ui: Improved accessibility features in the Consul UI to enhance usability for users with disabilities [GH-22770]

ui: Replace yarn with pnpm for package management [GH-22790]

ui: Replaced reopen() calls with direct property assignment and subclassing to resolve Ember component reopen deprecation warnings [GH-22971]

BUG FIXES:

cmd: Fix consul operator utilization --help to show only available options without extra parameters. [GH-22912]

ui: fixes the issue where namespaces where disappearing and Welcome to Namespace screen showed up after tab switching [GH-22789]

ui: fixes the issue where when doing deletes of multiple tokens or policies, the three dots on the right hand side stops responding after the first delete. [GH-22752]

consul

1.20.12 (October 30, 2025)

More Go Projects

ollama

kubernetes

frp

gin

More Go Projects

ollama

kubernetes

frp

gin

v1.20.12 (Enterprise)

1.20.12 (October 30, 2025)