New
v1.20.0 (Enterprise)
1.20.0 (October 14, 2024)
This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.
SECURITY:
- Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [GH-21704]
- Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [GH-21711]
- UI: Remove codemirror linting due to package dependency [GH-21726]
- Upgrade Go to use 1.22.7. This addresses CVE CVE-2024-34155 [GH-21705]
- Upgrade to support aws/aws-sdk-go
v1.55.5 or higher. This resolves CVEs CVE-2020-8911 and CVE-2020-8912. [GH-21684] - ui: Pin a newer resolution of Braces [GH-21710]
- ui: Pin a newer resolution of Codemirror [GH-21715]
- ui: Pin a newer resolution of Markdown-it [GH-21717]
- ui: Pin a newer resolution of ansi-html [GH-21735]
FEATURES:
- grafana: added the dashboards service-to-service dashboard, service dashboard, and consul dataplane dashboard [GH-21806]
- server: remove v2 tenancy, catalog, and mesh experiments [GH-21592]
IMPROVEMENTS:
- security: upgrade ubi base image to 9.4 [GH-21750]
- connect: Add Envoy 1.31 and 1.30 to support matrix [GH-21616]
BUG FIXES:
- jwt-provider: change dns lookup family from the default of AUTO which would prefer ipv6 to ALL if LOGICAL_DNS is used or PREFER_IPV4 if STRICT_DNS is used to gracefully handle transitions to ipv6. [GH-21703]