Skip to content

Commit 6fd0068

Browse files
abhishek-hashicorpabhishek-hashicorp
authored
chore: Updated changelog for 1.18.6 (#22091)
Updated changelog
1 parent 12da08f commit 6fd0068

File tree

1 file changed

+24
-0
lines changed

1 file changed

+24
-0
lines changed

CHANGELOG.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,27 @@
1+
## 1.18.6 Enterprise (January 13, 2025)
2+
3+
Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.
4+
5+
SECURITY:
6+
7+
* Removed ability to use bexpr to filter results without ACL read on endpoint [[GH-21950](https://github.com/hashicorp/consul/issues/21950)]
8+
* Resolved issue where hcl would allow duplicates of the same key in acl policy configuration. [[GH-21908](https://github.com/hashicorp/consul/issues/21908)]
9+
* Update `github.com/golang-jwt/jwt/v4` to v4.5.1 to address [GHSA-29wx-vh33-7x7r](https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r). [[GH-21951](https://github.com/hashicorp/consul/issues/21951)]
10+
* Update `golang.org/x/crypto` to v0.31.0 to address [GO-2024-3321](https://pkg.go.dev/vuln/GO-2024-3321). [[GH-22001](https://github.com/hashicorp/consul/issues/22001)]
11+
* Update `golang.org/x/net` to v0.33.0 to address [GO-2024-3333](https://pkg.go.dev/vuln/GO-2024-3333). [[GH-22021](https://github.com/hashicorp/consul/issues/22021)]
12+
* Update `registry.access.redhat.com/ubi9-minimal` image to 9.5 to address [CVE-2024-3596](https://nvd.nist.gov/vuln/detail/CVE-2024-3596),[CVE-2024-2511](https://nvd.nist.gov/vuln/detail/CVE-2024-2511),[CVE-2024-26458](https://nvd.nist.gov/vuln/detail/CVE-2024-26458). [[GH-22011](https://github.com/hashicorp/consul/issues/22011)]
13+
* api: Enforces strict content-type header validation to protect against XSS vulnerability. [[GH-21930](https://github.com/hashicorp/consul/issues/21930)]
14+
15+
IMPROVEMENTS:
16+
17+
* Upgrade api submodule to 1.28.5 [[GH-22056](https://github.com/hashicorp/consul/issues/22056)]
18+
* snapshot agent: **(Enterprise only)** Implement Service Principal Auth for snapshot agent on azure.
19+
20+
BUG FIXES:
21+
22+
* proxycfg: fix a bug where peered upstreams watches are canceled even when another target needs it. [[GH-21871](https://github.com/hashicorp/consul/issues/21871)]
23+
* state: ensure that identical manual virtual IP updates result in not bumping the modify indexes [[GH-21909](https://github.com/hashicorp/consul/issues/21909)]
24+
125
## 1.18.5 Enterprise (October 29, 2024)
226

327
Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.

0 commit comments

Comments
 (0)