ent-changelog-1.17.4

1.17.4 Enterprise (March 26, 2024)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

SECURITY:

• Update google.golang.org/protobuf to v1.33.0 to address CVE-2024-24786. [GH-20801]
• Update the Consul Build Go base image to alpine3.19. This resolves CVEs CVE-2023-52425 CVE-2023-52426 [GH-20812]
• Upgrade to use Go 1.21.8. This resolves CVEs CVE-2024-24783 (crypto/x509). CVE-2023-45290 (net/http). CVE-2023-45289 (net/http, net/http/cookiejar). CVE-2024-24785 (html/template). CVE-2024-24784 (net/mail). [GH-20812]

IMPROVEMENTS:

• api: Randomize the returned server list for the WatchServers gRPC endpoint. [GH-20866]
• snapshot agent: (Enterprise only) Add support for multiple snapshot destinations using the backup_destinations config file object.

BUG FIXES:

• connect: Fix issue where Consul-dataplane xDS sessions would not utilize the streaming backend for wan-federated queries. [GH-20868]
• connect: Fix potential goroutine leak in xDS stream handling. [GH-20866]
• connect: Fix xDS deadlock that could result in proxies being unable to start. [GH-20867]
• dns: SERVFAIL when resolving not found PTR records. [GH-20679]
• ingress-gateway: (Enterprise Only) Fix a bug where on update, Ingress Gateways lost all upstreams for listeners with wildcard services in a different namespace.
• snapshot-agent: (Enterprise only) Fix a bug with static AWS credentials where one of the key id or secret key is provided via config file and the other is provided via an environment variable.