ent-changelog-1.17.5

1.17.5 Enterprise (May 14, 2024)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

SECURITY:

• Bump Dockerfile base image to alpine:3.19. [GH-20897]
• Update vault/api to v1.12.2 to address CVE-2024-28180 (removes indirect dependency on impacted go-jose.v2) [GH-20910]
• Upgrade Go to use 1.21.10. This addresses CVEs CVE-2024-24787 and CVE-2024-24788 [GH-21074]
• Upgrade to support Envoy 1.26.8, 1.27.4, 1.27.5, 1.28.2 and 1.28.3. This resolves CVEs CVE-2024-27919 (http2). [GH-20956] and CVE-2024-32475 (auto_sni). [GH-21030]
• Upgrade to support k8s.io/apimachinery v0.18.7 or higher. This resolves CVE CVE-2020-8559. [GH-21033]
• Upgrade to use Go 1.21.9. This resolves CVE CVE-2023-45288 (http2). [GH-20956]
• Upgrade to use golang.org/x/net v0.24.0. This resolves CVE CVE-2023-45288 (x/net). [GH-20956]
• security: Remove coredns/coredns dependency to address CVE-2024-0874 [GH-9243]

BUG FIXES:

• dns: fix a bug with sameness group queries in DNS where responses did not respect DefaultForFailover. DNS requests against sameness groups without this field set will now error as intended.
• xds: Make TCP external service registered with terminating gateway reachable from peered cluster [GH-19881]