⚠️ Important Notice
We have identified an issue in Consul and Consul Enterprise Feb Patch Release (1.22.4, 1.22.4-ent, 1.21.10-ent, 1.18.20-ent) that requires a corrective patch release.
We recommend that customers avoid using these versions in production environments and wait for the upcoming patch release.
Customers who have upgraded to these versions should temporarily revert to the previous stable release while we prepare a corrected update.
A new patched release is expected by the end of the this month.
Further updates will be shared once the new version is available. We apologize for the inconvenience and appreciate your patience.
1.22.4 (February 18, 2026)
SECURITY:
- security: upgrade go version to 1.25.7 [GH-23204]
- dockerfile: the Consul build Go base image to
alpine3.23 [GH-23194]
- connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
- security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]
IMPROVEMENTS:
- api-gateway: Fixed "duplicate matcher" errors in Envoy when using multiple file-system certificates on a single TLS listener. The certificates are now consolidated into a single filter chain, allowing Envoy to select the correct one. [GH-23212]
- agent: Fix vault provider failure when signing intermediate CA with isCA=true in CSR [GH-23202]
- cli: Added
--aws-iam-endpoint flag to consul login command for AWS IAM auth method to support custom IAM endpoint configuration [GH-23109]
- api: Cancel context check for watches cache fetch to stop execution when manager deregisters the watch. [GH-23157]