ent-changelog-1.15.12

1.15.12 Enterprise (May 14, 2024)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

Enterprise LTS: Consul Enterprise 1.15 is a Long-Term Support (LTS) release.

SECURITY:

• Bump Dockerfile base image to alpine:3.19. [GH-20897]
• Update vault/api to v1.12.2 to address CVE-2024-28180 (removes indirect dependency on impacted go-jose.v2) [GH-20910]
• Upgrade Go to use 1.21.10. This addresses CVEs CVE-2024-24787 and CVE-2024-24788 [GH-21074]
• Upgrade to support Envoy 1.26.8, 1.27.4, 1.27.5, 1.28.2 and 1.28.3. This resolves CVEs CVE-2024-27919 (http2). [GH-20956] and CVE-2024-32475 (auto_sni). [GH-21030]
• Upgrade to support k8s.io/apimachinery v0.18.7 or higher. This resolves CVE CVE-2020-8559. [GH-21030]
• Upgrade to use Go 1.21.9. This resolves CVE CVE-2023-45288 (http2). [GH-20956]
• Upgrade to use golang.org/x/net v0.24.0. This resolves CVE CVE-2023-45288 (x/net). [GH-20956]
• security: Remove coredns/coredns dependency to address CVE-2024-0874 [GH-9245]

BUG FIXES:

• xds: Make TCP external service registered with terminating gateway reachable from peered cluster [GH-19881]