releases.shpreview
HashiCorp/Consul

Consul

Mon
Wed
Fri
JulAugSepOctNovDecJanFebMarAprMayJunJul
Less
More
Releases6Avg2/moVersionsv1.22.7 to v2.0.2
v2.0.2

Upgraded Alpine base image to 3.24 to address CVE-2026-41989 and ALPINE-CVE-2026-2100, and upgraded Serf and Memberlist to their latest versions. XDS now returns errors when injecting L4 intention (RBAC) filter or mTLS transport socket onto inbound public listeners without enforcement, preventing listeners from being served without intention enforcement or mTLS. Also added ExtAuthzFilter support to HTTPRoute Filters and gateway-wide ExtAuthz toggle for api-gateway (Enterprise only), and External Processor (ext_proc) Envoy Extension support for api-gateway and connect-proxy (Enterprise only).

Read more →
v2.0.1

Fixed a bug where renaming or rejoining a server could evict the live leader from the internal server lookup, causing Raft leader errors on follower RPCs. Inbound HTTP requests now have the x-forwarded-client-cert header stripped before forwarding to local services. Also includes Go and Envoy security upgrades, OIDC/JWT claim mapping support for auth method token names, and product telemetry export cadence preservation across restarts.

Read more →
v2.0.0

Applied HTTP request path normalization on API Gateway and Terminating Gateway listeners to prevent L7 intention RBAC bypass via non-normalized paths (CVE-2024-10005). Enterprise deployments gain a new "rate-limit" config entry that enables dynamic, cluster-wide RPC rate limiting stored in Raft and automatically replicated to all servers. Also upgraded Envoy to 1.37.2, Go to 1.26, and patched multiple curl CVEs in the Docker container image.

Read more →
v2.0.0-rc2

Fixed CVE-2024-10005, an L7 intention RBAC bypass via non-normalized HTTP request paths on api-gateway and terminating-gateway listeners. Also fixed transaction endpoint authorization bypasses where service and check mutations could be authorized using request-provided names while applying changes by ID, including a bypass using the reserved consul service name. Increased default HTTP timeouts to 15 minutes to support long-polling blocking queries while maintaining Slowloris protection.

Read more →

⚠️ Important Notice

We have identified an issue in Consul and Consul Enterprise Feb Patch Release (1.22.4, 1.22.4-ent, 1.21.10-ent, 1.18.20-ent) that requires a corrective patch release.

**We recommend that customers avoid using these versions in production…

Read more →

1.22.3 (January 23, 2026)

SECURITY:

  • Update the Consul Build Go base image to alpine3.23.2 [GH-23138]

IMPROVEMENTS:

  • api: Add consul services imported-services and new api(/v1/exported-services) command to…
Read more →
ent-changelog-1.22.0

1.22.0+ent (October 24, 2025)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or…

Read more →
ent-changelog-1.20.13

1.20.13+ent (November 17, 2025)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

Read more →
ent-changelog-1.20.12

1.20.12 (October 30, 2025)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

Read more →
ent-changelog-1.20.11

1.20.11+ent (September 21, 2025)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

Read more →
ent-changelog-1.20.10

1.20.10 Enterprise (August 13, 2025)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or…

Read more →
ent-changelog-1.20.9

1.20.9 Enterprise (July 28, 2025)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or…

Read more →
ent-changelog-1.20.8

1.20.8 Enterprise (June 18, 2025)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or…

Read more →
ent-changelog-1.20.0

1.20.0 (October 14, 2024)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

Read more →
ent-changelog-1.19.13

1.19.13+ent (September 21, 2025)

This release is created to share the Consul Enterprise changelog and notify consumers of availability. The attached source and assets do not include Consul Enterprise code and should not be used in place of official Docker images or binaries.

Read more →
Last Checked
19h ago
Latest
v2.0.2
Tracking since Jan 23, 2024