Backport of Add known issue notice for #18636. into release/1.16.x (#18653)

backport of commit a2a903fb81

Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
pull/18664/head
hc-github-team-consul-core 1 year ago committed by GitHub
parent 3764c830a2
commit 99bb3d0102
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1,5 +1,9 @@
## 1.16.1 (August 8, 2023) ## 1.16.1 (August 8, 2023)
KNOWN ISSUES:
* connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636).
SECURITY: SECURITY:
* Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)] * Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
@ -59,6 +63,10 @@ https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp
## 1.16.0 (June 26, 2023) ## 1.16.0 (June 26, 2023)
KNOWN ISSUES:
* connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636).
BREAKING CHANGES: BREAKING CHANGES:
* api: The `/v1/health/connect/` and `/v1/health/ingress/` endpoints now immediately return 403 "Permission Denied" errors whenever a token with insufficient `service:read` permissions is provided. Prior to this change, the endpoints returned a success code with an empty result list when a token with insufficient permissions was provided. [[GH-17424](https://github.com/hashicorp/consul/issues/17424)] * api: The `/v1/health/connect/` and `/v1/health/ingress/` endpoints now immediately return 403 "Permission Denied" errors whenever a token with insufficient `service:read` permissions is provided. Prior to this change, the endpoints returned a success code with an empty result list when a token with insufficient permissions was provided. [[GH-17424](https://github.com/hashicorp/consul/issues/17424)]

@ -64,6 +64,16 @@ We are pleased to announce the following Consul updates.
For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs. For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.
## Known Issues
The following issues are known to exist in the v1.16.x releases:
- v1.16.0 - v1.16.1 may have issues when a snapshot restore is performed
and the servers are hosting xDS streams. When this bug triggers, it
will cause Envoy to incorrectly populate upstream endpoints. It is
currently not recommended for service mesh users running agent-less
workloads to upgrade Consul to these versions.
## Changelogs ## Changelogs
The changelogs for this major release version and any maintenance versions are listed below. The changelogs for this major release version and any maintenance versions are listed below.

@ -16,6 +16,12 @@ upgrade flow.
## Consul 1.16.x ## Consul 1.16.x
#### Known issues
Service mesh in Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams.
When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. Due to this issue, it is currently not recommended for
service mesh users running agent-less workloads to upgrade Consul to these versions.
#### API health endpoints return different status code #### API health endpoints return different status code
Consul versions 1.16.0+ now return an error 403 "Permission denied" status Consul versions 1.16.0+ now return an error 403 "Permission denied" status

Loading…
Cancel
Save