github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
21,517 Commits
1,703 Branches
464 Tags
722 MiB
Commit Graph

21517 Commits (backport/bump/sec-deps/briefly-exotic-dassie)

Author SHA1 Message Date
Abhishek Sahu 0d85d3ceca
Merge branch 'release/1.20.x' into backport/bump/sec-deps/briefly-exotic-dassie 2025-01-24 18:23:10 +05:30
Abhishek Sahu a48420f7ba
Bump VERSION for 1.20.x (#22099) 
Update VERSION
 2025-01-23 10:07:35 +05:30
Abhishek Sahu 6289cf665c
chore: Updated changelog for 1.20.2 (#22094) 2025-01-22 17:54:40 +05:30
dduzgun-security 09d0c25fdb backport of commit ce1c0580ef 2025-01-20 20:19:54 +00:00
dduzgun-security 6062ae4eba backport of commit a587b51c8a 2025-01-20 19:53:52 +00:00
dduzgun-security ceb22caf46 backport of commit 9c8ed4b790 2025-01-20 19:31:30 +00:00
dduzgun-security 77c4e2bc21 backport of commit a940f8bb63 2025-01-20 19:23:28 +00:00
hc-github-team-consul-core 4ad72ffece
Backport of NET-11798: Set APIGateway TLSConfig if unset or empty into release/1.20.x (#22076) 
* backport of commit 30bc9b5277

* backport of commit 02efb3372d

* backport of commit 7045225a24

* Update 21984.txt

* NET-11798: Set APIGateway TLSConfig if unset or empty (#21984)

* NET-11798: Set APIGateway TLSConfig if unset or empty

* add changelog

* update golden file tests

* add missing golden files

* Update .changelog/21984.txt

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* remove use of reflect library and check if object is empty instead

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* remove unused library

---------

Co-authored-by: NiniOak <anita.akaeze@hashicorp.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
 2025-01-16 11:36:51 -06:00
hc-github-team-consul-core 638ff3cc59
Backport of Added labels for redhat validation into release/1.20.x (#22048) 
backport of commit c362c6be1f

Co-authored-by: Abhishek <abhishek.sahu@hashicorp.com>
 2025-01-03 13:16:58 +05:30
Abhishek Sahu e71b525b7a
Update the submodules for 1.20.x (#22034) 2024-12-24 20:33:39 +05:30
Abhishek Sahu 3bba4b20fa
Revert "Update api submodule versions to v1.31.0 for envoyextensions" (#22033) 
Revert "Update api submodule versions to v1.31.0 for envoyextensions (#22032)"

This reverts commit 6e4411d1d9.
 2024-12-24 02:16:37 +05:30
Abhishek Sahu 6e4411d1d9
Update api submodule versions to v1.31.0 for envoyextensions (#22032) 
* Update api versions envoyextensions

* Update go.mod

* Update go.mod

* Update go.sum

* Added the missed change
 2024-12-23 14:20:31 -06:00
hc-github-team-consul-core 8e194ace7d
Backport of Update API Group under backendRefs into release/1.20.x (#21965) 
* backport of commit a1c140d223

* backport of commit 77c78f3b2c

---------

Co-authored-by: Mark Campbell-Vincent <mnmvincent@gmail.com>
Co-authored-by: Abhishek Sahu <abhishek.sahu@hashicorp.com>
 2024-12-23 22:10:59 +05:30
hc-github-team-consul-core 730a5567c7
Backport of docs: fix broken link into release/1.20.x (#21977) 
backport of commit 5d32fe87cb

Co-authored-by: Bhautik <bhautikrchudasama@gmail.com>
Co-authored-by: Abhishek Sahu <abhishek.sahu@hashicorp.com>
 2024-12-23 22:10:24 +05:30
hc-github-team-consul-core c3707ea510
Backport of sec: bump envoy patch versions into release/1.20.x (#22025) 
backport of commit 727eadc67d

Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
 2024-12-19 11:35:58 -06:00
hc-github-team-consul-core f8a0bd0d07
Backport of chore: remove staff codeowners now that it requires mandatory review into release/1.20.x (#22022) 
backport of commit 5a060300eb

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
 2024-12-19 11:14:22 -06:00
hc-github-team-consul-core b453677e41
Backport of Suppress redhat linux CVEs into release/1.20.x (#22029) 
backport of commit b3e625765a

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
 2024-12-19 17:13:10 +00:00
hc-github-team-consul-core edebd4db67
Backport of [Security] Bump net packages to resolve GO-2024-3333 into release/1.20.x (#22023) 
* backport of commit ea42557226

* backport of commit 566235368f

---------

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
 2024-12-19 10:12:28 -06:00
hc-github-team-consul-core d6b9514a9d
Backport of Bump golang.org/x/crypto from 0.22.0 to 0.31.0 in /testing/deployer into release/1.20.x (#22019) 
backport of commit 9f3a971102

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-18 16:38:40 -06:00
hc-github-team-consul-core 3df3d081b7
Backport of [Security] Bump crypto libraries into release/1.20.x (#22007) 
* backport of commit 61d6d77fe1

* Merge branch 'bump-crypto-ssh' of github.com:hashicorp/consul into bump-crypto-ssh

* add changelog, suppress vulnerability that hasn't been fixed yet

---------

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
 2024-12-18 20:43:13 +00:00
hc-github-team-consul-core 5c36f1a02e
Backport of Update CODEOWNER into release/1.20.x (#22018) 
* backport of commit eedf608d3c

* backport of commit 482b77ef64

* backport of commit 6832a5e470

---------

Co-authored-by: Xinyi Wang <xinyi.wang@hashicorp.com>
 2024-12-18 20:26:49 +00:00
hc-github-team-consul-core 14c1c9575b
Backport of Update UBI Image into release/1.20.x (#22012) 
* backport of commit 48ce915c47

* backport of commit 83de2ede07

---------

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
 2024-12-18 17:29:50 +00:00
hc-github-team-consul-core 7e52d43c8b
Backport of Bump alpine image into release/1.20.x (#22010) 
backport of commit 9e07bb2120

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
 2024-12-17 15:10:28 -06:00
hc-github-team-consul-core 9dc0b2c18c
Backport of [Security] Bump envoy versions into release/1.20.x (#22006) 
backport of commit 8c850ea8d3

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
 2024-12-16 13:36:09 -06:00
Aimee Ukasick 5b91606d82
Backport of docs: Adds initial sg documentation for the health API into release 1.20.x (#21988) 
* Adds initial sg documentation for the health API  (#21763)

Adds initial sg documentation

* Backport of docs: Adds initial sg documentation for the health API

into release/1.20.x

---------

Co-authored-by: Nick Wales <588472+nickwales@users.noreply.github.com>
 2024-12-04 11:43:18 -06:00
hc-github-team-consul-core 297ca6b2f3
Backport of [Security] Secvuln 8633 Consul configuration allowed repeated keys into release/1.20.x (#21943) 
* backport of commit 7673eae697

* backport of commit b34f61005e

* backport of commit 31de425d22

* backport of commit 0299f95398

* backport of commit f816fccd99

* backport of commit 64af4967f3

* backport of commit 637561fac6

* backport of commit 994716d22c

* backport of commit 0baa3c90bc

* backport of commit 05eeccee6d

* backport of commit 18e9efa154

* backport of commit c7ab56a6a1

* backport of commit ae6fe969e1

* backport of commit 1cc3eb21c7

* go mod tidy

---------

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
 2024-11-27 17:25:21 -06:00
hc-github-team-consul-core 10af0cd0c9
Backport of [Security] SECVULN-8621: Fix XSS Vulnerability where content-type header wasn't explicitly set in API requests into release/1.20.x (#21976) 
* backport of commit c76765bc06

* backport of commit 01a6157b9f

---------

Co-authored-by: NiniOak <anita.akaeze@hashicorp.com>
 2024-11-27 17:47:15 +00:00
hc-github-team-consul-core d335aa371e
Backport of state: ensure that identical manual virtual IP updates result in not bumping the modify indexes into release/1.20.x (#21969) 
The consul-k8s endpoints controller issues catalog register and manual virtual ip
updates without first checking to see if the updates would be effectively not
changing anything. This is supposed to be reasonable because the state store
functions do the check for a no-op update and should discard repeat updates so
that downstream blocking queries watching one of the resources don't fire
pointlessly (and CPU wastefully).

While this is true for the check/service/node catalog updates, it is not true for
the "manual virtual ip" updates triggered by the PUT /v1/internal/service-virtual-ip.
Forcing the connect injector pod to recycle while watching some lightly
modified FSM code can show that a lot of updates are of the update list of ips
from [A] to [A]. Immediately following this stray update you can see a lot of
activity in proxycfg and xds packages waking up due to blocking queries
triggered by this.

This PR skips updates that change nothing both:

- at the RPC layer before passing it to raft (ideally)
- if the write does make it through raft and get applied to the FSM (failsafe)
 2024-11-25 10:18:22 -06:00
hc-github-team-consul-core 5aca81263d
Backport of Add alpine image cves to suppress list into release/1.20.x (#21970) 
backport of commit 82857bb91e

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
 2024-11-22 12:04:37 -06:00
hc-github-team-consul-core 983582aa3b
Backport of NET-11737 - sec vulnerability - remediate ability to use bexpr to filter results without ACL read on endpoint into release/1.20.x (#21962) 
* backport of commit 07a618b1fc

* backport of commit 16e024100a

* backport of commit a1d9d43849

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
 2024-11-21 08:45:37 -07:00
hc-github-team-consul-core 39f4cb77c4
Backport of Fix PeerUpstreamEndpoints and UpstreamPeerTrustBundles to only Cancel watch when needed, otherwise keep the watch active into release/1.20.x (#21956) 
* backport of commit e4068befa2

* backport of commit 6e3c944e0e

* backport of commit 48b1103c74

* backport of commit ba9155b5ce

---------

Co-authored-by: Dhia Ayachi <dhia.ayachi@gmail.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
 2024-11-19 10:38:45 -05:00
hc-github-team-consul-core 675ad3b008
Backport of Update JWT to resolve CVE-2024-51744 into release/1.20.x (#21952) 
* backport of commit 58449acf45

* backport of commit b51562deaf

---------

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
 2024-11-18 20:42:55 +00:00
Aimee Ukasick 7f3976be69
Backport of Docs/CE-749-remove-references-from-consul into release/1.20.x #21916 (#21917) 
Docs/CE-749-remove-references-from-consul (#21914)

* delete HCP Consul Central references

* Path correction

* missed listing

* Nav update

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
 2024-11-05 07:30:12 -08:00
hc-github-team-consul-core 616f9ba019
Backport of Added the docs for all the grafana dashboards. into release/1.20.x (#21918) 
Added the docs for all the grafana dashboards. (#21795)

* Added the docs for all the grafana dashboards.

 Author:   Yasmin Lorin Kaygalak <ykaygala@villanova.edu>

Co-authored-by: Yasmin Lorin Kaygalak <lorin.kaygalak@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
 2024-11-05 15:27:39 +00:00
hc-github-team-consul-core ac57f563b1
Backport of ci(security-scanner): add support for Red Hat UBI images and fix typo into release/1.20.x (#21913) 
* backport of commit 8237ce01fe

* backport of commit f7dc68f1c8

* backport of commit 5610471f0e

---------

Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
 2024-11-04 20:10:31 +00:00
John Maguire bc70c83790
bump version (#21904) 2024-10-31 14:57:00 +00:00
John Maguire 6b06af36f9
update changelogs (#21897) 2024-10-30 21:03:28 +00:00
hc-github-team-consul-core e4842798b1
Backport of docs: add missing slash in redirect into release/1.20.x (#21885) 
backport of commit 27774d7357

Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
 2024-10-29 17:00:13 +00:00
hc-github-team-consul-core e7aac01f90
Backport of Allow multiple endpoints in Envoy clusters configured with hostnames into release/1.20.x (#21882) 
* backport of commit a80ee727dd

* backport of commit f270ab5946

---------

Co-authored-by: Tom Davies <tom@t-davies.com>
 2024-10-29 08:52:32 -06:00
hc-github-team-consul-core 2a1e55efff
Backport of [NET-1151 NET-11046] docs: clarify request normalization and L7 headers feature availability into release/1.20.x (#21880) 
backport of commit a44b262a69

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
 2024-10-28 11:18:21 -06:00
hc-github-team-consul-core 658864b3fd
Backport of chore: retain retracted api submodule version into release/1.20.x (#21865) 
backport of commit 5934d8b7d3

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
 2024-10-28 11:03:39 -06:00
hc-github-team-consul-core fbad81c574
Backport of Suppress CVE-2024-9143 into release/1.20.x (#21876) 
backport of commit afb5501196

Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
 2024-10-25 11:56:07 -05:00
hc-github-team-consul-core b42b2014a5
Backport of Update ENVOY_VERSIONS into release/1.20.x (#21822) 
backport of commit 2b3725ddef

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
 2024-10-25 16:41:27 +00:00
hc-github-team-consul-core bdeb6eefe2
Backport of Update Envoy compatibility matrices to include consul 1.20.x and dataplane 1.6.x into release/1.20.x (#21853) 
* backport of commit 4297efed9d

* backport of commit 2b42b98928

* backport of commit c18868a4e5

* backport of commit 019332f031

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
 2024-10-17 21:40:21 +00:00
hc-github-team-consul-core d10c9f16a3
Backport of Update compatibility matrix to include 1.20.x into release/1.20.x (#21851) 
* backport of commit 401e15655b

* backport of commit d470792ddb

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
 2024-10-17 20:42:39 +00:00
hc-github-team-consul-core da6dd8d600
Backport of docs: clarify Envoy and dataplane LTS support policy into release/1.20.x (#21849) 
backport of commit 5f55c3f387

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
 2024-10-17 17:38:29 +00:00
hc-github-team-consul-core 55418175b0
Backport of api: remove dependency on proto-public, protobuf, and grpc into release/1.20.x (#21845) 
* backport of commit 9e5c905c9a

* backport of commit dce24bf269

* backport of commit 09a5cff261

---------

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
 2024-10-17 15:25:59 +00:00
hc-github-team-consul-core 424f5a808a
Backport of [NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass into release/1.20.x (#21839) 
backport of commit 9e7757da16

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
 2024-10-16 16:44:28 +00:00
Nathan Coleman 2300ed5c89
Prepare branch for future patch release (#21837) 2024-10-16 15:56:57 +00:00
Michael Zalimeni de188deaff
Manual backport of CE-654 - TLS Encryption docs + CE-713 - Gossip Encryption key rotation (#21509) into release/1.20.x (#21836) 
backport of commit 250b1dece5

Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
 2024-10-16 07:50:17 -07:00