68509e1ed1
backport of commit c3325742f8
2024-12-18 14:44:12 -06:00
3df3d081b7
Backport of [Security] Bump crypto libraries into release/1.20.x ( #22007 )
...
* backport of commit 61d6d77fe1
2024-12-18 20:43:13 +00:00
5c36f1a02e
Backport of Update CODEOWNER into release/1.20.x ( #22018 )
...
* backport of commit eedf608d3c482b77ef646832a5e470
2024-12-18 20:26:49 +00:00
14c1c9575b
Backport of Update UBI Image into release/1.20.x ( #22012 )
...
* backport of commit 48ce915c4783de2ede07
2024-12-18 17:29:50 +00:00
7e52d43c8b
Backport of Bump alpine image into release/1.20.x ( #22010 )
...
backport of commit 9e07bb2120
2024-12-17 15:10:28 -06:00
9dc0b2c18c
Backport of [Security] Bump envoy versions into release/1.20.x ( #22006 )
...
backport of commit 8c850ea8d3
2024-12-16 13:36:09 -06:00
5b91606d82
Backport of docs: Adds initial sg documentation for the health API into release 1.20.x ( #21988 )
...
* Adds initial sg documentation for the health API (#21763 )
Adds initial sg documentation
* Backport of docs: Adds initial sg documentation for the health API
into release/1.20.x
---------
Co-authored-by: Nick Wales <588472+nickwales@users.noreply.github.com>
2024-12-04 11:43:18 -06:00
297ca6b2f3
Backport of [Security] Secvuln 8633 Consul configuration allowed repeated keys into release/1.20.x ( #21943 )
...
* backport of commit 7673eae697b34f61005e31de425d220299f95398f816fccd9964af4967f3637561fac6994716d22c0baa3c90bc05eeccee6d18e9efa154c7ab56a6a1ae6fe969e11cc3eb21c7
2024-11-27 17:25:21 -06:00
10af0cd0c9
Backport of [Security] SECVULN-8621: Fix XSS Vulnerability where content-type header wasn't explicitly set in API requests into release/1.20.x ( #21976 )
...
* backport of commit c76765bc0601a6157b9f
2024-11-27 17:47:15 +00:00
d335aa371e
Backport of state: ensure that identical manual virtual IP updates result in not bumping the modify indexes into release/1.20.x ( #21969 )
...
The consul-k8s endpoints controller issues catalog register and manual virtual ip
updates without first checking to see if the updates would be effectively not
changing anything. This is supposed to be reasonable because the state store
functions do the check for a no-op update and should discard repeat updates so
that downstream blocking queries watching one of the resources don't fire
pointlessly (and CPU wastefully).
While this is true for the check/service/node catalog updates, it is not true for
the "manual virtual ip" updates triggered by the PUT /v1/internal/service-virtual-ip.
Forcing the connect injector pod to recycle while watching some lightly
modified FSM code can show that a lot of updates are of the update list of ips
from [A] to [A]. Immediately following this stray update you can see a lot of
activity in proxycfg and xds packages waking up due to blocking queries
triggered by this.
This PR skips updates that change nothing both:
- at the RPC layer before passing it to raft (ideally)
- if the write does make it through raft and get applied to the FSM (failsafe)
2024-11-25 10:18:22 -06:00
5aca81263d
Backport of Add alpine image cves to suppress list into release/1.20.x ( #21970 )
...
backport of commit 82857bb91e
2024-11-22 12:04:37 -06:00
983582aa3b
Backport of NET-11737 - sec vulnerability - remediate ability to use bexpr to filter results without ACL read on endpoint into release/1.20.x ( #21962 )
...
* backport of commit 07a618b1fc16e024100aa1d9d43849
2024-11-21 08:45:37 -07:00
39f4cb77c4
Backport of Fix PeerUpstreamEndpoints and UpstreamPeerTrustBundles to only Cancel watch when needed, otherwise keep the watch active into release/1.20.x ( #21956 )
...
* backport of commit e4068befa26e3c944e0e48b1103c74ba9155b5ce
2024-11-19 10:38:45 -05:00
675ad3b008
Backport of Update JWT to resolve CVE-2024-51744 into release/1.20.x ( #21952 )
...
* backport of commit 58449acf45b51562deaf
2024-11-18 20:42:55 +00:00
7f3976be69
Backport of Docs/CE-749-remove-references-from-consul into release/1.20.x #21916 ( #21917 )
...
Docs/CE-749-remove-references-from-consul (#21914 )
* delete HCP Consul Central references
* Path correction
* missed listing
* Nav update
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-11-05 07:30:12 -08:00
616f9ba019
Backport of Added the docs for all the grafana dashboards. into release/1.20.x ( #21918 )
...
Added the docs for all the grafana dashboards. (#21795 )
* Added the docs for all the grafana dashboards.
Author: Yasmin Lorin Kaygalak <ykaygala@villanova.edu>
Co-authored-by: Yasmin Lorin Kaygalak <lorin.kaygalak@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2024-11-05 15:27:39 +00:00
ac57f563b1
Backport of ci(security-scanner): add support for Red Hat UBI images and fix typo into release/1.20.x ( #21913 )
...
* backport of commit 8237ce01fef7dc68f1c85610471f0e
2024-11-04 20:10:31 +00:00
bc70c83790
bump version ( #21904 )
2024-10-31 14:57:00 +00:00
6b06af36f9
update changelogs ( #21897 )
2024-10-30 21:03:28 +00:00
e4842798b1
Backport of docs: add missing slash in redirect into release/1.20.x ( #21885 )
...
backport of commit 27774d7357
2024-10-29 17:00:13 +00:00
e7aac01f90
Backport of Allow multiple endpoints in Envoy clusters configured with hostnames into release/1.20.x ( #21882 )
...
* backport of commit a80ee727ddf270ab5946
2024-10-29 08:52:32 -06:00
2a1e55efff
Backport of [NET-1151 NET-11046] docs: clarify request normalization and L7 headers feature availability into release/1.20.x ( #21880 )
...
backport of commit a44b262a69
2024-10-28 11:18:21 -06:00
658864b3fd
Backport of chore: retain retracted api submodule version into release/1.20.x ( #21865 )
...
backport of commit 5934d8b7d3
2024-10-28 11:03:39 -06:00
fbad81c574
Backport of Suppress CVE-2024-9143 into release/1.20.x ( #21876 )
...
backport of commit afb5501196
2024-10-25 11:56:07 -05:00
b42b2014a5
Backport of Update ENVOY_VERSIONS into release/1.20.x ( #21822 )
...
backport of commit 2b3725ddef
2024-10-25 16:41:27 +00:00
bdeb6eefe2
Backport of Update Envoy compatibility matrices to include consul 1.20.x and dataplane 1.6.x into release/1.20.x ( #21853 )
...
* backport of commit 4297efed9d2b42b98928c18868a4e5019332f031
2024-10-17 21:40:21 +00:00
d10c9f16a3
Backport of Update compatibility matrix to include 1.20.x into release/1.20.x ( #21851 )
...
* backport of commit 401e15655bd470792ddb
2024-10-17 20:42:39 +00:00
da6dd8d600
Backport of docs: clarify Envoy and dataplane LTS support policy into release/1.20.x ( #21849 )
...
backport of commit 5f55c3f387
2024-10-17 17:38:29 +00:00
55418175b0
Backport of api: remove dependency on proto-public, protobuf, and grpc into release/1.20.x ( #21845 )
...
* backport of commit 9e5c905c9adce24bf26909a5cff261
2024-10-17 15:25:59 +00:00
424f5a808a
Backport of [NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass into release/1.20.x ( #21839 )
...
backport of commit 9e7757da16
2024-10-16 16:44:28 +00:00
2300ed5c89
Prepare branch for future patch release ( #21837 )
2024-10-16 15:56:57 +00:00
de188deaff
Manual backport of CE-654 - TLS Encryption docs + CE-713 - Gossip Encryption key rotation ( #21509 ) into release/1.20.x ( #21836 )
...
backport of commit 250b1dece5
2024-10-16 07:50:17 -07:00
824b17a091
Manual backport of docs: Consul DNS views on Kubernetes ( #21802 ) Beta into release/1.20.x ( #21835 )
...
backport of commit 8f78d7cafd
2024-10-16 14:39:14 +00:00
c25549f414
Delete old redundant encryption MDX file ( #21834 )
...
Delete old security/encryption docs file
This file path (`security/encryption.mdx` updated a year ago) is conflicting
with another file path (`security/encrpytion/index.mdx` updated 2 weeks
ago). This is causing the Vercel build to fail since the GitHub runner
cannot distinguish between the file `encryption.mdx` and the path
`encryption/index.mdx`
This one specifically was chosen for deletion due to it last being
updated a year ago vs `encryption/idex.mdx` being updated 2 weeks ago
2024-10-16 10:24:35 -04:00
3d28e33651
Backport of docs: Consul v1.20 release notes into release/1.20.x ( #21832 )
...
* backport of commit 6206dc5dcb859ef87068a3996a73fbe90acfe67bf28872381f59c5b3023e
2024-10-16 07:16:14 -07:00
e6fe73fcfc
Backport of docs: Consul DNS views on Kubernetes into release/1.20.x ( #21828 )
...
backport of commit 55db87054c
2024-10-16 07:13:51 -07:00
c1f9d378cb
Backport of Post-release updates for 1.20.0 into release/1.20.x ( #21830 )
...
Post-release updates for 1.20.0 (#21829 )
* Update active version list in .release/versions.hcl
* Remove nightly tests for 1.17.x
* Add nightly tests for 1.20.x
* Gate nightly tests for 1.19.x to Enterprise only
* Update CHANGELOG.md
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2024-10-15 16:16:49 +00:00
461050d3d5
Backport of ci: ensure int test docker pull goes through proxy into release/1.20.x ( #21824 )
...
backport of commit 7ed1c98d6c
2024-10-14 15:22:32 -04:00
c7a3ca626c
Backport of Add partition field for catalog deregister docs into release/1.20.x ( #21790 )
...
* backport of commit a0b29b0eed64cf21e0d1
2024-10-14 10:57:19 -04:00
9bdd128b65
Backport of Upgrade test improvements for 1.20.x into release/1.20.x ( #21815 )
...
* backport of commit 27179f4b00801bc982bf
2024-10-11 21:39:04 +00:00
bba6be5483
Backport of docs: Add missing `&&` in DNS forwading tutorial into release/1.20.x ( #21809 )
...
backport of commit 3ba99fd382
2024-10-09 17:11:08 -04:00
4b7887ddb7
Backport of Added grafana dashboards into release/1.20.x ( #21811 )
...
Adds grafana dashboards (#21806 )
Co-authored-by: Yasmin Lorin Kaygalak <ykaygala@villanova.edu>
2024-10-09 14:08:03 -04:00
5234d05a99
Backport of update serf links into release/1.20.x ( #21800 )
...
* no-op commit due to failed cherry-picking
* update serf links (#21797 )
* update serf links
* add .markdown file extension
* update serf links to use /blob/master/
* fix broken links
---------
Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
---------
Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2024-10-02 23:40:57 +00:00
026bcce400
Backport of [NET-11150] ci: fix conditional skip and add safeguard into release/1.20.x ( #21783 )
...
backport of commit c3db6c9001
2024-09-25 17:34:15 +00:00
af1c0eab2c
Backport of fix spacing of bash scripts into release/1.20.x ( #21769 )
...
* backport of commit 1e97297215b7053f5361a391f2fa3c
2024-09-23 17:51:17 +00:00
1f45e8677d
Backport of security: update alpine base image to 3.20 into release/1.20.x ( #21774 )
...
* backport of commit 4421ce1677#21750 )
---------
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
2024-09-19 20:49:56 +00:00
280f6d309c
Backport of Upgrade ubi image to 9.4 into release/1.20.x ( #21773 )
...
* backport of commit 888e302f6e17499dc4dcd933d3727d
2024-09-19 20:40:59 +00:00
63e45110af
Backport of Stage rc release into release/1.20.x ( #21772 )
...
backport of commit d311f2b638
2024-09-19 15:28:23 -05:00
418a32fb0e
Backport of Initialize 1.20 Release into release/1.20.x ( #21753 )
...
* backport of commit a33e903cdf37163dc1a838f0907c7a6ab7ec254b7ac41781865dfebb2cf3316d68cb84
2024-09-17 10:57:17 -05:00
55db87054c
Backport of ci: update the security-scanner gha token into release/1.20.x ( #21754 )
...
backport of commit eb9dbc93f8
2024-09-17 11:51:58 -04:00
Sarah Alsmiller