Skip to content

Commit ad3f06a

Browse files
xwa153xwa153
authored
changelog and version (#21103)
* update changelog
1 parent d1b67dc commit ad3f06a

File tree

2 files changed

+27
-1
lines changed

2 files changed

+27
-1
lines changed

CHANGELOG.md

+26
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,29 @@
1+
## 1.15.12 Enterprise (May 14, 2024)
2+
3+
**Enterprise LTS**: Consul Enterprise 1.15 is a Long-Term Support (LTS) release.
4+
5+
SECURITY:
6+
7+
* Bump Dockerfile base image to `alpine:3.19`. [[GH-20897](https://github.com/hashicorp/consul/issues/20897)]
8+
* Update `vault/api` to v1.12.2 to address [CVE-2024-28180](https://nvd.nist.gov/vuln/detail/CVE-2024-28180)
9+
(removes indirect dependency on impacted `go-jose.v2`) [[GH-20910](https://github.com/hashicorp/consul/issues/20910)]
10+
* Upgrade Go to use 1.21.10. This addresses CVEs
11+
[CVE-2024-24787](https://nvd.nist.gov/vuln/detail/CVE-2024-24787) and
12+
[CVE-2024-24788](https://nvd.nist.gov/vuln/detail/CVE-2024-24788) [[GH-21074](https://github.com/hashicorp/consul/issues/21074)]
13+
* Upgrade to support Envoy `1.26.8, 1.27.4, 1.27.5, 1.28.2 and 1.28.3`. This resolves CVEs
14+
[CVE-2024-27919](https://nvd.nist.gov/vuln/detail/CVE-2024-27919) (`http2`). [[GH-20956](https://github.com/hashicorp/consul/issues/20956)] and [CVE-2024-32475](https://nvd.nist.gov/vuln/detail/CVE-2024-32475) (`auto_sni`). [[GH-21030](https://github.com/hashicorp/consul/issues/21030)]
15+
* Upgrade to support k8s.io/apimachinery `v0.18.7 or higher`. This resolves CVE
16+
[CVE-2020-8559](https://nvd.nist.gov/vuln/detail/CVE-2020-8559). [[GH-21030](https://github.com/hashicorp/consul/issues/21030)]
17+
* Upgrade to use Go `1.21.9`. This resolves CVE
18+
[CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) (`http2`). [[GH-20956](https://github.com/hashicorp/consul/issues/20956)]
19+
* Upgrade to use golang.org/x/net `v0.24.0`. This resolves CVE
20+
[CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) (`x/net`). [[GH-20956](https://github.com/hashicorp/consul/issues/20956)]
21+
* security: Remove `coredns/coredns` dependency to address [CVE-2024-0874](https://nvd.nist.gov/vuln/detail/CVE-2024-0874) [[GH-9245](https://github.com/hashicorp/consul/issues/9245)]
22+
23+
BUG FIXES:
24+
25+
* xds: Make TCP external service registered with terminating gateway reachable from peered cluster [[GH-19881](https://github.com/hashicorp/consul/issues/19881)]
26+
127
## 1.15.11 Enterprise (March 26, 2024)
228

329
**Enterprise LTS**: Consul Enterprise 1.15 is a Long-Term Support (LTS) release.

version/VERSION

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.15.12-dev
1+
1.15.12

0 commit comments

Comments
 (0)