Skip to content

v1.22.0-rc2

Pre-release
Pre-release

Choose a tag to compare

View all tags
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering released this 15 Oct 16:43
v1.22.0-rc2
8f954fd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

1.22.0-rc2 (October 15, 2025)

SECURITY:

  • security: Adding warning when remote/local script checks are enabled without enabling ACL's [GH-22877]
  • security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacksCVE-2025-11374 [GH-22916]
  • security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves CVE-2025-11375. [GH-22836]
  • security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves CVE-2025-11392. [GH-22850]

BUG FIXES:

  • cmd: Fix consul operator utilization --help to show only available options without extra parameters. [GH-22912]
Assets 2
Loading