Skip to content

Commit

Permalink
Add known issue notice for #18636. (#18650)
Browse files Browse the repository at this point in the history
  • Loading branch information
hashi-derek authored Sep 1, 2023
1 parent cd3bfc5 commit 9915b47
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 0 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
## 1.16.1 (August 8, 2023)

KNOWN ISSUES:

* connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636).

SECURITY:

* Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
Expand Down Expand Up @@ -136,6 +140,10 @@ https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp

## 1.16.0 (June 26, 2023)

KNOWN ISSUES:

* connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636).

BREAKING CHANGES:

* api: The `/v1/health/connect/` and `/v1/health/ingress/` endpoints now immediately return 403 "Permission Denied" errors whenever a token with insufficient `service:read` permissions is provided. Prior to this change, the endpoints returned a success code with an empty result list when a token with insufficient permissions was provided. [[GH-17424](https://github.com/hashicorp/consul/issues/17424)]
Expand Down
10 changes: 10 additions & 0 deletions website/content/docs/release-notes/consul/v1_16_x.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,16 @@ We are pleased to announce the following Consul updates.

For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.

## Known Issues

The following issues are known to exist in the v1.16.x releases:

- v1.16.0 - v1.16.1 may have issues when a snapshot restore is performed
and the servers are hosting xDS streams. When this bug triggers, it
will cause Envoy to incorrectly populate upstream endpoints. It is
currently not recommended for service mesh users running agent-less
workloads to upgrade Consul to these versions.

## Changelogs

The changelogs for this major release version and any maintenance versions are listed below.
Expand Down
6 changes: 6 additions & 0 deletions website/content/docs/upgrading/upgrade-specific.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@ upgrade flow.

## Consul 1.16.x

#### Known issues

Service mesh in Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams.
When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. Due to this issue, it is currently not recommended for
service mesh users running agent-less workloads to upgrade Consul to these versions.

#### API health endpoints return different status code

Consul versions 1.16.0+ now return an error 403 "Permission denied" status
Expand Down

0 comments on commit 9915b47

Please sign in to comment.