diff --git a/.changelog/7628.txt b/.changelog/7628.txt new file mode 100644 index 000000000..27fdcb238 --- /dev/null +++ b/.changelog/7628.txt @@ -0,0 +1,3 @@ +```release-note:improvement +agent: Allow to restrict servers that can join a given Serf Consul cluster. +``` diff --git a/.changelog/7899.txt b/.changelog/7899.txt new file mode 100644 index 000000000..c385ecf97 --- /dev/null +++ b/.changelog/7899.txt @@ -0,0 +1,3 @@ +```release-note:improvement +acl: allow auth methods created in the primary datacenter to optionally create global tokens. +``` diff --git a/.changelog/7970.txt b/.changelog/7970.txt new file mode 100644 index 000000000..2cfaa2a68 --- /dev/null +++ b/.changelog/7970.txt @@ -0,0 +1,3 @@ +```release-note:feature +acl: Added ACL Node Identities for easier creation of Consul Agent tokens. +``` diff --git a/.changelog/8158.txt b/.changelog/8158.txt new file mode 100644 index 000000000..538e129b2 --- /dev/null +++ b/.changelog/8158.txt @@ -0,0 +1,3 @@ +```release-note:bug +connect: fix crash that would result if a mesh or terminating gateway's upstream has a hostname as an address and no healthy service instances available. +``` diff --git a/.changelog/8190.txt b/.changelog/8190.txt new file mode 100644 index 000000000..13f9f722a --- /dev/null +++ b/.changelog/8190.txt @@ -0,0 +1,3 @@ +```release-note:improvement +connect: Append port number to expected ingress hosts. +``` diff --git a/.changelog/8194.txt b/.changelog/8194.txt new file mode 100644 index 000000000..20d291021 --- /dev/null +++ b/.changelog/8194.txt @@ -0,0 +1,3 @@ +```release-note:improvement +connect: various changes to make namespaces for intentions work more like for other subsystems. +``` diff --git a/.changelog/8211.txt b/.changelog/8211.txt new file mode 100644 index 000000000..2f60382f6 --- /dev/null +++ b/.changelog/8211.txt @@ -0,0 +1,11 @@ +```release-note:bug +agent: Fixed a bug where Consul could crash when `verify_outgoing` was set to true but no client certificate was used. +``` + +```release-note:bug +auto_encrypt: Fixed an issue where auto encrypt certificate signing wasn't using the connect signing rate limiter. +``` + +```release-note:bug +auto_encrypt: Fixed several issues around retrieving the first TLS certificate where it would have the wrong CN and SANs. This was being masked by a second bug (also fixed) causing that certificate to immediately be discarded with a second certificate request being made afterwards. +``` diff --git a/.changelog/8216.txt b/.changelog/8216.txt new file mode 100644 index 000000000..d931e07b2 --- /dev/null +++ b/.changelog/8216.txt @@ -0,0 +1,3 @@ +```release-note:improvement +connect: support Envoy v1.14.4, v1.13.4, v1.12.6. +``` diff --git a/.changelog/8218.txt b/.changelog/8218.txt new file mode 100644 index 000000000..3af85649a --- /dev/null +++ b/.changelog/8218.txt @@ -0,0 +1,3 @@ +```release-note:improvement +dns: Improve RCODE of response when query targets a non-existent datacenter. [[GH-8102](https://github.com/hashicorp/consul/issues/8102)] +``` diff --git a/.changelog/8222.txt b/.changelog/8222.txt new file mode 100644 index 000000000..b0f22a473 --- /dev/null +++ b/.changelog/8222.txt @@ -0,0 +1,3 @@ +```release-note:bug +xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions. +``` diff --git a/.changelog/8268.txt b/.changelog/8268.txt new file mode 100644 index 000000000..725f6b9d1 --- /dev/null +++ b/.changelog/8268.txt @@ -0,0 +1,3 @@ +```release-note:improvement +version: The `version` CLI subcommand was altered to always show the git revision the binary was built from on the second line of output. Additionally the command gained a `-format` flag with the option now of outputting the version information in JSON form. **NOTE** This change has the potential to break any parsing done by users of the `version` commands output. In many cases nothing will need to be done but it is possible depending on how the output is parsed. +``` diff --git a/.changelog/8311.txt b/.changelog/8311.txt new file mode 100644 index 000000000..57d783351 --- /dev/null +++ b/.changelog/8311.txt @@ -0,0 +1,3 @@ +```release-note:bug +auto_encrypt: Fixed an issue that caused auto encrypt certificates to not be updated properly if the agents token was changed and the old token was deleted. +``` diff --git a/.changelog/8343.txt b/.changelog/8343.txt new file mode 100644 index 000000000..92063ac98 --- /dev/null +++ b/.changelog/8343.txt @@ -0,0 +1,3 @@ +```release-note:bug +gossip: Avoid issue where two unique leave events for the same node could lead to infinite rebroadcast storms. +``` diff --git a/.changelog/8371.txt b/.changelog/8371.txt new file mode 100644 index 000000000..d346ff8cd --- /dev/null +++ b/.changelog/8371.txt @@ -0,0 +1,3 @@ +```release-note:bug +connect: Fixed issue where specifying a prometheus bind address would cause ingress gateways to fail to start up. +``` diff --git a/.changelog/changelog.tmpl b/.changelog/changelog.tmpl new file mode 100644 index 000000000..fbdc8010c --- /dev/null +++ b/.changelog/changelog.tmpl @@ -0,0 +1,40 @@ +{{- if index .NotesByType "breaking-change" -}} +BREAKING CHANGES: + +{{range index .NotesByType "breaking-change" -}} +* {{ template "note" .}} +{{ end -}} +{{- end -}} + +{{- if .NotesByType.security }} +SECURITY: + +{{range .NotesByType.security -}} +* {{ template "note" . }} +{{ end -}} +{{- end -}} + +{{- if .NotesByType.feature -}} +FEATURES: + +{{range .NotesByType.feature -}} +* {{ template "note" . }} +{{ end -}} +{{- end -}} + +{{- if .NotesByType.improvement }} +IMPROVEMENTS: + +{{range .NotesByType.improvement -}} +* {{ template "note" . }} +{{ end -}} +{{- end -}} + +{{- if .NotesByType.bug }} +BUG FIXES: + +{{range .NotesByType.bug -}} +* {{ template "note" . }} +{{ end -}} +{{- end -}} + diff --git a/.changelog/note.tmpl b/.changelog/note.tmpl new file mode 100644 index 000000000..b9427f43f --- /dev/null +++ b/.changelog/note.tmpl @@ -0,0 +1,3 @@ +{{- define "note" -}} +{{.Body}} [[GH-{{- .Issue -}}](https://github.com/hashicorp/consul/pull/{{- .Issue -}})] +{{- end -}}