diff --git a/.changelog/9002.txt b/.changelog/9002.txt new file mode 100644 index 000000000..4d95492f5 --- /dev/null +++ b/.changelog/9002.txt @@ -0,0 +1,3 @@ +```release-note:improvement +ui: add dashboard_url_template config option for external dashboard links +``` diff --git a/.changelog/9008.txt b/.changelog/9008.txt new file mode 100644 index 000000000..ec1984103 --- /dev/null +++ b/.changelog/9008.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: only show topology tab for services that exist +``` diff --git a/.changelog/9059.txt b/.changelog/9059.txt new file mode 100644 index 000000000..73da074bd --- /dev/null +++ b/.changelog/9059.txt @@ -0,0 +1,3 @@ +```release-note:improvement +agent: add path_allowlist config option to restrict metrics proxy queries +``` diff --git a/.changelog/9081.txt b/.changelog/9081.txt new file mode 100644 index 000000000..210123324 --- /dev/null +++ b/.changelog/9081.txt @@ -0,0 +1,4 @@ +```release-note:bug +ui: hide metrics for ingress gateways until full support can be implemented +``` + diff --git a/.changelog/9088.txt b/.changelog/9088.txt new file mode 100644 index 000000000..a43cec17f --- /dev/null +++ b/.changelog/9088.txt @@ -0,0 +1,3 @@ +```release-note:feature +telemetry: add initialization and definition for non-expiring key metrics in Prometheus +``` diff --git a/.changelog/9099.txt b/.changelog/9099.txt new file mode 100644 index 000000000..f468d0f4e --- /dev/null +++ b/.changelog/9099.txt @@ -0,0 +1,3 @@ +```release-note:improvement +agent: protect the metrics proxy behind ACLs +``` diff --git a/CHANGELOG.md b/CHANGELOG.md index bb0316c0e..1c734b2be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,31 @@ ## UNRELEASED +BREAKING CHANGES: + +* sentinel: **(Consul Enterprise only)** update to v0.16.0, which replaces `whitelist` and `blacklist` with `allowlist` and `denylist` + +SECURITY: + +* Fix Consul Enterprise Namespace Config Entry Replication DoS. Previously an operator with service:write ACL permissions in a Consul Enterprise cluster could write a malicious config entry that caused infinite raft writes due to issues with the namespace replication logic. [[CVE-2020-25201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201)] [[GH-9024](https://github.com/hashicorp/consul/issues/9024)] + +FEATURES: + +* agent: Add a new RPC endpoint for streaming cluster state change events to clients. +* telemetry: add initialization and definition for non-expiring key metrics in Prometheus [[GH-9088](https://github.com/hashicorp/consul/issues/9088)] + +IMPROVEMENTS: + +* agent: add path_allowlist config option to restrict metrics proxy queries [[GH-9059](https://github.com/hashicorp/consul/issues/9059)] +* agent: protect the metrics proxy behind ACLs [[GH-9099](https://github.com/hashicorp/consul/issues/9099)] +* ui: add dashboard_url_template config option for external dashboard links [[GH-9002](https://github.com/hashicorp/consul/issues/9002)] + +BUG FIXES: + +* api: Fixed a bug where the Check.GRPCUseTLS field could not be set using snake case. [[GH-8771](https://github.com/hashicorp/consul/issues/8771)] +* connect: fix connect sidecars registered via the API not being automatically deregistered with their parent service after an agent restart by persisting the LocallyRegisteredAsSidecar property. [[GH-8924](https://github.com/hashicorp/consul/issues/8924)] +* ui: hide metrics for ingress gateways until full support can be implemented [[GH-9081](https://github.com/hashicorp/consul/issues/9081)] +* ui: only show topology tab for services that exist [[GH-9008](https://github.com/hashicorp/consul/issues/9008)] + ## 1.9.0-beta1 (October 12, 2020) BREAKING CHANGES: