Backport of Add known issue notice for #18636. into release/1.16.x (#18653)

backport of commit a2a903fb81fbd103643c10cea6970bb1c30bdbcb

Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
This commit is contained in:
hc-github-team-consul-core 2023-09-01 15:38:37 -05:00 committed by GitHub
parent 3318c83705
commit c693ec3290
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 0 deletions

View File

@ -1,5 +1,9 @@
## 1.16.1 (August 8, 2023)
KNOWN ISSUES:
* connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636).
SECURITY:
* Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
@ -59,6 +63,10 @@ https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp
## 1.16.0 (June 26, 2023)
KNOWN ISSUES:
* connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636).
BREAKING CHANGES:
* api: The `/v1/health/connect/` and `/v1/health/ingress/` endpoints now immediately return 403 "Permission Denied" errors whenever a token with insufficient `service:read` permissions is provided. Prior to this change, the endpoints returned a success code with an empty result list when a token with insufficient permissions was provided. [[GH-17424](https://github.com/hashicorp/consul/issues/17424)]

View File

@ -64,6 +64,16 @@ We are pleased to announce the following Consul updates.
For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.
## Known Issues
The following issues are known to exist in the v1.16.x releases:
- v1.16.0 - v1.16.1 may have issues when a snapshot restore is performed
and the servers are hosting xDS streams. When this bug triggers, it
will cause Envoy to incorrectly populate upstream endpoints. It is
currently not recommended for service mesh users running agent-less
workloads to upgrade Consul to these versions.
## Changelogs
The changelogs for this major release version and any maintenance versions are listed below.

View File

@ -16,6 +16,12 @@ upgrade flow.
## Consul 1.16.x
#### Known issues
Service mesh in Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams.
When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. Due to this issue, it is currently not recommended for
service mesh users running agent-less workloads to upgrade Consul to these versions.
#### API health endpoints return different status code
Consul versions 1.16.0+ now return an error 403 "Permission denied" status