Backport of Add known issue notice for #18636. into release/1.16.x (#18653)

backport of commit a2a903fb81fbd103643c10cea6970bb1c30bdbcb Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-09-01 15:38:37 -05:00 · 2023-09-01 15:38:37 -05:00 · c693ec3290
parent 3318c83705
commit c693ec3290
3 changed files with 24 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,9 @@
 ## 1.16.1 (August 8, 2023)
 KNOWN ISSUES:
 * connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636).
 SECURITY:
 * Update `golang.org/x/net` to v0.13.0 to address [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978). [[GH-18358](https://github.com/hashicorp/consul/issues/18358)]
@ -59,6 +63,10 @@ https://github.com/rboyer/safeio/pull/3 [[GH-18302](https://github.com/hashicorp
 ## 1.16.0 (June 26, 2023)
 KNOWN ISSUES:
 * connect: Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams. When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. This bug only impacts agent-less service mesh and should be fixed in Consul 1.16.2 by [GH-18636](https://github.com/hashicorp/consul/pull/18636).
 BREAKING CHANGES:
 * api: The `/v1/health/connect/` and `/v1/health/ingress/` endpoints now immediately return 403 "Permission Denied" errors whenever a token with insufficient `service:read` permissions is provided. Prior to this change, the endpoints returned a success code with an empty result list when a token with insufficient permissions was provided. [[GH-17424](https://github.com/hashicorp/consul/issues/17424)]
--- a/website/content/docs/release-notes/consul/v1_16_x.mdx
+++ b/website/content/docs/release-notes/consul/v1_16_x.mdx
@ -64,6 +64,16 @@ We are pleased to announce the following Consul updates.
 For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs.
 ## Known Issues
 The following issues are known to exist in the v1.16.x releases:
 - v1.16.0 - v1.16.1 may have issues when a snapshot restore is performed
    and the servers are hosting xDS streams. When this bug triggers, it
    will cause Envoy to incorrectly populate upstream endpoints. It is
    currently not recommended for service mesh users running agent-less
    workloads to upgrade Consul to these versions.
 ## Changelogs
 The changelogs for this major release version and any maintenance versions are listed below.
--- a/website/content/docs/upgrading/upgrade-specific.mdx
+++ b/website/content/docs/upgrading/upgrade-specific.mdx
@ -16,6 +16,12 @@ upgrade flow.
 ## Consul 1.16.x
 #### Known issues
 Service mesh in Consul versions 1.16.0 and 1.16.1 may have issues when a snapshot restore is performed and the servers are hosting xDS streams.
 When this bug triggers, it will cause Envoy to incorrectly populate upstream endpoints. Due to this issue, it is currently not recommended for
 service mesh users running agent-less workloads to upgrade Consul to these versions.
 #### API health endpoints return different status code
 Consul versions 1.16.0+ now return an error 403 "Permission denied" status