Skip to content

v1.22.5

Choose a tag to compare

View all tags
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering released this 27 Feb 07:18
v1.22.5
3a6dbfc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

1.22.5 (February 26, 2026)

SECURITY:

  • security: upgrade go version to 1.25.7 [GH-23204]
  • dockerfile: the Consul build Go base image to alpine3.23 [GH-23194]
  • connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth and go-secure-stdlib/awsutil dependencies to their v2 versions. [GH-23109]
  • security: Configure HTTP server timeouts to prevent Slowloris denial-of-service attacks on agent HTTP endpoints and pprof endpoints. [GH-22739]
  • security: Patched Vault CA provider to prevent arbitrary file reads via Kubernetes, JWT, and AppRole methods. [GH-23249]
  • security: Introduced debounce timing for synchronization operations within federationStateAntiEntropySync. [GH-23196]

IMPROVEMENTS:

  • api-gateway: Fixed "duplicate matcher" errors in Envoy when using multiple file-system certificates on a single TLS listener. The certificates are now consolidated into a single filter chain, allowing Envoy to select the correct one. [GH-23212]
  • agent: Fix vault provider failure when signing intermediate CA with isCA=true in CSR [GH-23202]
  • cli: Added --aws-iam-endpoint flag to consul login command for AWS IAM auth method to support custom IAM endpoint configuration [GH-23109]
  • docs: Refreshed the security documentation to include the new HTTP server timeout defaults and relevant configuration options. [GH-23246]
  • api: Cancel context check for watches cache fetch to stop execution when manager deregisters the watch. [GH-23157]
Assets 2
Loading