{"ecosystem":"go","package":"github.com/hashicorp/consul/proto-public","from_version":null,"to_version":null,"changes":[{"from_version":"ent-changelog-1.18.17","to_version":"ent-changelog-1.19.0","change_type":"breaking","description":"telemetry: State store usage metrics with a double `consul` element in the metric name have been removed. Please use the same metric without the second `consul` instead. As an example instead of `consul.consul.state.config_entries` use `consul.state.config_entries` [[GH-20674](https://github.com/hashicorp/consul/issues/20674)]","migration_hint":null},{"from_version":"ent-changelog-1.18.17","to_version":"ent-changelog-1.19.0","change_type":"breaking","description":"Upgrade to support Envoy `1.27.5 and 1.28.3`. This resolves CVE [CVE-2024-32475](https://nvd.nist.gov/vuln/detail/CVE-2024-32475) (`auto_sni`). [[GH-21017](https://github.com/hashicorp/consul/issues/21017)]","migration_hint":null},{"from_version":"ent-changelog-1.18.17","to_version":"ent-changelog-1.19.0","change_type":"breaking","description":"Upgrade to support k8s.io/apimachinery `v0.18.7 or higher`. This resolves CVE [CVE-2020-8559](https://nvd.nist.gov/vuln/detail/CVE-2020-8559). [[GH-21017](https://github.com/hashicorp/consul/issues/21017)]","migration_hint":null},{"from_version":"ent-changelog-1.18.17","to_version":"ent-changelog-1.19.0","change_type":"breaking","description":"dns: queries now default to a refactored DNS server that is v1 and v2 Catalog compatible. Use `v1dns` in the `experiments` agent config to disable. The legacy server will be removed in a future release of Consul. See the [Consul 1.19.x Release Notes](https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_19_x) for removed DNS features. [[GH-20715](https://github.com/hashicorp/consul/issues/20715)]","migration_hint":null},{"from_version":"ent-changelog-1.18.17","to_version":"ent-changelog-1.19.0","change_type":"breaking","description":"gateways: api-gateway can leverage listener TLS certificates available on the gateway's local filesystem by specifying the public certificate and private key path in the new file-system-certificate configuration entry [[GH-20873](https://github.com/hashicorp/consul/issues/20873)]","migration_hint":null},{"from_version":"ent-changelog-1.17.0","to_version":"ent-changelog-1.18.0","change_type":"breaking","description":"config-entries: Allow disabling request and idle timeouts with negative values in service router and service resolver config entries. [[GH-19992](https://github.com/hashicorp/consul/issues/19992)]","migration_hint":null},{"from_version":"ent-changelog-1.17.0","to_version":"ent-changelog-1.18.0","change_type":"breaking","description":"telemetry: Adds fix to always use the value of `telemetry.disable_hostname` when determining whether to prefix gauge-type metrics with the hostname of the Consul agent. Previously, if only the default metric sink was enabled, this configuration was ignored and always treated as `true`, even though its default value is `false`. [[GH-20312](https://github.com/hashicorp/consul/issues/20312)]","migration_hint":null},{"from_version":"ent-changelog-1.17.0","to_version":"ent-changelog-1.18.0","change_type":"breaking","description":"Update `golang.org/x/crypto` to v0.17.0 to address [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795). [[GH-20023](https://github.com/hashicorp/consul/issues/20023)]","migration_hint":null},{"from_version":"ent-changelog-1.17.0","to_version":"ent-changelog-1.18.0","change_type":"breaking","description":"connect: Update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-19306](https://github.com/hashicorp/consul/issues/19306)]","migration_hint":null},{"from_version":"ent-changelog-1.17.0","to_version":"ent-changelog-1.18.0","change_type":"breaking","description":"mesh: Update Envoy versions to 1.28.1, 1.27.3, and 1.26.7 to address [CVE-2024-23324](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://github.com/envoyproxy/envo","migration_hint":null},{"from_version":"ent-changelog-1.16.0","to_version":"ent-changelog-1.17.0","change_type":"breaking","description":"api: RaftLeaderTransfer now requires an id string. An empty string can be specified to keep the old behavior. [[GH-17107](https://github.com/hashicorp/consul/issues/17107)]","migration_hint":null},{"from_version":"ent-changelog-1.16.0","to_version":"ent-changelog-1.17.0","change_type":"breaking","description":"audit-logging: **(Enterprise only)** allowing timestamp based filename only on rotation. initially the filename will be just file.json [[GH-18668](https://github.com/hashicorp/consul/issues/18668)]","migration_hint":null},{"from_version":"ent-changelog-1.16.0","to_version":"ent-changelog-1.17.0","change_type":"breaking","description":"Update `golang.org/x/net` to v0.17.0 to address [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`x/net/http2`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)]","migration_hint":null},{"from_version":"ent-changelog-1.16.0","to_version":"ent-changelog-1.17.0","change_type":"breaking","description":"Upgrade Go to 1.20.10. This resolves vulnerability [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`net/http`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)]","migration_hint":null},{"from_version":"ent-changelog-1.16.0","to_version":"ent-changelog-1.17.0","change_type":"breaking","description":"Upgrade `google.golang.org/grpc` to 1.56.3. This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-19414](https://github.com/hashicorp/consul/issues/19414)]","migration_hint":null},{"from_version":"ent-changelog-1.15.19","to_version":"ent-changelog-1.16.0","change_type":"breaking","description":"api: The `/v1/health/connect/` and `/v1/health/ingress/` endpoints now immediately return 403 \"Permission Denied\" errors whenever a token with insufficient `service:read` permissions is provided. Prior to this change, the endpoints returned a success code with an empty result list when a token with insufficient permissions was provided. [[GH-17424](https://github.com/hashicorp/consul/issues/17424)]","migration_hint":null},{"from_version":"ent-changelog-1.15.19","to_version":"ent-changelog-1.16.0","change_type":"breaking","description":"peering: Removed deprecated backward-compatibility behavior. Upstream overrides in service-defaults will now only apply to peer upstreams when the `peer` field is provided. Visit the 1.16.x [upgrade instructions](https://developer.hashicorp.com/consul/docs/upgrading/upgrade-specific) for more information. [[GH-16957](https://github.com/hashicorp/consul/issues/16957)]","migration_hint":null},{"from_version":"ent-changelog-1.15.19","to_version":"ent-changelog-1.16.0","change_type":"breaking","description":"Bump Dockerfile base image to `alpine:3.18`. [[GH-17719](https://github.com/hashicorp/consul/issues/17719)]","migration_hint":null},{"from_version":"ent-changelog-1.15.19","to_version":"ent-changelog-1.16.0","change_type":"breaking","description":"audit-logging: **(Enterprise only)** limit `v1/operator/audit-hash` endpoint to ACL token with `operator:read` privileges.","migration_hint":null},{"from_version":"ent-changelog-1.15.19","to_version":"ent-changelog-1.16.0","change_type":"breaking","description":"api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.","migration_hint":null},{"from_version":"ent-changelog-1.14.0","to_version":"ent-changelog-1.15.0","change_type":"breaking","description":"acl errors: Delete and get requests now return descriptive errors when the specified resource cannot be found. Other ACL request errors provide more information about when a resource is missing. Add error for when the ACL system has not been bootstrapped. 1. Delete Token/Policy/AuthMethod/Role/BindingRule endpoints now return 404 when the resource cannot be found.","migration_hint":null},{"from_version":"ent-changelog-1.14.0","to_version":"ent-changelog-1.15.0","change_type":"breaking","description":"New error formats: \"Requested * does not exist: ACL not found\", \"* not found in namespace $NAMESPACE: ACL not found\" 3. Read Token/Policy/Role endpoints now return 404 when the resource cannot be found.","migration_hint":null},{"from_version":"ent-changelog-1.14.0","to_version":"ent-changelog-1.15.0","change_type":"breaking","description":"New error format: \"Cannot find * to delete\" 4. Logout now returns a 401 error when the supplied token cannot be found","migration_hint":null},{"from_version":"ent-changelog-1.14.0","to_version":"ent-changelog-1.15.0","change_type":"breaking","description":"New error format: \"Supplied token does not exist\" 5. Token Self endpoint now returns 404 when the token cannot be found.","migration_hint":null},{"from_version":"ent-changelog-1.14.0","to_version":"ent-changelog-1.15.0","change_type":"breaking","description":"New error format: \"Supplied token does not exist\" [[GH-16105](https://github.com/hashicorp/consul/issues/16105)]","migration_hint":null},{"from_version":"unknown","to_version":"ent-changelog-1.14.0","change_type":"breaking","description":"config: Add new `ports.grpc_tls` configuration option. Introduce a new port to better separate TLS config from the existing `ports.grpc` config. The new `ports.grpc_tls` only supports TLS encrypted communication. The existing `ports.grpc` now only supports plain-text communication. [[GH-15339](https://github.com/hashicorp/consul/issues/15339)]","migration_hint":null},{"from_version":"unknown","to_version":"ent-changelog-1.14.0","change_type":"breaking","description":"config: update 1.14 config defaults: Enable `peering` and `connect` by default. [[GH-15302](https://github.com/hashicorp/consul/issues/15302)]","migration_hint":null},{"from_version":"unknown","to_version":"ent-changelog-1.14.0","change_type":"breaking","description":"config: update 1.14 config defaults: Set gRPC TLS port default value to 8503 [[GH-15302](https://github.com/hashicorp/consul/issues/15302)]","migration_hint":null},{"from_version":"unknown","to_version":"ent-changelog-1.14.0","change_type":"breaking","description":"connect: Removes support for Envoy 1.20 [[GH-15093](https://github.com/hashicorp/consul/issues/15093)]","migration_hint":null},{"from_version":"unknown","to_version":"ent-changelog-1.14.0","change_type":"breaking","description":"peering: Rename `PeerName` to `Peer` on prepared queries and exported services. [[GH-14854](https://github.com/hashicorp/consul/issues/14854)]","migration_hint":null}],"total":30,"note":"Curated major-version breaking changes. Always verify against the package's official changelog before migrating.","_cache":"hit"}