github.com/hashicorp/consul/proto-public breaking changes

go

30 curated breaking changes across major versions of github.com/hashicorp/consul/proto-public. Use this as a migration checklist before bumping dependencies.

View package health \u2192Known bugs \u2192
30
changes
Breaking changes by transition
  • ent-changelog-1.18.17 \u2192 ent-changelog-1.19.0breaking

    telemetry: State store usage metrics with a double `consul` element in the metric name have been removed. Please use the same metric without the second `consul` instead. As an example instead of `consul.consul.state.config_entries` use `consul.state.config_entries` [[GH-20674](https://github.com/hashicorp/consul/issues/20674)]

  • ent-changelog-1.18.17 \u2192 ent-changelog-1.19.0breaking

    Upgrade to support Envoy `1.27.5 and 1.28.3`. This resolves CVE [CVE-2024-32475](https://nvd.nist.gov/vuln/detail/CVE-2024-32475) (`auto_sni`). [[GH-21017](https://github.com/hashicorp/consul/issues/21017)]

  • ent-changelog-1.18.17 \u2192 ent-changelog-1.19.0breaking

    Upgrade to support k8s.io/apimachinery `v0.18.7 or higher`. This resolves CVE [CVE-2020-8559](https://nvd.nist.gov/vuln/detail/CVE-2020-8559). [[GH-21017](https://github.com/hashicorp/consul/issues/21017)]

  • ent-changelog-1.18.17 \u2192 ent-changelog-1.19.0breaking

    dns: queries now default to a refactored DNS server that is v1 and v2 Catalog compatible. Use `v1dns` in the `experiments` agent config to disable. The legacy server will be removed in a future release of Consul. See the [Consul 1.19.x Release Notes](https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_19_x) for removed DNS features. [[GH-20715](https://github.com/hashicorp/consul/issues/20715)]

  • ent-changelog-1.18.17 \u2192 ent-changelog-1.19.0breaking

    gateways: api-gateway can leverage listener TLS certificates available on the gateway's local filesystem by specifying the public certificate and private key path in the new file-system-certificate configuration entry [[GH-20873](https://github.com/hashicorp/consul/issues/20873)]

  • ent-changelog-1.17.0 \u2192 ent-changelog-1.18.0breaking

    config-entries: Allow disabling request and idle timeouts with negative values in service router and service resolver config entries. [[GH-19992](https://github.com/hashicorp/consul/issues/19992)]

  • ent-changelog-1.17.0 \u2192 ent-changelog-1.18.0breaking

    telemetry: Adds fix to always use the value of `telemetry.disable_hostname` when determining whether to prefix gauge-type metrics with the hostname of the Consul agent. Previously, if only the default metric sink was enabled, this configuration was ignored and always treated as `true`, even though its default value is `false`. [[GH-20312](https://github.com/hashicorp/consul/issues/20312)]

  • ent-changelog-1.17.0 \u2192 ent-changelog-1.18.0breaking

    Update `golang.org/x/crypto` to v0.17.0 to address [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795). [[GH-20023](https://github.com/hashicorp/consul/issues/20023)]

  • ent-changelog-1.17.0 \u2192 ent-changelog-1.18.0breaking

    connect: Update supported envoy versions to 1.24.12, 1.25.11, 1.26.6, 1.27.2 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-19306](https://github.com/hashicorp/consul/issues/19306)]

  • ent-changelog-1.17.0 \u2192 ent-changelog-1.18.0breaking

    mesh: Update Envoy versions to 1.28.1, 1.27.3, and 1.26.7 to address [CVE-2024-23324](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://github.com/envoyproxy/envo

  • ent-changelog-1.16.0 \u2192 ent-changelog-1.17.0breaking

    api: RaftLeaderTransfer now requires an id string. An empty string can be specified to keep the old behavior. [[GH-17107](https://github.com/hashicorp/consul/issues/17107)]

  • ent-changelog-1.16.0 \u2192 ent-changelog-1.17.0breaking

    audit-logging: **(Enterprise only)** allowing timestamp based filename only on rotation. initially the filename will be just file.json [[GH-18668](https://github.com/hashicorp/consul/issues/18668)]

  • ent-changelog-1.16.0 \u2192 ent-changelog-1.17.0breaking

    Update `golang.org/x/net` to v0.17.0 to address [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`x/net/http2`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)]

  • ent-changelog-1.16.0 \u2192 ent-changelog-1.17.0breaking

    Upgrade Go to 1.20.10. This resolves vulnerability [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`net/http`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)]

  • ent-changelog-1.16.0 \u2192 ent-changelog-1.17.0breaking

    Upgrade `google.golang.org/grpc` to 1.56.3. This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-19414](https://github.com/hashicorp/consul/issues/19414)]

  • ent-changelog-1.15.19 \u2192 ent-changelog-1.16.0breaking

    api: The `/v1/health/connect/` and `/v1/health/ingress/` endpoints now immediately return 403 "Permission Denied" errors whenever a token with insufficient `service:read` permissions is provided. Prior to this change, the endpoints returned a success code with an empty result list when a token with insufficient permissions was provided. [[GH-17424](https://github.com/hashicorp/consul/issues/17424)]

  • ent-changelog-1.15.19 \u2192 ent-changelog-1.16.0breaking

    peering: Removed deprecated backward-compatibility behavior. Upstream overrides in service-defaults will now only apply to peer upstreams when the `peer` field is provided. Visit the 1.16.x [upgrade instructions](https://developer.hashicorp.com/consul/docs/upgrading/upgrade-specific) for more information. [[GH-16957](https://github.com/hashicorp/consul/issues/16957)]

  • ent-changelog-1.15.19 \u2192 ent-changelog-1.16.0breaking

    Bump Dockerfile base image to `alpine:3.18`. [[GH-17719](https://github.com/hashicorp/consul/issues/17719)]

  • ent-changelog-1.15.19 \u2192 ent-changelog-1.16.0breaking

    audit-logging: **(Enterprise only)** limit `v1/operator/audit-hash` endpoint to ACL token with `operator:read` privileges.

  • ent-changelog-1.15.19 \u2192 ent-changelog-1.16.0breaking

    api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.

  • ent-changelog-1.14.0 \u2192 ent-changelog-1.15.0breaking

    acl errors: Delete and get requests now return descriptive errors when the specified resource cannot be found. Other ACL request errors provide more information about when a resource is missing. Add error for when the ACL system has not been bootstrapped. 1. Delete Token/Policy/AuthMethod/Role/BindingRule endpoints now return 404 when the resource cannot be found.

  • ent-changelog-1.14.0 \u2192 ent-changelog-1.15.0breaking

    New error formats: "Requested * does not exist: ACL not found", "* not found in namespace $NAMESPACE: ACL not found" 3. Read Token/Policy/Role endpoints now return 404 when the resource cannot be found.

  • ent-changelog-1.14.0 \u2192 ent-changelog-1.15.0breaking

    New error format: "Cannot find * to delete" 4. Logout now returns a 401 error when the supplied token cannot be found

  • ent-changelog-1.14.0 \u2192 ent-changelog-1.15.0breaking

    New error format: "Supplied token does not exist" 5. Token Self endpoint now returns 404 when the token cannot be found.

  • ent-changelog-1.14.0 \u2192 ent-changelog-1.15.0breaking

    New error format: "Supplied token does not exist" [[GH-16105](https://github.com/hashicorp/consul/issues/16105)]

  • unknown \u2192 ent-changelog-1.14.0breaking

    config: Add new `ports.grpc_tls` configuration option. Introduce a new port to better separate TLS config from the existing `ports.grpc` config. The new `ports.grpc_tls` only supports TLS encrypted communication. The existing `ports.grpc` now only supports plain-text communication. [[GH-15339](https://github.com/hashicorp/consul/issues/15339)]

  • unknown \u2192 ent-changelog-1.14.0breaking

    config: update 1.14 config defaults: Enable `peering` and `connect` by default. [[GH-15302](https://github.com/hashicorp/consul/issues/15302)]

  • unknown \u2192 ent-changelog-1.14.0breaking

    config: update 1.14 config defaults: Set gRPC TLS port default value to 8503 [[GH-15302](https://github.com/hashicorp/consul/issues/15302)]

  • unknown \u2192 ent-changelog-1.14.0breaking

    connect: Removes support for Envoy 1.20 [[GH-15093](https://github.com/hashicorp/consul/issues/15093)]

  • unknown \u2192 ent-changelog-1.14.0breaking

    peering: Rename `PeerName` to `Peer` on prepared queries and exported services. [[GH-14854](https://github.com/hashicorp/consul/issues/14854)]

API access

Get this data programmatically \u2014 free, no authentication.

curl https://depscope.dev/api/breaking/go/github.com/hashicorp/consul/proto-public
github.com/hashicorp/consul/proto-public breaking changes — Go migration guide | DepScope