hashicorp · hc-github-team-consul-core · Aug 1, 2023 · Jun 7, 2023 · Jun 7, 2023 · Jun 8, 2023
diff --git a/.changelog/13023.txt b/.changelog/13023.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: the topology view now properly displays services with mixed connect and non-connect instances.
+```
diff --git a/.changelog/17075.txt b/.changelog/17075.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+agent: remove agent cache dependency from service mesh leaf certificate management
+```
diff --git a/.changelog/17160.txt b/.changelog/17160.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+Fix a bug that wrongly trims domains when there is an overlap with DC name.
+```
diff --git a/.changelog/17483.txt b/.changelog/17483.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+peering: Fix a bug that caused server agents to continue cleaning up peering resources even after loss of leadership.
+```
diff --git a/.changelog/17546.txt b/.changelog/17546.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: update supported envoy versions to 1.23.10, 1.24.8, 1.25.7, 1.26.2
+```
diff --git a/.changelog/17565.txt b/.changelog/17565.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+reloadable config: Made enable_debug config reloadable and enable pprof command to work when config toggles to true
+```
diff --git a/.changelog/17582.txt b/.changelog/17582.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+cli: `consul operator raft list-peers` command shows the number of commits each follower is trailing the leader by to aid in troubleshooting.
+```
diff --git a/.changelog/17596.txt b/.changelog/17596.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ debug: change default setting of consul debug command. now default duration is 5ms and default log level is 'TRACE'
+ ```
diff --git a/.changelog/17609.txt b/.changelog/17609.txt
@@ -0,0 +1,4 @@
+```release-note:bug
+gateways: Fixed a bug in API gateways where binding a route that only targets a service imported from a peer results
+in the programmed gateway having no routes.
+```
diff --git a/.changelog/17631.txt b/.changelog/17631.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+gateways: Fixed a bug where API gateways were not being taken into account in determining xDS rate limits.
+```
diff --git a/.changelog/17719.txt b/.changelog/17719.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Bump Dockerfile base image to `alpine:3.18`. 
+ ```
diff --git a/.changelog/17739.txt b/.changelog/17739.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+http: fixed API endpoint `PUT /acl/token/:AccessorID` (update token), no longer requires `AccessorID` in the request body. Web UI can now update tokens.
+ ```
diff --git a/.changelog/17754.txt b/.changelog/17754.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+ui: consul version is displayed in nodes list with filtering and sorting based on versions
+```
diff --git a/.changelog/17755.txt b/.changelog/17755.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+mesh: Stop jwt providers referenced by intentions from being deleted.
+```
diff --git a/.changelog/17757.txt b/.changelog/17757.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: Improve transparent proxy support for virtual services and failovers.
+```
diff --git a/.changelog/17759.txt b/.changelog/17759.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+extensions: Improve validation and error feedback for `property-override` builtin Envoy extension
+```
diff --git a/.changelog/17775.txt b/.changelog/17775.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect: Fix issue where changes to service exports were not reflected in proxies.
+```
diff --git a/.changelog/17780.txt b/.changelog/17780.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+cli: `consul watch` command uses `-filter` expression to filter response from checks, services, nodes, and service.
+```
diff --git a/.changelog/17846.txt b/.changelog/17846.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters
+```
diff --git a/.changelog/17885.txt b/.changelog/17885.txt
@@ -0,0 +1,2 @@
+```release-note:bug
+ca: Fixed a bug where the Vault provider was not passing the configured role param for AWS auth
diff --git a/.changelog/17888.txt b/.changelog/17888.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels
+```
diff --git a/.changelog/17894.txt b/.changelog/17894.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect: Fix incorrect protocol config merging for transparent proxy implicit upstreams.
+```
diff --git a/.changelog/17911.txt b/.changelog/17911.txt
@@ -0,0 +1,4 @@
+```release-note:bug
+gateway: Fixes a bug where envoy would silently reject RSA keys that are smaller than 2048 bits,
+we now reject those earlier in the process when we validate the certificate.
+```
diff --git a/.changelog/17939.txt b/.changelog/17939.txt
@@ -0,0 +1,4 @@
+```release-note:improvement
+http: GET API `operator/usage` endpoint now returns node count
+cli: `consul operator usage` command now returns node count
+```
diff --git a/.changelog/17978.txt b/.changelog/17978.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+mesh: Expose remote jwks cluster configuration through jwt-provider config entry
+```
diff --git a/.changelog/18011.txt b/.changelog/18011.txt
@@ -0,0 +1,4 @@
+```release-note:bug
+connect: Removes the default health check from the `consul connect envoy` command when starting an API Gateway.
+This health check would always fail.
+```
diff --git a/.changelog/18024.txt b/.changelog/18024.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration.
+```
diff --git a/.changelog/18068.txt b/.changelog/18068.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+xds: Prevent partial application of non-Required Envoy extensions in the case of failure.
+```
diff --git a/.changelog/18080.txt b/.changelog/18080.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+Fix some typos in metrics docs
+```
diff --git a/.changelog/18112.txt b/.changelog/18112.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ca: Fixes a Vault CA provider bug where updating RootPKIPath but not IntermediatePKIPath would not renew leaf signing certificates
+```
diff --git a/.changelog/18140.txt b/.changelog/18140.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+hcp: Removes requirement for HCP to provide a management token
+```
diff --git a/.changelog/18150.txt b/.changelog/18150.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager
+```
diff --git a/.changelog/18184.txt b/.changelog/18184.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+api: Fix client deserialization errors by marking new Enterprise-only prepared query fields as omit empty
+```
diff --git a/.changelog/18186.txt b/.changelog/18186.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Upgrade golang.org/x/net to address [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406)
+```
diff --git a/.changelog/18190.txt b/.changelog/18190.txt
@@ -0,0 +1,5 @@
+```release-note:security
+Upgrade to use Go 1.20.6.
+This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`) for uses of the standard library. 
+A separate change updates dependencies on `golang.org/x/net` to use `0.12.0`.
+```
diff --git a/.changelog/18223.txt b/.changelog/18223.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+cli: `consul members` command uses `-filter` expression to filter members based on bexpr.
+```
diff --git a/.changelog/18291.txt b/.changelog/18291.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+api-gateway: fix race condition in proxy config generation when Consul is notified of the bound-api-gateway config entry before it is notified of the api-gateway config entry.
+```
diff --git a/.changelog/18303.txt b/.changelog/18303.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+connect: update supported envoy versions to 1.23.12, 1.24.10, 1.25.9, 1.26.4
+```
diff --git a/.changelog/18319.txt b/.changelog/18319.txt
@@ -0,0 +1,6 @@
+```release-note:improvement
+acl: added builtin ACL policy that provides global read-only access (builtin/global-read-only)
+```
+```release-note:improvement
+acl: allow for a single slash character in policy names
+```
diff --git a/.changelog/18325.txt b/.changelog/18325.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+mesh: **(Enterprise Only)** Require that `jwt-provider` config entries are created in the `default` namespace.
+```
diff --git a/.changelog/_5517.txt b/.changelog/_5517.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+namespaces: **(Enterprise only)** fixes a bug where agent health checks stop syncing for all services on a node if the namespace of any service has been removed from the server.
+```
diff --git a/.changelog/_5614.txt b/.changelog/_5614.txt
@@ -0,0 +1,4 @@
+```release-note:bug
+namespaces: **(Enterprise only)** fixes a bug where namespaces are stuck in a deferred deletion state indefinitely under some conditions.
+Also fixes the Consul query metadata present in the HTTP headers of the namespace read and list endpoints.
+```
diff --git a/.changelog/_5669.txt b/.changelog/_5669.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+audit-logging: **(Enterprise only)** enable error response and request body logging
+```
diff --git a/.changelog/_5740.txt b/.changelog/_5740.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.
+```
diff --git a/.changelog/_5750.txt b/.changelog/_5750.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+cli: (Enterprise only) Add a new `consul operator audit hash` command to retrieve and compare the hash of the data used by the audit log hash function and salt.
+```
diff --git a/.changelog/_5805.txt b/.changelog/_5805.txt
@@ -0,0 +1,3 @@
+```release-note:security
+audit-logging: **(Enterprise only)** limit `v1/operator/audit-hash` endpoint to ACL token with `operator:read` privileges.
+```
diff --git a/.github/workflows/backport-assistant.yml b/.github/workflows/backport-assistant.yml
@@ -40,4 +40,4 @@ jobs:
           curl -s -H "Authorization: token ${{ secrets.PR_COMMENT_TOKEN }}" \
             -X POST \
             -d "{ \"body\": \"${github_message}\"}" \
-            "https://api.github.com/repos/${GITHUB_REPOSITORY}/pull/${{ github.event.pull_request.number }}/comments"
+            "https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${{ github.event.pull_request.number }}/comments"
diff --git a/.github/workflows/backport-reminder.yml b/.github/workflows/backport-reminder.yml