Consul ENT default version change #22783#22784
Merged
LakshmiNarayananDesikan merged 1 commit intomainfrom Sep 18, 2025
Merged
Conversation
Manishakumari-hc
approved these changes
Sep 18, 2025
sanikachavan5
pushed a commit
that referenced
this pull request
Sep 23, 2025
sanikachavan5
added a commit
that referenced
this pull request
Jan 28, 2026
* add timeouts to prevent slowloris attacks * rename * fix tests * fix test * fix failing test * add docs and tests * lint issues * Added support for IPv6 virtual IP offset calculation and validation. (#22741) * - Added support for IPv6 virtual IP offset calculation and validation. - Upgraded `github.com/miekg/dns` dependency to v1.1.68. - Included `BindAddr` in agent endpoint and enabled binding logic in IP offset calculations. - Updated `go.mod` and `go.sum` to reflect dependency changes. * Refactored `addIPOffset` to utilize `BindAddr` and introduced `getAgentBindAddr` for improved binding logic and IP offset calculation. Added utility function isDualStack * Executed go mod tidy * Refactored network utilities into `netutil` package and updated `catalog.go` to use new functions for improved modularity and clarity. Removed duplicate implementations of `GetAgentConfig` and `isDualStack`. * Added comprehensive unit tests for `netutil` package covering `GetAgentConfig`, `GetAgentBindAddr`, and `IsDualStack`. Refactored functions to support mocking for improved testability. * only retaining utility function changes. * added changelog * Latest Envoy version update - default v1.34.7 (#22735) * docs: Additional entries for versioned redirects (#22694) * "Get started" section redirects * deploy & secure * Consul operations complete * register & discover * Finish service networking * Enterprise, Runtimes, and Plugins sections * Reference docs * added BinAddr field in agent/self API response (#22761) * PKCE and Adding private key JWT support for OIDC (#22732) * Adding private key JWT support for OIDC * Submodules Version upgrade (#22776) * [CSL-11760] [Envoy Bootstrap] Defaults to IPv6 for admin-bind and grpc-addr in dual stack if its empty (#22763) * add: func to check dual-stack configuration * add: testcases for dual-stack of admin-bind and grpc adrr * envoy: admin-bind and grpc-addr dual-stack defaults to ipv6 * fix(review comment): creates a constant for loopback address * add: debug log to verify recieved isDualStack value * add: changelog file added * update: changelog file * fix: correct format specifier * fix(review): make constant for default envoy admin port * Update .changelog/22763.txt Co-authored-by: Sreeram Narayanan <sreeram.narayanan@hashicorp.com> * fix: TestAgent_Monitor flaky test --------- Co-authored-by: Sreeram Narayanan <sreeram.narayanan@hashicorp.com> * update: default upstream.local_bind_address to ::1 for IPv6 agent bind address (#22773) * update: default upstream.local_bind_address to ::1 for IPv6 agent bind addr * add: changelog --------- Co-authored-by: Mukul Anand <mukul.anand@hashicorp.com> * update: set proxy.local_service_address to ::1 for IPv6 agent bind addr (#22772) * update: set proxy.local_service_address to ::1 for IPv6 agent bind addr * add: changelog --------- Co-authored-by: Mukul Anand <mukul.anand@hashicorp.com> * update: default proxy BindAddress to :: for IPv6 agent bind addr (#22774) * update: default proxy BindAddress to :: for IPv6 agent bind addr * add: changelog * fixing conflicts --------- Co-authored-by: Mukul Anand <mukul.anand@hashicorp.com> * Consul ENT default version change #22783 (#22784) * [Bugfix]: suppress lacks token permission while checking dual stack (#22788) fix: suppress lacks token permission while checking dual stack * updated redhat image to latest (#22794) * Suppress CVEs (#22801) * redhat version revert (#22806) redhat image version revert to 9.6 * Suppress CVE-2025-6395 (#22808) * fix path cleaning of proxied urls (#22671) * fix path cleaning of proxied urls * add changelog * added more tests * add tests and address review comments * address review changes * remove usage of dynamic GitHub actions variable (#22725) use hardcoded names for preventing attacks * Multi Port Service Discovery (#22769) 1. Support for registering a service with multiple named ports 2. The named ports can be used in DNS queries to discover ports based on usecase * add timeouts to prevent slowloris attacks * Delete .changelog/22625.txt * doc changes * run codegen * simplify error handling * test: add long-running profile and trace tests for pprof handlers * changelog: update security note to clarify HTTP server timeout configurations against Slowloris attacks test: remove short test skip for HTTP server timeout tests --------- Co-authored-by: nitin-sachdev-29 <nitin.sachdev@hashicorp.com> Co-authored-by: LakshmiNarayananDesikan <lakshminarayanan.desikan@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: mansi991999 <mansi.panchal@hashicorp.com> Co-authored-by: anilvpatel <anilkumarvinodbhai.patel@hashicorp.com> Co-authored-by: Sreeram Narayanan <sreeram.narayanan@hashicorp.com> Co-authored-by: Mukul Anand <mukul.anand@hashicorp.com> Co-authored-by: Manisha Kumari <manisha.kumari@hashicorp.com> Co-authored-by: Sriram R <sriramr083@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Testing & Reproduction steps
Links
PR Checklist
PCI review checklist
I have documented a clear reason for, and description of, the change I am making.
If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
If applicable, I've documented the impact of any changes to security controls.
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.