Path to this page:
Subject: CVS commit: pkgsrc/sysutils/consul
From: Filip Hajny
Date: 2018-07-31 14:34:55
Message id: 20180731123455.A2945FBEC@cvs.NetBSD.org
Log Message:
sysutils/consul: Update to 1.2.2
## 1.2.2 (July 30, 2018)
SECURITY:
- acl: Fixed an issue where writes operations on the Keyring and
Operator were being allowed with a default allow policy even when
explicitly denied in the policy.
FEATURES:
- **Alias Checks:** Alias checks allow a service or node to alias the
health status of another service or node in the cluster.
- agent: New Cloud Auto-join providers: vSphere and Packet.net.
- cli: Added `-serf-wan-port`, `-serf-lan-port`, and `-server-port`
flags to CLI for cases where these can't be specified in config
files and `-hcl` is too cumbersome.
- connect: The TTL of leaf (service) certificates in Connect is now
configurable.
IMPROVEMENTS:
- proxy: With `-register` flag, heartbeat failures will only log once
service registration succeeds.
- http: 1.0.3 introduced rejection of non-printable chars in HTTP URLs
due to a security vulnerability. Some users who had keys written
with an older version which are now dissallowed were unable to delete
them. A new config option disable_http_unprintable_char_filter is
added to allow those users to remove the offending keys. Leaving this
new option set long term is strongly discouraged as it bypasses
filtering necessary to prevent some known vulnerabilities.
- agent: Allow for advanced configuration of some gossip related
parameters.
- agent: Make some Gossip tuneables configurable via the config file
- ui: Included searching on `.Tags` when using the freetext search
field.
- ui: Service.ID's are now shown in the Service detail page and (only
if it is different from the service name) the Node Detail >
[Services] tab.
BUG FIXES:
- acl/connect: Fix an issue that was causing managed proxies not to
work when ACLs were enabled.
- connect: Fix issue with managed proxies and watches attempting to
use a client addr that is 0.0.0.0 or ::
- connect: Allow Native and Unmanaged proxy configurations via config
file
- connect: Fix bug causing 100% CPU on agent when Connect is disabled
but a proxy is still running
- proxy: Don't restart proxies setup in a config file when Consul
restarts
- ui: Display the Service.IP address instead of the Node.IP address in
the Service detail view.
- ui: Watch for trailing slash stripping 301 redirects and forward the
user to the correct location.
- connect: Fixed an issue in the connect native HTTP client where it
failed to resolve service names.
## 1.2.1 (July 12, 2018)
IMPROVEMENTS:
- acl: Prevented multiple ACL token refresh operations from occurring
simultaneously.
- acl: Add async-cache down policy mode to always do ACL token
refreshes in the background to reduce latency.
- proxy: Pass through HTTP client env vars to managed proxies so that
they can connect back to Consul over HTTPs when not serving HTTP.
- connect: Persist intermediate CAs on leader change.
BUG FIXES:
- api: Intention APIs parse error response body for error message.
- agent: Intention read endpoint returns a 400 on invalid UUID
- agent: Service registration with "services" does not error on
Connect upstream configuration.
- dns: Ensure that TXT RRs dont get put in the Answer section for
A/AAAA queries.
- dns: Ensure that only 1 CNAME is returned when querying for services
that have non-IP service addresses.
- api: Fixed issue where `Lock` and `Semaphore` would return earlier
than their requested timeout when unable to acquire the lock.
- watch: Fix issue with HTTPs only agents not executing watches
properly
- agent: Managed proxies that bind to 0.0.0.0 now get a health check
on a sane IP
- server: (Consul Enterprise) Fixed an issue causing Consul to panic
when network areas were used
- license: (Consul Enterprise) Fixed an issue causing the snapshot
agent to log erroneous licensing errors
Files: