Consul Security Releases
Consul 1.10.5, 1.9.12, and 1.8.18 have been released to mitigate two CVEs in Go.
- CVE-2021-44717 could allow a task on a Unix system with exhausted file handles to misdirect I/O.
- CVE-2021-44716 could create unbounded memory growth in HTTP2 servers
All of these releases upgrade the version of Go to 1.16.12 to remediate the vulnerabilities. Please see the changelogs for additional details of minor changes in these releases.
NOTE: This will be the final release of Consul in the 1.8.x series.
Links
Consul 1.10.5:
OSS Binary: Consul v1.10.5 Binaries | HashiCorp Releases
Enterprise Binary: Consul v1.10.5+ent Binaries | HashiCorp Releases
Changelog: Release v1.10.5 · hashicorp/consul · GitHub
Consul 1.9.12:
OSS Binary: Consul v1.9.12 Binaries | HashiCorp Releases
Enterprise Binary: Consul v1.9.12+ent Binaries | HashiCorp Releases
Changelog: Release v1.9.12 · hashicorp/consul · GitHub
Consul 1.8.18:
OSS Binary: Consul v1.8.18 Binaries | HashiCorp Releases
Enterprise Binary: Consul v1.8.18+ent Binaries | HashiCorp Releases
Changelog: Release v1.8.18 · hashicorp/consul · GitHub