Consul Security Releases
Consul 1.10.6, 1.9.13, and 1.8.19 have been released to mitigate a CVE in Go.
- CVE-2021-44716 could create unbounded memory growth in HTTP2 servers
The security releases sent out earlier this week did not adequately fix this CVE as intended. This set of patch releases completes the resolution. Because of this, we are re-issuing patches on the 1.8 branch which previously was intended to be out of development.
NOTE: This will be the final release of Consul in the 1.8.x series.
Links
Consul 1.10.6:
OSS Binary: Consul v1.10.6 Binaries | HashiCorp Releases
Enterprise Binary: Consul v1.10.6+ent Binaries | HashiCorp Releases
Changelog: Release v1.10.6 · hashicorp/consul · GitHub
Consul 1.9.13:
OSS Binary: Consul v1.9.13 Binaries | HashiCorp Releases
Enterprise Binary: Consul v1.9.13+ent Binaries | HashiCorp Releases
Changelog: Release v1.9.13 · hashicorp/consul · GitHub
Consul 1.8.19:
OSS Binary: Consul v1.8.19 Binaries | HashiCorp Releases
Enterprise Binary: Consul v1.8.19+ent Binaries | HashiCorp Releases
Changelog: Release v1.8.19 · hashicorp/consul · GitHub