We have released Consul 1.7.0-beta4. This release contains the security fixes that were also released in v1.6.3 earlier this week. In addition to the security and bug fixes Consul has now gained the ability to output logs in JSON form.
A vulnerability was identified in Consul such that unbounded resource usage, triggered by the establishment of many unauthenticated HTTP or RPC connections, may generate excessive load and/or crash the server.
This vulnerability affects all previous releases of Consul, and is fixed in the 1.6.3 and 1.7.0-beta4 releases. For full details about the problem and how to remediate see issue 7159 1 on GitHub.
A low risk vulnerability was identified in Consul HTTP API such that the endpoints v1/agent/health/service/* did not enforce acl
This vulnerability affects Consul releases 1.4.1 until 1.6.2, and is fixed in 1.6.3 and 1.7.0-beta4. For full details about the problem and how to remediate see issue 7160 1 on GitHub.
Please see the complete changelog for details on the release: