AWS IAM Auth Method: Consul now provides an AWS IAM auth method that allows AWS IAM roles and users to authenticate with Consul to obtain ACL tokens. Refer to AWS IAM Auth Method for detailed configuration information.
Per listener TLS Config: It is now possible to configure TLS differently for each of Consul's listeners, such as HTTPS, gRPC, and the internal multiplexed RPC listener, using the
tlsstanza. Refer to TLS Configuration Reference for more details.
AWS Lambda: Adds the ability to invoke AWS Lambdas through terminating gateways, which allows for cross-datacenter communication, transparent proxy, and intentions with Consul Service Mesh. Refer to AWS Lambda and Invoke Lambda Functions for more details.
Mesh-wide TLS min/max versions and cipher suites: Using the Mesh Config Entry or CRD, it is now possible to set TLS min/max versions and cipher suites for both inbound and outbound mTLS connections.
Expanded details for ACL Permission Denied errors: Details are now provided when a permission denied errors surface for RPC calls. Details include the accessor ID of the ACL token, the missing permission, and any namespace or partition that the error occurred on.
ACL token read: The
consul acl token read -rulescommand now includes an
-expandedoption to display detailed info about any policies and rules affecting the token. Refer to Consul ACL Token read for more details.
Automatically reload agent config when watching agent config file changes: When using the
auto-reload-configCLI flag or
auto_reload_configagent config option, Consul now automatically reloads the reloadable configuration options when configuration files change. Refer to auto_reload_config for more details.
Removes support for Envoy 1.17.x and Envoy 1.18.x, and adds support for Envoy 1.21.x and Envoy 1.22.x. Refer to the Envoy Compatibility matrix for more details.
disable_compat_1.9option now defaults to true. Metrics formatted in the style of version 1.9, such as
consul.http..., can still be enabled by setting disable_compat_1.9 = false. However, these metrics will be removed in 1.13.
agent_masterACL token has been renamed to
agent_recoveryACL token. In addition, the
consul acl set-agent-token mastercommand has been replaced with
consul acl set-agent-token recovery. Refer to ACL Agent Recovery Token and Consul ACL Set Agent Token for more information.
If TLS min versions and max versions are not specified, the TLS min/max versions default to the following values. For details on how to configure TLS min and max, refer to the Mesh TLS config entry or CRD documentation.
- Incoming connections: TLS 1.2 for min0 version, TLS 1.3 for max version
- Outgoing connections: TLS 1.2 for both TLS min and TLS max versions.
For more detailed information, please refer to the upgrade details page and the changelogs.
The changelogs for this major release version and any maintenance versions are listed below.
Note: These links take you to the changelogs on the GitHub website.