v1.22.0-rc2
Breaking Changes📦 consul-connect
⚠ 1 breaking🐛 1 fixes🔧 2 symbols
Summary
This release focuses heavily on security enhancements, addressing several CVEs related to DoS attacks and path traversal via the KV endpoint, and includes a minor fix for the operator utilization command help output.
⚠️ Breaking Changes
- Key name validation has been added to the key/value endpoint to fix path traversal attacks (CVE-2025-11392). If your existing keys contain characters previously allowed but now invalid, they may fail validation. You can temporarily disable this validation using the `DisableKVKeyValidation` configuration option.
Migration Steps
- Review existing key names in the KV store if you encounter validation errors after upgrading, especially if they contain characters previously permitted. If necessary, use the `DisableKVKeyValidation` configuration option as a temporary measure.
🐛 Bug Fixes
- Fixed `consul operator utilization --help` to correctly display only available options without extraneous parameters.
🔧 Affected Symbols
Consul KV endpointconsul operator utilization