Change8

v2.0.2

Breaking Changes
📦 consul-connectView on GitHub →
2 breaking2 features🐛 1 fixes🔧 5 symbols

Summary

This release focuses on security by upgrading the Alpine base image and dependencies, and introduces Enterprise features for API Gateway extensions. It also fixes an xDS bug related to client certificate emission.

⚠️ Breaking Changes

  • xds: Returning errors when injecting the L4 intention (RBAC) filter or the mTLS transport socket onto an inbound public listener. This prevents the listener from being served without intention enforcement or mTLS, which might break configurations relying on this behavior.
  • deps: Migration of `armon/go-metrics` to `hashicorp/go-metrics` may cause issues if direct imports of the old package were used.

Migration Steps

  1. If you were relying on listeners being served without intention enforcement or mTLS when L4 intention filter or mTLS transport socket was injected onto an inbound public listener, you must now ensure proper configuration.
  2. Review imports related to `armon/go-metrics` and update them to use `hashicorp/go-metrics`.

✨ New Features

  • (Enterprise only) Added ExtAuthzFilter to HTTPRoute Filters and gateway-wide ExtAuthz toggle to the api-gateway config entry.
  • (Enterprise only) Addition of External Processor (ext_proc) Envoy Extension support to api-gateway and connect-proxy.

🐛 Bug Fixes

  • xds: Only emit the client cert SDS block when both CertFile and KeyFile are set.

Affected Symbols