From 6d9d9e29b00aca65bfe95488e4caae134c02d202 Mon Sep 17 00:00:00 2001 From: anilvpatel Date: Fri, 20 Feb 2026 22:03:13 +0530 Subject: [PATCH 1/5] chart and version updated --- charts/consul/Chart.yaml | 10 +++++----- charts/consul/values.yaml | 6 +++--- version/version.go | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/consul/Chart.yaml b/charts/consul/Chart.yaml index 7ceca31c13..8ab0dfa395 100644 --- a/charts/consul/Chart.yaml +++ b/charts/consul/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v2 name: consul -version: 1.9.1-dev -appVersion: 1.22-dev +version: 1.9.4 +appVersion: 1.22.4 kubeVersion: ">=1.22.0-0" description: Official HashiCorp Consul Chart home: https://www.consul.io @@ -15,11 +15,11 @@ sources: annotations: artifacthub.io/images: | - name: consul - image: docker.mirror.hashicorp.services/hashicorppreview/consul:1.22-dev + image: hashicorp/consul:1.22.4 - name: consul-k8s-control-plane - image: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.9-dev + image: hashicorp/consul-k8s-control-plane:1.9.4 - name: consul-dataplane - image: docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.9-dev + image: hashicorp/consul-dataplane:1.9.4 - name: envoy image: envoyproxy/envoy:v1.25.11 artifacthub.io/license: MPL-2.0 diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index 1c8da4d281..ce557a2f3f 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -66,7 +66,7 @@ global: # image: "hashicorp/consul-enterprise:1.10.0-ent" # ``` # @default: hashicorp/consul: - image: docker.mirror.hashicorp.services/hashicorppreview/consul:1.22-dev + image: hashicorp/consul:1.22.4 # Array of objects containing image pull secret names that will be applied to each service account. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. @@ -86,7 +86,7 @@ global: # image that is used for functionality such as catalog sync. # This can be overridden per component. # @default: hashicorp/consul-k8s-control-plane: - imageK8S: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.9-dev + imageK8S: hashicorp/consul-k8s-control-plane:1.9.4 # The image pull policy used globally for images controlled by Consul (consul, consul-dataplane, consul-k8s, consul-telemetry-collector). # One of "IfNotPresent", "Always", "Never", and "". Refer to https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy @@ -793,7 +793,7 @@ global: # The name (and tag) of the consul-dataplane Docker image used for the # connect-injected sidecar proxies and mesh, terminating, and ingress gateways. # @default: hashicorp/consul-dataplane: - imageConsulDataplane: docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.9-dev + imageConsulDataplane: hashicorp/consul-dataplane:1.9.4 # Configuration for running this Helm chart on the Red Hat OpenShift platform. # This Helm chart currently supports OpenShift v4.x+. diff --git a/version/version.go b/version/version.go index b096a5f2e8..0a9be3d5cc 100644 --- a/version/version.go +++ b/version/version.go @@ -17,12 +17,12 @@ var ( // // Version must conform to the format expected by // github.com/hashicorp/go-version for tests to work. - Version = "1.9.0" + Version = "1.9.4" // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release // such as "dev" (in development), "beta", "rc1", etc. - VersionPrerelease = "dev" + VersionPrerelease = "" ) // GetHumanVersion composes the parts of the version in a way that's suitable From 0ad61bed458dd59c5361c8c628244e5508dc9dcd Mon Sep 17 00:00:00 2001 From: anilvpatel Date: Fri, 20 Feb 2026 22:04:02 +0530 Subject: [PATCH 2/5] add changelog --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b80214d64..e765927e37 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +## 1.9.4 (February 22, 2025) + +SECURITY: + +* Added input length validation on "consul.hashicorp.com/service-name" annotation [[GH-5107](https://github.com/hashicorp/consul-k8s/issues/5107)] +* go: upgrade go version to 1.25.7 [[GH-5113](https://github.com/hashicorp/consul-k8s/issues/5113)] +* docker: upgrade hashicorp/go-discover version to c9daf450621856f81604e3495af612b95db907d5 [[GH-5117](https://github.com/hashicorp/consul-k8s/issues/5117)] + + + ## 1.9.3 (January 27, 2026) SECURITY: From 2089b5dc7ee6d2aec9f5f02733f9401ef355277b Mon Sep 17 00:00:00 2001 From: anilvpatel Date: Fri, 20 Feb 2026 22:48:33 +0530 Subject: [PATCH 3/5] rpmdp suppress list --- .release/security-scan.hcl | 80 ++++++++++++++++++++++++++++++++++---- 1 file changed, 72 insertions(+), 8 deletions(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 554ad97978..5e9df65026 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -25,10 +25,77 @@ container { triage { suppress { vulnerabilities = [ - "CVE-2024-58251", # busybox@1.37.0-r19 - Alpine Linux security issue - "CVE-2025-46394", # busybox@1.37.0-r19 - Alpine Linux security issue - "CVE-2025-47268", # iputils@20240905-r0 - Alpine Linux security issue - "CVE-2025-48964" # iputils@20240905-r0 - Alpine Linux security issue + "CVE-2000-3712", + "CVE-2006-1174", + "CVE-2010-5298", + "CVE-2014-3505", + "CVE-2014-3513", + "CVE-2014-3570", + "CVE-2014-8176", + "CVE-2015-0209", + "CVE-2015-3194", + "CVE-2015-3197", + "CVE-2015-4000", + "CVE-2015-7575", + "CVE-2016-0799", + "CVE-2016-2177", + "CVE-2016-7056", + "CVE-2016-8610", + "CVE-2017-3735", + "CVE-2017-3736", + "CVE-2018-0734", + "CVE-2018-0735", + "CVE-2019-1547", + "CVE-2019-1551", + "CVE-2020-1971", + "CVE-2021-23840", + "CVE-2021-3449", + "CVE-2021-3712", + "CVE-2021-43618", + "CVE-2022-0778", + "CVE-2022-1292", + "CVE-2022-3358", + "CVE-2022-3602", + "CVE-2022-4203", + "CVE-2022-4304", + "CVE-2023-0286", + "CVE-2023-0464", + "CVE-2023-2975", + "CVE-2023-3446", + "CVE-2023-4641", + "CVE-2023-5363", + "CVE-2024-12797", + "CVE-2024-2511", + "CVE-2024-4067", + "CVE-2024-40896", + "CVE-2024-52533", + "CVE-2024-5535", + "CVE-2024-56433", + "CVE-2024-57970", + "CVE-2024-6119", + "CVE-2025-11187", + "CVE-2025-13601", + "CVE-2025-14104", + "CVE-2025-15281", + "CVE-2025-15467", + "CVE-2025-25724", + "CVE-2025-31115", + "CVE-2025-32414", + "CVE-2025-3277", + "CVE-2025-3576", + "CVE-2025-4598", + "CVE-2025-5702", + "CVE-2025-5914", + "CVE-2025-6021", + "CVE-2025-6395", + "CVE-2025-68973", + "CVE-2025-6965", + "CVE-2025-8058", + "CVE-2025-9086", + "CVE-2025-9230", + "CVE-2025-9714", + "CVE-2026-0861", + "CVE-2026-24882" ] } } @@ -44,10 +111,7 @@ binary { triage { suppress { - vulnerabilities = [ - "GO-2022-0635", - "GO-2022-0646" - ] + vulnerabilities = [] } } } From 37090302cf65e3c153e56fbe16c048343654f683 Mon Sep 17 00:00:00 2001 From: anilvpatel Date: Fri, 20 Feb 2026 22:50:42 +0530 Subject: [PATCH 4/5] fix changelog --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e765927e37..ec1a6ce4e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,6 @@ SECURITY: * docker: upgrade hashicorp/go-discover version to c9daf450621856f81604e3495af612b95db907d5 [[GH-5117](https://github.com/hashicorp/consul-k8s/issues/5117)] - ## 1.9.3 (January 27, 2026) SECURITY: From d1abe69d6653f287ed9b021cc9532ef537613513 Mon Sep 17 00:00:00 2001 From: anilvpatel Date: Sat, 21 Feb 2026 17:51:06 +0530 Subject: [PATCH 5/5] bump api and sdk version --- acceptance/go.mod | 4 ++-- acceptance/go.sum | 8 ++++---- control-plane/cni/go.mod | 2 +- control-plane/cni/go.sum | 4 ++-- control-plane/go.mod | 8 ++++---- control-plane/go.sum | 8 ++++---- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/acceptance/go.mod b/acceptance/go.mod index 2efb3e362c..9586321f1e 100644 --- a/acceptance/go.mod +++ b/acceptance/go.mod @@ -10,8 +10,8 @@ require ( github.com/google/uuid v1.6.0 github.com/gruntwork-io/terratest v0.46.7 github.com/hashicorp/consul-k8s/control-plane v0.0.0-20240821160356-557f7c37e108 - github.com/hashicorp/consul/api v1.33.2 - github.com/hashicorp/consul/sdk v0.17.1 + github.com/hashicorp/consul/api v1.33.3 + github.com/hashicorp/consul/sdk v0.17.2 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-uuid v1.0.3 github.com/hashicorp/go-version v1.6.0 diff --git a/acceptance/go.sum b/acceptance/go.sum index 6c1487b9cd..e408be1f91 100644 --- a/acceptance/go.sum +++ b/acceptance/go.sum @@ -294,12 +294,12 @@ github.com/gruntwork-io/terratest v0.46.7 h1:oqGPBBO87SEsvBYaA0R5xOq+Lm2Xc5dmFVf github.com/gruntwork-io/terratest v0.46.7/go.mod h1:6gI5MlLeyF+SLwqocA5GBzcTix+XiuxCy1BPwKuT+WM= github.com/hashicorp/consul-k8s/control-plane v0.0.0-20240821160356-557f7c37e108 h1:5jSMtMGeY//hvkAefiomxP1Jqb5MtnKgsnlsZpEwiJE= github.com/hashicorp/consul-k8s/control-plane v0.0.0-20240821160356-557f7c37e108/go.mod h1:SY22WR9TJmlcK18Et2MAqy+kqAFJzbWFElN89vMTSiM= -github.com/hashicorp/consul/api v1.33.2 h1:Q6mE0WZsUTJerlnl9TuXzqrtZ0cKdOCsxcZhj5mKbMs= -github.com/hashicorp/consul/api v1.33.2/go.mod h1:K3yoL/vnIBcQV/25NeMZVokRvPPERiqp2Udtr4xAfhs= +github.com/hashicorp/consul/api v1.33.3 h1:6ttDO8Os/lqwaus7nJxJaeiUw2o7GWKoQ1jexAFPdEQ= +github.com/hashicorp/consul/api v1.33.3/go.mod h1:1HoAkxkKpC8A9lsUYs7QCMfSSKiz6+vlfrI1J3PUEeI= github.com/hashicorp/consul/proto-public v0.7.0 h1:eHnDLHh8kBDxJZS1fYHNoh/JPjLN7FAwu1vLXOa8QxE= github.com/hashicorp/consul/proto-public v0.7.0/go.mod h1:0EVZbKUi8/w5l6gTi4GZdcvGMG9k/CCkPmZVxJEBRpA= -github.com/hashicorp/consul/sdk v0.17.1 h1:LumAh8larSXmXw2wvw/lK5ZALkJ2wK8VRwWMLVV5M5c= -github.com/hashicorp/consul/sdk v0.17.1/go.mod h1:EngiixMhmw9T7wApycq6rDRFXXVUwjjf7HuLiGMH/Sw= +github.com/hashicorp/consul/sdk v0.17.2 h1:sC0jgNhJkZX3wo1DCrkG12r+1JlZQpWvk3AoL3yZE4Q= +github.com/hashicorp/consul/sdk v0.17.2/go.mod h1:VjccKcw6YhMhjH84/ZhTXZ0OG4SUq+K25P6DiCV/Hvg= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= diff --git a/control-plane/cni/go.mod b/control-plane/cni/go.mod index 1d3fcba470..d88aa984bd 100644 --- a/control-plane/cni/go.mod +++ b/control-plane/cni/go.mod @@ -15,7 +15,7 @@ require ( k8s.io/client-go v0.29.8 ) -require github.com/hashicorp/consul/sdk v0.17.1 +require github.com/hashicorp/consul/sdk v0.17.2 require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect diff --git a/control-plane/cni/go.sum b/control-plane/cni/go.sum index 8d219c2306..6e2779816c 100644 --- a/control-plane/cni/go.sum +++ b/control-plane/cni/go.sum @@ -60,8 +60,8 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJY github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/hashicorp/consul/sdk v0.17.1 h1:LumAh8larSXmXw2wvw/lK5ZALkJ2wK8VRwWMLVV5M5c= -github.com/hashicorp/consul/sdk v0.17.1/go.mod h1:EngiixMhmw9T7wApycq6rDRFXXVUwjjf7HuLiGMH/Sw= +github.com/hashicorp/consul/sdk v0.17.2 h1:sC0jgNhJkZX3wo1DCrkG12r+1JlZQpWvk3AoL3yZE4Q= +github.com/hashicorp/consul/sdk v0.17.2/go.mod h1:VjccKcw6YhMhjH84/ZhTXZ0OG4SUq+K25P6DiCV/Hvg= github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= diff --git a/control-plane/go.mod b/control-plane/go.mod index 011ed51b3f..320e39e0d8 100644 --- a/control-plane/go.mod +++ b/control-plane/go.mod @@ -6,9 +6,9 @@ replace github.com/hashicorp/consul-k8s/version => ../version replace github.com/hashicorp/consul-k8s/control-plane/cni => ./cni -replace github.com/hashicorp/consul/api => github.com/hashicorp/consul/api v1.33.2 +replace github.com/hashicorp/consul/api => github.com/hashicorp/consul/api v1.33.3 -replace github.com/hashicorp/consul/sdk => github.com/hashicorp/consul/sdk v0.17.1 +replace github.com/hashicorp/consul/sdk => github.com/hashicorp/consul/sdk v0.17.2 replace github.com/hashicorp/consul => github.com/hashicorp/consul v1.11.0-alpha.0.20260112121053-7ee7c79b61f0 @@ -27,8 +27,8 @@ require ( github.com/hashicorp/consul-k8s/control-plane/cni v0.0.0-20240226161840-f3842c41cb2b github.com/hashicorp/consul-k8s/version v0.0.0 github.com/hashicorp/consul-server-connection-manager v0.1.12 - github.com/hashicorp/consul/api v1.33.2 - github.com/hashicorp/consul/sdk v0.17.1 + github.com/hashicorp/consul/api v1.33.3 + github.com/hashicorp/consul/sdk v0.17.2 github.com/hashicorp/go-bexpr v0.1.11 github.com/hashicorp/go-discover v1.1.0 github.com/hashicorp/go-hclog v1.6.3 diff --git a/control-plane/go.sum b/control-plane/go.sum index ce4f5b3cae..206c6f47a5 100644 --- a/control-plane/go.sum +++ b/control-plane/go.sum @@ -272,12 +272,12 @@ github.com/hashicorp/consul v1.11.0-alpha.0.20260112121053-7ee7c79b61f0 h1:a14sO github.com/hashicorp/consul v1.11.0-alpha.0.20260112121053-7ee7c79b61f0/go.mod h1:Q+SsUkHg8Gu+xuMku4nq+VHFYIT581yf8jOBBAW4bvc= github.com/hashicorp/consul-server-connection-manager v0.1.12 h1:c/7LIghSdVqQKu4v9SPzxeHot0pphQ/FtRzzDlN3Vrg= github.com/hashicorp/consul-server-connection-manager v0.1.12/go.mod h1:f1x48hfZMLUTqdwBVPTezV43COWTixtnLmSbxjD0SHg= -github.com/hashicorp/consul/api v1.33.2 h1:Q6mE0WZsUTJerlnl9TuXzqrtZ0cKdOCsxcZhj5mKbMs= -github.com/hashicorp/consul/api v1.33.2/go.mod h1:K3yoL/vnIBcQV/25NeMZVokRvPPERiqp2Udtr4xAfhs= +github.com/hashicorp/consul/api v1.33.3 h1:6ttDO8Os/lqwaus7nJxJaeiUw2o7GWKoQ1jexAFPdEQ= +github.com/hashicorp/consul/api v1.33.3/go.mod h1:1HoAkxkKpC8A9lsUYs7QCMfSSKiz6+vlfrI1J3PUEeI= github.com/hashicorp/consul/proto-public v0.7.0 h1:eHnDLHh8kBDxJZS1fYHNoh/JPjLN7FAwu1vLXOa8QxE= github.com/hashicorp/consul/proto-public v0.7.0/go.mod h1:0EVZbKUi8/w5l6gTi4GZdcvGMG9k/CCkPmZVxJEBRpA= -github.com/hashicorp/consul/sdk v0.17.1 h1:LumAh8larSXmXw2wvw/lK5ZALkJ2wK8VRwWMLVV5M5c= -github.com/hashicorp/consul/sdk v0.17.1/go.mod h1:EngiixMhmw9T7wApycq6rDRFXXVUwjjf7HuLiGMH/Sw= +github.com/hashicorp/consul/sdk v0.17.2 h1:sC0jgNhJkZX3wo1DCrkG12r+1JlZQpWvk3AoL3yZE4Q= +github.com/hashicorp/consul/sdk v0.17.2/go.mod h1:VjccKcw6YhMhjH84/ZhTXZ0OG4SUq+K25P6DiCV/Hvg= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=