Prepare 1.9.4

.release/security-scan.hcl

@@ -25,10 +25,77 @@ container {
   triage {
     suppress {
       vulnerabilities = [
-        "CVE-2024-58251",  # busybox@1.37.0-r19 - Alpine Linux security issue
-        "CVE-2025-46394",  # busybox@1.37.0-r19 - Alpine Linux security issue
-        "CVE-2025-47268",  # iputils@20240905-r0 - Alpine Linux security issue
-        "CVE-2025-48964"   # iputils@20240905-r0 - Alpine Linux security issue
+        "CVE-2000-3712",
+        "CVE-2006-1174",
+        "CVE-2010-5298",
+        "CVE-2014-3505",
+        "CVE-2014-3513",
+        "CVE-2014-3570",
+        "CVE-2014-8176",
+        "CVE-2015-0209",
+        "CVE-2015-3194",
+        "CVE-2015-3197",
+        "CVE-2015-4000",
+        "CVE-2015-7575",
+        "CVE-2016-0799",
+        "CVE-2016-2177",
+        "CVE-2016-7056",
+        "CVE-2016-8610",
+        "CVE-2017-3735",
+        "CVE-2017-3736",
+        "CVE-2018-0734",
+        "CVE-2018-0735",
+        "CVE-2019-1547",
+        "CVE-2019-1551",
+        "CVE-2020-1971",
+        "CVE-2021-23840",
+        "CVE-2021-3449",
+        "CVE-2021-3712",
+        "CVE-2021-43618",
+        "CVE-2022-0778",
+        "CVE-2022-1292",
+        "CVE-2022-3358",
+        "CVE-2022-3602",
+        "CVE-2022-4203",
+        "CVE-2022-4304",
+        "CVE-2023-0286",
+        "CVE-2023-0464",
+        "CVE-2023-2975",
+        "CVE-2023-3446",
+        "CVE-2023-4641",
+        "CVE-2023-5363",
+        "CVE-2024-12797",
+        "CVE-2024-2511",
+        "CVE-2024-4067",
+        "CVE-2024-40896",
+        "CVE-2024-52533",
+        "CVE-2024-5535",
+        "CVE-2024-56433",
+        "CVE-2024-57970",
+        "CVE-2024-6119",
+        "CVE-2025-11187",
+        "CVE-2025-13601",
+        "CVE-2025-14104",
+        "CVE-2025-15281",
+        "CVE-2025-15467",
+        "CVE-2025-25724",
+        "CVE-2025-31115",
+        "CVE-2025-32414",
+        "CVE-2025-3277",
+        "CVE-2025-3576",
+        "CVE-2025-4598",
+        "CVE-2025-5702",
+        "CVE-2025-5914",
+        "CVE-2025-6021",
+        "CVE-2025-6395",
+        "CVE-2025-68973",
+        "CVE-2025-6965",
+        "CVE-2025-8058",
+        "CVE-2025-9086",
+        "CVE-2025-9230",
+        "CVE-2025-9714",
+        "CVE-2026-0861",
+        "CVE-2026-24882"
       ]
     }
   }
@@ -44,10 +111,7 @@ binary {
 
   triage {
     suppress {
-      vulnerabilities = [
-        "GO-2022-0635",
-        "GO-2022-0646"
-      ]
+      vulnerabilities = []
     }
   }
 }

CHANGELOG.md

@@ -1,3 +1,12 @@
+## 1.9.4 (February 22, 2025)
+
+SECURITY:
+
+* Added input length validation on "consul.hashicorp.com/service-name" annotation [[GH-5107](https://github.com/hashicorp/consul-k8s/issues/5107)]
+* go: upgrade go version to 1.25.7 [[GH-5113](https://github.com/hashicorp/consul-k8s/issues/5113)]
+* docker: upgrade hashicorp/go-discover version to c9daf450621856f81604e3495af612b95db907d5 [[GH-5117](https://github.com/hashicorp/consul-k8s/issues/5117)]
+
+
 ## 1.9.3 (January 27, 2026)
 
 SECURITY:

charts/consul/Chart.yaml

@@ -3,8 +3,8 @@
 
 apiVersion: v2
 name: consul
-version: 1.9.1-dev
-appVersion: 1.22-dev
+version: 1.9.4
+appVersion: 1.22.4
 kubeVersion: ">=1.22.0-0"
 description: Official HashiCorp Consul Chart
 home: https://www.consul.io
@@ -15,11 +15,11 @@ sources:
 annotations:
   artifacthub.io/images: |
     - name: consul
-      image: docker.mirror.hashicorp.services/hashicorppreview/consul:1.22-dev
+      image: hashicorp/consul:1.22.4
     - name: consul-k8s-control-plane
-      image: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.9-dev
+      image: hashicorp/consul-k8s-control-plane:1.9.4
     - name: consul-dataplane
-      image: docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.9-dev
+      image: hashicorp/consul-dataplane:1.9.4
     - name: envoy
       image: envoyproxy/envoy:v1.25.11
   artifacthub.io/license: MPL-2.0

charts/consul/values.yaml

@@ -66,7 +66,7 @@ global:
   # image: "hashicorp/consul-enterprise:1.10.0-ent"
   # ```
   # @default: hashicorp/consul:<latest version>
-  image: docker.mirror.hashicorp.services/hashicorppreview/consul:1.22-dev
+  image: hashicorp/consul:1.22.4
 
   # Array of objects containing image pull secret names that will be applied to each service account.
   # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image.
@@ -86,7 +86,7 @@ global:
   # image that is used for functionality such as catalog sync.
   # This can be overridden per component.
   # @default: hashicorp/consul-k8s-control-plane:<latest version>
-  imageK8S: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.9-dev
+  imageK8S: hashicorp/consul-k8s-control-plane:1.9.4
 
   # The image pull policy used globally for images controlled by Consul (consul, consul-dataplane, consul-k8s, consul-telemetry-collector).
   # One of "IfNotPresent", "Always", "Never", and "". Refer to https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
@@ -793,7 +793,7 @@ global:
   # The name (and tag) of the consul-dataplane Docker image used for the
   # connect-injected sidecar proxies and mesh, terminating, and ingress gateways.
   # @default: hashicorp/consul-dataplane:<latest supported version>
-  imageConsulDataplane: docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.9-dev
+  imageConsulDataplane: hashicorp/consul-dataplane:1.9.4
 
   # Configuration for running this Helm chart on the Red Hat OpenShift platform.
   # This Helm chart currently supports OpenShift v4.x+.

version/version.go

@@ -17,12 +17,12 @@ var (
 	//
 	// Version must conform to the format expected by
 	// github.com/hashicorp/go-version for tests to work.
-	Version = "1.9.0"
+	Version = "1.9.4"
 
 	// A pre-release marker for the version. If this is "" (empty string)
 	// then it means that it is a final release. Otherwise, this is a pre-release
 	// such as "dev" (in development), "beta", "rc1", etc.
-	VersionPrerelease = "dev"
+	VersionPrerelease = ""
 )
 
 // GetHumanVersion composes the parts of the version in a way that's suitable