v1.13.5

hc-github-team-es-release-engineering released this 14 Dec 16:19

7ba4e1b

1.13.5 (December 13, 2022)

SECURITY:

Upgrade to use Go 1.18.9. This resolves a vulnerability where restricted files can be read on Windows. CVE-2022-41720 [GH-15706]
Upgrades golang.org/x/net to prevent a denial of service by excessive memory usage caused by HTTP2 requests. CVE-2022-41717 [GH-15743]

IMPROVEMENTS:

connect: ensure all vault connect CA tests use limited privilege tokens [GH-15669]

BUG FIXES:

agent: (Enterprise Only) Ensure configIntentionsConvertToList does not compare empty strings with populated strings when filtering intentions created prior to AdminPartitions.
cli: (Enterprise Only) Fix issue where consul partition update subcommand was not registered and therefore not available through the cli.
connect: Fixed issue where using Vault 1.11+ as CA provider in a secondary datacenter would eventually break Intermediate CAs [GH-15661]

Assets 2