Rebase 1.20.0 rc (#21775)

* Backport of Stage rc release into release/1.20.x (#21772) backport of commit d311f2b Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com> * Backport of Upgrade ubi image to 9.4 into release/1.20.x (#21773) * backport of commit 888e302 * backport of commit 17499dc * backport of commit d933d37 --------- Co-authored-by: Dhia Ayachi <dhia.ayachi@gmail.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * updated changelog * Update CHANGELOG.md --------- Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com> Co-authored-by: Dhia Ayachi <dhia.ayachi@gmail.com>
hashicorp · Sep 20, 2024 · f0004df · f0004df
1 parent a6ebb5e
commit f0004df
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 1 deletion.
diff --git a/.changelog/21750.txt b/.changelog/21750.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+security: upgrade ubi base image to 9.4
+```
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,34 @@
+## 1.20.0-rc1 (September 19, 2024)
+
+SECURITY:
+
+* Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [[GH-21704](https://github.com/hashicorp/consul/issues/21704)]
+* Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [[GH-21711](https://github.com/hashicorp/consul/issues/21711)]
+* UI: Remove codemirror linting due to package dependency [[GH-21726](https://github.com/hashicorp/consul/issues/21726)]
+* Upgrade Go to use 1.22.7. This addresses CVE 
+[CVE-2024-34155](https://nvd.nist.gov/vuln/detail/CVE-2024-34155) [[GH-21705](https://github.com/hashicorp/consul/issues/21705)]
+* Upgrade to support aws/aws-sdk-go `v1.55.5 or higher`. This resolves CVEs
+[CVE-2020-8911](https://nvd.nist.gov/vuln/detail/cve-2020-8911) and 
+[CVE-2020-8912](https://nvd.nist.gov/vuln/detail/cve-2020-8912). [[GH-21684](https://github.com/hashicorp/consul/issues/21684)]
+* ui: Pin a newer resolution of Braces [[GH-21710](https://github.com/hashicorp/consul/issues/21710)]
+* ui: Pin a newer resolution of Codemirror [[GH-21715](https://github.com/hashicorp/consul/issues/21715)]
+* ui: Pin a newer resolution of Markdown-it [[GH-21717](https://github.com/hashicorp/consul/issues/21717)]
+* ui: Pin a newer resolution of ansi-html [[GH-21735](https://github.com/hashicorp/consul/issues/21735)]
+
+FEATURES:
+
+* server: remove v2 tenancy, catalog, and mesh experiments [[GH-21592](https://github.com/hashicorp/consul/issues/21592)]
+
+IMPROVEMENTS:
+
+* security: upgrade ubi base image to 9.4 [[GH-21750](https://github.com/hashicorp/consul/issues/21750)]
+* connect: Add Envoy 1.31 and 1.30 to support matrix [[GH-21616](https://github.com/hashicorp/consul/issues/21616)]
+
+BUG FIXES:
+
+* jwt-provider: change dns lookup family from the default of AUTO which would prefer ipv6 to ALL if LOGICAL_DNS is used or PREFER_IPV4 if STRICT_DNS is used to gracefully handle transitions to ipv6. [[GH-21703](https://github.com/hashicorp/consul/issues/21703)]
+
+
 ## 1.19.2 (August 26, 2024)
 
 SECURITY:

diff --git a/Dockerfile b/Dockerfile
@@ -203,7 +203,7 @@ CMD ["agent", "-dev", "-client", "0.0.0.0"]
 
 # Red Hat UBI-based image
 # This target is used to build a Consul image for use on OpenShift.
-FROM registry.access.redhat.com/ubi9-minimal:9.3 as ubi
+FROM registry.access.redhat.com/ubi9-minimal:9.4 as ubi
 
 ARG PRODUCT_VERSION
 ARG PRODUCT_REVISION