Prepare for release 1.8.4 (#4927)

krutibaraiya · web-flow · commit be6707b33690 · 2025-11-05T16:23:56.000+05:30
* Prepare for release 1.8.4

* suppress cve
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
@@ -28,7 +28,23 @@ container {
         "CVE-2024-58251",
         "CVE-2025-46394",
         "CVE-2025-47268",
-        "CVE-2025-48964"
+        "CVE-2025-48964",
+        "CVE-2025-25724",
+        "CVE-2024-57970",
+        "CVE-2024-12797",
+        "CVE-2025-3277",
+        "CVE-2025-6965",
+        "CVE-2025-6395",
+        "CVE-2025-31115",
+        "CVE-2025-32414",
+        "CVE-2025-3576",
+        "CVE-2025-5702",
+        "CVE-2025-6021",
+        "CVE-2024-4067",
+        "CVE-2024-52533",
+        "CVE-2024-40896",
+        "CVE-2025-5914",
+        "CVE-2025-8058"
       ]
     }
   }
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,19 @@
+## 1.8.4 (November 5, 2023)
+
+SECURITY:
+
+* Updated AWS SDK dependencies and added CVE suppressions. Upgraded github.com/aws/aws-sdk-go from v1.38.63 to v1.55.8 in hack/aws-acceptance-test-cleanup utilities and suppressed CVEs:
+[GO-2022-0635](https://pkg.go.dev/vuln/GO-2022-0635) (AWS S3 Crypto SDK - in-band key negotiation issue)
+[GO-2022-0646](https://pkg.go.dev/vuln/GO-2022-0646) (AWS S3 Crypto SDK - CBC padding oracle issue)
+
+These vulnerabilities affect only test cleanup utilities in unused S3 crypto components. They do not impact production consul-k8s deployments. [[GH-4870](https://github.com/hashicorp/consul-k8s/issues/4870)]
+* go: upgrade go version to 1.25.3 [[GH-4897](https://github.com/hashicorp/consul-k8s/issues/4897)]
+
+IMPROVEMENTS:
+
+* Consul-dataplane now includes both privileged and non-privileged binaries in the image. By default, all use cases use the non-privileged binaries (without NET_BIND_SERVICE). For Ingress, API, and Mesh Gateway use cases, if a privileged port is configured, the privileged binary (with NET_BIND_SERVICE capability) is automatically selected and used. [[GH-4745](https://github.com/hashicorp/consul-k8s/issues/4745)]
+* control-plane: updated endpoints controller to use podIP from endpoint object [[GH-4809](https://github.com/hashicorp/consul-k8s/issues/4809)]
+
 ## 1.8.3 (September 30, 2025)
 
 SECURITY:
diff --git a/charts/consul/Chart.yaml b/charts/consul/Chart.yaml
@@ -3,8 +3,8 @@
 
 apiVersion: v2
 name: consul
-version: 1.8.2-dev
-appVersion: 1.21-dev
+version: 1.8.4
+appVersion: 1.22.0
 kubeVersion: ">=1.22.0-0"
 description: Official HashiCorp Consul Chart
 home: https://www.consul.io
@@ -13,14 +13,14 @@ sources:
   - https://github.com/hashicorp/consul
   - https://github.com/hashicorp/consul-k8s
 annotations:
-  artifacthub.io/prerelease: true
+  artifacthub.io/prerelease: false
   artifacthub.io/images: |
     - name: consul
-      image: docker.mirror.hashicorp.services/hashicorppreview/consul:1.21-dev
+      image: hashicorp/consul:1.22.0
     - name: consul-k8s-control-plane
-      image: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.8-dev
+      image: hashicorp/consul-k8s-control-plane:1.8.4
     - name: consul-dataplane
-      image: docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.8-dev
+      image: hashicorp/consul-dataplane:1.8.3
     - name: envoy
       image: envoyproxy/envoy:v1.25.11
   artifacthub.io/license: MPL-2.0
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
@@ -66,7 +66,7 @@ global:
   # image: "hashicorp/consul-enterprise:1.10.0-ent"
   # ```
   # @default: hashicorp/consul:<latest version>
-  image: docker.mirror.hashicorp.services/hashicorppreview/consul:1.21-dev
+  image: hashicorp/consul:1.22.0
 
   # Array of objects containing image pull secret names that will be applied to each service account.
   # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image.
@@ -86,7 +86,7 @@ global:
   # image that is used for functionality such as catalog sync.
   # This can be overridden per component.
   # @default: hashicorp/consul-k8s-control-plane:<latest version>
-  imageK8S: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.8-dev
+  imageK8S: hashicorp/consul-k8s-control-plane:1.8.4
 
   # The image pull policy used globally for images controlled by Consul (consul, consul-dataplane, consul-k8s, consul-telemetry-collector).
   # One of "IfNotPresent", "Always", "Never", and "". Refer to https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
@@ -793,7 +793,7 @@ global:
   # The name (and tag) of the consul-dataplane Docker image used for the
   # connect-injected sidecar proxies and mesh, terminating, and ingress gateways.
   # @default: hashicorp/consul-dataplane:<latest supported version>
-  imageConsulDataplane: docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.8-dev
+  imageConsulDataplane: hashicorp/consul-dataplane:1.8.3
 
   # Configuration for running this Helm chart on the Red Hat OpenShift platform.
   # This Helm chart currently supports OpenShift v4.x+.
diff --git a/version/version.go b/version/version.go
@@ -22,7 +22,7 @@ var (
 	// A pre-release marker for the version. If this is "" (empty string)
 	// then it means that it is a final release. Otherwise, this is a pre-release
 	// such as "dev" (in development), "beta", "rc1", etc.
-	VersionPrerelease = "dev"
+	VersionPrerelease = ""
 )
 
 // GetHumanVersion composes the parts of the version in a way that's suitable

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ var (`
`22`	`22`	`// A pre-release marker for the version. If this is "" (empty string)`
`23`	`23`	`// then it means that it is a final release. Otherwise, this is a pre-release`
`24`	`24`	`// such as "dev" (in development), "beta", "rc1", etc.`
`25`		`- VersionPrerelease = "dev"`
	`25`	`+ VersionPrerelease = ""`
`26`	`26`	`)`
`27`	`27`
`28`	`28`	`// GetHumanVersion composes the parts of the version in a way that's suitable`