post release changes (#22950) (#22980)

Author: panman90

CHANGELOG.md

@@ -1,3 +1,29 @@
+## 1.22.0-rc2+ent (October 15, 2025)
+
+SECURITY:
+
+* security: Adding warning when remote/local script checks are enabled without enabling ACL's [[GH-22877](https://github.com/hashicorp/consul/issues/22877)]
+* security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacks[CVE-2025-11374]() [[GH-22916](https://github.com/hashicorp/consul/issues/22916)]
+* security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves [CVE-2025-11375](https://nvd.nist.gov/vuln/detail/CVE-2025-11375). [[GH-22836](https://github.com/hashicorp/consul/issues/22836)]
+* security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves [CVE-2025-11392](https://nvd.nist.gov/vuln/detail/CVE-2025-11392). [[GH-22850](https://github.com/hashicorp/consul/issues/22850)]
+
+BUG FIXES:
+
+* cmd: Fix `consul operator utilization --help` to show only available options without extra parameters. [[GH-22912](https://github.com/hashicorp/consul/issues/22912)]
+
+## 1.22.0-rc2 (October 15, 2025)
+
+SECURITY:
+
+* security: Adding warning when remote/local script checks are enabled without enabling ACL's [[GH-22877](https://github.com/hashicorp/consul/issues/22877)]
+* security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacks[CVE-2025-11374]() [[GH-22916](https://github.com/hashicorp/consul/issues/22916)]
+* security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves [CVE-2025-11375](https://nvd.nist.gov/vuln/detail/CVE-2025-11375). [[GH-22836](https://github.com/hashicorp/consul/issues/22836)]
+* security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves [CVE-2025-11392](https://nvd.nist.gov/vuln/detail/CVE-2025-11392). [[GH-22850](https://github.com/hashicorp/consul/issues/22850)]
+
+BUG FIXES:
+
+* cmd: Fix `consul operator utilization --help` to show only available options without extra parameters. [[GH-22912](https://github.com/hashicorp/consul/issues/22912)]
+
 ## 1.22.0-rc1+ent (September 30, 2025)
 
 SECURITY:

envoyextensions/go.mod

@@ -14,7 +14,7 @@ require (
 github.com/envoyproxy/go-control-plane v0.13.4
 github.com/envoyproxy/go-control-plane/envoy v1.32.3
 github.com/google/go-cmp v0.6.0
-github.com/hashicorp/consul/api v1.33.0-rc1
+github.com/hashicorp/consul/api v1.33.0-rc2
 github.com/hashicorp/consul/sdk v0.17.0-rc1
 github.com/hashicorp/go-hclog v1.5.0
 github.com/hashicorp/go-multierror v1.1.1

go.mod

@@ -47,11 +47,11 @@ require (
 github.com/hashicorp/cap v0.10.0
 github.com/hashicorp/consul-awsauth v0.0.0-20250825122907-9e35fe9ded3a
 github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69
-github.com/hashicorp/consul/api v1.33.0-rc1
-github.com/hashicorp/consul/envoyextensions v0.9.0-rc1
+github.com/hashicorp/consul/api v1.33.0-rc2
+github.com/hashicorp/consul/envoyextensions v0.9.0-rc2
 github.com/hashicorp/consul/proto-public v0.7.0-rc1
 github.com/hashicorp/consul/sdk v0.17.0-rc1
-github.com/hashicorp/consul/troubleshoot v0.8.0-rc1
+github.com/hashicorp/consul/troubleshoot v0.8.0-rc2
 github.com/hashicorp/go-bexpr v0.1.2
 github.com/hashicorp/go-checkpoint v0.5.0
 github.com/hashicorp/go-cleanhttp v0.5.2

test-integ/go.mod

@@ -4,7 +4,7 @@ go 1.25.3
 
 require (
 github.com/google/go-cmp v0.7.0
-github.com/hashicorp/consul/api v1.33.0-rc1
+github.com/hashicorp/consul/api v1.33.0-rc2
 github.com/hashicorp/consul/proto-public v0.7.0-rc1
 github.com/hashicorp/consul/sdk v0.17.0-rc1
 github.com/hashicorp/consul/test/integration/consul-container v0.0.0-20230628201853-bdf4fad7c5a5

test/integration/consul-container/go.mod

@@ -11,8 +11,8 @@ require (
 github.com/go-jose/go-jose/v3 v3.0.4
 github.com/go-viper/mapstructure/v2 v2.4.0
 github.com/hashicorp/consul v1.16.1
-github.com/hashicorp/consul/api v1.33.0-rc1
-github.com/hashicorp/consul/envoyextensions v0.9.0-rc1
+github.com/hashicorp/consul/api v1.33.0-rc2
+github.com/hashicorp/consul/envoyextensions v0.9.0-rc2
 github.com/hashicorp/consul/sdk v0.17.0-rc1
 github.com/hashicorp/consul/testing/deployer v0.0.0-20230811171106-4a0afb5d1373
 github.com/hashicorp/go-cleanhttp v0.5.2

testing/deployer/go.mod

@@ -6,7 +6,7 @@ require (
 github.com/avast/retry-go v3.0.0+incompatible
 github.com/google/go-cmp v0.7.0
 github.com/hashicorp/consul-server-connection-manager v0.1.12
-github.com/hashicorp/consul/api v1.33.0-rc1
+github.com/hashicorp/consul/api v1.33.0-rc2
 github.com/hashicorp/consul/proto-public v0.7.0-rc1
 github.com/hashicorp/consul/sdk v0.17.0-rc1
 github.com/hashicorp/go-cleanhttp v0.5.2

troubleshoot/go.mod

@@ -26,8 +26,8 @@ require (
 github.com/envoyproxy/go-control-plane/envoy v1.32.4
 github.com/envoyproxy/go-control-plane/ratelimit v0.1.0
 github.com/envoyproxy/go-control-plane/xdsmatcher v0.13.4
-github.com/hashicorp/consul/api v1.33.0-rc1
-github.com/hashicorp/consul/envoyextensions v0.9.0-rc1
+github.com/hashicorp/consul/api v1.33.0-rc2
+github.com/hashicorp/consul/envoyextensions v0.9.0-rc2
 github.com/hashicorp/consul/sdk v0.17.0-rc1
 github.com/stretchr/testify v1.10.0
 google.golang.org/protobuf v1.36.4