Merge branch 'main' into rishabh-gupta/ui/deprecation-computed-property-override

Author: rishabh-gupta-hashicorp

.changelog/22888.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: replaced ember partials with components as an incremental step to upgrade to ember v4
+```

CHANGELOG.md

@@ -1,3 +1,63 @@
+## 1.22.0-rc2+ent (October 15, 2025)
+
+SECURITY:
+
+* security: Adding warning when remote/local script checks are enabled without enabling ACL's [[GH-22877](https://github.com/hashicorp/consul/issues/22877)]
+* security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacks[CVE-2025-11374]() [[GH-22916](https://github.com/hashicorp/consul/issues/22916)]
+* security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves [CVE-2025-11375](https://nvd.nist.gov/vuln/detail/CVE-2025-11375). [[GH-22836](https://github.com/hashicorp/consul/issues/22836)]
+* security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves [CVE-2025-11392](https://nvd.nist.gov/vuln/detail/CVE-2025-11392). [[GH-22850](https://github.com/hashicorp/consul/issues/22850)]
+
+BUG FIXES:
+
+* cmd: Fix `consul operator utilization --help` to show only available options without extra parameters. [[GH-22912](https://github.com/hashicorp/consul/issues/22912)]
+
+## 1.22.0-rc2 (October 15, 2025)
+
+SECURITY:
+
+* security: Adding warning when remote/local script checks are enabled without enabling ACL's [[GH-22877](https://github.com/hashicorp/consul/issues/22877)]
+* security: Improved validation of the Content-Length header in the Consul KV endpoint to prevent potential denial of service attacks[CVE-2025-11374]() [[GH-22916](https://github.com/hashicorp/consul/issues/22916)]
+* security: adding a maximum Content-Length on the event endpoint to fix denial-of-service (DoS) attacks. This resolves [CVE-2025-11375](https://nvd.nist.gov/vuln/detail/CVE-2025-11375). [[GH-22836](https://github.com/hashicorp/consul/issues/22836)]
+* security: breaking change - adding a key name validation on the key/value endpoint along side with the DisableKVKeyValidation config to disable/enable it to fix path traversal attacks. This resolves [CVE-2025-11392](https://nvd.nist.gov/vuln/detail/CVE-2025-11392). [[GH-22850](https://github.com/hashicorp/consul/issues/22850)]
+
+BUG FIXES:
+
+* cmd: Fix `consul operator utilization --help` to show only available options without extra parameters. [[GH-22912](https://github.com/hashicorp/consul/issues/22912)]
+
+## 1.22.0-rc1+ent (September 30, 2025)
+
+SECURITY:
+
+* connect: Upgrade Consul's bundled Envoy version to 1.35.3 and remove support for 1.31.10. This update also includes a fix to prevent Envoy (v1.35+) startup failures by only configuring the TLS transport socket when the CA bundle is present. [[GH-22824](https://github.com/hashicorp/consul/issues/22824)]
+
+FEATURES:
+
+* Added support to register a service in consul with multiple ports [[GH-22769](https://github.com/hashicorp/consul/issues/22769)]
+* agent: Added IsDualStack utility function to detect if the agent is configured for both IPv4 and IPv6 (dual-stack mode) based on its bind address retrieved from "agent/self" API. [[GH-22741](https://github.com/hashicorp/consul/issues/22741)]
+* install: Updated license information displayed during post-install
+* ipv6: addtition of ip6tables changes for ipv6 and dual stack support [[GH-22787](https://github.com/hashicorp/consul/issues/22787)]
+* oidc: add client authentication using JWT assertion and PKCE. default PKCE is enabled. [[GH-22732](https://github.com/hashicorp/consul/issues/22732)]
+
+IMPROVEMENTS:
+
+* api: Added a new API (/v1/operator/utilization) to support enterprise API for Manual Snapshot Reporting [[GH-22837](https://github.com/hashicorp/consul/issues/22837)]
+* cmd: Added new subcommand `consul operator utilization [-today-only] [-message] [-y]` to generate a bundle with census utilization snapshot. Main flow is implemented in consul-enterprise
+http: Added a new API Handler for `/v1/operator/utilization`. Core functionality to be implemented in consul-enterprise
+agent: Always enabled census metrics collection with configurable option to export it to Hashicorp Reporting [[GH-22843](https://github.com/hashicorp/consul/issues/22843)]
+* cli: `snapshot agent` now supports authenticating to Azure Blob Storage using Azure Managed Service Identities (MSI). [[GH-11171](https://github.com/hashicorp/consul/issues/11171)]
+* command: connect envoy bootstrap defaults to 127.0.0.1 in IPv4-only environment and to ::1 in IPv6/DualStack environment. [[GH-22763](https://github.com/hashicorp/consul/issues/22763)]
+* connect: default upstream.local_bind_address to ::1 for IPv6 agent bind address [[GH-22773](https://github.com/hashicorp/consul/issues/22773)]
+* proxy: default proxy.local_service_address to ::1 for IPv6 agent bind address [[GH-22772](https://github.com/hashicorp/consul/issues/22772)]
+* ui: Improved accessibility features in the Consul UI to enhance usability for users with disabilities [[GH-22770](https://github.com/hashicorp/consul/issues/22770)]
+* ui: Replace yarn with pnpm for package management [[GH-22790](https://github.com/hashicorp/consul/issues/22790)]
+* ui: auth method config values were overflowing. This PR fixes the issue and adds word break for table elements with large content. [[GH-22813](https://github.com/hashicorp/consul/issues/22813)]
+
+BUG FIXES:
+
+* ui: Allow FQDN to be displayed in the Consul web interface. [[GH-22779](https://github.com/hashicorp/consul/issues/22779)]
+* ui: fixes the issue where namespaces where disappearing and Welcome to Namespace screen showed up after tab switching [[GH-22789](https://github.com/hashicorp/consul/issues/22789)]
+* ui: fixes the issue where when doing deletes of multiple tokens or policies, the three dots on the right hand side stops responding after the first delete. [[GH-22752](https://github.com/hashicorp/consul/issues/22752)]
+
 ## 1.22.0-rc1 (September 30, 2025)
 
 SECURITY:

envoyextensions/go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/envoyproxy/go-control-plane v0.13.4
 	github.com/envoyproxy/go-control-plane/envoy v1.32.3
 	github.com/google/go-cmp v0.6.0
-	github.com/hashicorp/consul/api v1.33.0-rc1
+	github.com/hashicorp/consul/api v1.33.0-rc2
 	github.com/hashicorp/consul/sdk v0.17.0-rc1
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/go-multierror v1.1.1

go.mod

@@ -47,11 +47,11 @@ require (
 	github.com/hashicorp/cap v0.10.0
 	github.com/hashicorp/consul-awsauth v0.0.0-20250825122907-9e35fe9ded3a
 	github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69
-	github.com/hashicorp/consul/api v1.33.0-rc1
-	github.com/hashicorp/consul/envoyextensions v0.9.0-rc1
+	github.com/hashicorp/consul/api v1.33.0-rc2
+	github.com/hashicorp/consul/envoyextensions v0.9.0-rc2
 	github.com/hashicorp/consul/proto-public v0.7.0-rc1
 	github.com/hashicorp/consul/sdk v0.17.0-rc1
-	github.com/hashicorp/consul/troubleshoot v0.8.0-rc1
+	github.com/hashicorp/consul/troubleshoot v0.8.0-rc2
 	github.com/hashicorp/go-bexpr v0.1.2
 	github.com/hashicorp/go-checkpoint v0.5.0
 	github.com/hashicorp/go-cleanhttp v0.5.2

test-integ/go.mod

@@ -4,7 +4,7 @@ go 1.25.1
 
 require (
 	github.com/google/go-cmp v0.7.0
-	github.com/hashicorp/consul/api v1.33.0-rc1
+	github.com/hashicorp/consul/api v1.33.0-rc2
 	github.com/hashicorp/consul/proto-public v0.7.0-rc1
 	github.com/hashicorp/consul/sdk v0.17.0-rc1
 	github.com/hashicorp/consul/test/integration/consul-container v0.0.0-20230628201853-bdf4fad7c5a5

test/integration/consul-container/go.mod

@@ -11,8 +11,8 @@ require (
 	github.com/go-jose/go-jose/v3 v3.0.4
 	github.com/go-viper/mapstructure/v2 v2.4.0
 	github.com/hashicorp/consul v1.16.1
-	github.com/hashicorp/consul/api v1.33.0-rc1
-	github.com/hashicorp/consul/envoyextensions v0.9.0-rc1
+	github.com/hashicorp/consul/api v1.33.0-rc2
+	github.com/hashicorp/consul/envoyextensions v0.9.0-rc2
 	github.com/hashicorp/consul/sdk v0.17.0-rc1
 	github.com/hashicorp/consul/testing/deployer v0.0.0-20230811171106-4a0afb5d1373
 	github.com/hashicorp/go-cleanhttp v0.5.2

testing/deployer/go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/avast/retry-go v3.0.0+incompatible
 	github.com/google/go-cmp v0.7.0
 	github.com/hashicorp/consul-server-connection-manager v0.1.12
-	github.com/hashicorp/consul/api v1.33.0-rc1
+	github.com/hashicorp/consul/api v1.33.0-rc2
 	github.com/hashicorp/consul/proto-public v0.7.0-rc1
 	github.com/hashicorp/consul/sdk v0.17.0-rc1
 	github.com/hashicorp/go-cleanhttp v0.5.2

troubleshoot/go.mod

@@ -26,8 +26,8 @@ require (
 	github.com/envoyproxy/go-control-plane/envoy v1.32.4
 	github.com/envoyproxy/go-control-plane/ratelimit v0.1.0
 	github.com/envoyproxy/go-control-plane/xdsmatcher v0.13.4
-	github.com/hashicorp/consul/api v1.33.0-rc1
-	github.com/hashicorp/consul/envoyextensions v0.9.0-rc1
+	github.com/hashicorp/consul/api v1.33.0-rc2
+	github.com/hashicorp/consul/envoyextensions v0.9.0-rc2
 	github.com/hashicorp/consul/sdk v0.17.0-rc1
 	github.com/stretchr/testify v1.10.0
 	google.golang.org/protobuf v1.36.4

ui/packages/consul-ui/app/components/consul/policy/form/README.mdx

@@ -0,0 +1,62 @@
+# Consul::Policy::Form
+
+A presentational component that renders the Policy edit/create form and the action buttons (Save / Cancel / Delete). It wraps the existing PolicyForm fieldset, conditionally loads tokens that use the policy, and delegates create/update/cancel/delete behavior to closure actions supplied by caller.
+
+## Usage
+
+```hbs
+<Consul::Policy::Form
+  @form={{form}}
+  @partition={{partition}}
+  @nspace={{nspace}}
+  @item={{item}}
+  @create={{create}}
+  @dc={{dc}}
+  @id={{id}}
+  @items={{items}}
+  @onCreate={{route-action 'create' item}}
+  @onUpdate={{route-action 'update' item}}
+  @onCancel={{route-action 'cancel' item}}
+  @onDelete={{route-action 'delete'}}
+  @onItemsChange={{action (mut items) value="data"}}
+/>
+```
+
+## Arguments
+
+| Argument | Type | Required | Description |
+|---|---:|:---:|---|
+| `@form` | object | yes | Form builder / changeset used by PolicyForm. |
+| `@partition` | string | yes | Current partition. |
+| `@nspace` | string | yes | Current namespace. |
+| `@item` | object | yes | Policy model / changeset. |
+| `@create` | boolean | no | True when rendering the "create" flow. |
+| `@dc` | string | no | Datacenter identifier used to build DataSource URIs. |
+| `@id` | string | no | Policy id (used to fetch tokens for the policy). |
+| `@items` | array | no | Tokens currently associated with the policy (passed from caller). |
+| `@onCreate` | function | no | Closure invoked to create the policy (caller typically passes `route-action 'create' item`). |
+| `@onUpdate` | function | no | Closure invoked to update the policy (caller typically passes `route-action 'update' item`). |
+| `@onCancel` | function | no | Closure invoked when Cancel is clicked (caller typically passes `route-action 'cancel' item` or a transition). |
+| `@onDelete` | function | no | Closure invoked to delete the policy (caller typically passes `route-action 'delete'`). |
+| `@onItemsChange` | function | no | Handler for DataSource `onchange`; recommended: `action (mut items) value="data"`. |
+
+## Behavior / Notes
+
+- When not in create mode and the policy has an ID, the component loads related tokens via the DataSource:
+  /{partition}/{nspace}/{dc}/tokens/for-policy/{id}. The caller should provide `@onItemsChange` to keep caller state in sync.
+- Save button:
+  - If `@create` is true and caller has permission → invokes `@onCreate`.
+  - Otherwise → invokes `@onUpdate` if provided.
+- Cancel button calls `@onCancel`. Pass a route-action (preferred) so route-level handlers (e.g. WithBlockingActions) are used, or pass a controller action if desired.
+- Delete button opens a confirmation dialog; actual delete is triggered by calling the provided `@onDelete` closure (confirmed via the dialog).
+- Keep argument names and usage consistent with existing callers. Pass route-action closures when the route/mixin provides the action (create/update/delete/cancel).
+
+## See
+
+- Component template: ./index.hbs  
+- Component class: ./index.js
+
+## Implementation hints
+
+- Invoke closure args directly inside the component (use `{{on 'click' @onCreate}}`, `{{on 'click' @onCancel}}`, `{{on 'click' (fn confirm @onDelete @item)}}`) so the calling context (route or controller) receives the event.
+- Avoid reserved/uppercase argument names (e.g. use `@local` not `@Local`).

…app/templates/dc/acls/policies/-form.hbs …/components/consul/policy/form/index.hbsui/packages/consul-ui/app/templates/dc/acls/policies/-form.hbs renamed to ui/packages/consul-ui/app/components/consul/policy/form/index.hbs ui/packages/consul-ui/app/templates/dc/acls/policies/-form.hbs renamed to ui/packages/consul-ui/app/components/consul/policy/form/index.hbs

@@ -5,74 +5,74 @@
 
 <form>
   <PolicyForm
-    @form={{form}}
-    @partition={{partition}}
-    @nspace={{nspace}}
-    @item={{item}}
+    @form={{@form}}
+    @partition={{@partition}}
+    @nspace={{@nspace}}
+    @item={{@item}}
   >
     {{!don't show template selection here, i.e. Service Identity}}
     <BlockSlot @name="template" />
   </PolicyForm>
-{{#if (not create) }}
+{{#if (and (not @create) @item @item.ID)}}
     <DataSource
       @src={{uri '/${partition}/${nspace}/${dc}/tokens/for-policy/${id}'
         (hash
-          partition=partition
-          nspace=nspace
-          dc=dc
-          id=(or id '')
+          partition=@partition
+          nspace=@nspace
+          dc=@dc
+          id=(or @id '')
         )
       }}
-      @onchange={{action (mut items) value="data"}}
+      @onchange={{@onItemsChange}}
     />
-    {{#if (gt items.length 0)}}
+    {{#if (gt @items.length 0)}}
       <TokenList
         @caption="Applied to the following tokens:"
-        @items={{items}}
+        @items={{@items}}
       />
     {{/if}}
 {{/if}}
     <div>
       <Hds::ButtonSet>
-        {{#if (and create (can "create tokens")) }}
+        {{#if (and @create (can "create tokens")) }}
         {{! we only need to check for an empty name here as ember munges autofocus, once we have autofocus back revisit this}}
           <Hds::Button
             @text='Save'
             type='submit'
-            {{ on 'click' (route-action 'create' item)}}
-            disabled={{if (or item.isPristine item.isInvalid (eq item.Name '')) 'disabled'}}
+            {{ on 'click' @onCreate}}
+            disabled={{if (or @item.isPristine @item.isInvalid (eq @item.Name '')) 'disabled'}}
           />
         {{ else }}
-          {{#if (can "write policy" item=item)}}
+          {{#if (can "write policy" item=@item)}}
             <Hds::Button
               @text='Save'
               type='submit'
-              {{ on 'click' (route-action 'update' item)}}
-              disabled={{if item.isInvalid 'disabled'}}
+              {{ on 'click' @onUpdate}}
+              disabled={{if @item.isInvalid 'disabled'}}
             />
           {{/if}}
         {{/if}}
         <Hds::Button
           @text='Cancel'
           @color='secondary'
           type='reset'
-          {{ action "cancel" item}}
+          {{ on 'click' @onCancel}}
         />
-        {{# if (and (not create) (can "delete policy" item=item) ) }}
+        {{# if (and (not @create) (can "delete policy" item=@item) ) }}
           <ConfirmationDialog @message="Are you sure you want to delete this Policy?">
             <BlockSlot @name="action" as |confirm|>
               <Hds::Button
                 @text='Delete'
                 @color='critical'
-                {{action confirm 'delete' item}}
+                {{on 'click' (fn confirm @onDelete @item)}}
                 data-test-delete
               />
             </BlockSlot>
             <BlockSlot @name="dialog" as |execute cancel message|>
-              {{#if (gt items.length 0)}}
+              {{#if (gt @items.length 0)}}
                 <ModalDialog
                   data-test-delete-modal
-                  @onclose={{action cancel}}
+                  @onclose={{cancel}}
                   @open={{true}}
                   @aria={{hash
                   label="Policy in Use"
@@ -84,9 +84,9 @@
                   <BlockSlot @name="body">
                     <p>
                       This Policy is currently in use. If you choose to delete this Policy, it will be removed from the
-                      following <strong>{{items.length}} Tokens</strong>:
+                      following <strong>{{@items.length}} Tokens</strong>:
                     </p>
-                    <TokenList @items={{items}} @target="_blank" />
+                    <TokenList @items={{@items}} @target="_blank" />
                     <p>
                       This action cannot be undone. {{message}}
                     </p>
@@ -97,12 +97,12 @@
                         @text='Yes, Delete'
                         data-test-delete
                         @color='critical'
-                        {{action execute}}
+                        {{on 'click' execute}}
                       />
                       <Hds::Button
                         @text='Cancel'
                         @color='secondary'
-                        {{action close}}
+                        {{on 'click' close}}
                       />
                     </Hds::ButtonSet>
                   </BlockSlot>
@@ -115,4 +115,4 @@
         {{/if}}
       </Hds::ButtonSet>
     </div>
-</form>
+</form>