backport of commit ab37511

.changelog/15979.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+envoy: add `MaxEjectionPercent` and `BaseEjectionTime` to passive health check configs.
+```

.changelog/16651.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+gateway: **(Enterprise only)** Fix bug where namespace/partition would fail to unmarshal.
+```

.changelog/16916.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+hcp: Add support for linking existing Consul clusters to HCP management plane.
+```

.changelog/17171.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+agent: add a configurable maximimum age (default: 7 days) to prevent servers re-joining a cluster with stale data 
+```

.changelog/17179.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+peering: ensure that merged central configs of peered upstreams for partitioned downstreams work
+```

.changelog/17185.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+xds: Fix possible panic that can when generating clusters before the root certificates have been fetched.
+```

.changelog/17235.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+peering: Fix issue where peer streams could incorrectly deregister services in various scenarios.
+```

.changelog/17236.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+logging: change snapshot log header from `agent.server.snapshot` to `agent.server.raft.snapshot`
+```

.changelog/17240.txt

@@ -0,0 +1,12 @@
+```release-note:security
+Upgrade to use Go 1.20.4.
+This resolves vulnerabilities [CVE-2023-24537](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`go/scanner`),
+[CVE-2023-24538](https://github.com/advisories/GHSA-v4m2-x4rp-hv22)(`html/template`),
+[CVE-2023-24534](https://github.com/advisories/GHSA-8v5j-pwr7-w5f8)(`net/textproto`) and
+[CVE-2023-24536](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`mime/multipart`).
+Also, `golang.org/x/net` has been updated to v0.7.0 to resolve CVEs [CVE-2022-41721
+](https://github.com/advisories/GHSA-fxg5-wq6x-vr4w
+), [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) and [CVE-2022-41723
+](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h
+.)
+```

.changelog/17241.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+connect: Fix multiple inefficient behaviors when querying service health.
+```

.changelog/17270.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+grpc: ensure grpc resolver correctly uses lan/wan addresses on servers
+```

.changelog/17317.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+connect: fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration.
+```

.github/CONTRIBUTING.md

@@ -161,7 +161,8 @@ When you're ready to submit a pull request:
    | --- | --- |
    | `pr/no-changelog` | This PR does not have an intended changelog entry |
    | `pr/no-metrics-test` | This PR does not require any testing for metrics |
-   | `backport/1.12.x` | Backport the changes in this PR to the targeted release branch. Consult the [Consul Release Notes](https://www.consul.io/docs/release-notes) page to view active releases. Website documentation merged to the latest release branch is deployed immediately |
+   | `backport/stable-website` | This PR contains documentation changes that are ready to be deployed immediately. Changes will also automatically get backported to the latest release branch |
+   | `backport/1.12.x` | Backport the changes in this PR to the targeted release branch. Consult the [Consul Release Notes](https://www.consul.io/docs/release-notes) page to view active releases. |
    Other labels may automatically be added by the Github Action CI.
 7. After you submit, the Consul maintainers team needs time to carefully review your
    contribution and ensure it is production-ready, considering factors such as: security,

.github/ISSUE_TEMPLATE/bug_report.md

@@ -4,41 +4,27 @@ about: You're experiencing an issue with Consul that is different than the docum
 
 ---
 
-<!-- When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.
--->
+When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.
 
 #### Overview of the Issue
 
-<!-- Please provide a paragraph or two about the issue you're experiencing. -->
-
----
+A paragraph or two about the issue you're experiencing.
 
 #### Reproduction Steps
 
-<!-- Please provide steps to reproduce the bug, without any details it would be hard to troubleshoot: 
-
 Steps to reproduce this issue, eg:
 
 1. Create a cluster with n client nodes n and n server nodes
 1. Run `curl ...`
 1. View error
 
--->
-
 ### Consul info for both Client and Server
 
-
-<!---  Please provide both `consul info` and agent HCL config for both client and servers to help us better diagnose the issue. Take careful steps to remove any sensitive information from config files that include secrets such as Gossip keys. --->
-
 <details>
   <summary>Client info</summary>
 
 ```
-Output from client 'consul info' command here
-```
-
-```
-Client agent HCL config
+output from client 'consul info' command here
 ```
 
 </details>
@@ -47,19 +33,15 @@ Client agent HCL config
   <summary>Server info</summary>
 
 ```
-Output from server 'consul info' command here
-```
-
-```
-Server agent HCL config
+output from server 'consul info' command here
 ```
 
 </details>
 
 ### Operating system and Environment details
 
-<!--  OS, Architecture, and any other information you can provide about the environment. -->
+OS, Architecture, and any other information you can provide about the environment.
 
 ### Log Fragments
 
-<!-- Include appropriate Client or Server log fragments. If the log is longer than a few dozen lines, please include the URL to the [gist](https://gist.github.com/) of the log instead of posting it in the issue. Use `-log-level=TRACE` on the client and server to capture the maximum log detail. -->
+Include appropriate Client or Server log fragments. If the log is longer than a few dozen lines, please include the URL to the [gist](https://gist.github.com/) of the log instead of posting it in the issue. Use `-log-level=TRACE` on the client and server to capture the maximum log detail.

.github/ISSUE_TEMPLATE/config.yml

@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
 blank_issues_enabled: false
 contact_links:
   - name: Consul Community Support

.github/ISSUE_TEMPLATE/feature_request.md

@@ -4,12 +4,12 @@ about: If you have something you think Consul could improve or add support for.
 
 ---
 
-<!--- Please search the existing issues for relevant feature requests, and use the reaction feature (https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to add upvotes to pre-existing requests. --->
+Please search the existing issues for relevant feature requests, and use the reaction feature (https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to add upvotes to pre-existing requests.
 
 #### Feature Description
 
-<!--- Please provide a written overview of the feature and why this feature solves challenges that you are facing today. --->
+A written overview of the feature.
 
 #### Use Case(s)
 
-<!--- Please describe the use case for this feature (i.e. Service Mesh, Service Discovery, KV, API Gateway) and also deployment environments you are looking to see this addressed in (K8s, VMs, Nomad, ECS, Lambda). -->
+Any relevant use-cases that you see.

.github/ISSUE_TEMPLATE/ui_issues.md

@@ -4,42 +4,41 @@ about: You have usage feedback for the browser based UI
 
 ---
 
-<!--- When filing a bug, please include the following headings if possible. Any example text in this template can be deleted. --->
+When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.
 
 ### Overview of the Issue
 
-<!--- Please provide a paragraph or two about the issue you're experiencing / suggestion for
-improvement. --->
+A paragraph or two about the issue you're experiencing / suggestion for
+improvement.
 
 ### Reproduction Steps
 
-<!--- Steps to reproduce this issue/view the area for improvement, eg:
+Steps to reproduce this issue/view the area for improvement, eg:
 
 1. Visit the UI page at `/ui/services`
 1. Click .... then click...etc.
 1. View error/area.
 
---->
-
 ### Describe the solution you'd like
 
-<!--- If this is an improvement rather than a bug, a clear and concise description
+If this is an improvement rather than a bug, a clear and concise description
 of what you want to happen. How have you seen this problem solved in other
-UIs? --->
+UIs?
 
 ### Consul Version
 
-<!--- This can be found either in the footer of the UI (Consul versions pre 1.10) or
-at the top of the help menu that is in the top right side of the UI. --->
+This can be found either in the footer of the UI (Consul versions pre 1.10) or
+at the top of the help menu that is in the top right side of the UI.
 
 ### Browser and Operating system details
 
-<!--- Browser, Browser Version, OS, and any other information you can provide about the environment that may be relevant. --->
+Browser, Browser Version, OS, and any other information you can provide about the environment that may be relevant.
 
 ### Screengrabs / Web Inspector logs
 
-<!--- If you think it's worthwhile, include appropriate screengrabs showing the
+If you think it's worthwhile, include appropriate screengrabs showing the
 error/area for improvement. Try to include the URL bar of the browser so we
 can see the current URL where the error manifests. Please be careful to
 obfuscate any sensitive information either in the URL or in the browser page
-itself. --->
+itself.
+

.github/dependabot.yml

@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
 version: 2
 updates:
 - package-ecosystem: gomod

.github/pr-labeler.yml

@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
 pr/dependencies:
     - vendor/**/*
     - go.*

.github/pull_request_template.md

@@ -1,30 +1,18 @@
 ### Description
-
-<!-- Please describe why you're making this change, in plain English. -->
+Describe why you're making this change, in plain English.
 
 ### Testing & Reproduction steps
-
-<!--
-
 * In the case of bugs, describe how to replicate
 * If any manual tests were done, document the steps and the conditions to replicate
 * Call out any important/ relevant unit tests, e2e tests or integration tests you have added or are adding
 
--->
-
 ### Links
-
-<!--
-
 Include any links here that might be helpful for people reviewing your PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc). If there are none, feel free to delete this section.
 
 Please be mindful not to leak any customer or confidential information. HashiCorp employees may want to use our internal URL shortener to obfuscate links.
 
--->
-
 ### PR Checklist
 
 * [ ] updated test coverage
 * [ ] external facing docs updated
-* [ ] appropriate backport labels added
 * [ ] not a security concern

.github/scripts/changelog_checker.sh

@@ -1,7 +1,4 @@
 #!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
 
 set -euo pipefail
 

.github/scripts/get_runner_classes.sh

@@ -1,7 +1,4 @@
 #!/usr/bin/env bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
 #
 # This script generates tag-sets that can be used as runs-on: values to select runners.
 

.github/scripts/metrics_checker.sh

@@ -1,7 +1,4 @@
 #!/usr/bin/env bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
 set -uo pipefail
 
 ### This script checks if any metric behavior has been modified.