release notes

website/content/docs/release-notes/consul-k8s/v0_49_x.mdx

@@ -38,9 +38,13 @@ The following issues are know to exist in the v0.49.0 release:
 - Kubernetes 1.25.x is not supported as the [Pod Security Admission controller](https://kubernetes.io/blog/2022/08/25/pod-security-admission-stable/) is currently not supported by Consul K8s. 
 
 ## Changelogs
-
+x
 The changelogs for this major release version and any maintenance versions are listed below.
 
 ~> **Note:** The following link takes you to the changelogs on the GitHub website.
 
 - [0.49.0](https://github.com/hashicorp/consul-k8s/releases/tag/v0.49.0)
+- [0.49.1](https://github.com/hashicorp/consul-k8s/releases/tag/v0.49.1)
+- [0.49.2](https://github.com/hashicorp/consul-k8s/releases/tag/v0.49.2)
+- [0.49.3](https://github.com/hashicorp/consul-k8s/releases/tag/v0.49.3)
+- [0.49.4](https://github.com/hashicorp/consul-k8s/releases/tag/v0.49.4)

website/content/docs/release-notes/consul-k8s/v1_0_x.mdx

@@ -61,3 +61,7 @@ The changelogs for this major release version and any maintenance versions are l
 ~> **Note:** The following link takes you to the changelogs on the GitHub website.
 
 - [1.0.0](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.0)
+- [1.0.1](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.1)
+- [1.0.2](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.2)
+- [1.0.3](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.3)
+- [1.0.4](https://github.com/hashicorp/consul-k8s/releases/tag/v1.0.4)

website/content/docs/release-notes/consul-k8s/v1_1_x.mdx

@@ -0,0 +1,56 @@
+---
+layout: docs
+page_title: 1.1.x
+description: >-
+  Consul on Kubernetes release notes for version 1.1.x
+---
+
+# Consul on Kubernetes 1.1.0
+
+## Release Highlights
+
+- **Enhanced Envoy Access Logging:** Envoy access logs are now centrally managed via the `accessLogs` field within the ProxyDefaults CRD, to allow operators to easily turn on access logs for all proxies within the service mesh. 
+
+- **Consul Envoy Extensions:** A new extension system has been added to Consul to modify Consul-generated Envoy resources outside of the Consul binary. This will allow extensions to add, delete, and modify Envoy listeners, routes, clusters, and endpoints, enabling support for additional Envoy features without changes to the Consul codebase. 
+An `envoyExtensions` field has been added to the ProxyDefaults and ServiceDefaults CRD to enable built-in Envoy extensions. Refer to [Envoy extensions overview](https://developer.hashicorp.com/consul/docs/connect/proxies/envoy-extensions) for more information on how to leverage these extensions.   
+
+## What's Changed
+
+- Connect inject now excludes the `openebs` namespace from sidecar injection by default. If you previously had pods in that namespace
+that you wanted to be injected, you must now set namespaceSelector as follows:
+
+  ```yaml
+  connectInject:
+    namespaceSelector: |
+      matchExpressions:
+      - key: "kubernetes.io/metadata.name"
+        operator: "NotIn"
+        values: ["kube-system","local-path-storage"]
+  ```
+  
+## Supported Software
+
+~> **Note:** Consul 1.14.x and 1.13.x are not supported. Please refer to [Supported Consul and Kubernetes versions](https://developer.hashicorp.com/consul/docs/k8s/compatibility#supported-consul-and-kubernetes-versions) for more detail on choosing the correct `consul-k8s` version.
+- Consul 1.15.x. 
+- Consul Dataplane v1.1.x. Refer to [Envoy and Consul Dataplane](/consul/docs/connect/proxies/envoy#envoy-and-consul-dataplane) for details about Consul Dataplane versions and the available packaged Envoy version. 
+- Kubernetes 1.23.x - 1.26.x
+- `kubectl` 1.23.x - 1.26.x 
+- Helm 3.6+
+
+## Upgrading
+
+For detailed information on upgrading, please refer to the [Upgrades page](/consul/docs/k8s/upgrade)
+
+## Known Issues
+
+The following issues are known to exist in the v1.1.0 release: 
+
+- Pod Security Standards that are configured for the [Pod Security Admission controller](https://kubernetes.io/blog/2022/08/25/pod-security-admission-stable/) are currently not supported by Consul K8s. OpenShift 4.11.x enables Pod Security Standards on Kubernetes 1.25 [by default](https://connect.redhat.com/en/blog/important-openshift-changes-pod-security-standards) and is also not supported. Support will be added in a future Consul K8s 1.0.x patch release. 
+
+## Changelogs
+
+The changelogs for this major release version and any maintenance versions are listed below.
+
+~> **Note:** The following link takes you to the changelogs on the GitHub website.
+
+- [1.1.0](https://github.com/hashicorp/consul-k8s/releases/tag/v1.1.0)

website/content/docs/release-notes/consul/v1_15_x.mdx

@@ -9,38 +9,51 @@ description: >-
 
 ## Release Highlights
 
-- **Cluster Peering (GA):** This version promotes Cluster Peering, a new model to federate Consul clusters for both service mesh and traditional service discovery, to General Availability. Cluster peering allows for service interconnectivity with looser coupling than the existing WAN federation. For more information, refer to the [cluster peering](/consul/docs/connect/cluster-peering) documentation. Some notable improvements to Cluster Peering include: 
-
-  - **Cluster Peering Failover:** Cluster Peering now supports the ability to redirect to services running on cluster peers with service resolvers. More details for configuring failover across peers is provided in the Service Resolver [failover](/consul/docs/connect/config-entries/service-resolver#failover) stanza.
-
-  - **Control Plane traffic over Mesh Gateways:** Cluster Peering now supports the establishing peering through Mesh Gateways. More detail on using Mesh Gateways for Cluster Peering are found in [Enabling Peering Control Plane Traffic](/consul/docs/connect/gateways/mesh-gateway/peering-via-mesh-gateways). Mesh Gateways are used by default for [Cluster Peering on Kubernetes](/consul/docs/connect/cluster-peering/k8s). 
-
-- **Simplified Service Mesh with Consul Dataplane:** Support for a new `consul-dataplane`, a lightweight process for managing Envoy proxies introduced in Consul v1.14.0. Consul Dataplane removes the need to run client agents on every node in a cluster for service discovery and service mesh. Instead, Consul deploys sidecar proxies that provide lower latency, support additional runtimes, and integrate with cloud infrastructure providers. Read more in [Simplified Service Mesh with Consul Dataplane](/consul/docs/connect/dataplane). 
+- **Enhanced Envoy Access Logging:** Envoy access logs are now centrally managed via config entries and CRDs to allow operators to easily turn on access logs for all proxies within the service mesh. 
+Refer to [Proxy default configuration entry](https://developer.hashicorp.com/consul/docs/connect/config-entries/proxy-defaults) for more details on how to enable access logs centrally via the ProxyDefaults config entry or CRD.  
+
+- **Consul Envoy Extensions:** A new extension system has been added to Consul to modify Consul-generated Envoy resources outside of the Consul binary. This will allow extensions to add, delete, and modify Envoy listeners, routes, clusters, and endpoints, enabling support for additional Envoy features without changes to the Consul codebase.
+Current supported extensions include the [Lua](https://developer.hashicorp.com/consul/docs/connect/proxies/envoy-extensions#lua) and [AWS Lambda](https://developer.hashicorp.com/consul/docs/connect/proxies/envoy-extensions#lambda) extensions. Refer to [Envoy extensions overview](https://developer.hashicorp.com/consul/docs/connect/proxies/envoy-extensions) for more information on how to leverage these extensions for Consul service mesh.  
 
-  ~> **Note:** Currently `consul-dataplane` is only supported on clusters running on Consul on Kubernetes 1.0+.
+- **API Gateway support on Linux VM runtimes:** The Consul API Gateway can now be deployed on Linux VM runtimes. API Gateway is built into Consul and, when deploying on Linux VM runtimes, is not separately installed software.
 
+  ~> **Note:** Support for API Gateway on Linux VM runtimes is considered a ”Beta” feature in Consul 1.15.0. HashiCorp expects to change it to a GA feature as part of a 1.15 patch release in the near future.
+
+- **Service-to-service troubleshooting:** Consul now includes a built-in tool for troubleshooting communication between services in a service mesh. A new `consul troubleshoot` command is provided to validate communication between upstream and downstream Envoy proxies on VM and Kubernetes deployments.
+Refer to [Service-to-service troubleshooting overview](https://developer.hashicorp.com/consul/docs/troubleshoot/troubleshoot-services) for more details on how to use the new troubleshooting commands. 
+
+- **Raft write-ahead log (Experimental):** Consul now provides an experimental storage backend called write-ahead log (WAL). WAL implements a traditional log with rotating, append-only log files which resolves a number of performance issues with the current BoltDB storage backend. Refer to [Experimental WAL LogStore backend overview](https://developer.hashicorp.com/consul/docs/agent/wal-logstore) for more details.   
+
+  ~> **Note:** The new raft write-ahead log storage backend is not recommended for production use cases yet, but is ready for testing by the general community. 
 
 ## What's Changed
 
-- 1.14 adds a new `ports.grpc_tls` configuration option. This introduces a new port to better separate TLS config from the existing `ports.grpc` config. The new `ports.grpc_tls` only supports TLS encrypted communication. The existing `ports.grpc` now only supports plain-text communication. 
-- `peering` and `connect` are default. 
-- The gRPC TLS port default value to 8503 
-- Removes support for Envoy 1.20.x and adds Envoy 1.24.0 to support matrix.
-- Renames `PeerName` to `Peer` on prepared queries and exported services. 
-- Converts service mesh failover to use Envoy's aggregate clusters. This
-changes the names of some [Envoy dynamic HTTP metrics](https://www.envoyproxy.io/docs/envoy/latest/configuration/upstream/cluster_manager/cluster_stats#dynamic-http-statistics).
+- ACL errors have now been ehanced to return descriptive errors when the specified resource cannot be found. Other ACL request errors provide more information about when a resource is missing. Add error for when the ACL system has not been bootstrapped.
+  - The Delete Token/Policy/AuthMethod/Role/BindingRule endpoints now return 404 when the resource cannot be found.
+    - The new error format is as follows: `Requested * does not exist: ACL not found", "* not found in namespace $NAMESPACE: ACL not found`
+  - The Read Token/Policy/Role endpoints now return 404 when the resource cannot be found.
+    - The new error format is as follows: `Cannot find * to delete`
+  - The Logout endpoint now returns a 401 error when the supplied token cannot be found
+    - The new error format is as follows: `Supplied token does not exist`
+  - The Token Self endpoint now returns 404 when the token cannot be found.
+    - The new error format is as follows: `Supplied token does not exist`
+- Consul 1.15.0 formally removes all uses of legacy ACLs and ACL policies from Consul. The legacy ACL system was deprecated in Consul 1.4.0 and removed in Consul 1.11.0. The documentation for the new ACL system can be found [here](https://developer.hashicorp.com/consul/docs/v1.14.x/security/acl). For information on how to migrate to the new ACL System, please read the [Migrate Legacy ACL Tokens tutorial](https://learn.hashicorp.com/consul/day-2-agent-authentication/migrate-acl-tokens).
+- The following agent flags are now deprecated: `-join`, `-join-wan`, `start_join`, and `start_join_wan`. These options are now aliases of `-retry-join`, `-retry-join-wan`, `retry_join`, and `retry_join_wan`, respectively. 
+- A peer field has been added to ServiceDefaults upstream overrides to make it possible to apply upstream overrides only to peer services. Prior to this change, overrides would be applied based on matching the namespace and name fields only, which means users could not have different configuration for local versus peer services. With this change, peer upstreams are only affected if the peer field matches the destination peer name. 
+- Consul will now error and exit when using the `consul connect envoy` command if the Envoy version is incompatible. To ignore this check use flag `--ignore-envoy-compatibility`.
+- Ingress Gateway upstream clusters will have empty outlier_detection if passive health check is unspecified.
 
 ## Upgrading
 
-For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific#consul-1-14-0) and the changelogs.
+For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific#consul-1-15-0) and the changelogs.
 
 ## Known Issues
 
-The following issues are known to exist in the 1.14.0 release:
+The following issues are known to exist in the 1.15.0 release:
 
-- Prior to Consul 1.14, cluster peering and Consul service mesh were disabled by default. A breaking change was made in Consul 1.14 that enabled cluster peering and Consul service mesh by default. To disable both, set `peering.enabled` and  `connect.enabled` to false. The changes to Consul service mesh in version 1.14 are incompatible with Nomad 1.4.2 and earlier. If you operate Consul service mesh using Nomad 1.4.2 or earlier, do not upgrade to Consul 1.14 until hashicorp/nomad#15266 is fixed.
+- For 1.15.0, there is a known issue where `consul acl token read -self` requires an `-accessor-id`. This is resolved in an uppcoming Consul 1.15.1 patch release.
 
-- For 1.14.0, there is a known issue with the `consul connect envoy` CLI command. If the command is configured to use TLS for contacting the HTTP API, it will also incorrectly enable TLS for gRPC. Users should not upgrade to 1.14.0 if they are using plaintext gRPC connections in conjunction with TLS-encrypted HTTP APIs.
+- For 1.15.0, there is a known issue where search filters produced errors and resulted in lists not showing full results until being interacted with. This is resolved in an upcoming Consul 1.15.1 patch release.
 
 
 ## Changelogs