← Package directory
Available on winget

Install HashiCorp Consul

A distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Install with winget
winget install --id Hashicorp.Consul
Upgrade
winget upgrade --id Hashicorp.Consul
Uninstall
winget uninstall --id Hashicorp.Consul

About HashiCorp Consul

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure. Consul provides several key features: - Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration. - Service Mesh - Consul Service Mesh enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a servi...

What's new in 2.0.1

SECURITY: - Upgrade go version to 1.26.4 to address GO-2026-5039, GO-2026-5038,GO-2026-5037 [GH-23637] - connect: Upgrade envoy version to 1.37.4, 1.36.8, 1.35.12; Add new version of Envoy 1.38.2 and remove 1.34.14 [GH-23664] IMPROVEMENTS: - dockerfile: layer reduction by merging RUN commands and minor changes following best practices. [GH-23650] - product-telemetry: product usage reporting now preserves export cadence across restarts and leader re-elections by resuming from the last successful export time, preventing delays - server: Auth method TokenNameFormat field accepts OIDC and JWT claim mapping values [GH-23616] - ui: Removed block-slot addon dependency [GH-23481] BUG FIXES: - connect: Strip the x-forwarded-client-cert header from inbound HTTP requests before forwarding them to local service instances. [GH-23544] - server: Fixed a bug where renaming a server (or wiping and rejoining it with the same IP and Raft node ID) could cause an out-of-order serf event to evict the live leader from the internal server lookup, resulting in Raft leader not found in server lookup mapping (HTTP 500) errors on follower RPCs until the next member event resynced the mapping. [GH-23533] 2.0.0 (May 22, 2026) SECURITY: - connect: Upgrade envoy version to 1.37.2 and newer versions [GH-23469] - go: Upgrade go version to 1.26 [GH-23493] - agent: Increased default HTTP server timeouts to prevent breaking long-polling blocking queries. read_timeout and write_timeout are now set to 15 minutes (up from 30 seconds), while read_header_timeout (10s) and idle_timeout (120s) still provide protectio...

Read release notes

Version history

Version Updated Notes
2.0.1 Unknown SECURITY: - Upgrade go version to 1.26.4 to address GO-2026-5039, GO-2026-5038,GO-2026-5037 [GH-23637] - connect: Upgrade envoy version to 1.37.4, 1.36.8, 1.35.12; Add new version of Envoy 1.38.2 and remove 1.34.14 [GH-2...
2.0.0 Unknown SECURITY: - connect: Upgrade envoy version to 1.37.2 and newer versions [GH-23469] - go: Upgrade go version to 1.26 [GH-23493] - agent: Increased default HTTP server timeouts to prevent breaking long-polling blocking que...
1.22.7 Unknown SECURITY: - security: update google.golang.org/grpc to fix CVE-2026-33186 [GH-23379] - security: upgrade go.opentelemetry.io/otel to 1.42.0 to remediate CVE-2026-24051 (Path Hijacking / Untrusted Search Paths on macOS)....
1.22.6 Unknown SECURITY: - security: upgrade envoy version to 1.35.9 and 1.34.13 [GH-23372] - security: update google.golang.org/grpc to fix CVE-2026-33186 [GH-23379] - security: upgrade go version to 1.25.8 [GH-23322] - security: bump...
1.22.5 Unknown SECURITY: - security: upgrade go version to 1.25.7 [GH-23204] - dockerfile: the Consul build Go base image to alpine3.23 [GH-23194] - connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth an...
1.22.4 Unknown SECURITY: - security: upgrade go version to 1.25.7 [GH-23204] - dockerfile: the Consul build Go base image to alpine3.23 [GH-23194] - connect: Migrate to aws-sdk-go-v2 from aws-sdk-go (v1). Also updated consul-awsauth an...
1.22.3 Unknown SECURITY: - Update the Consul Build Go base image to alpine3.23.2 [GH-23138] IMPROVEMENTS: - api: Add consul services imported-services and new api(/v1/exported-services) command to list services imported by partitions w...
1.22.2 Unknown SECURITY: - security: Upgrade golang to 1.25.4. [GH-23029] - security: upgrade internal packages of RHEL builds to include security fixes [GH-23078] IMPROVEMENTS: - ui: upgraded Ember framework from v3.28 to v4.12, impro...
1.22.1 Unknown SECURITY: - connect: Upgrade envoy version to 1.35.6 [GH-23056] - security: Updated golang.org/x/crypto from v0.42.0 to v0.44.0. This resolves GO-2025-4116 IMPROVEMENTS: - ui: Removed ember-route-action-helper and migrat...
1.22.0 Unknown SECURITY: - connect: Upgrade Consul's bundled Envoy version to 1.35.3 and remove support for 1.31.10. This update also includes a fix to prevent Envoy (v1.35+) startup failures by only configuring the TLS transport socke...
1.21.5 Unknown SECURITY: - Migrate transitive dependency from archived mitchellh/mapstructure to go-viper/mapstructure to v2 to address CVE-2025-52893. [GH-22581] - agent: Add the KV Validations to block path traversal allowing access...
1.21.4 Unknown SECURITY: - security: Update Go to 1.23.12 to address CVE-2025-47906 [GH-22547] IMPROVEMENTS: - ui: Replaced internal code editor with HDS (HashiCorp Design System) code editor and code block components for improved acce...
1.21.3 Unknown IMPROVEMENTS: - ui: Improved display and handling of IPv6 addresses for better readability and usability in the Consul web interface. [GH-22468] BUG FIXES: - cli: validate IP address in service registration to prevent in...
1.21.2 Unknown SECURITY: - security: Upgrade UBI base image version to address CVE CVE-2025-4802 CVE-2024-40896 CVE-2024-12243 CVE-2025-24528 CVE-2025-3277 CVE-2024-12133 CVE-2024-57970 CVE-2025-31115 [GH-22409] - cli: update tls ca an...
1.21.1 Unknown FEATURES: - xds: Extend LUA Script support for API Gateway [GH-22321] - xds: Added a configurable option to disable XDS session load balancing, intended for scenarios where an external load balancer is used in front of C...
1.21.0 Unknown FEATURES: - config: add UseSNI flag in remote JSONWebKeySet agent: send TLS SNI in remote JSONWebKeySet [GH-22177] - v2: remove HCP Link integration [GH-21883] IMPROVEMENTS: - raft: add a configuration raft_prevote_disab...
1.20.6 Unknown SECURITY: - Update golang.org/x/net to v0.38.0 to address GHSA-vvgc-356p-c3xw and GO-2025-3595. Update github.com/golang-jwt/jwt/v4 to v4.5.2 to address GO-2025-3553 and GHSA-mh63-6h87-95cp. Update Go to v1.23.8 to addre...
1.20.5 Unknown No notes
1.19.0 Unknown No notes
1.18.0 Unknown No notes