Argo CD - v2.1.15
Security
Quick Start
Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.1.15/manifests/install.yaml
HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.1.15/manifests/ha/install.yaml
Notes
This is a security release. We urge all users of the 2.1.z branch to update as soon as possible. Please refer to the Security fixes section below for more details.
Security fixes
- CRITICAL: Argo CD will trust invalid JWT claims if anonymous access is enabled (https://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj)
- LOW: Login screen allows message spoofing if SSO is enabled (https://github.com/argoproj/argo-cd/security/advisories/GHSA-xmg8-99r8-jc2j)
- MODERATE: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server (https://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h)
Security
Security wording was detected, but no CVEs were found.
Details
date
May 18, 2022, 12:48 p.m.
name
v2.1.15
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Argo CD releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!