Consul k8s - v1.1.11
Security
1.1.11 (March 28, 2024)
SECURITY:
- Update
google.golang.org/protobuf
to v1.33.0 to address CVE-2024-24786. [GH-3719] - Update the Consul Build Go base image to
alpine3.19
. This resolves CVEs
CVE-2023-52425
CVE-2023-52426 [GH-3741] - Upgrade
helm/v3
to 3.11.3. This resolves the following security vulnerabilities:
CVE-2023-25165
CVE-2022-23524
CVE-2022-23526
CVE-2022-23525 [GH-3625] - Upgrade docker/distribution to 2.8.3+incompatible (latest) to resolve CVE-2023-2253. [GH-3625]
- Upgrade docker/docker to 25.0.3+incompatible (latest) to resolve GHSA-jq35-85cj-fj4p. [GH-3625]
- Upgrade filepath-securejoin to 0.2.4 (latest) to resolve GO-2023-2048. [GH-3625]
- Upgrade to use Go
1.21.8
. This resolves CVEs
CVE-2024-24783 (crypto/x509
).
CVE-2023-45290 (net/http
).
CVE-2023-45289 (net/http
,net/http/cookiejar
).
CVE-2024-24785 (html/template
).
CVE-2024-24784 (net/mail
). [GH-3741] - security: upgrade containerd to 1.7.13 (latest) to resolve GHSA-7ww5-4wqc-m92c. [GH-3625]
IMPROVEMENTS:
- control-plane: publish
consul-k8s-control-plane
andconsul-k8s-control-plane-fips
images to official HashiCorp AWS ECR. [GH-3668]
BUG FIXES:
- control-plane: fix an issue where ACL token cleanup did not respect a pod's GracefulShutdownPeriodSeconds and
tokens were invalidated immediately on pod entering Terminating state. [GH-3736] - control-plane: fix an issue where ACL tokens would prematurely be deleted and services would be deregistered if there
was a K8s API error fetching the pod. [GH-3758]
Details
date
April 2, 2024, 1:57 p.m.
name
v1.1.11
type
Patch
👇
Register or login to:
- 🔍View and search all Consul k8s releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!