crossplane - v1.11.5
Security
v1.11.5
addresses a few security issues shared during the security audit by Ada Logic and facilitated by OSTIF, sponsored by CNCF. See the report for more details.
Notable changes
- Fix composition functions to be able to run with unconfined AppArmor profile.
- Security fixes, see the report for more details.
What's Changed
- [Backport release-1.11] chore(Dockerfile): use COPY instead of ADD by @github-actions in https://github.com/crossplane/crossplane/pull/4175
- Update debian:bookworm-slim Docker digest to d8f9d38 (release-1.11) by @renovate in https://github.com/crossplane/crossplane/pull/4195
- [Backport release-1.11] fix: limit xfn stdout and stderr by @github-actions in https://github.com/crossplane/crossplane/pull/4236
- [Backport release-1.11] fix(xfn): set max layers number limit for images by @github-actions in https://github.com/crossplane/crossplane/pull/4238
- [Backport release-1.11] fix(crank): copy to tar file one chunk at a time by @github-actions in https://github.com/crossplane/crossplane/pull/4234
- [Backport release-1.11] Run xfn with unconfined AppArmor profile by @github-actions in https://github.com/crossplane/crossplane/pull/4247
- Update debian:bookworm-slim Docker digest to 9bd077d (release-1.11) by @renovate in https://github.com/crossplane/crossplane/pull/4335
- [Backport release-1.11] fix: limit max number of layers for Packages by @github-actions in https://github.com/crossplane/crossplane/pull/4352
- [Backport release-1.11] fix: stop rbac manager's rule expansion on timeout by @phisco in https://github.com/crossplane/crossplane/pull/4355
- [Backport release-1.11] chore: bump go-containerregistry to v0.15.3-0.20230625233257-b8504803… by @phisco in https://github.com/crossplane/crossplane/pull/4356
- [Backport release-1.11] fix: max size of package parsed limited to 200MB by @github-actions in https://github.com/crossplane/crossplane/pull/4363
- [Backport release-1.11] fix: validate Package images by @github-actions in https://github.com/crossplane/crossplane/pull/4373
- [Backport release-1.11] composite: fix nil-dereference by @github-actions in https://github.com/crossplane/crossplane/pull/4381
- Update ci.yml with new hashes by @ezgidemirel in https://github.com/crossplane/crossplane/pull/4391
Full Changelog: https://github.com/crossplane/crossplane/compare/v1.11.4...v1.11.5
Security
Security wording was detected, but no CVEs were found.
Details
date
July 27, 2023, 3:21 p.m.
name
v1.11.5
type
Patch
👇
Register or login to:
- 🔍View and search all crossplane releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!