crossplane - v1.11.5

Security

v1.11.5 addresses a few security issues shared during the security audit by Ada Logic and facilitated by OSTIF, sponsored by CNCF. See the report for more details.

Notable changes

  • Fix composition functions to be able to run with unconfined AppArmor profile.
  • Security fixes, see the report for more details.

What's Changed

  • [Backport release-1.11] chore(Dockerfile): use COPY instead of ADD by @github-actions in https://github.com/crossplane/crossplane/pull/4175
  • Update debian:bookworm-slim Docker digest to d8f9d38 (release-1.11) by @renovate in https://github.com/crossplane/crossplane/pull/4195
  • [Backport release-1.11] fix: limit xfn stdout and stderr by @github-actions in https://github.com/crossplane/crossplane/pull/4236
  • [Backport release-1.11] fix(xfn): set max layers number limit for images by @github-actions in https://github.com/crossplane/crossplane/pull/4238
  • [Backport release-1.11] fix(crank): copy to tar file one chunk at a time by @github-actions in https://github.com/crossplane/crossplane/pull/4234
  • [Backport release-1.11] Run xfn with unconfined AppArmor profile by @github-actions in https://github.com/crossplane/crossplane/pull/4247
  • Update debian:bookworm-slim Docker digest to 9bd077d (release-1.11) by @renovate in https://github.com/crossplane/crossplane/pull/4335
  • [Backport release-1.11] fix: limit max number of layers for Packages by @github-actions in https://github.com/crossplane/crossplane/pull/4352
  • [Backport release-1.11] fix: stop rbac manager's rule expansion on timeout by @phisco in https://github.com/crossplane/crossplane/pull/4355
  • [Backport release-1.11] chore: bump go-containerregistry to v0.15.3-0.20230625233257-b8504803… by @phisco in https://github.com/crossplane/crossplane/pull/4356
  • [Backport release-1.11] fix: max size of package parsed limited to 200MB by @github-actions in https://github.com/crossplane/crossplane/pull/4363
  • [Backport release-1.11] fix: validate Package images by @github-actions in https://github.com/crossplane/crossplane/pull/4373
  • [Backport release-1.11] composite: fix nil-dereference by @github-actions in https://github.com/crossplane/crossplane/pull/4381
  • Update ci.yml with new hashes by @ezgidemirel in https://github.com/crossplane/crossplane/pull/4391

Full Changelog: https://github.com/crossplane/crossplane/compare/v1.11.4...v1.11.5

Security

Security wording was detected, but no CVEs were found.

Details

date
July 27, 2023, 3:21 p.m.
name
v1.11.5
type
Patch
official page
https://github.com/crossplane/crossplane/releases/tag/v1.11.5
👇
Register or login to:
  • 🔍View and search all crossplane releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or