crossplane - v1.12.3

Security

v1.12.3 solves some minor bug fixes and addresses a few security issues shared during the security audit by Ada Logic and facilitated by OSTIF, sponsored by CNCF. See the report for more details.

Notable changes

  • Fix composition functions to be able to run with unconfined AppArmor profile.
  • Security fixes, see the report for more details.
  • Minor fix to composition schema validation alpha feature.

What's Changed

  • [Backport release-1.12] chore(Dockerfile): use COPY instead of ADD by @github-actions in https://github.com/crossplane/crossplane/pull/4176
  • Update debian:bookworm-slim Docker digest to d8f9d38 (release-1.12) by @renovate in https://github.com/crossplane/crossplane/pull/4197
  • [Backport release-1.12] fix: limit xfn stdout and stderr by @github-actions in https://github.com/crossplane/crossplane/pull/4237
  • [Backport release-1.12] fix(xfn): set max layers number limit for images by @github-actions in https://github.com/crossplane/crossplane/pull/4239
  • [Backport release-1.12] fix(crank): copy to tar file one chunk at a time by @github-actions in https://github.com/crossplane/crossplane/pull/4235
  • [Backport release-1.12] Run xfn with unconfined AppArmor profile by @github-actions in https://github.com/crossplane/crossplane/pull/4248
  • Update debian:bookworm-slim Docker digest to 9bd077d (release-1.12) by @renovate in https://github.com/crossplane/crossplane/pull/4336
  • [Backport release-1.12] fix: limit max number of layers for Packages by @github-actions in https://github.com/crossplane/crossplane/pull/4353
  • [Backport release-1.12] fix: stop rbac manager's rule expansion on timeout by @github-actions in https://github.com/crossplane/crossplane/pull/4354
  • [Backport release-1.12] chore: bump go-containerregistry to v0.15.3-0.20230625233257-b8504803… by @phisco in https://github.com/crossplane/crossplane/pull/4357
  • [Backport release-1.12] fix(alpha): re-evaluating additional fields against schema by @github-actions in https://github.com/crossplane/crossplane/pull/4360
  • [Backport release-1.12] fix: properly handle annotations schema aware validation by @github-actions in https://github.com/crossplane/crossplane/pull/4362
  • [Backport release-1.12] fix: max size of package parsed limited to 200MB by @github-actions in https://github.com/crossplane/crossplane/pull/4364
  • [Backport release-1.12] fix: validate Package images by @github-actions in https://github.com/crossplane/crossplane/pull/4374
  • [Backport release-1.12] composite: fix nil-dereference by @github-actions in https://github.com/crossplane/crossplane/pull/4382
  • Update ci.yml hashes by @ezgidemirel in https://github.com/crossplane/crossplane/pull/4392

Full Changelog: https://github.com/crossplane/crossplane/compare/v1.12.2...v1.12.3

Security

Security wording was detected, but no CVEs were found.

Details

date
July 27, 2023, 3:22 p.m.
name
v1.12.3
type
Patch
official page
https://github.com/crossplane/crossplane/releases/tag/v1.12.3
👇
Register or login to:
  • 🔍View and search all crossplane releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or