Helm v3.10.3 is a security (patch) release. Users are strongly recommended to update to this release.
While fuzz testing Helm, provided by the CNCF:
- a possible stack overflow was discovered with the strvals package. Stack overflow cannot be recovered from in Go. This can potentially be used to produce a denial of service (DOS) for SDK users. More details are available in
- a possible segmentation violation was discovered with the repo package. Some segmentation violations cannot be recovered from in Go. This can potentially be used to produce a denial of service (DOS) for SDK users. More details are available in
- a possible segmentation violation was discovered with the chartutil package. This can potentially be used to produce a denial of service (DOS) for SDK users. More details are available in
The community keeps growing, and we'd love to see you there!
- Join the discussion in Kubernetes Slack:
- for questions and just to hang out
- for discussing PRs, code, and bugs
- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
- Test, debug, and contribute charts: ArtifactHub/packages
Installation and Upgrading
Download Helm v3.10.3. The common platform binaries are here:
- MacOS amd64 (checksum / 77a94ebd37eab4d14aceaf30a372348917830358430fcd7e09761eed69f08be5)
- MacOS arm64 (checksum / 4f3490654349d6fee8d4055862efdaaf9422eca1ffd2a15393394fd948ae3377)
- Linux amd64 (checksum / 950439759ece902157cf915b209b8d694e6f675eaab5099fb7894f30eeaee9a2)
- Linux arm (checksum / dca718eb68c72c51fc7157c4c2ebc8ce7ac79b95fc9355c5427ded99e913ec4c)
- Linux arm64 (checksum / 260cda5ff2ed5d01dd0fd6e7e09bc80126e00d8bdc55f3269d05129e32f6f99d)
- Linux i386 (checksum / 592e98a492cb782aa7cd67e9afad76e51cd68f5160367600fe542c2d96aa0ad4)
- Linux ppc64le (checksum / 93cdf398abc68e388d1b46d49d8e1197544930ecd3e81cc58d0a87a4579d60ed)
- Linux s390x (checksum / 6cfa0b9078221f980ef400dc40c95eb71be81d14fdf247ca55efedb068e1d4fa)
- Windows amd64 (checksum / 5d97aa26830c1cd6c520815255882f148040587fd7cdddb61ef66e4c081566e0)
This release was signed with
F126 1BDE 9290 12C8 FF2E 501D 6EA5 D759 8529 A53E and can be found at @hickeyma keybase account. Please use the attached signatures for verifying this release using
- 3.11.0 is the next feature release and will be on January 18, 2023.
- Fix backwards compatibility 835b7334cfe2e5e27870ab3ed4135f136eecc704 (Martin Hickey)
- Update string handling 3caf8b586b47e838e492f9ec05396bf8c5851b92 (Martin Hickey)
- Update repo handling 7c0e203529d4b9d51c5fe57c9e0bd9df1bd95ab4 (Martin Hickey)
- Update schema validation handling f4b93226c6066e009a5162d0b08debbf3d82a67f (Martin Hickey)
Security wording was detected, but no CVEs were found.
- 🔍View and search all Helm releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!