Kyverno - v1.6.1

Security

Enhancements

  • Improve Kyverno CI timings #3003
  • [Feature] Improve kyverno test CLI speed by running tests in parallel #3288
  • [Feature] Improve kyverno test CLI git clone speed #3287
  • Run kyverno E2E tests for all the kubernetes versions we have in our compat matrix #3099

Fixed bugs

  • [Bug] kyevrno image build failing #3292
  • [BUG] race condition in policies that rely on CRDs and CR creation #3139
  • [BUG] GR, edit monitored kind (ingress,change hostname) more than twice, stops generating new manifest job. #2722
  • [Bug] Helm chart release dates not accurate #3267
  • [Bug] Policy by-pass by manipulating preconditions #3253
  • Vulnerabilities found in Golang 1.17.2 #3247
  • [Bug] Cannot create PolicyReport due to OwnerReferences settings #3242
  • [Bug] Mutate policy works for deployments, but not works for bare pods #3236
  • [Bug] GenerateRequests not covered in aggregated ClusterRoles #3235
  • [Bug] Internal error occurred: failed calling webhook connect: connection refused #3232
  • [Bug] Cascading Mutate rules with conditional logic (via anchors) weirdness #3231
  • [BUG] Mutate Policy "pre-validation" error when using Wildcard Kinds #3187
  • [BUG] Filter kyverno resources instead of entire kyverno namespace #3170
  • [BUG] Kyverno implicitly skips the kyverno namespace #3135
  • [BUG] Cannot compare precondition expression's value in foreach #3131
  • [BUG] Helm uninstall doesnt remove all resources #3111
  • [BUG] Negation of a string beginning with numbers incorrect #3053
  • [BUG] When Kyverno is not running, pods are in terminating state blocking cluster actions #3039
  • [BUG] Rules of two different types in the same policy aren't being tracked properly #2934
  • [BUG] A mutation that adds a label removes empty strings from a Secret on updates #2897
  • [BUG] reflect use default page listAndWatch ConfigMap failed, when configmap's num and configmap's data is big #2879
  • [BUG] Pods created from CronJob / Job blocked when auto-gen excludes them #2650
  • [BUG] Install stops users logging in to Openshift console #2453
  • [BUG] Kyverno pod in crashloopbackoff status #2314
  • 'anyPattern' will fail on a specific template #2159
  • [BUG] Really long initialisation and OOM on cluster with lots of Namespaces #2127

Security fixes

  • [Bug] trivy scan failures on main due to github.com/satori/go.uuid #3280

Security

Security wording was detected, but no CVEs were found.

Details

date
March 1, 2022, 7:09 p.m.
name
v1.6.1
type
Patch
👇
Register or login to:
  • 🔍View and search all Kyverno releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or