Linkerd - edge-23.9.3

Security

edge-29.9.3

This edge release updates the proxy's dependency on the rustls library to
patch security vulnerability RUSTSEC-2023-0052
(GHSA-8qv2-5vq6-g2g7), a potential CPU usage denial-of-service attack when
acceting a TLS handshake from an untrusted peer with a maliciously-crafted
certificate. Furthermore, this edge release contains a few improvements to the
control plane and jaeger extension Helm charts.

  • Addressed security vulnerability RUSTSEC-2023-0052 in
    the proxy by updating its dependency on the rustls library
  • Added a prometheusUrl field for the heartbeat job in the control plane Helm
    chart (thanks @david972!) (#11343; fixes #11342)
  • Introduced support for arbitrary labels in the podMonitors field in the
    control plane Helm chart (thanks @jseiser!) (#11222; fixes #11175)
  • Added support for config merge and Deployment environment to
    opentelemetry-collector in the jaeger extension (thanks @iAnomaly!)
    (#11283)

Security

Security wording was detected, but no CVEs were found.

Details

date
Sept. 22, 2023, 7:17 p.m.
name
edge-23.9.3
type
Patch
official page
https://github.com/linkerd/linkerd2/releases/tag/edge-23.9.3
👇
Register or login to:
  • 🔍View and search all Linkerd releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or