Linkerd - edge-23.9.3
Security
edge-29.9.3
This edge release updates the proxy's dependency on the rustls
library to
patch security vulnerability RUSTSEC-2023-0052
(GHSA-8qv2-5vq6-g2g7), a potential CPU usage denial-of-service attack when
acceting a TLS handshake from an untrusted peer with a maliciously-crafted
certificate. Furthermore, this edge release contains a few improvements to the
control plane and jaeger extension Helm charts.
- Addressed security vulnerability RUSTSEC-2023-0052 in
the proxy by updating its dependency on therustls
library - Added a
prometheusUrl
field for the heartbeat job in the control plane Helm
chart (thanks @david972!) (#11343; fixes #11342) - Introduced support for arbitrary labels in the
podMonitors
field in the
control plane Helm chart (thanks @jseiser!) (#11222; fixes #11175) - Added support for config merge and Deployment environment to
opentelemetry-collector
in the jaeger extension (thanks @iAnomaly!)
(#11283)
Security
Security wording was detected, but no CVEs were found.
Details
date
Sept. 22, 2023, 7:17 p.m.
name
edge-23.9.3
type
Patch
👇
Register or login to:
- 🔍View and search all Linkerd releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!