Linkerd - stable-2.11.4
stable-2.11.4
This release includes a security improvement. When a user manually specified the
policyValidator.keyPEM
setting, the value was incorrectly included in the
linkerd-config
ConfigMap. This means that this private key was erroneously
exposed to ServiceAccounts with read access to this ConfigMap. Practically, this
means that the Linkerd proxy-injector
, identity
, and heartbeat
Pods could
read this value. This should not have exposed this private key to other
unauthorized users unless additional RoleBindings were added outside of Linkerd.
Nevertheless, we recommend that users who manually set control plane
certificates update the credentials for the policy validator after upgrading
Linkerd.
Additionally, a PodSecurityPolicy fix is included which fixes installations
where PSP is enabled and proxyInit.runAsRoot: true
.
Details
- 🔍View and search all Linkerd releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!