Linkerd - stable-2.13.7

Security

stable-2.13.7

This stable release backports two fixes that address security
vulnerabilities. The proxy's dependency on the webpki library has been updated
to patch RUSTSEC-2023-0052, a potential CPU usage denial-of-service attack
when accepting a TLS handshake from an untrusted peer. In addition, the CNI and
proxy-init images have been updated to patch CVE-2023-2603 surfaced in the
runtime image's libcap library. Finally, the release contains a backported fix
for service discovery on endpoints that use hostPorts which could potentially
disrupt connections on pod restarts.

  • Control Plane

  • Changed how hostPort lookups are handled in the destination service.
    Previously, when doing service discovery for an endpoint bound on a
    hostPort, the destination service would return the corresponding pod IP. On
    pod restart, this could lead to loss of connectivity on the client's side.
    The destination service now always returns host IPs for service discovery
    on an endpoint that uses hostPorts (#11328)

  • Proxy

  • Addressed security vulnerability RUSTSEC-2023-0052 (#11389)

  • CNI

  • Addressed security vulnerability CVE-2023-2603 in proxy-init and CNI
    plugin (#11348)

Details

date
Sept. 26, 2023, 3:29 p.m.
name
stable-2.13.7
type
Patch
official page
https://github.com/linkerd/linkerd2/releases/tag/stable-2.13.7
👇
Register or login to:
  • 🔍View and search all Linkerd releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or