Linkerd - stable-2.14.2

Security

stable-2.14.2

This stable release fixes issues in the proxy and Destination controller which
can result in Linkerd proxies sending traffic to stale endpoints. In addition,
it contains a bug fix for profile resolutions for pods bound on host ports and
includes patches for security advisory CVE-2023-44487/GHSA-qppj-fm5r-hxr3

  • Control Plane
  • Fixed an issue where the Destination controller could stop processing
    changes in the endpoints of a destination, if a proxy subscribed to that
    destination stops reading service discovery updates. This issue results in
    proxies attempting to send traffic for that destination to stale endpoints
    (#11491, fixes #11480, #11279, #10590)
  • Fixed an issue where the Destination controller would not update pod
    metadata for profile resolutions for a pod accessed via the host network
    (e.g. HostPort endpoints) (#11334)

  • Addressed CVE-2023-44487/GHSA-qppj-fm5r-hxr3 by upgrading several
    dependencies (including Go's gRPC and net libraries)

  • Proxy

  • Fixed a regression where the proxy rendered grpc_status metric labels as
    a string rather than as the numeric status code (linkerd2-proxy#2480;
    fixes #11449)
  • Fixed a regression introduced in stable-2.13.0 where proxies would not
    terminate unused service discovery watches, exerting backpressure on the
    Destination controller, potentially causing it to become
    stuck (linkerd2-proxy#2484)

Details

date
Oct. 26, 2023, 9:40 p.m.
name
stable-2.14.2
type
Patch
official page
https://github.com/linkerd/linkerd2/releases/tag/stable-2.14.2
👇
Register or login to:
  • 🔍View and search all Linkerd releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or