Skip to content

Commit

Permalink
CHANGELOG and README fixups about ManageIQ#554, ManageIQ#555
Browse files Browse the repository at this point in the history 
Tiny followup to ManageIQ#556.
Sorry for noise, had these locally but forgot to push before merging.
If I start backporting, CHANGELOG.md on master branch might not always be updated
with all backports (it SHOULD, but it will require separate merges to master).
So I prefer pointing to the vulnerability issue as the "source of truth".
Also, security impact will be better discussed on the issue.
  • Loading branch information
@cben
cben committed Mar 23, 2022
1 parent c27893f commit 6670fab
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,16 @@ Kubeclient release versioning follows [SemVer](https://semver.org/).
This was broken IN ALL RELEASES MADE BEFORE 2022, ever since
[`Kubeclient::Config` was created](https://github.com/ManageIQ/kubeclient/pull/127/files#diff-32e70f2f6781a9e9c7b83ae5e7eaf5ffd068a05649077fa38f6789e72f3de837R41-R48).

[#554](https://github.com/ManageIQ/kubeclient/issues/554).

- Bug fix: kubeconfig `insecure-skip-tls-verify` field was ignored.
When kubeconfig did define custom CA, `Config` was returning hard-coded `VERIFY_PEER`.

Now we honor it, return `VERIFY_NONE` iff kubeconfig has explicit
`insecure-skip-tls-verify: true`, otherwise `VERIFY_PEER`.

[#555](https://github.com/ManageIQ/kubeclient/issues/555).

- `Config`: fixed parsing of `certificate-authority` file containing concatenation of
several certificates. Previously, server's cert was checked against only first CA cert,
resulting in possible "certificate verify failed" errors.
Expand Down
3 changes: 1 addition & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,7 @@ To learn more about groups and versions in kubernetes refer to [k8s docs](https:

If you use `Kubeclient::Config`, all gem versions released before 2022 could return incorrect `ssl_options[:verify_ssl]`,
endangering your connection and cluster credentials.
See [latest CHANGELOG.md](https://github.com/ManageIQ/kubeclient/blob/master/CHANGELOG.md) for details and which versions got a fix.
Open an issue if you want a backport to another version.
See https://github.com/ManageIQ/kubeclient/issues/554 for details and which versions got a fix.

## Installation

Expand Down

0 comments on commit 6670fab

Please sign in to comment.