You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Changelog
Security: Updated several packages with security updates.
Security: Removed permissions on auditor roles that they could use to exec in containers.
Changed: kf third-party-licenses no longer includes specific versions of dependencies to make automatic security patches smoother. Versions are available in the Kf source downloads for each release.
Changed: When spaces are updated, apps in the affected space will be enqueued on a best-effort basis to avoid blocking the main queue.
Added: Logging for upload time to kf push.
Added: Logging for extracted file counts to file extraction build steps.
Fixed: The featureflag controller will no longer enqueue all namespaces when feature flags are changed, significantly reducing the load on the controller.
Added: Ability to change the snapshot modes for Kaniko for faster snapshots.
Changed: The default snapshot mode for Kaniko builds in the v2 buildpacks is now fast rather than robust.
Risks and mitigations
The new snapshot mode for Kaniko should result in reduced build times and I/O on build nodes. However, applications may see incorrect containers if they were overwriting system files during build in a way that doesn't change their timestamp or size. This shouldn't be the case for any standard applications that are using buildpacks correctly. If applications start to have errors, the behavior can be disabled by turning on the "Robust Build Snapshot" feature: https://kf.dev/docs/v2.11/operator/customizing/customizing-features/#robust-build-snapshots.
