v1.17.5 (Enterprise)
·
841 commits
to main
since this release
1.17.5 Enterprise (May 14, 2024)
SECURITY:
- Bump Dockerfile base image to
alpine:3.19. [GH-20897] - Update
vault/apito v1.12.2 to address CVE-2024-28180
(removes indirect dependency on impactedgo-jose.v2) [GH-20910] - Upgrade Go to use 1.21.10. This addresses CVEs
CVE-2024-24787 and
CVE-2024-24788 [GH-21074] - Upgrade to support Envoy
1.26.8, 1.27.4, 1.27.5, 1.28.2 and 1.28.3. This resolves CVEs
CVE-2024-27919 (http2). [GH-20956] and CVE-2024-32475 (auto_sni). [GH-21030] - Upgrade to support k8s.io/apimachinery
v0.18.7 or higher. This resolves CVE
CVE-2020-8559. [GH-21033] - Upgrade to use Go
1.21.9. This resolves CVE
CVE-2023-45288 (http2). [GH-20956] - Upgrade to use golang.org/x/net
v0.24.0. This resolves CVE
CVE-2023-45288 (x/net). [GH-20956] - security: Remove
coredns/corednsdependency to address CVE-2024-0874 [GH-9243]
BUG FIXES:
- dns: fix a bug with sameness group queries in DNS where responses did not respect
DefaultForFailover.
DNS requests against sameness groups without this field set will now error as intended. - xds: Make TCP external service registered with terminating gateway reachable from peered cluster [GH-19881]