The enterprise distribution of Linkerd brought to you by Buoyant, the creators of Linkerd.
golang to remediate
CVE-2025-47912,
CVE-2025-58185,
CVE-2025-58186,
CVE-2025-58187,
CVE-2025-58188,
CVE-2025-58189,
CVE-2025-61723,
CVE-2025-61724,
CVE-2025-61725 and
CVE-2025-58183helm dependency to remediate advisories from transitive dependency
containerd:
GHSA-m6hq-p25p-ffr2 (maps
to CVE-2025-64329) and
GHSA-pwhc-rpq9-4c8w (maps
to CVE-2024-25621)helm dependency to remediate advisories from transitive dependency
containerd:
GHSA-m6hq-p25p-ffr2 (maps
to CVE-2025-64329) and
GHSA-pwhc-rpq9-4c8w (maps
to CVE-2024-25621)helm dependency to remediate advisories from transitive dependency
containerd:
GHSA-m6hq-p25p-ffr2 (maps
to CVE-2025-64329) and
GHSA-pwhc-rpq9-4c8w (maps
to CVE-2024-25621)golang to remediate
CVE-2025-47912,
CVE-2025-58185,
CVE-2025-58186,
CVE-2025-58187,
CVE-2025-58188,
CVE-2025-58189,
CVE-2025-61723,
CVE-2025-61724,
CVE-2025-61725, and
CVE-2025-58183golang to remediate
CVE-2025-47912,
CVE-2025-58185,
CVE-2025-58186,
CVE-2025-58187,
CVE-2025-58188,
CVE-2025-58189,
CVE-2025-61723,
CVE-2025-61724,
CVE-2025-61725, and
CVE-2025-58183Linkerd 2.19 is a new major release that adds support for Windows containers and post-quantum cryptography, improves Linkerd’s supply chain security, and optionally supports FIPS 140-3 validated encryption.
libcrypto3 and libssl3 to remediate
CVE-2025-9230,
CVE-2025-9231, and
CVE-2025-9232libcrypto3 and libssl3 to remediate
CVE-2025-9230,
CVE-2025-9231, and
CVE-2025-9232libc6 to remediate
CVE-2025-4802 and
CVE-2025-8058libc6 to remediate
CVE-2025-4802 and
CVE-2025-8058libc6 to remediate
CVE-2025-4802 and
CVE-2025-8058libcrypto3 and libssl3 in proxy-init for both non-FIPS and FIPS
to remediate CVE-2024-13176golang.org/x/oauth2 to 0.27.0 to remediate
CVE-2025-22868v3.17.4 to remediate
GHSA-557j-xg8c-q2mmThe 2.18.3 stable point release includes bugfixes and minor improvements.
The 2.17.3 stable point release includes bugfixes and minor improvements.
The 2.18.2 stable point release includes a proxy bugfix, adds a signed multiarch
SBOM index, and removes an incorrect deprecation warning in the
linkerd upgrade command.
golang to 1.24.4 for both non-FIPS and FIPS to remediate
CVE-2025-22874,
CVE-2025-0913, and
CVE-2025-4673.golang to 1.24.4 for both non-FIPS and FIPS to remediate
CVE-2025-22874,
CVE-2025-0913, and
CVE-2025-4673.golang to 1.24.4 for both non-FIPS and FIPS to remediate
CVE-2025-22874,
CVE-2025-0913, and
CVE-2025-4673.The 2.18.1 stable point release includes bugfixes and improvements to HAZL configuration.
libssl3 for both non-FIPS and FIPS to remediate
CVE-2024-13176libssl3 for both non-FIPS and FIPS to remediate
CVE-2024-13176libssl3 for both non-FIPS and FIPS to remediate
CVE-2024-13176The 2.17.2 stable point release addresses CVE-2025-43915 and includes additional dependency upgrades.
The 2.16.5 stable point release addresses CVE-2025-43915 and includes additional dependency upgrades.
0.39.0 to remediate
GHSA-vvgc-356p-c3xw and
GHSA-qxp5-gwg8-xv66v3.17.3 remediate
GHSA-4hfp-h4cw-hj8p and
GHSA-5xqw-8hwv-wg921.24.2 to remediate CVE-2025-22871
CVE-2025-22871Linkerd 2.18 is a new major release that adds GitOps-compatible multicluster linking, improved support for the Gateway API, protocol declarations, and a host of other features and bugfixes.
jwt to remediate
GHSA-mh63-6h87-95cpcontainerd to remediate
GHSA-265r-hfxg-fhmglibc6 in extension-init and policy-controller for FIPS, and in
proxy for both non-FIPS and FIPS to remediate
CVE-2025-0395golang.org/x deps for
GHSA-qxp5-gwg8-xv66jwt to remediate
GHSA-mh63-6h87-95cpcontainerd to remediate
GHSA-265r-hfxg-fhmglibc6 in extension-init and policy-controller for FIPS, and in
proxy for both non-FIPS and FIPS to remediate
CVE-2025-0395golang.org/x deps for
GHSA-qxp5-gwg8-xv66jwt to remediate
GHSA-mh63-6h87-95cpcontainerd to remediate
GHSA-265r-hfxg-fhmglibc6 in extension-init and policy-controller for FIPS, and in
proxy for both non-FIPS and FIPS to remediate
CVE-2025-0395golang.org/x deps for
GHSA-qxp5-gwg8-xv66openssl to 3.1.8 in extension-init and policy-controller FIPS
images to remediate
CVE-2024-9143 and
CVE-2024-13176linkerd jaeger install CLI command outputting an invalid webhook image
nameopenssl to 3.1.8 in extension-init and policy-controller FIPS
images to remediate
CVE-2024-9143 and
CVE-2024-13176linkerd jaeger install CLI command outputting an invalid webhook image
nameopenssl to 3.1.8 in extension-init and policy-controller FIPS
images to remediate
CVE-2024-9143 and
CVE-2024-13176libcrypto3 and libssl3 in proxy-init for both non-FIPS and FIPS
to remediate CVE-2025-26519libcrypto3 and libssl3 in proxy-init for both non-FIPS and FIPS
to remediate CVE-2025-26519libcrypto3 and libssl3 in proxy-init for both non-FIPS and FIPS
to remediate CVE-2025-26519libcrypto3 and libssl3 in proxy-init for both non-FIPS and FIPS
to remediate CVE-2024-13176libcrypto3 and libssl3 in proxy-init for both non-FIPS and FIPS
to remediate CVE-2024-13176libcrypto3 and libssl3 in proxy-init for both non-FIPS and FIPS
to remediate CVE-2024-13176The 2.17.1 stable point release includes bugfixes and minor improvements.
The 2.16.4 stable point release includes bugfixes and minor improvements.
controller for both non-FIPS and FIPS to
remediate
GHSA-w32m-9786-jp63controller for both non-FIPS and FIPS to
remediate
GHSA-w32m-9786-jp63controller for both non-FIPS and FIPS to
remediate
GHSA-w32m-9786-jp63controller for both non-FIPS and FIPS to
remediate
GHSA-v778-237x-gjrccontroller for both non-FIPS and FIPS to
remediate
GHSA-v778-237x-gjrccontroller for both non-FIPS and FIPS to
remediate
GHSA-v778-237x-gjrcThe 2.16.3 stable point release includes bugfixes and minor improvements.
The 2.15.7 stable point release includes bugfixes and minor improvements.
Linkerd 2.17 is a new major release that adds rate limiting, federated services, and monitoring and control of egress traffic from the cluster. See our Linkerd 2.17 announcement blog post for more details.
libssl3 in extension-init and policy-controller for FIPS, and in
proxy for both non-FIPS and FIPS to remediate
CVE-2024-5535, and
CVE-2024-9143libcrypto3 and libssl3 in proxy-init for both non-FIPS and FIPS
to remediate CVE-2024-9143libssl3 in extension-init and policy-controller for FIPS, and in
proxy for both non-FIPS and FIPS to remediate
CVE-2024-5535, and
CVE-2024-9143libcrypto3 and libssl3 in proxy-init for both non-FIPS and FIPS
to remediate CVE-2024-9143The 2.16.2 stable point release includes bugfixes and minor improvements.
The 2.16.1 stable point release includes bugfixes and minor improvements.
The 2.15.6 stable point release includes bugfixes and minor improvements.
Linkerd 2.16 is a new major release that adds new retry, timeout, and per-route metrics to HTTPRoute and GRPCRoute types, bringing Linkerd’s Gateway API implementation to feature parity with ServiceProfiles and addressing some long-standing wrinkles with these features. Linkerd 2.16 also adds support for IPv6 and introduces an audit mode for Linkerd’s zero trust network policies.
The 2.15.5 stable point release includes a variety of bug fixes and proxy configuration features, including a fix for CVE-2024-40632.
The 2.15.4 stable point release includes a variety of bug fixes and some minor diagnostic and configuration features.
The 2.15.3 stable point release includes a variety of bug fixes, usability improvements, and new diagnostic and configuration features. It also adjusts the default configuration of the HAZL load balancer to be more aggressive in shifting load to other zones.
The 2.15.2 stable point release includes bug fixes, CVE remediations, and some minor feature updates. It merges HAZL into the main proxy build (previous releases required a separate build), improves certain metrics, and fixes a memory leak in the policy controller.
This is a minor update that is primarily intended to assist Enterprise Plan users who are enabling HAZL.
Linkerd 2.15 is a new major release that adds support for workloads outside of Kubernetes. This new “mesh expansion” feature allows Linkerd users to bring applications running on VMs, physical machines, and other non-Kubernetes locations into the mesh.