enterprise-2.17.2
May 5, 2025
The 2.17.2 stable point release addresses CVE-2025-43915 and includes additional dependency upgrades.
The enterprise distribution of Linkerd brought to you by Buoyant, the creators of Linkerd.
The 2.17.2 stable point release addresses CVE-2025-43915 and includes additional dependency upgrades.
The 2.16.5 stable point release addresses CVE-2025-43915 and includes additional dependency upgrades.
0.39.0
to remediate
GHSA-vvgc-356p-c3xw and
GHSA-qxp5-gwg8-xv66v3.17.3
remediate
GHSA-4hfp-h4cw-hj8p and
GHSA-5xqw-8hwv-wg921.24.2
to remediate CVE-2025-22871
CVE-2025-228710.39.0
to remediate
GHSA-vvgc-356p-c3xw and
GHSA-qxp5-gwg8-xv66v3.17.3
remediate
GHSA-4hfp-h4cw-hj8p and
GHSA-5xqw-8hwv-wg921.24.2
to remediate CVE-2025-22871
CVE-2025-22871Linkerd 2.18 is a new major release that adds GitOps-compatible multicluster linking, improved support for the Gateway API, protocol declarations, and a host of other features and bugfixes.
enterprise-2.18.0
releaseenterprise-2.18.0
releaseenterprise-2.18.0
releaseenterprise-2.18.0
releaseenterprise-2.18.0
releasejwt
to remediate
GHSA-mh63-6h87-95cpcontainerd
to remediate
GHSA-265r-hfxg-fhmglibc6
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2025-0395golang.org/x
deps for
GHSA-qxp5-gwg8-xv66jwt
to remediate
GHSA-mh63-6h87-95cpcontainerd
to remediate
GHSA-265r-hfxg-fhmglibc6
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2025-0395golang.org/x
deps for
GHSA-qxp5-gwg8-xv66jwt
to remediate
GHSA-mh63-6h87-95cpcontainerd
to remediate
GHSA-265r-hfxg-fhmglibc6
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2025-0395golang.org/x
deps for
GHSA-qxp5-gwg8-xv66containerd
to remediate
GHSA-265r-hfxg-fhmglibc6
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2025-0395golang.org/x
deps for
GHSA-qxp5-gwg8-xv66openssl
to 3.1.8 in extension-init
and policy-controller
FIPS
images to remediate
CVE-2024-9143 and
CVE-2024-13176linkerd jaeger install
CLI command outputting an invalid webhook image
nameopenssl
to 3.1.8 in extension-init
and policy-controller
FIPS
images to remediate
CVE-2024-9143 and
CVE-2024-13176linkerd jaeger install
CLI command outputting an invalid webhook image
nameopenssl
to 3.1.8 in extension-init
and policy-controller
FIPS
images to remediate
CVE-2024-9143 and
CVE-2024-13176openssl
to 3.1.8 in extension-init
and policy-controller
FIPS
images to remediate
CVE-2024-9143 and
CVE-2024-13176libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2025-26519libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2025-26519libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2025-26519libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2025-26519libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-13176libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-13176libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-13176libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-13176The 2.17.1 stable point release includes bugfixes and minor improvements.
The 2.16.4 stable point release includes bugfixes and minor improvements.
enterprise-2.17.1
releaseenterprise-2.16.4
releasecontroller
for both non-FIPS and FIPS to
remediate
GHSA-w32m-9786-jp63controller
for both non-FIPS and FIPS to
remediate
GHSA-w32m-9786-jp63controller
for both non-FIPS and FIPS to
remediate
GHSA-w32m-9786-jp63controller
for both non-FIPS and FIPS to
remediate
GHSA-w32m-9786-jp63controller
for both non-FIPS and FIPS to
remediate
GHSA-v778-237x-gjrccontroller
for both non-FIPS and FIPS to
remediate
GHSA-v778-237x-gjrccontroller
for both non-FIPS and FIPS to
remediate
GHSA-v778-237x-gjrccontroller
for both non-FIPS and FIPS to
remediate
GHSA-v778-237x-gjrcThe 2.16.3 stable point release includes bugfixes and minor improvements.
The 2.15.7 stable point release includes bugfixes and minor improvements.
Linkerd 2.17 is a new major release that adds rate limiting, federated services, and monitoring and control of egress traffic from the cluster. See our Linkerd 2.17 announcement blog post for more details.
enterprise-2.17.0
releaseenterprise-2.17.0
releaseenterprise-2.17.0
releaselibssl3
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2024-5535, and
CVE-2024-9143libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-9143libssl3
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2024-5535, and
CVE-2024-9143libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-9143libssl3
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2024-5535, and
CVE-2024-9143libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-9143The 2.16.2 stable point release includes bugfixes and minor improvements.
The 2.16.1 stable point release includes bugfixes and minor improvements.
The 2.15.6 stable point release includes bugfixes and minor improvements.
controller
for both non-FIPS and FIPS to
remediate
GHSA-7ww5-4wqc-m92ccontroller
, proxy
, and proxy-init
for
both non-FIPS and FIPS to remediate
CVE-2024-34155,
CVE-2024-34156, and
CVE-2024-34158libssl3
in extension-init
and policy-controller
for FIPS and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2024-2511,
CVE-2024-4603,
CVE-2024-4741, and
CVE-2024-6119openssl
in extension-init
and policy-controller
for FIPS to
remediate CVE-2023-0464,
CVE-2023-0465,
CVE-2023-0466,
CVE-2023-1255,
CVE-2023-2650,
CVE-2023-2975,
CVE-2023-3446,
CVE-2023-3817,
CVE-2023-4807,
CVE-2023-5363,
CVE-2023-5678,
CVE-2023-6129,
CVE-2023-6237,
CVE-2024-0727,
CVE-2024-2511,
CVE-2024-4603,
CVE-2024-5535, and
CVE-2024-6119libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-6119enterprise-2.16.1
releaseenterprise-2.15.6
releaseenterprise-2.16.1
releaseenterprise-2.16.1
releaseenterprise-2.15.6
releaseLinkerd 2.16 is a new major release that adds new retry, timeout, and per-route metrics to HTTPRoute and GRPCRoute types, bringing Linkerd’s Gateway API implementation to feature parity with ServiceProfiles and addressing some long-standing wrinkles with these features. Linkerd 2.16 also adds support for IPv6 and introduces an audit mode for Linkerd’s zero trust network policies.
The 2.15.5 stable point release includes a variety of bug fixes and proxy configuration features, including a fix for CVE-2024-40632.
enterprise-2.15.5
releaseThe 2.15.4 stable point release includes a variety of bug fixes and some minor diagnostic and configuration features.
enterprise-2.15.4
releaseenterprise-2.15.4
releaseThe 2.15.3 stable point release includes a variety of bug fixes, usability improvements, and new diagnostic and configuration features. It also adjusts the default configuration of the HAZL load balancer to be more aggressive in shifting load to other zones.
enterprise-2.15.3
releaseenterprise-2.15.3
releaseenterprise-2.15.3
releaseThe 2.15.2 stable point release includes bug fixes, CVE remediations, and some minor feature updates. It merges HAZL into the main proxy build (previous releases required a separate build), improves certain metrics, and fixes a memory leak in the policy controller.
enterprise-2.15.2
releaselinkerd check
to validate Linkerd version strings that include build
and and patch info, e.g. enterprise-2.15.1-1-fips
linkerd license
CLI command, to output client and server
license information.licenseSecret
Helm value to allow storing the Buoyant license
in a Kubernetes secret.This is a minor update that is primarily intended to assist Enterprise Plan users who are enabling HAZL.
Linkerd 2.15 is a new major release that adds support for workloads outside of Kubernetes. This new “mesh expansion” feature allows Linkerd users to bring applications running on VMs, physical machines, and other non-Kubernetes locations into the mesh.
extension-init
and policy-controller
images to remediate
CVE-2023-6246extension-init
and policy-controller
images to remediate
CVE-2023-6246policy-controller
image to remediate
CVE-2023-6246linkerd policy generate
CLI commandlinkerd policy generate
CLI command to only generate policy for
enterprise
and preview
proxiesproxy-init
image to remediate
CVE-2023-6129proxy-init
image to remediate
CVE-2023-6129proxy-init
image to remediate
CVE-2023-6129linkerd check --pre
failurelinkerd fips audit
CLI command, to audit FIPS compliance on
Linkerd-enabled clusterspreview
channellinkerd fips audit
CLI command, to audit FIPS compliance on
Linkerd-enabled clusterslinkerd-multicluster
supportlinkerd inject
would unnecessarily set a
config.linkerd.io/init-image-version
annotationlinkerd inject
would unnecessarily set a
config.linkerd.io/init-image-version
annotationproxy-init
image to remediate
CVE-2023-5678proxy-init
image to remediate
CVE-2023-5678proxy-init
image to remediate
CVE-2023-5363proxy-init
image to remediate
CVE-2023-5363