November 6, 2025
- Update
golangto remediate CVE-2025-47912, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, and CVE-2025-58183
Buoyant Enterprise for Linkerd
The enterprise distribution of Linkerd brought to you by Buoyant, the creators of Linkerd.
November 6, 2025
- Update
golangto remediate CVE-2025-47912, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, and CVE-2025-58183
October 31, 2025
Linkerd 2.19 is a new major release that adds support for Windows containers and post-quantum cryptography, improves Linkerd’s supply chain security, and optionally supports FIPS 140-3 validated encryption.
enterprise-2.18.3-3
hotpatchOctober 3, 2025
- Update
libcrypto3andlibssl3to remediate CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232
enterprise-2.17.3-3
hotpatchOctober 3, 2025
- Update
libcrypto3andlibssl3to remediate CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232
enterprise-2.18.3-2
hotpatchSeptember 15, 2025
- Update
libc6to remediate CVE-2025-4802 and CVE-2025-8058
enterprise-2.17.3-2
hotpatchSeptember 15, 2025
- Update
libc6to remediate CVE-2025-4802 and CVE-2025-8058
enterprise-2.16.5-4
hotpatchSeptember 15, 2025
- Update
libc6to remediate CVE-2025-4802 and CVE-2025-8058
enterprise-2.18.3-1
hotpatchAugust 20, 2025
- Update Go version from 1.24.5 to 1.25.0 to remediate CVE-2025-47907
- Update Go Helm dependency to remediate GHSA-9h84-qmv7-982p and GHSA-f9f8-9pmf-xv68
enterprise-2.17.3-1
hotpatchAugust 20, 2025
- Update Go version from 1.24.5 to 1.25.0 to remediate CVE-2025-47907
- Update Go Helm dependency to remediate GHSA-9h84-qmv7-982p and GHSA-f9f8-9pmf-xv68
enterprise-2.16.5-3
hotpatchAugust 11, 2025
- Update
libcrypto3andlibssl3inproxy-initfor both non-FIPS and FIPS to remediate CVE-2024-13176 - Update
golang.org/x/oauth2to0.27.0to remediate CVE-2025-22868 - Update Helm dependency to
v3.17.4to remediate GHSA-557j-xg8c-q2mm
July 29, 2025
The 2.18.3 stable point release includes bugfixes and minor improvements.
July 23, 2025
The 2.17.3 stable point release includes bugfixes and minor improvements.
July 9, 2025
The 2.18.2 stable point release includes a proxy bugfix, adds a signed multiarch
SBOM index, and removes an incorrect deprecation warning in the
linkerd upgrade command.
enterprise-2.18.1-1
hotpatchJune 23, 2025
- Update
golangto 1.24.4 for both non-FIPS and FIPS to remediate CVE-2025-22874, CVE-2025-0913, and CVE-2025-4673.
enterprise-2.17.2-2
hotpatchJune 23, 2025
- Update
golangto 1.24.4 for both non-FIPS and FIPS to remediate CVE-2025-22874, CVE-2025-0913, and CVE-2025-4673.
enterprise-2.16.5-2
hotpatchJune 23, 2025
- Update
golangto 1.24.4 for both non-FIPS and FIPS to remediate CVE-2025-22874, CVE-2025-0913, and CVE-2025-4673.
June 9, 2025
The 2.18.1 stable point release includes bugfixes and improvements to HAZL configuration.
enterprise-2.18.0-1
hotpatchJune 2, 2025
- Update
libssl3for both non-FIPS and FIPS to remediate CVE-2024-13176
enterprise-2.17.2-1
hotpatchJune 2, 2025
- Update
libssl3for both non-FIPS and FIPS to remediate CVE-2024-13176
enterprise-2.16.5-1
hotpatchJune 2, 2025
- Update
libssl3for both non-FIPS and FIPS to remediate CVE-2024-13176
May 5, 2025
The 2.17.2 stable point release addresses CVE-2025-43915 and includes additional dependency upgrades.
May 5, 2025
The 2.16.5 stable point release addresses CVE-2025-43915 and includes additional dependency upgrades.
enterprise-2.15.7-9
hotpatchMay 1, 2025
- Bump golang.org/x/net to
0.39.0to remediate GHSA-vvgc-356p-c3xw and GHSA-qxp5-gwg8-xv66 - Bump helm.sh/helm/v3 to
v3.17.3remediate GHSA-4hfp-h4cw-hj8p and GHSA-5xqw-8hwv-wg92 - Bump Go to
1.24.2to remediate CVE-2025-22871 CVE-2025-22871
April 28, 2025
Linkerd 2.18 is a new major release that adds GitOps-compatible multicluster linking, improved support for the Gateway API, protocol declarations, and a host of other features and bugfixes.
enterprise-2.17.1-5
hotpatchMarch 24, 2025
- Update
jwtto remediate GHSA-mh63-6h87-95cp - Update
containerdto remediate GHSA-265r-hfxg-fhmg - Update
libc6inextension-initandpolicy-controllerfor FIPS, and inproxyfor both non-FIPS and FIPS to remediate CVE-2025-0395 - Update
golang.org/xdeps for GHSA-qxp5-gwg8-xv66
enterprise-2.16.4-5
hotpatchMarch 24, 2025
- Updated
jwtto remediate GHSA-mh63-6h87-95cp - Updated
containerdto remediate GHSA-265r-hfxg-fhmg - Updated
libc6inextension-initandpolicy-controllerfor FIPS, and inproxyfor both non-FIPS and FIPS to remediate CVE-2025-0395 - Updated
golang.org/xdeps for GHSA-qxp5-gwg8-xv66
enterprise-2.15.7-8
hotpatchMarch 24, 2025
- Updated
jwtto remediate GHSA-mh63-6h87-95cp - Updated
containerdto remediate GHSA-265r-hfxg-fhmg - Updated
libc6inextension-initandpolicy-controllerfor FIPS, and inproxyfor both non-FIPS and FIPS to remediate CVE-2025-0395 - Updated
golang.org/xdeps for GHSA-qxp5-gwg8-xv66
enterprise-2.17.1-4
hotpatchMarch 7, 2025
- Update
opensslto 3.1.8 inextension-initandpolicy-controllerFIPS images to remediate CVE-2024-9143 and CVE-2024-13176 - Update Go to 1.24.1
- Fixed
linkerd jaeger installCLI command outputting an invalid webhook image name
enterprise-2.16.4-4
hotpatchMarch 7, 2025
- Updated
opensslto 3.1.8 inextension-initandpolicy-controllerFIPS images to remediate CVE-2024-9143 and CVE-2024-13176 - Updated Go to 1.24.1
- Fixed
linkerd jaeger installCLI command outputting an invalid webhook image name
enterprise-2.15.7-7
hotpatchMarch 7, 2025
- Updated
opensslto 3.1.8 inextension-initandpolicy-controllerFIPS images to remediate CVE-2024-9143 and CVE-2024-13176 - Updated Go to 1.24.1
enterprise-2.17.1-3
hotpatchFebruary 25, 2025
- Update
libcrypto3andlibssl3inproxy-initfor both non-FIPS and FIPS to remediate CVE-2025-26519
enterprise-2.16.4-3
hotpatchFebruary 25, 2025
- Update
libcrypto3andlibssl3inproxy-initfor both non-FIPS and FIPS to remediate CVE-2025-26519
enterprise-2.15.7-6
hotpatchFebruary 25, 2025
- Update
libcrypto3andlibssl3inproxy-initfor both non-FIPS and FIPS to remediate CVE-2025-26519
enterprise-2.17.1-2
hotpatchFebruary 12, 2025
- Update Go to 1.23.6 to remediate CVE-2025-22866
enterprise-2.16.4-2
hotpatchFebruary 12, 2025
- Updated Go to 1.23.6 to remediate CVE-2025-22866
enterprise-2.15.7-5
hotpatchFebruary 12, 2025
- Updated Go to 1.23.6 to remediate CVE-2025-22866
enterprise-2.17.1-1
hotpatchFebruary 9, 2025
- Update
libcrypto3andlibssl3inproxy-initfor both non-FIPS and FIPS to remediate CVE-2024-13176
enterprise-2.16.4-1
hotpatchFebruary 9, 2025
- Update
libcrypto3andlibssl3inproxy-initfor both non-FIPS and FIPS to remediate CVE-2024-13176
enterprise-2.15.7-4
hotpatchFebruary 9, 2025
- Update
libcrypto3andlibssl3inproxy-initfor both non-FIPS and FIPS to remediate CVE-2024-13176
enterprise-2.15.7-3
hotpatchFebruary 6, 2025
- Updated Go to 1.23.5 to remediate CVE-2024-45336 and CVE-2024-45341
February 4, 2025
The 2.17.1 stable point release includes bugfixes and minor improvements.
February 4, 2025
The 2.16.4 stable point release includes bugfixes and minor improvements.
enterprise-2.17.0-2
hotpatchDecember 23, 2024
- Update Go net dependency in
controllerfor both non-FIPS and FIPS to remediate GHSA-w32m-9786-jp63
enterprise-2.16.3-2
hotpatchDecember 23, 2024
- Update Go net dependency in
controllerfor both non-FIPS and FIPS to remediate GHSA-w32m-9786-jp63
enterprise-2.15.7-2
hotpatchDecember 23, 2024
- Update Go net dependency in
controllerfor both non-FIPS and FIPS to remediate GHSA-w32m-9786-jp63
enterprise-2.17.0-1
hotpatchDecember 13, 2024
- Update Go crypto dependency in
controllerfor both non-FIPS and FIPS to remediate GHSA-v778-237x-gjrc - Update Go from 1.23.2 to 1.23.4
enterprise-2.16.3-1
hotpatchDecember 13, 2024
- Update Go crypto dependency in
controllerfor both non-FIPS and FIPS to remediate GHSA-v778-237x-gjrc - Update Go from 1.23.2 to 1.23.4
enterprise-2.15.7-1
hotpatchDecember 13, 2024
- Update Go crypto dependency in
controllerfor both non-FIPS and FIPS to remediate GHSA-v778-237x-gjrc - Update Go from 1.23.2 to 1.23.4
December 11, 2024
The 2.16.3 stable point release includes bugfixes and minor improvements.
December 11, 2024
The 2.15.7 stable point release includes bugfixes and minor improvements.
December 5, 2024
Linkerd 2.17 is a new major release that adds rate limiting, federated services, and monitoring and control of egress traffic from the cluster. See our Linkerd 2.17 announcement blog post for more details.
enterprise-2.16.2-1
hotpatchNovember 13, 2024
- Update
libssl3inextension-initandpolicy-controllerfor FIPS, and inproxyfor both non-FIPS and FIPS to remediate CVE-2024-5535, and CVE-2024-9143 - Update
libcrypto3andlibssl3inproxy-initfor both non-FIPS and FIPS to remediate CVE-2024-9143
enterprise-2.15.6-1
hotpatchNovember 13, 2024
- Update
libssl3inextension-initandpolicy-controllerfor FIPS, and inproxyfor both non-FIPS and FIPS to remediate CVE-2024-5535, and CVE-2024-9143 - Update
libcrypto3andlibssl3inproxy-initfor both non-FIPS and FIPS to remediate CVE-2024-9143
November 4, 2024
The 2.16.2 stable point release includes bugfixes and minor improvements.
October 14, 2024
The 2.16.1 stable point release includes bugfixes and minor improvements.
October 14, 2024
The 2.15.6 stable point release includes bugfixes and minor improvements.
August 13, 2024
Linkerd 2.16 is a new major release that adds new retry, timeout, and per-route metrics to HTTPRoute and GRPCRoute types, bringing Linkerd’s Gateway API implementation to feature parity with ServiceProfiles and addressing some long-standing wrinkles with these features. Linkerd 2.16 also adds support for IPv6 and introduces an audit mode for Linkerd’s zero trust network policies.
enterprise-2.15.5-2
hotpatchJuly 30, 2024
- Updated Go docker dependency to remediate CVE-2024-41110
enterprise-2.15.5-1
hotpatchJuly 24, 2024
- Updated Go Kubernetes dependencies to remediate CVE-2024-5321
- Updated Rust openssl dependency to remediate GHSA-q445-7m23-qrmw
- Updated proxy-init base image to remediate CVE-2024-5535
July 11, 2024
The 2.15.5 stable point release includes a variety of bug fixes and proxy configuration features, including a fix for CVE-2024-40632.
enterprise-2.15.4-1
hotpatchJuly 8, 2024
- Updated extension-init, policy-controller, and proxy base images to remediate CVE-2023-5678
- Updated extension-init, policy-controller, and proxy base images to remediate CVE-2023-6129
- Updated extension-init, policy-controller, and proxy base images to remediate CVE-2024-0727
June 12, 2024
The 2.15.4 stable point release includes a variety of bug fixes and some minor diagnostic and configuration features.
May 20, 2024
The 2.15.3 stable point release includes a variety of bug fixes, usability improvements, and new diagnostic and configuration features. It also adjusts the default configuration of the HAZL load balancer to be more aggressive in shifting load to other zones.
enterprise-2.15.2-3
hotpatchMay 3, 2024
- Updated proxy base image to remediate CVE-2024-2961
enterprise-2.15.2-2
hotpatchMay 2, 2024
- Updated proxy build base image to remediate CVE-2024-2961
enterprise-2.15.2-1
hotpatchApril 22, 2024
- Updated Rust rustls dependency to remediate CVE-2024-32650
April 5, 2024
The 2.15.2 stable point release includes bug fixes, CVE remediations, and some minor feature updates. It merges HAZL into the main proxy build (previous releases required a separate build), improves certain metrics, and fixes a memory leak in the policy controller.
enterprise-2.15.1-3
hotpatchMarch 20, 2024
- Updated Go docker dependency to remediate CVE-2024-24557
- Updated Go helm dependency to remediate CVE-2019-25210
enterprise-2.15.1-2
hotpatchMarch 7, 2024
- Updated google.golang.org/protobuf dependency to remediate CVE-2024-24786
- Updated Go to 1.22.1
enterprise-2.15.1-1
hotpatchMarch 4, 2024
- Updated Rust mio dependency to remediate CVE-2024-27308
February 23, 2024
This is a minor update that is primarily intended to assist Enterprise Plan users who are enabling HAZL.
February 21, 2024
Linkerd 2.15 is a new major release that adds support for workloads outside of Kubernetes. This new “mesh expansion” feature allows Linkerd users to bring applications running on VMs, physical machines, and other non-Kubernetes locations into the mesh.