preview-24.11.4
November 25, 2024
- Release candidate for the
enterprise-2.17.0
release
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.33.1 or later.
A production-ready distribution of Linkerd brought to you by Buoyant, the creators of Linkerd.
enterprise-2.17.0
releaseTo upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.33.1 or later.
enterprise-2.17.0
releaseTo upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.33.1 or later.
libssl3
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2024-5535, and
CVE-2024-9143libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-9143To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.33.0 or later.
libssl3
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2024-5535, and
CVE-2024-9143libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-9143To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.33.0 or later.
libssl3
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2024-5535, and
CVE-2024-9143libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-9143To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.33.0 or later.
The 2.16.2 stable point release includes bugfixes and minor improvements.
Previous release: enterprise-2.16.1.
For this release, the minimum supported Kubernetes version remains 1.22, and the maximum supported Kubernetes version remains 1.31.
2.16.1 users who use the high-availability zonal load balancer (HAZL) should upgrade to this version. 2.16.0 users who use gRPC with retries should also upgrade.
This is a stable point release designed to introduce minimal change. Please see the instructions in Upgrading BEL for how to upgrade.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.33.0 or later.
linkerd license
command not outputting the server’s license in some
cases.The 2.16.1 stable point release includes bugfixes and minor improvements.
Previous release: enterprise-2.16.0.
For this release, the minimum supported Kubernetes version remains 1.22, and the maximum supported Kubernetes version has been increased to 1.31.
2.16.0 users who use gRPC with retries should upgrade to this version. All other users may upgrade at their convenience or skip this release.
This is a stable point release designed to introduce minimal change. Please see the instructions in Upgrading BEL for how to upgrade.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.1 or later.
linkerd policy generate
command to work on with BEL proxies that have
custom image names.linkerd-autoregistration
and
linkerd-enterprise
workloadslinkerd2-proxy
may panic if a response was received
before a request frame with the END_STREAM
flag was sent
(linkerd2-proxy#3216)controller
, proxy
, and proxy-init
for
both non-FIPS and FIPS to remediate
CVE-2024-34155,
CVE-2024-34156, and
CVE-2024-34158libssl3
in extension-init
and policy-controller
for FIPS, and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2024-2511,
CVE-2024-4603,
CVE-2024-4741, and
CVE-2024-6119openssl
in extension-init
and policy-controller
for FIPS to
remediate CVE-2023-0464,
CVE-2023-0465,
CVE-2023-0466,
CVE-2023-1255,
CVE-2023-2650,
CVE-2023-2975,
CVE-2023-3446,
CVE-2023-3817,
CVE-2023-4807,
CVE-2023-5363,
CVE-2023-5678,
CVE-2023-6129,
CVE-2023-6237,
CVE-2024-0727,
CVE-2024-2511,
CVE-2024-4603,
CVE-2024-5535, and
CVE-2024-6119libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-6119The 2.15.6 stable point release includes bugfixes and minor improvements.
Previous release: enterprise-2.15.5.
For this release, the minimum supported Kubernetes version remains 1.22, and the maximum supported Kubernetes version has been increased to 1.31.
2.15.x users who use gRPC with retries should upgrade to this version, or to 2.16.1. All other users may upgrade at their convenience or skip this release.
This is a stable point release designed to introduce minimal change. Please see the instructions in Upgrading BEL for how to upgrade.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.1 or later.
linkerd policy generate
command to work on with BEL proxies that have
custom image names.linkerd2-proxy
may panic if a response was received
before a request frame with the END_STREAM
flag was sent
(linkerd2-proxy#3216)controller
for both non-FIPS and FIPS to
remediate CVE-2024-41110controller
, proxy
, and proxy-init
for
both non-FIPS and FIPS to remediate
CVE-2024-34155,
CVE-2024-34156, and
CVE-2024-34158libssl3
in extension-init
and policy-controller
for FIPS and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2024-2511,
CVE-2024-4603,
CVE-2024-4741, and
CVE-2024-6119openssl
in extension-init
and policy-controller
for FIPS to
remediate CVE-2023-0464,
CVE-2023-0465,
CVE-2023-0466,
CVE-2023-1255,
CVE-2023-2650,
CVE-2023-2975,
CVE-2023-3446,
CVE-2023-3817,
CVE-2023-4807,
CVE-2023-5363,
CVE-2023-5678,
CVE-2023-6129,
CVE-2023-6237,
CVE-2024-0727,
CVE-2024-2511,
CVE-2024-4603,
CVE-2024-5535, and
CVE-2024-6119libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-5535
and CVE-2024-6119controller
for both non-FIPS and FIPS to
remediate
GHSA-7ww5-4wqc-m92ccontroller
, proxy
, and proxy-init
for
both non-FIPS and FIPS to remediate
CVE-2024-34155,
CVE-2024-34156, and
CVE-2024-34158libssl3
in extension-init
and policy-controller
for FIPS and in
proxy
for both non-FIPS and FIPS to remediate
CVE-2024-2511,
CVE-2024-4603,
CVE-2024-4741, and
CVE-2024-6119openssl
in extension-init
and policy-controller
for FIPS to
remediate CVE-2023-0464,
CVE-2023-0465,
CVE-2023-0466,
CVE-2023-1255,
CVE-2023-2650,
CVE-2023-2975,
CVE-2023-3446,
CVE-2023-3817,
CVE-2023-4807,
CVE-2023-5363,
CVE-2023-5678,
CVE-2023-6129,
CVE-2023-6237,
CVE-2024-0727,
CVE-2024-2511,
CVE-2024-4603,
CVE-2024-5535, and
CVE-2024-6119libcrypto3
and libssl3
in proxy-init
for both non-FIPS and FIPS
to remediate CVE-2024-6119To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.1 or later.
enterprise-2.16.1
releaseTo upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.1 or later.
enterprise-2.15.6
releaseTo upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.1 or later.
enterprise-2.16.1
releaseTo upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.1 or later.
enterprise-2.16.1
releaseTo upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.1 or later.
enterprise-2.15.6
releaseTo upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.1 or later.
Linkerd 2.16 is a new major release that adds new retry, timeout, and per-route metrics to HTTPRoute and GRPCRoute types, bringing Linkerd’s Gateway API implementation to feature parity with ServiceProfiles and addressing some long-standing wrinkles with these features. Linkerd 2.16 also adds support for IPv6 and introduces an audit mode for Linkerd’s zero trust network policies.
Buoyant Enterprise for Linkerd 2.16.0 also introduces new external workload automation to ease the management of VMs and other off-cluster workloads, and a “send a flare” remote diagnostics CLI command.
See the Linkerd 2.16 announcement blog post for more details.
This is a feature release. We recommend upgrading to BEL 2.16.0 for customers who:
Note that while BEL 2.16.0 includes several significant bugfixes, these have all been backported to earlier BEL 2.15.x point releases.
For this release, the minimum supported Kubernetes version is 1.22, and the maximum supported Kubernetes version is 1.29.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.0 or later.
There are several important notes before upgrading.
Linkerd 2.16 requires the Gateway API CRDs to be installed on the cluster. These CRDs can either be installed and managed by Linkerd, or they can be installed and managed by another component on the system. (For example, GCP clusters may already have these CRDs installed by default.)
If you want these CRDs to be managed by Linkerd (the default): proceed as normal. Linkerd will install these CRDs for you and upgrade them as appropriate.
If the CRDs are managed by another component: Set the enableHttpRoutes
setting to “false” when upgrading or installing Linkerd. In this mode, Linkerd
will not touch these CRDs. Note that if the CRDs correspond to an earlier
version of the Gateway API that does not include the GRPCRoute CRD, Linkerd’s
GRPCRoute-related functionality will not be available, but Linkerd will
otherwise operate normally.
To mitigate CVE-2024-40632,
in which a meshed application that is already vulnerable to an SSRF attack may
also leave the proxy open to shutdown, the /shutdown
endpoint is now disabled
by default. This endpoint is used to terminate the proxy programmatically,
typically by the linkerd-await
command as part of a meshed Job or CronJob
workload.
While native sidecar support has reduced the need for this endpoint, it can be
re-enabled by setting proxy.enableShutdownEndpoint
to “true”.
Due to an incompatibility between modern versions of glibc and old versions of
the Docker runtime engine, Linkerd 2.16 no longer supports Docker runtime
earlier than version 20.10.10
. Attempting to run Linkerd with an old Docker
runtime will result in a proxy crash.
To determine whether you have an older Docker runtime, run the command
kubectl get node -o jsonpath="{.items[*].status.nodeInfo.containerRuntimeVersion}"
If the output is of the form docker://20.x.y
, ensure the version is greater
than 20.10.10
. If the output is of the form containerd://...
, this issue
should not affect you.
Prior to Linkerd 2.16, HTTP headers were logged by the proxy when the log level
was set to debug or trace. These headers may contain sensitive information
such as access tokens. As of Linkerd 2.16, these headers are no longer part of
log output in debug or trace modes. Header output can be reenabled by
setting the logHTTPHeaders
configuration value to “insecure”.
disableIPv6:false
.
Learn more.ExternalGroup
CRD that provides
a principled way to manage multiple similar external applications (e.g.
multiple replicas); and an autoregistration control plane component that ties
the two together./shutdown
endpoint is now disabled by default, unless explicitly
enabled. (linkerd2#12705)backend_not_found
route status was being set incorrectly
(linkerd2#12565)http.ErrServerClosed
(linkerd2#12167)proxy-*-connect-timeout
annotations docs
(linkerd2#12155)linkerd policy generate
use audit-mode Server resources by default.
Previous behavior can be enabled by using the --disable-audit
flag.linkerd policy generate --concurrency
flag to decrease time
for policy generationadditionalEnv
values for custom
licenses is no longer necessary.linkerd-crds
and linkerd-control-plane
.controller
for both non-FIPS and FIPS to
remediate: CVE-2024-41110To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.31.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.31.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.30.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.30.0 or later.
The 2.15.5 stable point release includes a variety of bug fixes and proxy configuration features, including a fix for CVE-2024-40632.
Previous release: enterprise-2.15.4.
BUOYANT_LICENSE
envvar, should upgrade./shutdown
endpoint or by removing HTTP header content from debug logging,
should upgrade.All other users may upgrade at their convenience or skip this release.
Please see the instructions in Upgrading BEL.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.30.0 or later.
BUOYANT_LICENSE
environment variable. Note that a license must still be provided to commands
that require it (e.g. install
), either via the environment variable or the
--set license=...
flag.linkerd license
command/shutdown
admin endpoint (backported from
linkerd2#12705). When
enabled, this remediates
CVE-2024-40632.To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.30.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.30.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.30.0 or later.
The 2.15.4 stable point release includes a variety of bug fixes and some minor diagnostic and configuration features.
Previous release: enterprise-2.15.3.
HTTPRoutes
should upgrade. This release fixes several
issues, including issues that may cause routing to fail sporadically.ENVIRONMENT
environment variable to use
the Linkerd CLI may upgrade to avoid this issue.All other users may upgrade at their convenience or skip this release.
Please see the instructions in Upgrading BEL.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
linkerd install-cni
was outputting an invalid image URLENVIRONMENT
envvar, which was sometimes already set in customer
environments. The CLI no longer uses this variable.--token
flag to the linkerd diagnostics policy
command, to allow
users to see the policy from the perspective of a a specific Kubernetes
context (backported from
linkerd2#12613)backend_not_found
route status when any backends are not found
(backported from
linkerd2#12565)To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
The 2.15.3 stable point release includes a variety of bug fixes, usability improvements, and new diagnostic and configuration features. It also adjusts the default configuration of the HAZL load balancer to be more aggressive in shifting load to other zones.
Previous release: enterprise-2.15.2.
Please see the instructions in Upgrading BEL.
Note that in this release, we’ve moved the on-cluster storage for license keys from ConfigMaps to Secrets. Users with license keys in ConfigMaps will be automatically upgraded to a Secret. For more information on managing licenses, see Configuring license secret installation.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
--set license=
flag on install commandsdiagnostics profile
command (backported from
linkerd2#12383)port
field in the route status parent ref
(backported from
linkerd2#12454)To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.28.0 or later.
The 2.15.2 stable point release includes bug fixes, CVE remediations, and some minor feature updates. It merges HAZL into the main proxy build (previous releases required a separate build), improves certain metrics, and fixes a memory leak in the policy controller.
Please follow the instructions in Upgrading Buoyant Enterprise for Linkerd.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
linkerd license
CLI command, to output client and server license
information.linkerd check
to validate Linkerd version strings that include build
and patch info, e.g. enterprise-2.15.1-1-fips
licenseSecret
Helm value to allow storing the Buoyant license in
a Kubernetes secret.To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
linkerd check
to validate Linkerd version strings that include build
and and patch info, e.g. enterprise-2.15.1-1-fips
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
linkerd license
CLI command, to output client and server
license information.To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
licenseSecret
Helm value to allow storing the Buoyant license
in a Kubernetes secret.To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
This is a minor update that is primarily intended to assist Enterprise Plan users who are enabling HAZL.
Users on the Enterprise Plan who want to enable HAZL should upgrade.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.2 or later.
AdditionalEnv
and
AdditionalArgs
values,
allowing users to enable features such as HAZL (when available) with the newer
terminology.To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.2 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.3 or later.
Linkerd 2.15 is a new major release that adds support for workloads outside of Kubernetes. This new “mesh expansion” feature allows Linkerd users to bring applications running on VMs, physical machines, and other non-Kubernetes locations into the mesh.
Linkerd 2.15 also introduces support for SPIFFE, a standard for workload identity which allows Linkerd to provide cryptographic identity and authentication to off-cluster workloads.
Finally, Linkerd 2.15 adds support for native sidecar containers, a new Kubernetes feature that eases some of the long-standing annoyances of the sidecar model in Kubernetes, especially with Job workloads.
See the BEL 2.15 announcement blog post for more details.
This is a feature release that unlocks new capabilities. Users with non-Kubernetes workloads that they want to add to the mesh, or users who want to use Kubernetes 1.29, should upgrade.
Users with Job workloads, init container race conditions, or other situations that would benefit from native sidecar support, can upgrade to simplify their usage of Linkerd. Native sidecar support can obviate the need for linkerd-await in Job workloads and can allow Linkerd to work well with other init containers.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1 or later.
This release changes the minimum supported Kubernetes version to 1.22, and the update the maximum supported Kubernetes version to 1.29.
Job
s. Furthermore, traffic from other initContainer
s can now be
proxied by Linkerd (#11465;
fixes #11461).ExternalWorkload
CRD to support enrolling VMs into a meshed
Kubernetes clusterEndpointSlice
resources for Service
objects that select external workloadsJob
informer. The destination controller uses the metadata API
to retrieve Job
metadata, and relies mostly on informers. Without an
initialized informer, an error message would be logged, and the controller
relied on direct API calls
(#11541; fixes
#11531)Server
updates are handled in the destination service. The
change will ensure that during a cluster resync, consumers won’t be overloaded
by redundant updates
(#11907)INVALID_ARGUMENT
status codes
properly when a ServiceProfile
is requested for a service that does not
exist. (#11980)Server
selector are handled in the destination
service. When a Server
that marks a port as opaque no longer selects a
resource, the resource’s opaqueness will reverted to default settings
(#12031; fixes
#11995)externalWorkloadSelector
to the Server
resource to fascilitate
policy for ExternalWorkloads`
#11899EndpointSlices
that point ExternalWorkload
resources #11939MeshTLSAuthentication
#11882"duplicate metrics"
warning in the multicluster service-mirror
component #11875; fixes
#11839linkerd check
that ensures all extension namespaces are
configured properlylinkerd multicluster link
command’s
--gateway-addresses
flag was not respected when a remote gateway existsremoteDiscoverySelector
field in a
multicluster link would cause all services to be mirroredlinkerd-jaeger
’s imagePullSecrets
Helm value to also apply to the
namespace-metadata
ServiceAccount
#11504linkerd viz check
to attempt to validate that the Prometheus scrape
interval will work well with the CLI and Web query parameters
(#11376)ServiceProfile
CRD schema. The schema incorrectly
required that a not
response match should be an array, which the service
profile validator rejected since it expected an object. The schema has been
updated to properly indicate that not
values should be an object
(#11510; fixes
#11483)ServiceProfile
resources through linkerd profile --open-api
(#11519)multicluster check --timeout
flag to limit the time allowed
for Kubernetes API calls
(#11420; fixes
#11266)linkerd install
error output to add a newline when a Kubernetes
client cannot be successfully initialised
(#11917)prometheusUrl
field for the heartbeat job in the control plane Helm
chart (#11343; fixes
#11342)createNamespaceMetadataJob
Helm value to control whether the
namespace-metadata job is run during install
(#11782)podAnnotations
Helm value to allow adding additional annotations to
the Linkerd-Viz Prometheus Deployment
(#11374; fixes
#11365)namespaceSelector
fields for the tap-injector and jaeger-injector
webhooks. The webhooks are now configured to skip kube-system
by default
(#11649; fixes
#11647)opentelemetry-collector
in the jaeger extension
(#11283)podMonitors
field in the
control plane Helm chart
(#11222; fixes
#11175)PodDisruptionBudgets
in the linkerd-viz Helm chart for tap and
tap-injector (#11628; fixes
#11248)MutatingWebhookConfig
timeout value to be configured
(#12028; fixes
#12011)nodeAffinity
to deployment
templates in the linkerd-viz
and
linkerd-jaeger
Helm charts
(#11464; fixes
#10680)To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.3 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1 or later.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1 or later.
extension-init
and policy-controller
images to remediate
CVE-2023-6246extension-init
and policy-controller
images to remediate
CVE-2023-6246policy-controller
image to remediate
CVE-2023-6246To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.1 or later.
linkerd policy generate
CLI commandlinkerd policy generate
CLI command to only generate policy for
enterprise
and preview
proxiesproxy-init
image to remediate
CVE-2023-6129proxy-init
image to remediate
CVE-2023-6129proxy-init
image to remediate
CVE-2023-6129linkerd check --pre
failurelinkerd fips audit
CLI command, to audit FIPS compliance on
Linkerd-enabled clusterspreview
channellinkerd fips audit
CLI command, to audit FIPS compliance on
Linkerd-enabled clusterslinkerd-multicluster
supportlinkerd inject
would unnecessarily set a
config.linkerd.io/init-image-version
annotationlinkerd inject
would unnecessarily set a
config.linkerd.io/init-image-version
annotationproxy-init
image to remediate
CVE-2023-5678proxy-init
image to remediate
CVE-2023-5678proxy-init
image to remediate
CVE-2023-5363proxy-init
image to remediate
CVE-2023-5363