enterprise-2.15.2
April 5, 2024
The 2.15.2 stable point release includes bug fixes, CVE remediations, and some minor feature updates. It merges HAZL into the main proxy build (previous releases required a separate build), improves certain metrics, and fixes a memory leak in the policy controller.
Who should upgrade?
- Users who want to use the high-availability zonal load balancer (HAZL) should upgrade to this release, as it no longer requires a separate proxy image.
- Users who are experiencing a memory leak in the policy controller component of the control plane should upgrade.
- Other users should upgrade at their convenience.
How to upgrade
Please follow the instructions in Upgrading Buoyant Enterprise for Linkerd.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.27.4 or later.
Full Changelog
CLI changes
- Introduce a
linkerd license
CLI command, to output client and server license information. - Update
linkerd check
to validate Linkerd version strings that include build and patch info, e.g.enterprise-2.15.1-1-fips
Helm changes
- Introduce a
licenseSecret
Helm value to allow storing the Buoyant license in a Kubernetes secret.
Control plane changes
- Backport fix(injector): Stop emitting warnings about skipped resources (linkerd2#12254)
- Backport fix(destination): Removes should not change local traffic policy (linkerd2#12325)
- Backport fix(identity): Log token validation errors at WARN (linkerd2#12187)
- Backport fix(cli): Remove kube-system injection check (linkerd2#12263)
- Backport fix(policy): Don’t patch httproute status if it hasn’t changed (linkerd2#12215)
Proxy changes
- Include HAZL in the default proxy image
- Backport chore(api-resolve): Expose endpoint weights (linkerd2-proxy#2812)
- Backport chore: Fix Clippy warnings on nightly (linkerd2-proxy#2810)
CVE remediations and updates
- Update Rust mio dependency to remediate CVE-2024-27308 (first fixed in hotpatch enterprise-2.15.1-1)
- Update google.golang.org/protobuf dependency to remediate CVE-2024-24786 (first fixed in hotpatch enterprise-2.15.1-2)
- Update Go docker dependency to remediate CVE-2024-24557 (first fixed in hotpatch enterprise-2.15.1-3)
- Update Go helm dependency to remediate CVE-2019-25210 (first fixed in hotpatch enterprise-2.15.1-3)
- Update Go http2 dependency to remediate CVE-2023-45288
- Update Rust h2 dependency to remediate GHSA-q6cp-qfwq-4gcv
- Update Go from 1.22.1 to 1.22.2