Buoyant Enterprise for Linkerd


June 12, 2024

The 2.15.4 stable point release includes a variety of bug fixes and some minor diagnostic and configuration features.

Previous release: enterprise-2.15.3.

Who should upgrade?

  • Users who are seeing OOMKills in the linkerd-destination service at scale should upgrade. This release improves memory of the destination controller at scale.
  • Users who are using HTTPRoutes should upgrade. This release fixes several issues, including issues that may cause routing to fail sporadically.
  • Users who have to unset an existing ENVIRONMENT environment variable to use the Linkerd CLI may upgrade to avoid this issue.

All other users may upgrade at their convenience or skip this release.

How to upgrade

Please see the instructions in Upgrading BEL.

To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.29.0 or later.

Full Changelog

CLI changes

  • Fix an issue where linkerd install-cni was outputting an invalid image URL
  • Fix an issue where the CLI was reading configuration information from an ENVIRONMENT envvar, which was sometimes already set in customer environments. The CLI no longer uses this variable.
  • Add a new --token flag to the linkerd diagnostics policy command, to allow users to see the policy from the perspective of a a specific Kubernetes context (backported from linkerd2#12613)

Control plane changes

  • Remove unnecessary stream concurrency limits (backported from linkerd2#12598)
  • Allow control plane components to specify concurrency (backported from linkerd2#12643)
  • Fix issue where initial outbound policy did not contain producer routes (backported from linkerd2#12619)
  • Set backend_not_found route status when any backends are not found (backported from linkerd2#12565)
  • Reindex outbound policy backends when a service changes (backported from linkerd2#12635)

CVE remediations and updates

  • Update busybox in proxy-init Docker image to remediate CVE-2023-42364
  • Update busybox in proxy-init Docker image to remediate CVE-2023-42365
  • Update the default Docker image user to be non-root, which was occasionally being flagged by overly pedantic vulnerability scanners
  • Update Go from 1.22.3 to 1.22.4