Buoyant Enterprise for Linkerd

enterprise-2.15.5

July 11, 2024

The 2.15.5 stable point release includes a variety of bug fixes and proxy configuration features, including a fix for CVE-2024-40632.

Previous release: enterprise-2.15.4.

Who should upgrade?

  • Users who are experiencing panics in the destination controller, or who want to run the CLI without setting the BUOYANT_LICENSE envvar, should upgrade.
  • Users who want to further secure their Linkerd installation by disabling the /shutdown endpoint or by removing HTTP header content from debug logging, should upgrade.

All other users may upgrade at their convenience or skip this release.

How to upgrade

Please see the instructions in Upgrading BEL.

To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.30.0 or later.

Full Changelog

CLI changes

  • Remove requirement that CLI users must always set the BUOYANT_LICENSE environment variable. Note that a license must still be provided to commands that require it (e.g. install), either via the environment variable or the --set license=... flag.
  • Improve error handling and timeout behavior in the linkerd license command

Control plane changes

  • Fix panic in the destination controller when reading endpoint hostname (backported from linkerd2#12689)

Proxy changes

  • Add config to disable proxy /shutdown admin endpoint (backported from linkerd2#12705). When enabled, this remediates CVE-2024-40632.
  • Add config to disable outputting HTTP headers by default in proxy debug logs (backported from linkerd2#12665)

Mesh expansion changes

  • Remove empty shortnames from ExternalWorkload (backported from linkerd2#12793)

CVE remediations and updates