enterprise-2.15.5
July 11, 2024
The 2.15.5 stable point release includes a variety of bug fixes and proxy configuration features, including a fix for CVE-2024-40632.
Previous release: enterprise-2.15.4.
Who should upgrade?
- Users who are experiencing panics in the destination controller, or who want
to run the CLI without setting the
BUOYANT_LICENSE
envvar, should upgrade. - Users who want to further secure their Linkerd installation by disabling the
/shutdown
endpoint or by removing HTTP header content from debug logging, should upgrade.
All other users may upgrade at their convenience or skip this release.
How to upgrade
Please see the instructions in Upgrading BEL.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.30.0 or later.
Full Changelog
CLI changes
- Remove requirement that CLI users must always set the
BUOYANT_LICENSE
environment variable. Note that a license must still be provided to commands that require it (e.g.install
), either via the environment variable or the--set license=...
flag. - Improve error handling and timeout behavior in the
linkerd license
command
Control plane changes
- Fix panic in the destination controller when reading endpoint hostname (backported from linkerd2#12689)
Proxy changes
- Add config to disable proxy
/shutdown
admin endpoint (backported from linkerd2#12705). When enabled, this remediates CVE-2024-40632. - Add config to disable outputting HTTP headers by default in proxy debug logs (backported from linkerd2#12665)
Mesh expansion changes
- Remove empty shortnames from ExternalWorkload (backported from linkerd2#12793)
CVE remediations and updates
- Update extension-init, policy-controller, and proxy base images to remediate CVE-2023-5678 (first fixed in hotpatch enterprise-2.15.4-1)
- Update extension-init, policy-controller, and proxy base images to remediate CVE-2023-6129 (first fixed in hotpatch enterprise-2.15.4-1)
- Update extension-init, policy-controller, and proxy base images to remediate CVE-2024-0727 (first fixed in hotpatch enterprise-2.15.4-1)
- Update Go from 1.22.4 to 1.22.5