enterprise-2.15.6
October 14, 2024
The 2.15.6 stable point release includes bugfixes and minor improvements.
Previous release: enterprise-2.15.5.
Supported Kubernetes versions
For this release, the minimum supported Kubernetes version remains 1.22, and the maximum supported Kubernetes version has been increased to 1.31.
Who should upgrade?
2.15.x users who use gRPC with retries should upgrade to this version, or to 2.16.1. All other users may upgrade at their convenience or skip this release.
Upgrade guidance
This is a stable point release designed to introduce minimal change. Please see the instructions in Upgrading BEL for how to upgrade.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.1 or later.
Changelog
CLI changes
- Fix
linkerd policy generate
command to work on with BEL proxies that have custom image names.
Helm changes
- Add support for configuring the timeout and failure thresholds for health probes of the multicluster gateway (linkerd2#13061)
Proxy changes
- Fix a bug in which the
linkerd2-proxy
may panic if a response was received before a request frame with theEND_STREAM
flag was sent (linkerd2-proxy#3216)
CVE remediations and updates
- Update Go Docker dependency in
controller
for both non-FIPS and FIPS to remediate CVE-2024-41110 - Update Go from 1.22.5 to 1.23.2 in
controller
,proxy
, andproxy-init
for both non-FIPS and FIPS to remediate CVE-2024-34155, CVE-2024-34156, and CVE-2024-34158 - Update
libssl3
inextension-init
andpolicy-controller
for FIPS and inproxy
for both non-FIPS and FIPS to remediate CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, and CVE-2024-6119 - Update
openssl
inextension-init
andpolicy-controller
for FIPS to remediate CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-5535, and CVE-2024-6119 - Update
libcrypto3
andlibssl3
inproxy-init
for both non-FIPS and FIPS to remediate CVE-2024-5535 and CVE-2024-6119