enterprise-2.16.1
October 14, 2024
The 2.16.1 stable point release includes bugfixes and minor improvements.
Previous release: enterprise-2.16.0.
Supported Kubernetes versions
For this release, the minimum supported Kubernetes version remains 1.22, and the maximum supported Kubernetes version has been increased to 1.31.
Who should upgrade?
2.16.0 users who use gRPC with retries should upgrade to this version. All other users may upgrade at their convenience or skip this release.
Upgrade guidance
This is a stable point release designed to introduce minimal change. Please see the instructions in Upgrading BEL for how to upgrade.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.32.1 or later.
Changelog
CLI changes
- Fix
linkerd policy generate
command to work on with BEL proxies that have custom image names.
Helm changes
- Improved configurability of the health probes for the multicluster gateway. After applying a Link CR, just tweak the new failureThreshold and timeout fields.
- Fix ability to set tolerations for the
linkerd-autoregistration
andlinkerd-enterprise
workloads - Docker images and Helm packages are now signed. Learn more.
Proxy changes
- Fix a bug in which the
linkerd2-proxy
may panic if a response was received before a request frame with theEND_STREAM
flag was sent (linkerd2-proxy#3216)
CVE remediations and updates
- Update Go from 1.22.5 to 1.23.2 in
controller
,proxy
, andproxy-init
for both non-FIPS and FIPS to remediate CVE-2024-34155, CVE-2024-34156, and CVE-2024-34158 - Update
libssl3
inextension-init
andpolicy-controller
for FIPS, and inproxy
for both non-FIPS and FIPS to remediate CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, and CVE-2024-6119 - Update
openssl
inextension-init
andpolicy-controller
for FIPS to remediate CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-5535, and CVE-2024-6119 - Update
libcrypto3
andlibssl3
inproxy-init
for both non-FIPS and FIPS to remediate CVE-2024-6119