enterprise-2.17.2
May 5, 2025
The 2.17.2 stable point release addresses CVE-2025-43915 and includes additional dependency upgrades.
Previous release: enterprise-2.17.1.
Supported Kubernetes versions
For this release, the minimum supported Kubernetes version remains 1.22, and the maximum supported Kubernetes version remains 1.32.
Who should upgrade?
Customers who are affected by CVE-2025-43915 should upgrade. All other customers should upgrade at their convenience. Note that there is a minor breaking change in this release, in order to mitigate this CVE. See upgrade guidance below.
Upgrade guidance
This is a stable point release designed to introduce minimal change. However,
remediating CVE-2025-43915 requires disabling
the hostname label on egress metrics and the authority label on inbound
metrics by default. If you make use of these metrics labels, you must explicitly
re-enable them in this release. See
here
for the hostname label and
here for the
authority label. Please see the instructions in
Upgrading BEL for how to upgrade.
To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.35.0 or later.
Changelog
- Add cluster-level default configuration for outbound hostname metrics.
- Update distroless/cc-debian12 from db46784 to 3c62069
- Update golang from 1.24.1-alpine to 1.24.2-alpine
- Update library/ubuntu from focal-20241011 to focal-20250404
- Update curlimages/curl from 8.12.1 to 8.13.0
- Update library/ubuntu from focal-20241011 to focal-20250404
- Bump golang.org/x/net to 0.39.0 to remediate GHSA-vvgc-356p-c3xw
- Bump helm.sh/helm/v3 to v3.17.3 remediate GHSA-4hfp-h4cw-hj8p and GHSA-5xqw-8hwv-wg92
- Bump github.com/containerd/containerd to v1.7.27 to remediate CVE-2024-40635