Buoyant Enterprise for Linkerd | Release notes

enterprise-2.19.4

Fri, 19 Dec 2025 00:00:00 +0000

The 2.19.4 point release fixes an issue with TLS algorithm negotiation that may affect connection establishment with other FIPS proxy versions. It also reduces memory consumption in the destination controller when running federated services with large-scale rollouts.

Who should upgrade?

Users who run the FIPS-validated version of BEL should upgrade to this release when feasible.

Users of federated services who experience excessive memory usage in the destination controller during large-scale rollouts should upgrade to this release when feasible.

Other users should upgrade to this release at their convenience.

Upgrade guidance

Important: If you are a FIPS user and are upgrading from BEL 2.18, in order to preserve zero-downtime upgrades, you must first upgrade to 2.18.7 before upgrading to this release.

(For clarity, non-FIPS users who are upgrading from BEL 2.18 may upgrade as usual without this restriction, i.e. even from releases prior to 2.18.7; and FIPS users who are on running an earlier BEL 2.19 release may also upgrade as usual.)

Those caveats aside, this is a stable point release designed to introduce minimal change. Please see the instructions in Upgrading BEL for how to upgrade.

To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.38.1 or later.

Changelog

Fix an issue with TLS algorithm negotiation that may affect connection establishment with other FIPS-validated proxy versions
Fix an issue in the destination controller when running multi-cluster federated services that may cause an increase in memory consumption

enterprise-2.17.7

Mon, 15 Dec 2025 00:00:00 +0000

The 2.17.7 point release fixes an issue with TLS algorithm negotiation that may affect connection establishment with other FIPS proxy versions.

Previous release: enterprise-2.17.5.

(Note that there is no enterprise-2.17.6 release.)

Supported Kubernetes versions

For this release, the minimum supported Kubernetes version remains 1.22, and the maximum supported Kubernetes version remains 1.32.

Who should upgrade?

Users who run the FIPS-validated version of BEL should upgrade to this release when feasible.

Other users should upgrade to this release at their convenience.

Upgrade guidance

This is a stable point release designed to introduce minimal change. Please see the instructions in Upgrading BEL for how to upgrade.

To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.38.0 or later.

Changelog

Fix an issue with TLS algorithm negotiation that may affect connection establishment with other FIPS-validated proxy versions
Update golang to remediate CVE-2025-61727 and CVE-2025-61729

enterprise-2.18.7

Mon, 15 Dec 2025 00:00:00 +0000

The 2.18.7 point release fixes an issue with TLS algorithm negotiation that may affect connection establishment with other FIPS proxy versions. It also reduces memory consumption in the destination controller when running federated services with large-scale rollouts.

Previous release: enterprise-2.18.5.

(Note that there is no enterprise-2.18.6 release.)

Supported Kubernetes versions

For this release, the minimum supported Kubernetes version remains 1.22, and the maximum supported Kubernetes version remains 1.32.

Who should upgrade?

Users who run the FIPS-validated version of BEL should upgrade to this release when feasible.

Users of federated services who experience excessive memory usage in the destination controller during large-scale rollouts should upgrade to this release when feasible.

Other users should upgrade to this release at their convenience.

Upgrade guidance

This is a stable point release designed to introduce minimal change. Please see the instructions in Upgrading BEL for how to upgrade.

To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.38.0 or later.

Changelog

Fix an issue with TLS algorithm negotiation that may affect connection establishment with other FIPS-validated proxy versions
Fix an issue in the destination controller when running multi-cluster federated services that may cause an increase in memory consumption
Update golang to remediate CVE-2025-61727 and CVE-2025-61729

enterprise-2.19.3

Mon, 15 Dec 2025 00:00:00 +0000

The 2.19.3 stable point release updates some dependencies to address reported CVEs in underlying components.

Who should upgrade?

This is a CVE hygiene release. Users may upgrade to this release at their convenience.

Upgrade guidance

This is a stable point release designed to introduce minimal change. Please see the instructions in Upgrading BEL for how to upgrade.

To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.38.0 or later.

Changelog

Update golang to 1.25.5 to remediate CVE-2025-61727 and CVE-2025-61729

enterprise-2.17.5-1

Thu, 04 Dec 2025 00:00:00 +0000

Update golang.org/x/crypto dependency to remediate: GHSA-j5w8-q4qc-rx2x (maps to CVE-2025-58181) and GHSA-f6x5-jh6r-wrfv (maps to CVE-2025-47914)

To upgrade with BEL’s lifecycle automation operator, you will need Buoyant Extension version v0.38.0 or later.