Skip to content

stable-2.14.2#11539

Merged
mateiidavid merged 8 commits intorelease/stable-2.14from
matei/stable-2.14.2
Oct 26, 2023
Merged

stable-2.14.2#11539
mateiidavid merged 8 commits intorelease/stable-2.14from
matei/stable-2.14.2

Conversation

@mateiidavid
Copy link
Member

@mateiidavid mateiidavid commented Oct 26, 2023
edited
Loading

This stable release fixes issues in the proxy and Destination controller which
can result in Linkerd proxies sending traffic to stale endpoints. In addition,
it contains a bug fix for profile resolutions for pods bound on host ports and
includes patches for security advisory CVE-2023-44487/GHSA-qppj-fm5r-hxr3

  • Control Plane

    • Fixed an issue where the Destination controller could stop processing
      changes in the endpoints of a destination, if a proxy subscribed to that
      destination stops reading service discovery updates. This issue results in
      proxies attempting to send traffic for that destination to stale endpoints
      (#11491, fixes #11480, #11279, #10590)
    • Fixed an issue where the Destination controller would not update pod
      metadata for profile resolutions for a pod accessed via the host network
      (e.g. HostPort endpoints) (#11334)
    • Addressed CVE-2023-44487/GHSA-qppj-fm5r-hxr3 by upgrading several
      dependencies (including Go's gRPC and net libraries)

  • Proxy

    • Fixed a regression where the proxy rendered grpc_status metric labels as
      a string rather than as the numeric status code (linkerd2-proxy#2480;
      fixes #11449)
    • Fixed a regression introduced in stable-2.13.0 where proxies would not
      terminate unusred service discovery watches, exerting backpressure on the
      Destination controller which could cause it to become stuck
      (linkerd2-proxy#2484)

@mateiidavid
stable-2.14.2
4b60b55 
This stable release fixes issues in the proxy and Destination controller which
can result in Linkerd proxies sending traffic to stale endpoints. In addition,
it contains a bug fix for profile resolutions for pods bound on host ports and
includes patches for security advisory [CVE-2023-44487]/GHSA-qppj-fm5r-hxr3

* Control Plane
  * Fixed an issue where the Destination controller could stop processing
    changes in the endpoints of a destination, if a proxy subscribed to that
    destination stops reading service discovery updates. This issue results in
    proxies attempting to send traffic for that destination to stale endpoints
    ([#11483], fixes [#11480], [#11279], [#10590])
  * Fixed an issue where the Destination controller would not update pod
    metadata for profile resolutions for a pod accessed via the host network
    (e.g. HostPort endpoints) ([#11334])
  * Addressed [CVE-2023-44487]/GHSA-qppj-fm5r-hxr3 by upgrading several
    dependencies (including Go's gRPC and net libraries)

* Proxy
  * Fixed a regression where the proxy rendered `grpc_status` metric labels as
    a string rather than as the numeric status code ([linkerd2-proxy#2480];
    fixes [#11449])
  * Fixed a regression introduced in stable-2.13.0 where proxies would not
    terminate unusred service discovery watches, exerting backpressure on the
    Destination controller which could cause it to become stuck
    ([linkerd2-proxy#2484])

[#10590]: #10590
[#11279]: #11279
[#11483]: #11483
[#11480]: #11480
[#11334]: #11334
[#11449]: #11449
[CVE-2023-44487]: GHSA-qppj-fm5r-hxr3
[linkerd2-proxy#2480]: linkerd/linkerd2-proxy#2480
[linkerd2-proxy#2484]: linkerd/linkerd2-proxy#2484

Signed-off-by: Matei David <[email protected]>
@mateiidavid mateiidavid requested a review from a team as a code owner October 26, 2023 19:58
@mateiidavid
Fix queue PR id
3d789dd 
Signed-off-by: Matei David <[email protected]>
@mateiidavid
Fix the fix
470f4d1 
Signed-off-by: Matei David <[email protected]>
alpeb
alpeb reviewed Oct 26, 2023
View reviewed changes
@mateiidavid @alpeb
Update CHANGES.md
288d695 
Co-authored-by: Alejandro Pedraza <[email protected]>
olix0r
olix0r approved these changes Oct 26, 2023
View reviewed changes
mateiidavid and others added 2 commits October 26, 2023 20:09
@mateiidavid
Bump chart patches
5a379e7 
Signed-off-by: Matei David <[email protected]>
@mateiidavid @olix0r
Update CHANGES.md
2ec1f6b 
Co-authored-by: Oliver Gould <[email protected]>
alpeb
alpeb approved these changes Oct 26, 2023
View reviewed changes
Copy link
Member

@alpeb alpeb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo not bumping the linkerd2-cni chart version 😉

@mateiidavid mateiidavid merged commit 2f25cde into release/stable-2.14 Oct 26, 2023
@mateiidavid mateiidavid deleted the matei/stable-2.14.2 branch October 26, 2023 21:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olix0r olix0r olix0r approved these changes

@alpeb alpeb alpeb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mateiidavid @olix0r @alpeb