github cloudnativelabs/kube-router v2.9.0
on GitHub

9 hours ago

Breaking Changes

GoBGP Admin Server Binds to Localhost by Default

This release introduces a new command-line flag to configure the address of GoBGP admin server:

  • --gobgp-admin-address (default: 127.0.0.1) -- Address for GoBGP server. Used in combination with gobgp-admin-port to expose GoBGP for administrative purposes. Setting this to empty string will default the address to 127.0.0.1.

In previous kube-router versions, the GoBGP admin server, when enabled, would bind to the node's primary IP address by default. We've changed this to default to 127.0.0.1 to address GHSA-v5mh-h5hx-7v92, which was reported by @offset (thank you!)

Please review the user guide and BGP docs for more details.

If you have questions or concerns, please reach out via the #kube-router channel on
Kubernetes Slack or email admin@kube-router.io.

Summary

v2.9.0 is a small security release that changes the binding address for the GoBGP admin server to the more secure default of localhost.

Contributions

Changelog

  • c869af2 build: Dependency bumps to prep for release 2.9.0 (#2063)
  • build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 by @dependabot[bot] in #2024
  • build(deps): bump docker/build-push-action from 6 to 7 by @dependabot[bot] in #2029
  • build(deps): bump docker/login-action from 3 to 4 by @dependabot[bot] in #2025
  • build(deps): bump docker/setup-qemu-action from 3 to 4 by @dependabot[bot] in #2028
  • build(deps): bump docker/setup-buildx-action from 3 to 4 by @dependabot[bot] in #2026
  • build(deps): bump golang.org/x/net from 0.51.0 to 0.52.0 by @dependabot[bot] in #2027
  • build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds from 1.18.17 to 1.18.20 by @dependabot[bot] in #2031
  • build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.7 to 1.32.12 by @dependabot[bot] in #2032
  • build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.285.0 to 1.295.0 by @dependabot[bot] in #2033
  • fix(NRC): use atomic.Bool for bgpServerStarted to prevent data race by @Aprazor in #2038
  • fix(NSC): harden Network Services Controller against panics, races, and sync errors by @Aprazor in #2041
  • feat(services): support ipMode Proxy for LoadBalancer ingresses by @1fabi0 in #2017
  • build(deps): bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 by @dependabot[bot] in #2047
  • build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.41.4 to 1.41.5 by @dependabot[bot] in #2044
  • build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.12 to 1.32.13 by @dependabot[bot] in #2046
  • Automate release flow by @aauren in #2035
  • Harden CI Flow and Checks by @aauren in #2040
  • fix(NRC): Remove debug logging of raw node annotations by @catherinetcai in #2052
  • docs(RELEASE.md): Clean up Release Instructions by @catherinetcai in #2054
  • build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.24.0 to 1.43.0 by @dependabot[bot] in #2057
  • chore: modernize Go primitives to use 1.13+ stdlib features by @mrueg in #2055
  • build: Dependency bumps to prep for release 2.9.0 by @catherinetcai in #2063

Full Changelog: v2.8.1...v2.9.0

Check out latest releases or
releases around cloudnativelabs/kube-router v2.9.0

Don't miss a new kube-router release

NewReleases is sending notifications on new releases.

Get notifications