1.0.10 (September 21, 2023)
SECURITY:
- Upgrade to use Go 1.19.13. This resolves CVEs
CVE-2023-39320 (cmd/go),
CVE-2023-39318 (html/template),
CVE-2023-39319 (html/template),
CVE-2023-39321 (crypto/tls), and
CVE-2023-39322 (crypto/tls) [GH-2938]
IMPROVEMENTS:
- Add NET_BIND_SERVICE capability to restricted security context used for consul-dataplane [GH-2787]
- Add new value
global.argocd.enabled. Set this totruewhen using ArgoCD to deploy this chart. [GH-2785] - control-plane: Improve performance for pod deletions by reducing the number of fetched tokens. [GH-2910]
- control-plane: prevent updation of anonymous-token-policy and anonymous-token if anonymous-token-policy is already attached to the anonymous-token [GH-2790]
- vault: Adds
namespacetosecretsBackend.vault.connectCAin Helm chart and annotation: "vault.hashicorp.com/namespace: namespace" to
secretsBackend.vault.agentAnnotations, if "vault.hashicorp.com/namespace" annotation is not present.
This provides a more convenient way to specify the Vault namespace than nested JSON inconnectCA.additionalConfig. [GH-2841]
BUG FIXES:
- audit-log: fix parsing error for some audit log configuration fields fail with uncovertible string to integer errors. [GH-2905]
- control-plane: Fix issue where ACL tokens would have an empty pod name that prevented proper token cleanup. [GH-2808]
- control-plane: When using transparent proxy or CNI, reduced required permissions by setting privileged to false. Privileged must be true when using OpenShift without CNI. [GH-2755]
- helm: Update prometheus port and scheme annotations if tls is enabled [GH-2782]