1.4.4 (July 15, 2024)
SECURITY:
- Upgrade go version to 1.22.5 to address CVE-2024-24791 [GH-4154]
- Upgrade go-retryablehttp to v0.7.7 to address GHSA-v6v8-xj6m-xwqh [GH-4169]
IMPROVEMENTS:
- upgrade go version to v1.22.4. [GH-4085]
- api-gateways: Change security settings to make root file system read only and to not allow privilage escalation. [GH-3959]
- cni: package
consul-cni
as .deb and .rpm files [GH-4040] - control-plane: Remove anyuid Security Context Constraints (SCC) requirement in OpenShift. [GH-4152]
- partition-init: Role no longer includes unnecessary access to Secrets resource. [GH-4053]
BUG FIXES:
- api-gateway: fix issue where API Gateway specific acl roles/policy were not being cleaned up on deletion of an api-gateway [GH-4060]
- cni: fix incorrect release version due to unstable submodule pinning [GH-4091]
- connect-inject: add NET_BIND_SERVICE capability when injecting consul-dataplane sidecar [GH-4152]
- endpoints-controller: graceful shutdown logic should not run on a new pod with the same name. Fixes a case where statefulset rollouts could get stuck in graceful shutdown when the new pods come up. [GH-4059]