1.5.1 (July 16, 2024)
SECURITY:
- Upgrade go version to 1.22.5 to address CVE-2024-24791 [GH-4154]
- Upgrade go-retryablehttp to v0.7.7 to address GHSA-v6v8-xj6m-xwqh [GH-4169]
IMPROVEMENTS:
- api-gateways: Change security settings to make root file system read only and to not allow privilage escalation. [GH-3959]
- control-plane: Remove anyuid Security Context Constraints (SCC) requirement in OpenShift. [GH-4152]
- partition-init: Role no longer includes unnecessary access to Secrets resource. [GH-4053]
BUG FIXES:
- api-gateway: fix issue where API Gateway specific acl roles/policy were not being cleaned up on deletion of an api-gateway [GH-4060]
- connect-inject: add NET_BIND_SERVICE capability when injecting consul-dataplane sidecar [GH-4152]
- endpoints-controller: graceful shutdown logic should not run on a new pod with the same name. Fixes a case where statefulset rollouts could get stuck in graceful shutdown when the new pods come up. [GH-4059]
- terminating-gateway: Fix generated acl policy for external services to include the namespace and partition block if they are enabled. [GH-4153]