This release includes updated Kubernetes versions that fix CVE-2022-3162 and CVE-2022-3294. For more information, see below. We strongly recommend upgrading to those Kubernetes patch releases as soon as possible.
Bugfixes
- Adding finalizer
kubermatic.k8c.io/cleanup-usersshkeys-cluster-idstoClusterresources can no longer remove other finalizers (#11323) - Remove digests from Docker images in addon manifests to fix issues with Docker registry mirrors / local registries. KKP 2.22 will restore the digests and properly support them (#11240)
Updates
- Add support for Kubernetes 1.23.14 and 1.22.16 and automatically upgrade existing 1.23.x and 1.22.x clusters (#11342)
- Those Kubernetes patch releases fix CVE-2022-3162 and CVE-2022-3294, both in kube-apiserver: CVE-2022-3162: Unauthorized read of Custom Resources and CVE-2022-3294: Node address isn't always verified when proxying.
Upcoming Changes
- For the next series of KKP patch releases, image references will move from
k8s.gcr.iotoregistry.k8s.io. This will be done to keep up with latest upstream changes. Please ensure that any mirrors you use are going to hostregistry.k8s.ioand/or that firewall rules are going to allow access toregistry.k8s.ioto pull images before applying the next KKP patch releases. This is not included in this patch release but just a notification of future changes.