This is a patch release that every user should upgrade to.
Addresses: CVE-2023-44487 see: GHSA-9wmc-rg4h-28wv for details
Changelog
- chore(deps): bump envoy from 1.24.10 to 1.24.11 #8027 @lahabana
- chore(deps): bump go from 1.20.7 to 1.21.1 #7829 @kumahq
- chore(deps): bump go version to 1.21.3 (backport of #8001) #8015 @kumahq
- chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 #8030 @michaelbeaumont
- chore(deps): security update #7716 @kumahq
- chore(deps): update CoreDNS to v1.11.1 (backport of #7523) #7532 @kumahq
- fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) #7830 @kumahq
- fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) #7926 @kumahq
- fix(metrics): hijacker should not pass accept-encoding (backport of #7572) #7577 @kumahq