This is a patch release that every user should upgrade to.
Addresses: CVE-2023-44487 see: GHSA-9wmc-rg4h-28wv for details
Changelog
- chore(deps): bump envoy from 1.25.9 to 1.25.10 #8026 @lahabana
- chore(deps): bump go from 1.20.7 to 1.21.1 #7827 @kumahq
- chore(deps): bump go version to 1.21.3 (backport of #8001) #8013 @kumahq
- chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 #8031 @michaelbeaumont
- chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 #7842 #7844 @kumahq
- chore(deps): security update #7718 @kumahq
- chore(deps): update CoreDNS to v1.11.1 (backport of #7523) #7531 @kumahq
- fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) #7832 @kumahq
- fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) #7928 @kumahq
- fix(metrics): hijacker should not pass accept-encoding (backport of #7572) #7579 @kumahq