From 30e55f81b589229ddf314ff34a983948ae4c6807 Mon Sep 17 00:00:00 2001 From: Eliza Weisman Date: Thu, 19 Oct 2023 13:11:48 -0700 Subject: [PATCH 1/5] update changelog for edge-23.10.3 --- CHANGES.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 449800af311c9..c391cbc5bb91e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,5 +1,49 @@ # Changes +## edge-23.10.3 + +This edge release fixes issues in the proxy and destination controller which can +result in Linkerd proxies sending traffic to stale endpoints. In addition, it +contains other bugfixes and updates dependencies to include patches for the +security advisories [CVE-2023-44487]/GHSA-qppj-fm5r-hxr3 and GHSA-c827-hfw6-qwvm. + +* Fixed an issue where the Destination controller could stop processing + changes in the endpoints of a destination, if a proxy subscribed to that + destination stops reading service discovery updates. This issue results in + proxies attempting to send traffic for that destination to stale endpoints + ([#11483], fixes [#11480], [#11279], and [#10590]) +* Fixed a regression introduced in stable-2.13.0 where proxies would not + terminate unused service discovery watches, exerting backpressure on the + Destination controller which could cause it to become stuck + ([linkerd2-proxy#2484] and [linkerd2-proxy#2486]) +* Added `INFO`-level logging to the proxy when endpoints are added or removed + from a load balancer. These logs are enabled by default, and can be disabled + by [setting the proxy log level][proxy-log-level] to + `warn,linkerd=info,linkerd_proxy_balance=warn` or similar + ([linkerd2-proxy#2486]) +* Fixed a regression where the proxy rendered `grpc_status` metric labels as a + string rather than as the numeric status code ([linkerd2-proxy#2480]; fixes + [#11449]) +* Added missing `imagePullSecrets` to `linkerd-jaeger` ServiceAccount ([#11504]) +* Updated the control plane's dependency on the `golang.google.org/grpc` Go + package to include patches for [CVE-2023-44487]/GHSA-qppj-fm5r-hxr3 ([#11496]) +* Updated dependencies on `rustix` to include patches for GHSA-c827-hfw6-qwvm + ([linkerd2-proxy#2488] and [#11512]). + +[#10590]: https://github.com/linkerd/linkerd2/issues/10590 +[#11279]: https://github.com/linkerd/linkerd2/issues/11279 +[#11483]: https://github.com/linkerd/linkerd2/issues/11483 +[#11449]: https://github.com/linkerd/linkerd2/issues/11449 +[#11480]: https://github.com/linkerd/linkerd2/issues/11480 +[#11504]: https://github.com/linkerd/linkerd2/issues/11504 +[#11504]: https://github.com/linkerd/linkerd2/issues/11512 +[linkerd2-proxy#2480]: https://github.com/linkerd/linkerd2-proxy/pull/2480 +[linkerd2-proxy#2484]: https://github.com/linkerd/linkerd2-proxy/pull/2484 +[linkerd2-proxy#2486]: https://github.com/linkerd/linkerd2-proxy/pull/2486 +[linkerd2-proxy#2488]: https://github.com/linkerd/linkerd2-proxy/pull/2488 +[proxy-log-level]: https://linkerd.io/2.14/tasks/modifying-proxy-log-level/ +[CVE-2023-44487]: https://github.com/advisories/GHSA-qppj-fm5r-hxr3 + ## edge-23.10.2 This edge release includes a fix addressing an issue during upgrades for From 9f08e42bf308935afc0605ca519d87db0db02b9c Mon Sep 17 00:00:00 2001 From: Eliza Weisman Date: Thu, 19 Oct 2023 13:24:27 -0700 Subject: [PATCH 2/5] versiony bumpy --- charts/linkerd-control-plane/Chart.yaml | 2 +- charts/linkerd-control-plane/README.md | 2 +- charts/linkerd2-cni/Chart.yaml | 2 +- charts/linkerd2-cni/README.md | 2 +- jaeger/charts/linkerd-jaeger/Chart.yaml | 2 +- jaeger/charts/linkerd-jaeger/README.md | 2 +- multicluster/charts/linkerd-multicluster/Chart.yaml | 2 +- multicluster/charts/linkerd-multicluster/README.md | 2 +- viz/charts/linkerd-viz/Chart.yaml | 2 +- viz/charts/linkerd-viz/README.md | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/linkerd-control-plane/Chart.yaml b/charts/linkerd-control-plane/Chart.yaml index 9abc8a9744e10..df4bd43854eb2 100644 --- a/charts/linkerd-control-plane/Chart.yaml +++ b/charts/linkerd-control-plane/Chart.yaml @@ -16,7 +16,7 @@ dependencies: - name: partials version: 0.1.0 repository: file://../partials -version: 1.17.3-edge +version: 1.17.4-edge icon: https://linkerd.io/images/logo-only-200h.png maintainers: - name: Linkerd authors diff --git a/charts/linkerd-control-plane/README.md b/charts/linkerd-control-plane/README.md index f1af147081bd6..25e38afe9f501 100644 --- a/charts/linkerd-control-plane/README.md +++ b/charts/linkerd-control-plane/README.md @@ -3,7 +3,7 @@ Linkerd gives you observability, reliability, and security for your microservices — with no code change required. -![Version: 1.17.3-edge](https://img.shields.io/badge/Version-1.17.3--edge-informational?style=flat-square) +![Version: 1.17.4-edge](https://img.shields.io/badge/Version-1.17.4--edge-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square) diff --git a/charts/linkerd2-cni/Chart.yaml b/charts/linkerd2-cni/Chart.yaml index 08c0a5276e280..d203eb49fc40d 100644 --- a/charts/linkerd2-cni/Chart.yaml +++ b/charts/linkerd2-cni/Chart.yaml @@ -9,4 +9,4 @@ description: | kubeVersion: ">=1.21.0-0" icon: https://linkerd.io/images/logo-only-200h.png name: "linkerd2-cni" -version: 30.13.0-edge +version: 30.13.1-edge diff --git a/charts/linkerd2-cni/README.md b/charts/linkerd2-cni/README.md index 5c782065f6d4c..30c6e4187a4e2 100644 --- a/charts/linkerd2-cni/README.md +++ b/charts/linkerd2-cni/README.md @@ -6,7 +6,7 @@ Linkerd [CNI plugin](https://linkerd.io/2/features/cni/) takes care of setting up your pod's network so incoming and outgoing traffic is proxied through the data plane. -![Version: 30.13.0-edge](https://img.shields.io/badge/Version-30.13.0--edge-informational?style=flat-square) +![Version: 30.13.1-edge](https://img.shields.io/badge/Version-30.13.1--edge-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square) diff --git a/jaeger/charts/linkerd-jaeger/Chart.yaml b/jaeger/charts/linkerd-jaeger/Chart.yaml index 281ccd3b65ba4..bd5a2b40bf2f2 100644 --- a/jaeger/charts/linkerd-jaeger/Chart.yaml +++ b/jaeger/charts/linkerd-jaeger/Chart.yaml @@ -11,7 +11,7 @@ kubeVersion: ">=1.21.0-0" name: linkerd-jaeger sources: - https://github.com/linkerd/linkerd2/ -version: 30.13.3-edge +version: 30.13.4-edge icon: https://linkerd.io/images/logo-only-200h.png maintainers: - name: Linkerd authors diff --git a/jaeger/charts/linkerd-jaeger/README.md b/jaeger/charts/linkerd-jaeger/README.md index 45c573e8978bd..988889b66e0b4 100644 --- a/jaeger/charts/linkerd-jaeger/README.md +++ b/jaeger/charts/linkerd-jaeger/README.md @@ -3,7 +3,7 @@ The Linkerd-Jaeger extension adds distributed tracing to Linkerd using OpenCensus and Jaeger. -![Version: 30.13.3-edge](https://img.shields.io/badge/Version-30.13.3--edge-informational?style=flat-square) +![Version: 30.13.4-edge](https://img.shields.io/badge/Version-30.13.4--edge-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square) diff --git a/multicluster/charts/linkerd-multicluster/Chart.yaml b/multicluster/charts/linkerd-multicluster/Chart.yaml index c3897aaf98b7d..1304071269b57 100644 --- a/multicluster/charts/linkerd-multicluster/Chart.yaml +++ b/multicluster/charts/linkerd-multicluster/Chart.yaml @@ -11,7 +11,7 @@ kubeVersion: ">=1.21.0-0" name: "linkerd-multicluster" sources: - https://github.com/linkerd/linkerd2/ -version: 30.12.2-edge +version: 30.12.3-edge icon: https://linkerd.io/images/logo-only-200h.png maintainers: - name: Linkerd authors diff --git a/multicluster/charts/linkerd-multicluster/README.md b/multicluster/charts/linkerd-multicluster/README.md index a1907c93b830f..24cd060b838af 100644 --- a/multicluster/charts/linkerd-multicluster/README.md +++ b/multicluster/charts/linkerd-multicluster/README.md @@ -3,7 +3,7 @@ The Linkerd-Multicluster extension contains resources to support multicluster linking to remote clusters -![Version: 30.12.2-edge](https://img.shields.io/badge/Version-30.12.2--edge-informational?style=flat-square) +![Version: 30.12.3-edge](https://img.shields.io/badge/Version-30.12.3--edge-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square) diff --git a/viz/charts/linkerd-viz/Chart.yaml b/viz/charts/linkerd-viz/Chart.yaml index 8a2c9fce42849..662eaf1d294cd 100644 --- a/viz/charts/linkerd-viz/Chart.yaml +++ b/viz/charts/linkerd-viz/Chart.yaml @@ -11,7 +11,7 @@ kubeVersion: ">=1.21.0-0" name: "linkerd-viz" sources: - https://github.com/linkerd/linkerd2/ -version: 30.13.2-edge +version: 30.13.3-edge icon: https://linkerd.io/images/logo-only-200h.png maintainers: - name: Linkerd authors diff --git a/viz/charts/linkerd-viz/README.md b/viz/charts/linkerd-viz/README.md index 98287bad9cdf4..63594ad5eddcf 100644 --- a/viz/charts/linkerd-viz/README.md +++ b/viz/charts/linkerd-viz/README.md @@ -3,7 +3,7 @@ The Linkerd-Viz extension contains observability and visualization components for Linkerd. -![Version: 30.13.2-edge](https://img.shields.io/badge/Version-30.13.2--edge-informational?style=flat-square) +![Version: 30.13.3-edge](https://img.shields.io/badge/Version-30.13.3--edge-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square) From 94a1570ed1ff1d47e41a330edc3bdfbff43777a5 Mon Sep 17 00:00:00 2001 From: Eliza Weisman Date: Thu, 19 Oct 2023 13:30:18 -0700 Subject: [PATCH 3/5] link fix --- CHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index c391cbc5bb91e..8248c6a80f236 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -36,7 +36,7 @@ security advisories [CVE-2023-44487]/GHSA-qppj-fm5r-hxr3 and GHSA-c827-hfw6-qwvm [#11449]: https://github.com/linkerd/linkerd2/issues/11449 [#11480]: https://github.com/linkerd/linkerd2/issues/11480 [#11504]: https://github.com/linkerd/linkerd2/issues/11504 -[#11504]: https://github.com/linkerd/linkerd2/issues/11512 +[#11512]: https://github.com/linkerd/linkerd2/issues/11512 [linkerd2-proxy#2480]: https://github.com/linkerd/linkerd2-proxy/pull/2480 [linkerd2-proxy#2484]: https://github.com/linkerd/linkerd2-proxy/pull/2484 [linkerd2-proxy#2486]: https://github.com/linkerd/linkerd2-proxy/pull/2486 From 43123e24ba6c7759241220246e74c1607ffca7cf Mon Sep 17 00:00:00 2001 From: Eliza Weisman Date: Thu, 19 Oct 2023 14:28:38 -0700 Subject: [PATCH 4/5] @alpeb review feedback --- CHANGES.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 8248c6a80f236..ce1b786b2318b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,7 +24,8 @@ security advisories [CVE-2023-44487]/GHSA-qppj-fm5r-hxr3 and GHSA-c827-hfw6-qwvm * Fixed a regression where the proxy rendered `grpc_status` metric labels as a string rather than as the numeric status code ([linkerd2-proxy#2480]; fixes [#11449]) -* Added missing `imagePullSecrets` to `linkerd-jaeger` ServiceAccount ([#11504]) +* Extended `linkerd-jaeger`'s `imagePullSecrets` Helm value to also apply to +the `namespace-metadata` ServiceAccount ([#11504]) * Updated the control plane's dependency on the `golang.google.org/grpc` Go package to include patches for [CVE-2023-44487]/GHSA-qppj-fm5r-hxr3 ([#11496]) * Updated dependencies on `rustix` to include patches for GHSA-c827-hfw6-qwvm From 21b2a51371a98c43cffc7e374ed86ed4920b07bc Mon Sep 17 00:00:00 2001 From: Eliza Weisman Date: Thu, 19 Oct 2023 14:30:08 -0700 Subject: [PATCH 5/5] @alpeb review feedback 2: even more review feedback --- CHANGES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index ce1b786b2318b..a5fe1f1ae511d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -2,7 +2,7 @@ ## edge-23.10.3 -This edge release fixes issues in the proxy and destination controller which can +This edge release fixes issues in the proxy and Destination controller which can result in Linkerd proxies sending traffic to stale endpoints. In addition, it contains other bugfixes and updates dependencies to include patches for the security advisories [CVE-2023-44487]/GHSA-qppj-fm5r-hxr3 and GHSA-c827-hfw6-qwvm.