Описание
Recommended update for helm
helm was updated to fix the following issues:
Update to version 3.16.3:
- fix: fix label name
- Fix typo in pkg/lint/rules/chartfile_test.go
- Increasing the size of the runner used for releases.
- fix(hooks): correct hooks delete order
- Bump github.com/containerd/containerd from 1.7.12 to 1.7.23
Update to version 3.16.2:
- Revering change unrelated to issue #13176
- adds tests for handling of Helm index with broken chart versions #13176
- improves handling of Helm index with broken helm chart versions #13176
- Bump the k8s-io group with 7 updates
- adding check-latest:true
- Grammar fixes
- Fix typos
Update to version 3.16.1:
- bumping version to 1.22.7
- Merge pull request #13327 from mattfarina/revert-11726
Update to version 3.16.0:
Helm v3.16.0 is a feature release. Users are encouraged to upgrade for the best experience.
- Notable Changes
- added sha512sum template function
- added ActiveHelp for cmds that don't take any more args
- drops very old Kubernetes versions support in helm create
- add --skip-schema-validation flag to helm 'install', 'upgrade' and 'lint'
- fixed bug to now use burst limit setting for discovery
- Added windows arm64 support
- Full changelog see https://github.com/helm/helm/releases/tag/v3.16.0
Update to version 3.15.4:
- Bump the k8s-io group across 1 directory with 7 updates
- Bump github.com/docker/docker
Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 3.15.3:
- fix(helm): Use burst limit setting for discovery
- fixed dependency_update_test.go
- fix(dependencyBuild): prevent race condition in concurrent helm dependency
- fix: respect proxy envvars on helm install/upgrade
- Merge pull request #13085 from alex-kattathra-johnson/issue-12961
Update to version 3.15.2:
- fix: wrong cli description
- fix typo in load_plugins.go
- fix docs of DeployedAll
- Bump github.com/docker/docker
- bump oras minor version
- feat(load.go): add warning on requirements.lock
Update to version 3.15.1:
- Fixing build issue where wrong version is used
Update to version 3.15.0:
Helm v3.15.0 is a feature release. Users are encouraged to upgrade for the best experience.
- Updating to k8s 1.30 c4e37b3 (Matt Farina)
- bump version to v3.15.0 d7afa3b (Matt Farina)
- bump version to 7743467 (Matt Farina)
- Fix namespace on kubeconfig error 214fb6e (Calvin Krist)
- Update testdata PKI with keys that have validity until 3393 (Fixes #12880) 1b75d48 (Dirk Müller)
- Modified how created annotation is populated based on package creation time 0a69a0d (Andrew Block)
- Enabling hide secrets on install and upgrade dry run 25c4738 (Matt Farina)
- Fixing all the linting errors d58d7b3 (Robert Sirchia)
- Add a note about --dry-run displaying secrets a23dd9e (Matt Farina)
- Updating .gitignore 8b424ba (Robert Sirchia)
- add error messages 8d19bcb (George Jenkins)
- Fix: Ignore alias validation error for index load 68294fd (George Jenkins)
- validation fix 8e6a514 (Matt Farina)
- bug: add proxy support for oci getter 94c1dea (Ricardo Maraschini)
- Update architecture detection method 57a1bb8 (weidongkl)
- Improve release action 4790bb9 (George Jenkins)
- Fix grammatical error c25736c (Matt Carr)
- Updated for review comments d2cf8c6 (MichaelMorris)
- Add robustness to wait status checks fc74964 (MichaelMorris)
- refactor: create a helper for checking if a release is uninstalled f908379 (Alex Petrov)
- fix: reinstall previously uninstalled chart with --keep-history 9e198fa (Alex Petrov)
Update to version 3.14.4:
Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.
- refactor: create a helper for checking if a release is uninstalled 81c902a (Alex Petrov)
- fix: reinstall previously uninstalled chart with --keep-history 5a11c76 (Alex Petrov)
- bug: add proxy support for oci getter aa7d953 (Ricardo Maraschini)
Update to version 3.14.3:
- Add a note about --dry-run displaying secrets
- add error messages
- Fix: Ignore alias validation error for index load
- Update architecture detection method
Update to version 3.14.2 (bsc#1220207, CVE-2024-26147):
- Fix for uninitialized variable in yaml parsing
Update to version 3.14.1 (bsc#1219969, CVE-2024-25620):
- validation fix
Update to version 3.14.0:
- Notable Changes
- New helm search flag of --fail-on-no-result
- Allow a nested tpl invocation access to defines
- Speed up the tpl function
- Added qps/HELM_QPS parameter that tells Kubernetes packages how to operate
- Added --kube-version to lint command
- The ignore pkg is now public
- Changelog
- Improve release action
- Fix issues when verify generation readiness was merged
- fix test to use the default code's k8sVersionMinor
- lint: Add --kube-version flag to set capabilities and deprecation rules
- Removing Asset Transparency
- tests(pkg/engine): test RenderWithClientProvider
- Make the
ignorepkg public again - feature(pkg/engine): introduce RenderWithClientProvider
- Updating Helm libraries for k8s 1.28.4
- Remove excessive logging
- Update CONTRIBUTING.md
- Fixing release labelling in rollback
- feat: move livenessProbe and readinessProbe values to default values file
- Revert 'fix(main): fix basic auth for helm pull or push'
- Revert 'fix(registry): address anonymous pull issue'
- Update get-helm-3
- Drop filterSystemLabels usage from Query method
- Apply review suggestions
- Update get-helm-3 to get version through get.helm.sh
- feat: print failed hook name
- Fixing precedence issue with the import of values.
- chore(create): indent to spaces
- Allow using label selectors for system labels for sql backend.
- Allow using label selectors for system labels for secrets and configmap backends.
- remove useless print during prepareUpgrade
- Add missing with clause to release gh action
- FIX Default ServiceAccount yaml
- fix(registry): address anonymous pull issue
- fix(registry): unswallow error
- Fix missing run statement on release action
- Add qps/HELM_QPS parameter
- Write latest version to get.helm.sh bucket
- Increased release information key name max length.
- Pin gox to specific commit
- Remove
GoFishfrom package managers for installing the binary - Test update for 'Allow a nested
tplinvocation access todefinesin a containing one' - Test update for 'Speed up
tpl' - Add support for RISC-V
- lint and validate dependency metadata to reference dependencies with a unique key (name or alias)
- Work around template.Clone omitting options
- fix: pass 'passCredentialsAll' as env-var to getter
- feat: pass basic auth to env-vars when running download plugins
- helm search: New CLI Flag --fail-on-no-result
- Update pkg/kube/ready.go
- fix post install hook deletion due to before-hook-creation policy
- Allow a nested
tplinvocation access todefinesin a containing one - Remove the 'reference templates' concept
- Speed up
tpl - ready checker- comment update
- ready checker- remove duplicate statefulset generational check
- Verify generation in readiness checks
- feat(helm): add --reset-then-reuse-values flag to 'helm upgrade'
Список пакетов
Container suse/helm:latest
SUSE Linux Enterprise Micro 5.5
SUSE Linux Enterprise Module for Containers 15 SP5
SUSE Linux Enterprise Module for Containers 15 SP6
SUSE Linux Enterprise Module for Package Hub 15 SP5
SUSE Linux Enterprise Module for Package Hub 15 SP6
openSUSE Leap 15.5
openSUSE Leap 15.6
openSUSE Leap Micro 5.5
Ссылки
- Link for SUSE-RU-2024:4213-1
- E-Mail link for SUSE-RU-2024:4213-1
- SUSE Security Ratings
- SUSE Bug 1219969
- SUSE Bug 1220207
- SUSE CVE CVE-2024-25620 page
- SUSE CVE CVE-2024-26147 page
Описание
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.
Затронутые продукты
Ссылки
- CVE-2024-25620
- SUSE Bug 1219969
Описание
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.
Затронутые продукты
Ссылки
- CVE-2024-26147
- SUSE Bug 1220207