CJ Cullen reported CVE-2019-11254 a denial-of-service vulnerability in Kubernetes. Maliciously crafted YAML can cause the Kube-APIserver to lock up. Upgrade to the latest patch release of 1.15-1.17 to fix this – but maybe make sure that only authorized users can send API requests, regardless?
Kubernetes is no longer permitting merges of PRs that themselves contain merge commits on the main repos. We’ve also added a
kind/regression label to all Kubernetes namespace repos, in order to distiguish regression issues from other kinds of bugs.
Next Deadline: Release schedule published, this week
Patch Releases: v1.17.3, v1.16.7, and v1.15.10 were released last week to patch a security hole. Since that’s now public, update as soon as you can.
- New etcd database size metric
kubectl applywill build everything it can instead of halting on any error
- Parse X-Stream-Protocol header right when there are multiple protocols
- Stop flooding the event queue with volume error messages
- kubeadm waits for TLS bootstrapping
- Service Account names with dots can mount volumes
kubectl describegets some tests for CSI info
- make Service clusterIP pick the right stack in Dual-Stack
beta.kubernetes.io/osendpoint, deprecated in 1.14 and scheduled for removal in 1.18, will actually get removed in 1.19
- The first draft version of the scheduler config API,
kubescheduler.config.k8s.io/v1alpha1, was removed in prep for scheduler config going beta
- etcd to v3.4.7 in 1.19
Original Source: http://lwkd.info/2020/20200406