Skip to content

v0.5.0
Compare
Choose a tag to compare
@ahmetb ahmetb released this 09 Apr 23:16
· 190 commits to master since this release
v0.5.0
c4867bc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

  • SECURITY FIX: An issue that made it possible to do arbitrary code execution
    through kubens is fixed. A carefully crafted kubeconfig file that contains a
    context name with a slash (/) character and a crafted "namespace" field
    could cause any writable file to be replaced with arbitrary contents set in,
    the "namespace" field, leading to arbitrary code execution when used to
    replace contents of executable files.

    Since kubectx/kubens are not used in any production systems, this does not
    warrant a CVE. Please upgrade your kubens to use the patched version.

    This is fixed in #37 by @jvassev. See the issue for more information.

  • FEATURE: Renaming context will now overwrite if the specified name already
    exists, through deleting the existing context entry in kubeconfig. (#25)

  • FEATURE: Deleting context entries in kubeconfig with "kubectx -d NAME" ('.'
    for current). This only deletes the context entry and does not touch 'users'
    and 'clusters' keys in kubeconfig (and therefore might leak those entries).
    Use this only if you do not care about the extra values in your kubeconfig.
    (#23, #38)

Assets 2
Loading