Skip to content

Latest commit

 

History

History
275 lines (256 loc) · 13 KB

cs_versions_addons.md

File metadata and controls

275 lines (256 loc) · 13 KB
copyright lastupdated keywords subcollection
years
2014, 2019
2019-06-19
kubernetes, iks, nginx, ingress controller
containers

{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:pre: .pre} {:table: .aria-labeledby="caption"} {:codeblock: .codeblock} {:tip: .tip} {:note: .note} {:important: .important} {:deprecated: .deprecated} {:download: .download} {:preview: .preview}

Fluentd and Ingress ALB changelog

{: #cluster-add-ons-changelog}

Your {{site.data.keyword.containerlong}} cluster comes with components, such as the Fluentd and Ingress ALB components, that are updated automatically by IBM. You can also disable automatic updates for some components and manually update them separately from the master and worker nodes. Refer to the tables in the following sections for a summary of changes for each version. {: shortdesc}

For more information about managing updates for Fluentd and Ingress ALBs, see Updating cluster components.

Ingress ALBs changelog

{: #alb_changelog}

View build version changes for Ingress application load balancers (ALBs) in your {{site.data.keyword.containerlong_notm}} clusters. {:shortdesc}

When the Ingress ALB component is updated, the nginx-ingress and ingress-auth containers in all ALB pods are updated to the latest build version. By default, automatic updates to the component are enabled, but you can disable automatic updates and manually update the component. For more information, see Updating the Ingress application load balancer.

Refer to the following table for a summary of changes for each build of the Ingress ALB component.

Changelog for the Ingress application load balancer component
`nginx-ingress` / `ingress-auth` build Release date Non-disruptive changes Disruptive changes
473 / 331 18 June 2019 -
470 / 330 07 June 2019 Fixes Berkeley DB vulnerabilities for [CVE-2019-8457 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457). -
470 / 329 06 June 2019 Fixes Berkeley DB vulnerabilities for [CVE-2019-8457 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457). -
467 / 329 03 June 2019 Fixes GnuTLS vulnerabilities for [CVE-2019-3829 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829), [CVE-2019-3836 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836), [CVE-2019-3893 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3893), [CVE-2018-10844 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845), [CVE-2018-10845 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844), and [CVE-2018-10846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846). -
462 / 329 28 May 2019 Fixes cURL vulnerabilities for [CVE-2019-5435 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435) and [CVE-2019-5436 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436). -
457 / 329 23 May 2019 Fixes Go vulnerabilities for [CVE-2019-11841 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841). -
423 / 329 13 May 2019 Improves performance for the integration with {{site.data.keyword.appid_full}}. -
411 / 315 15 Apr 2019 Updates the value of the {{site.data.keyword.appid_full_notm}} cookie expiration so that it matches the value of the access token expiration. -
411 / 306 22 Mar 2019 Updates the Go version to 1.12.1. -
410 / 305 18 Mar 2019
  • Fixes vulnerabilities for image scans.
  • Improves logging for the integration with {{site.data.keyword.appid_full_notm}}.
-
408 / 304 05 Mar 2019 - Fixes bugs in the authorization integration that is related to log out functionality, token expiration, and the `OAuth` authorization callback. These fixes are implemented only if you enabled {{site.data.keyword.appid_full_notm}} authorization by using the [`appid-auth`](/docs/containers?topic=containers-ingress_annotation#appid-auth) annotation. To implement these fixes, additional headers are added, which increases the total header size. Depending on the size of your own headers and the total size of responses, you might need to adjust any [proxy buffer annotations](/docs/containers?topic=containers-ingress_annotation#proxy-buffer) that you use.
406 / 301 19 Feb 2019
  • Updates the Go version to 1.11.5.
  • Fixes vulnerabilities for image scans.
-
404 / 300 31 Jan 2019 Updates the Go version to 1.11.4. -
403 / 295 23 Jan 2019
  • Updates the NGINX version of ALBs to 1.15.2.
  • IBM-provided TLS certificates are now automatically renewed 37 days before they expire instead of 7 days.
  • Adds {{site.data.keyword.appid_full_notm}} logout functionality: If the `/logout` prefix exists in an {{site.data.keyword.appid_full_notm}} path, cookies are removed and the user is sent back to the login page.
  • Adds a header to {{site.data.keyword.appid_full_notm}} requests for internal tracking purposes.
  • Updates the {{site.data.keyword.appid_short_notm}} location directive so that the `app-id` annotation can be used with the `proxy-buffers`, `proxy-buffer-size`, and `proxy-busy-buffer-size` annotations.
  • Fixes a bug so that informational logs are not labeled as errors.
Disables TLS 1.0 and 1.1 by default. If the clients that connect to your apps support TLS 1.2, no action is required. If you still have legacy clients that require TLS 1.0 or 1.1 support, manually enable the required TLS versions by following [these steps](/docs/containers?topic=containers-ingress#ssl_protocols_ciphers). For more information about how to see the TLS versions that your clients use to access your apps, see this [{{site.data.keyword.cloud_notm}} Blog post](https://www.ibm.com/blogs/bluemix/2018/11/ibm-cloud-kubernetes-service-alb-update-tls-1-0-and-1-1-disabled-by-default/).
393 / 291 09 Jan 2019 Adds support for integration with multiple {{site.data.keyword.appid_full_notm}} instances. -
393 / 282 29 Nov 2018 Improves performance for the integration with {{site.data.keyword.appid_full_notm}}. -
384 / 246 14 Nov 2018 Improves logging and logout features for the integration with {{site.data.keyword.appid_full_notm}}. Replaces the self-signed certificate for `*.containers.mybluemix.net` with the LetsEncrypt signed certificate that is automatically generated for and used by the cluster. The `*.containers.mybluemix.net` self-signed certificate is removed.
350 / 192 05 Nov 2018 Adds support for enabling and disabling automatic updates of the Ingress ALB component. -

Fluentd for logging changelog

{: #fluentd_changelog}

View build version changes for the Fluentd component for logging in your {{site.data.keyword.containerlong_notm}} clusters. {:shortdesc}

By default, automatic updates to the component are enabled, but you can disable automatic updates and manually update the component. For more information, see Managing automatic updates for Fluentd.

Refer to the following table for a summary of changes for each build of the Fluentd component.

Changelog for the Fluentd component
Fluentd build Release date Non-disruptive changes Disruptive changes
e7c10d74350dc64d4d92ba7f72bb4ff9219315d2 30 May 2019 Updates the Fluent config map to always ignore pod logs from IBM namespaces, even when the Kubernetes master is unavailable. -
c16fe1602ab65db4af0a6ac008f99ca2a526e6f6 21 May 2019 Fixes a bug where worker node metrics did not display. -
60fc11f7bd39d9c6cfed923c598bf6457b3f2037 10 May 2019 Updates Ruby packages for [CVE-2019-8320 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320), [CVE-2019-8321 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321), [CVE-2019-8322 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322), [CVE-2019-8323 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323), [CVE-2019-8324 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324), and [CVE-2019-8325 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325). -
91a737f68f7d9e81b5d2223c910aaa7d7f91b76d 08 May 2019 Updates Ruby packages for [CVE-2019-8320 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320), [CVE-2019-8321 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321), [CVE-2019-8322 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322), [CVE-2019-8323 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323), [CVE-2019-8324 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324), and [CVE-2019-8325 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325). -
d9af69e286986a05ed4a50469585b1cf978ddb1d 11 Apr 2019 Updates the cAdvisor plug-in to use TLS 1.2. -
3100ddb62580a9f46ffdff7bab2ebec40b164de6 01 Apr 2019 Updates the Fluentd service account. -
c85567b75bd7ad1c9428794cd63a8e239c3fd8f5 18 Mar 2019 Removes the dependency on cURL for [CVE-2019-8323 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323). -
320ffdf87de068ee2f7f34c0e7a47a111e8d457b 18 Feb 2019 -
972865196aefd3324105087878de12c518ed579f 01 Jan 2019
  • Enables UTF-8 encoding for the Fluentd `in_tail` plug-in.
  • Minor bug fixes.
-