diff --git a/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos/signed-content.md b/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos/signed-content.md index bff8cee667..d25816c5bd 100644 --- a/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos/signed-content.md +++ b/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos/signed-content.md @@ -66,10 +66,10 @@ your Edge hosts come from a trusted source. For more information about content b git tag ``` -4. Check out the latest available tag. This guide uses the tag v4.4.8 as an example. +4. Check out the latest available tag. This guide uses the tag v4.4.3 as an example. ``` - git checkout v4.4.8 + git checkout v4.4.3 ``` 5. In **CanvOS**, create a file named **.edge_custom_config.yaml**. diff --git a/docs/docs-content/component.md b/docs/docs-content/component.md index f30fafaa62..08bd839ac4 100644 --- a/docs/docs-content/component.md +++ b/docs/docs-content/component.md @@ -16,7 +16,7 @@ This page lists the version details of various Palette components and their resp | Palette Release | Recommended CLI Version | | --------------- | ----------------------- | -| Release 4.4.8 | v4.4.8 | +| Release 4.4.11 | v4.4.5 | | Release 4.4.4 | v4.4.0 | | Release 4.3.x | v4.3.4 | | Release 4.2.2 | v4.2.0 | @@ -29,7 +29,7 @@ This page lists the version details of various Palette components and their resp | Palette Release | CLI Version | | --------------- | ----------- | -| Release 4.4.8 | v4.4.8 | +| Release 4.4.11 | v4.4.4 | | Release 4.4.2 | v4.4.4 | | Release 4.3.x | v4.3.2 | | Release 4.2.3 | v4.2.0 | diff --git a/docs/docs-content/release-notes/known-issues.md b/docs/docs-content/release-notes/known-issues.md index 620ad6800e..e2aa1662eb 100644 --- a/docs/docs-content/release-notes/known-issues.md +++ b/docs/docs-content/release-notes/known-issues.md @@ -16,7 +16,7 @@ The following table lists all known issues that are currently active and affecti | Description | Workaround | Publish Date | Product Component | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | --------------------- | -| Single-node Private Cloud Gateway (PCG) clusters are experiencing an issue upgrading to 4.4.8. The vSphere CSI controller pod fails to start because there are no matching affinity rules. | Check out the [vSphere Controller Pod Fails to Start in Single Node PCG Cluster](../troubleshooting/pcg.md#scenario---vsphere-controller-pod-fails-to-start-in-single-node-pcg-cluster) guide for workaround steps. | July 20, 2024 | PCG | +| Single-node Private Cloud Gateway (PCG) clusters are experiencing an issue upgrading to 4.4.11. The vSphere CSI controller pod fails to start because there are no matching affinity rules. | Check out the [vSphere Controller Pod Fails to Start in Single Node PCG Cluster](../troubleshooting/pcg.md#scenario---vsphere-controller-pod-fails-to-start-in-single-node-pcg-cluster) guide for workaround steps. | July 20, 2024 | PCG | | When provisioning an Edge cluster, it's possible that some Operating System (OS) user credentials will be lost once the cluster is active. This is because the cloud-init stages from different sources merge during the deployment process, and sometimes, the same stages without distinct names overwrite each other. | Give each of your cloud-init stages in the OS pack and in the Edge installer **user-data** file a unique name. For more information about cloud-init stages and examples of cloud-init stages with names, refer to [Cloud-init Stages](../clusters/edge/edge-configuration/cloud-init.md). | July 17, 2024 | Edge | | When you use a content bundle to provision a new cluster without using the local Harbor registry, it's possible for the images to be pulled from external networks instead of from the content bundle, consuming network bandwidth. If your Edge host has no connection to external networks or if it cannot locate the image on a remote registry, some pods may enter the `ImagePullBackOff` state at first, but eventually the pods will be created using images from the content bundle. | For connected clusters, you can make sure that the remote images are not reachable by the Edge host, which will stop the Palette agent from downloading the image and consuming bandwidth, and eventually the cluster will be created using images from the content bundle. For airgap clusters, the `ImagePullBackOff` error will eventually resolve on its own and there is no action to take. | July 11, 2024 | Edge | | When you add a new VMware vSphere Edge host to an Edge cluster, the IP address may fail to be assigned to the Edge host after a reboot. | Review the [Edge Troubleshooting](../troubleshooting/edge.md) section for workarounds. | July 9, 2024 | Edge | @@ -54,8 +54,8 @@ for information on the fix version and the date the issue was resolved. | Description | Publish Date | Product Component | Fix Version | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | ------------------- | ----------- | -| An issue prevents RKE2 and Palette eXtended Kubernetes (PXK) on version 1.29.4 from operating correctly with Canonical MAAS. | July 20, 2024 | Packs, Clusters | 4.4.8 | -| Deploying self-hosted Palette or VerteX to a vSphere environment fails if vCenter has standalone hosts directly under a Datacenter. Persistent Volume (PV) provisioning fails due to an upstream issue with the vSphere Container Storage Interface (CSI) for all versions before v3.2.0. Palette and VerteX use the vSphere CSI version 3.1.2 internally. The issue may also occur in workload clusters deployed on vSphere using the same vSphere CSI for storage volume provisioning. | July 20, 2024 | Self-Hosted | 4.4.8 | +| An issue prevents RKE2 and Palette eXtended Kubernetes (PXK) on version 1.29.4 from operating correctly with Canonical MAAS. | July 20, 2024 | Packs, Clusters | 4.4.11 | +| Deploying self-hosted Palette or VerteX to a vSphere environment fails if vCenter has standalone hosts directly under a Datacenter. Persistent Volume (PV) provisioning fails due to an upstream issue with the vSphere Container Storage Interface (CSI) for all versions before v3.2.0. Palette and VerteX use the vSphere CSI version 3.1.2 internally. The issue may also occur in workload clusters deployed on vSphere using the same vSphere CSI for storage volume provisioning. | July 20, 2024 | Self-Hosted | 4.4.11 | | When you upgrade VerteX from version 4.3.x to 4.4.x, a few system pods may remain unhealthy and experience _CrashLoopBackOff_ errors. This issue only impacts VMware vSphere-based installations and occurs because the internal Mongo DNS is incorrectly configured in the configserver ConfigMap. | June 29, 2024 | Self-Hosted, VerteX | 4.4.7 | | Clusters are failing to start on AWS EKS when using the AWS VPC CNI pack and Kubernetes versions 1.28. | February 26, 2024 | Packs, Clusters | 4.2.13 | | The Kubernetes Dashboard fails to load when added to a cluster profile and deployed. | February 26, 2024 | Packs | 4.2.13 | diff --git a/docs/docs-content/release-notes/release-notes.md b/docs/docs-content/release-notes/release-notes.md index 8bc46a4c58..915aa0b795 100644 --- a/docs/docs-content/release-notes/release-notes.md +++ b/docs/docs-content/release-notes/release-notes.md @@ -11,7 +11,7 @@ tags: ["release-notes"] -## Jul 20, 2024 - Release 4.4.8 +## Jul 20, 2024 - Release 4.4.11 diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md index e4c6ee4a98..8c78c9e155 100644 --- a/docs/docs-content/security-bulletins/reports/reports.md +++ b/docs/docs-content/security-bulletins/reports/reports.md @@ -31,24 +31,24 @@ Click on the CVE ID to view the full details of the vulnerability. | CVE ID | Initial Pub Date | Modified Date | Impacted Product & Version | Vulnerability Type | CVSS Severity | Status | | ----------------------------------------------- | ---------------- | ------------- | -------------------------- | --------------------------------------- | -------------------------------------------------------- | ------------- | -| [CVE-2023-52425](./cve-2023-52425.md) | 02/04/2024 | 06/14/2024 | Palette 4.4.8 | Third-party component: vSphere-CSI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52425) | :mag: Ongoing | -| [CVE-2024-21626](./cve-2024-21626.md) | 1/3/24 | 2/18/24 | Palette 4.4.8 | Third-party component: kube-proxy | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | :mag: Ongoing | -| [CVE-2022-41723](./cve-2022-41723.md) | 2/28/23 | 11/25/23 | Palette 4.4.8 | Third-party component: CoreDNS | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | :mag: Ongoing | -| [GHSA-m425-mq94-257g](./ghsa-m425-mq94-257g.md) | 10/25/23 | 10/25/23 | Palette 4.4.8 | Third-party component: CoreDNS | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | :mag: Ongoing | -| [CVE-2022-4450](./cve-2022-4450.md) | 2/8/23 | 2/4/24 | Palette 4.4.8 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | :mag: Ongoing | -| [CVE-2023-45142](./cve-2023-45142.md) | 10/12/23 | 2/18/24 | Palette 4.4.8 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | :mag: Ongoing | -| [CVE-2023-0464](./cve-2023-0464.md) | 3/22/23 | 6/21/24 | Palette 4.4.8 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | :mag: Ongoing | -| [CVE-2023-39325](./cve-2023-39325.md) | 10/11/23 | 4/28/24 | Palette 4.4.8 | Third-party component: Go project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | :mag: Ongoing | -| [CVE-2023-0215](./cve-2023-0215.md) | 2/28/23 | 6/21/24 | Palette 4.4.8 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) | :mag: Ongoing | -| [CVE-2023-47108](./cve-2023-47108.md) | 11/20/23 | 11/20/23 | Palette 4.4.8 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | :mag: Ongoing | -| [CVE-2023-0286](./cve-2023-0286.md) | 2/8/23 | 2/4/24 | Palette 4.4.8 | Third-party component: OpenSSL | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | :mag: Ongoing | -| [CVE-2020-1971](./cve-2020-1971.md) | 12/8/20 | 6/21/24 | Palette 4.4.8 | Third-party component: Ubuntu | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) | :mag: Ongoing | -| [CVE-2021-3449](./cve-2021-3449.md) | 3/25/21 | 6/21/24 | Palette 4.4.8 | Third-party component: Ubuntu | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) | :mag: Ongoing | -| [CVE-2021-3711](./cve-2021-3711.md) | 8/24/12 | 6/21/24 | Palette 4.4.8 | Third-party component: Ubuntu | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) | :mag: Ongoing | -| [CVE-2022-0778](./cve-2022-0778.md) | 3/15/22 | 6/21/24 | Palette 4.4.8 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778) | :mag: Ongoing | -| [CVE-2021-45079](./cve-2021-45079.md) | 1/31/22 | 11/6/23 | Palette 4.4.8 | Third-party component: Ubuntu | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079) | :mag: Ongoing | -| [CVE-2023-5528](./cve-2023-5528.md) | 11/14/23 | 1/19/24 | Palette 4.4.8 | Third-party component: vSphere-CSI | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-5528) | :mag: Ongoing | -| [CVE-2023-44487](./cve-2023-44487.md) | 10/10/23 | 6/27/24 | Palette 4.4.8 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | :mag: Ongoing | -| [CVE-2022-25883](./cve-2022-25883.md) | 6/21/23 | 11/6/24 | Palette 4.4.8 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | :mag: Ongoing | -| [CVE-2015-8855](./cve-2015-8855.md) | 1/23/17 | 1/26/12 | Palette 4.4.8 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855) | :mag: Ongoing | -| [PRISMA-2022-0227](./prisma-2022-0227.md) | 9/12/23 | 9/12/23 | Palette 4.4.8 | Third-party component: vSphere-CSI | N/A | :mag: Ongoing | +| [CVE-2023-52425](./cve-2023-52425.md) | 02/04/2024 | 06/14/2024 | Palette 4.4.11 | Third-party component: vSphere-CSI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52425) | :mag: Ongoing | +| [CVE-2024-21626](./cve-2024-21626.md) | 1/3/24 | 2/18/24 | Palette 4.4.11 | Third-party component: kube-proxy | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | :mag: Ongoing | +| [CVE-2022-41723](./cve-2022-41723.md) | 2/28/23 | 11/25/23 | Palette 4.4.11 | Third-party component: CoreDNS | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | :mag: Ongoing | +| [GHSA-m425-mq94-257g](./ghsa-m425-mq94-257g.md) | 10/25/23 | 10/25/23 | Palette 4.4.11 | Third-party component: CoreDNS | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | :mag: Ongoing | +| [CVE-2022-4450](./cve-2022-4450.md) | 2/8/23 | 2/4/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | :mag: Ongoing | +| [CVE-2023-45142](./cve-2023-45142.md) | 10/12/23 | 2/18/24 | Palette 4.4.11 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | :mag: Ongoing | +| [CVE-2023-0464](./cve-2023-0464.md) | 3/22/23 | 6/21/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | :mag: Ongoing | +| [CVE-2023-39325](./cve-2023-39325.md) | 10/11/23 | 4/28/24 | Palette 4.4.11 | Third-party component: Go project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | :mag: Ongoing | +| [CVE-2023-0215](./cve-2023-0215.md) | 2/28/23 | 6/21/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) | :mag: Ongoing | +| [CVE-2023-47108](./cve-2023-47108.md) | 11/20/23 | 11/20/23 | Palette 4.4.11 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | :mag: Ongoing | +| [CVE-2023-0286](./cve-2023-0286.md) | 2/8/23 | 2/4/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | :mag: Ongoing | +| [CVE-2020-1971](./cve-2020-1971.md) | 12/8/20 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) | :mag: Ongoing | +| [CVE-2021-3449](./cve-2021-3449.md) | 3/25/21 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) | :mag: Ongoing | +| [CVE-2021-3711](./cve-2021-3711.md) | 8/24/12 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) | :mag: Ongoing | +| [CVE-2022-0778](./cve-2022-0778.md) | 3/15/22 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778) | :mag: Ongoing | +| [CVE-2021-45079](./cve-2021-45079.md) | 1/31/22 | 11/6/23 | Palette 4.4.11 | Third-party component: Ubuntu | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079) | :mag: Ongoing | +| [CVE-2023-5528](./cve-2023-5528.md) | 11/14/23 | 1/19/24 | Palette 4.4.11 | Third-party component: vSphere-CSI | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-5528) | :mag: Ongoing | +| [CVE-2023-44487](./cve-2023-44487.md) | 10/10/23 | 6/27/24 | Palette 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | :mag: Ongoing | +| [CVE-2022-25883](./cve-2022-25883.md) | 6/21/23 | 11/6/24 | Palette 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | :mag: Ongoing | +| [CVE-2015-8855](./cve-2015-8855.md) | 1/23/17 | 1/26/12 | Palette 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855) | :mag: Ongoing | +| [PRISMA-2022-0227](./prisma-2022-0227.md) | 9/12/23 | 9/12/23 | Palette 4.4.11 | Third-party component: vSphere-CSI | N/A | :mag: Ongoing |