3.3.7¶
(2021-03-01)
Components¶
Component |
Version |
---|---|
MKE |
3.3.7 |
Interlock |
3.2.1 |
Interlock NGINX proxy |
1.17.10 |
CSI Attacher |
2.1.1 |
CSI Provisioner |
1.4.0 |
CSI Snapshotter |
1.2.2 |
CSI Resizer |
0.4.0 |
CSI Node Driver Registrar |
1.2.0 |
CSI Liveness Probe |
1.1.0 |
Bug fixes¶
Fixed an issue with running Kubernetes on Azure wherein pods failed to start on clusters that don’t use the VXLAN data plane, issuing the following error:
Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "[…]" network for pod "[…]": networkPlugin cni failed to set up pod "[…]" network: Failed to allocate address: Invalid address space
FIELD-3635
Security¶
Resolved an important security issue in Go’s
encoding/xml
package that affects all prior versions of MKE 3.3. Specifically, maliciously crafted XML markup was able to potentially mutate during round trips through Go’s decoder and encoder implementations.Implementations of Go-based SAML (Security Assertion Markup Language, an XML-based standard approach to Single Sign-On – SSO – on the web) are often vulnerable to tampering by an attacker injecting malicious markup to a correctly-signed SAML message. MKE uses
crewjam/saml
, a Go SAML implementation that is affected by the vulnerability and which is tracked by CVE-2020-27846.MKE-8149