3.3.7

(2021-03-01)

Components

Component

Version

MKE

3.3.7

Kubernetes

1.18.14

Calico

3.14.1

Calico for Windows

3.12.1

Interlock

3.2.1

Interlock NGINX proxy

1.17.10

Istio Ingress

1.4.10

CoreDNS

1.7.0

etcd

3.4.3

CSI Attacher

2.1.1

CSI Provisioner

1.4.0

CSI Snapshotter

1.2.2

CSI Resizer

0.4.0

CSI Node Driver Registrar

1.2.0

CSI Liveness Probe

1.1.0

Bug fixes

  • Fixed an issue with running Kubernetes on Azure wherein pods failed to start on clusters that don’t use the VXLAN data plane, issuing the following error:

    Failed to create pod sandbox: rpc error: code = Unknown desc = failed to
    set up sandbox container "[…]" network for pod "[…]": networkPlugin cni
    failed to set up pod "[…]" network: Failed to allocate address: Invalid
    address space
    

    FIELD-3635

Security

  • Resolved an important security issue in Go’s encoding/xml package that affects all prior versions of MKE 3.3. Specifically, maliciously crafted XML markup was able to potentially mutate during round trips through Go’s decoder and encoder implementations.

    Implementations of Go-based SAML (Security Assertion Markup Language, an XML-based standard approach to Single Sign-On – SSO – on the web) are often vulnerable to tampering by an attacker injecting malicious markup to a correctly-signed SAML message. MKE uses crewjam/saml, a Go SAML implementation that is affected by the vulnerability and which is tracked by CVE-2020-27846.

    MKE-8149