Addressed issues

Issues addressed in the MKE 3.8.9 release include:

• [FIELD-7925] Fixed an issue wherein excessive login attempts were being made by the Salesforce notifier component, which could potentially result in customers being blocked from accessing the portal.

• [FIELD-7875][FIELD-7621] Fixed an issue wherein ucp-controller, ucp-auth-api, and ucp-auth-worker were using the following weak CBC-mode ciphers:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  These ciphers have been removed from the default list to strengthen TLS security.

• [FIELD-7901] Fixed an issue wherein during installation the install agent tried to use the default mirantis/ucp-agent:<mke-version-number> rather than the specified private registry image.

• [FIELD-7891] Fixed an issue wherein Calico entered a reconciliation loop when setting the log level to ERROR.

• [FIELD-7889] Fixed an issue wherein CoreDNS default resource requests and limits were missing following an upgrade, which triggered a restart loop of ucp-kubectl during CoreDNS reconciliation.

• [FIELD-7865] Fixed an issue wherein a regression introduced in ingress-nginx v1.12.x caused metrics to be disabled by default.