This MR contains the following updates:
Package | Update | Change |
---|---|---|
helm/helm | patch |
v3.11.0 -> v3.11.1
|
v3.11.1
: Helm v3.11.1Helm v3.11.1 is a security (patch) release. Users are strongly recommended to update to this release.
The template function getHostByName
can be used to disclose information. More details are available in the CVE.
This release introduces a breaking changes to Helm:
helm
client for the template
, install
, and upgrade
commands there is a new flag. --enable-dns
needs to be set for the getHostByName
template function to attempt to lookup an IP address for a given hostname. If the flag is not set the template function will return an empty string and skip looping up an IP address for the host.EnableDNS
property to the install action, the upgrade action, and the Engine
. This property must be set to true for the in order for the getHostByName
template function to attempt to lookup an IP address.The default for both of these cases is false.
Philipp Stehle at SAP disclosed the vulnerability to the Helm project.
Download Helm v3.11.1. The common platform binaries are here:
This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E
and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release using gpg
.
The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash
.
This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.