copyright | lastupdated | ||
---|---|---|---|
|
2024-05-14 |
Notable changes recorded here. This project adheres to Semantic Versioning.
Released: 2024-12-04
- Build and run with ubi9 based image.
- Update to go-toolset:v1.22.7
- Remediates CVE-2024-9676, CVE-2023-44487
Released: 2024-11-14
- Update Go to 1.22
Released: 2024-10-11
- Remediates CVE-2024-9355 in golang
Released: 2024-09-30
- Remediates CVE-2024-24791, CVE-2024-34155, CVE-2024-34156 and CVE-2024-34158 in go-toolset
Released: 2024-08-20
- Remediates CVE-2024-41110 in github.com/docker/docker
Released: 2024-07-15
- Remediates NIST-CVE-2024-6104 in github.com/hashicorp/go-retryablehttp
- Remediates CVE-2024-24789, CVE-2024-24790 using go-toolset:1.21.11
Released: 2024-06-06
- Remediates CVE-2023-45288, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783 and CVE-2024-24784 in go-toolset
- Remediates CVE-2024-2961 in glibc
- Remediates CVE-2024-3727 in github.com/containers/image
Released: 2024-05-14
- Remediates CVE-2024-2961 in glibc
- github.com/docker/docker update for CVE-2024-29018
- golang.org/x/net update for CVE-2023-45288
- start with go=toolset:1.20.12 also for the installer (consistency) Note: the build pulls dynamic updates to the builder image currently gets go-toolset:1.20.12-3 which resolves CVE-2024-1394
Released 2024-03-06
- Update go-toolset:1.20.12-2
- golang/github.com/opencontainers/runc update for CVE-2024-21626
- Add arm64 image. This makes developing and testing on a M1/2 mac easier
Released 2024-01-09
- Update go-toolset:1.20.10-3
- Rebuild/Package updates to remediate CVE-2023-3446 CVE-2023-3817 CVE-2023-5678
- golang.org/x/crypto update for CVE-2023-48795
Released 2023-11-07
- Set nonroot user on image iconfig to supress container policy checkers.
- Have nancy run from Dockerfile again.
- Remediate CVE.
Released 2023-11-01
- Remediate CVE-2023-44487 CVE-2023-29406 CVE-2023-39325 with go-toolset:1.19.13-2.1698062273
- Resolve a compatibility with GKE versioning in templates/pdb.yaml
- Allow namespace selector for skipping admission webhook
Released 2023-10-10
- Remediates CVE-2023-4527 CVE-2023-4806 CVE-2023-4813 CVE-2023-4911 in glibc
Released 2023-09-11
- Remediates CVE-2023-3978
Released 2023-08-21
- consume ubi8/go-toolset:1.19.10-10
- Remediates CVE-2022-41724 CVE-2022-41725 CVE-2023-24540 CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405
- refactor tests since IBM has removed notary service
- do not test vulnerability policy since IBM has deprecated the API
Released 2023-04-11
- Remove vulnerable dependency dgrijalva/jwt-go
Released 2023-03-29
- Update to go-toolset:1.18.9-13
- Resolves CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 with openssl
- Resolves CVE-2023-27561 with runc v1.1.15
Released 2023-02-02
- Contributed helm value options: skipCreate certificate issuer (aid seamless upgrade) and optional annotations.
- Update to go-toolset:1.18.9-8
- Fixes problem with portieris version in logs showing the golang version
Released 2023-01-25
- Update to go-toolset:1.18.4-20 and ensures go rpm is tracked in final image
- Update go dependencies
Released 2022-08-23
- Upgrade runc to v1.1.2 for vulnerability fix
- Build with go-toolset:1.17.12 for vulnerability fix
Released 2022-06-28
- resolved (#51) following the oAuth spec
- Build with go-tooolset:1.17.10 resolving CVE-2022-29526 CVE-2022-23772 CVE-2022-24921
- code-generator:1.24 + regenerate code
- Helm chart improvements: Fixes (#142)
- options to define podDisruptionBudget and options to use generated certificates directly from values.yml (PR#379)
- resolve (#388), remove cluster-admins group from SCC
Released 2022-08-23
- Build with go-toolset:1.17.12 for vulnerability fix
Released 2022-06-30
- Build with go-toolset:1.17.10 resolving CVE-2022-29526 CVE-2022-23772 CVE-2022-24921
Released 2022-04-04
- Rebuild
- Resolves CVE-2022-0778
Released 2022-04-04
- Rebuild
- Resolves CVE-2021-3999
- Resolves CVE-2022-23218
- Resolves CVE-2022-23219
Released 2022-01-06
- Resolves CVE-2021-3712
- Build with go-toolset:1.16.12
Released 2021-11-30
- Resolves CVE-2021-23840
- Resolves CVE-2021-23841
- Resolves CVE-2021-27645
- Resolves CVE-2021-33574
- Resolves CVE-2021-35942
- Supports cert-manager >= 1.6
Released 2021-10-11
- Added support for batch/v1/cronjobs and dropped batch/v1alpha1/cronjobs inline with 1.21 apis (#350)
- Many more documentation improvements
- Set sane priorityClass (#352)
- Build using ubi go toolset (golang 1.15.14), and run in ubi-minimal (#351)
- Support ObjectSelectorAdmissionSkip (#349)
- Require TLS1.2 on webhook
Released 2021-06-16
- Further documentation improvements including godoc
- use current resource versions (#215)
- update dependencies and golang version to 1.16.5
- a template fix to correctly identify openshift (PR#326)
Released 2021-06-22
- update dependencies and golang to 1.16.5
Released 2021-03-25
- Documentation improvements
- Add keySecretNamespace policy option (PR#258)
- update dependencies and golang to 1.15.10
Released 2021-02-10
- Add mutateImage policy option (244)
- When skipping checks because a parent resource exists, ensure its a known type (246)
- Add version to user-agent consistently (241)
Released 2021-01-11
- Support verifying images that don't require pull secrets (#123)
- Redefine policy Custom Resource Definitions (CRDs) by using v1 with validation, breaking change (#121)
Released 2020-12-15
- Support remapIdentity simple signature identity type (#92)
- Switch to pull image from
icr.io/portieris
(#205) - Get default ClusterImagePolicy setting from values (PR#233)
Released 2020-12-06
- Update to Go 1.14.12
- Support OpenShift projects that create deployments with blank image names (#227)
- Add
webHooks.failurePolicy
value/option
Released 2020-11-30
- Additional logging container image name (#216)
- Accept a
--kubeconfig
command line parameter (PR#218)
Released 2020-11-23
- Add metrics counting allow and deny events. (#106)
- Fix a problem with multiple pull secrets and simple signing (#209)
Released 2020-11-05
- Introduce a policy type to enforce an image vulnerability check (#71)
- Normalise the use of Helm, allow
--create-namespace
, remove webhook on uninstall (PR#189) - Add a default policy for Istio image when it's running on IBM Cloud Kubernetes Service (PR#198)
- Fix certificate incompatibility in Kubernetes 1.19 (#196)
Released 2020-10-12
- Provide an option to run out of cluster (#180)
Released 2020-09-18
- PR checker fixed to fail when tests fail (#167)
- Drop support for Helm 2. You must use Helm 3 to install Portieris (#141) (#41) (#89)
- Ability to use a namespace selector for admission webhook (#112)
- Correctly decode pull secrets where credentials are in the
auth
field (#174) - Ensure the pre-installation steps create the namespace before the service account (#181)
Released 2020-09-02
- Fix the port name in service template (PR#149)
- Change the default namespace to
portieris
(#117) - Support Helm 3 and Openshift 4 (PR#130)
- Anti-affinity and liveness/readiness probes (#66)
- Support sourcing webhook certificates from cert-manager (#59)
- Allow anonymous Notary access (PR#159)
Released 2020-06-09
- Support for reading simple signatures from lookaside storage, (#93)
Released 2020-03-26
- Support for the verification of simple signatures by using containers/image. (#70)