# OES Release Notes for Spinnaker Version v1.30.1

### OSS Spinnaker reference&#x20;

The images are forked out of OSS Spinnaker 1.30.1&#x20;

The halyard version is forked out of [Halyard Commits](https://github.com/spinnaker/halyard/commits/v1.55.0) except for the following two auto bump commits&#x20;

[https://github.com/spinnaker/halyard/commit/397efbf2f71d3deca8db3667ef3f287c392c 9097 ](https://github.com/spinnaker/halyard/commit/397efbf2f71d3deca8db3667ef3f287c392c9097)[https://github.com/spinnaker/halyard/commit/c01d64838569d6a8c651130d0bc1e65de7 13cc93](https://github.com/spinnaker/halyard/commit/c01d64838569d6a8c651130d0bc1e65de713cc93)&#x20;

## Releases

The following are the releases made in OES for Spinnaker version prior to v1.33.3

## OES 1.30.1.20240301 - Patch 1 (18 June 2024)

### Fixed Issues

* Pipeline payload gets skipped if expected artifact ID is not found.&#x20;

{% hint style="info" %}
Refer [OES 1.30.1.20240300 (29 March 2024)](#oes-1.30.1.20240300-29-march-2024) for details on the main release.&#x20;
{% endhint %}

## OES 1.30.1.20240300 (29 March 2024)

### Fixed Issues

The following CVEs are fixed in this release:<br>

| **CVE**        | **Package**                               | **Severity** |
| -------------- | ----------------------------------------- | ------------ |
| CVE-2024-1597  | org.postgresql:postgresql                 | Critical     |
| CVE-2015-8549  | PyAMF                                     | High         |
| CVE-2016-10745 | Jinja2                                    | High         |
| CVE-2019-10906 | Jinja2                                    | High         |
| CVE-2023-31582 | org.bitbucket.b\_c:jose4j                 | High         |
| CVE-2023-3635  | com.squareup.okio:okio-jvm                | High         |
| CVE-2023-39017 | quartz                                    | High         |
| CVE-2023-46589 | org.apache.tomcat.embed:tomcat-embed-core | High         |
| CVE-2023-44487 | org.apache.tomcat.embed:tomcat-embed-core | High         |
| CVE-2023-49569 | <http://github.com/go-git/go-git/v5>      | High         |

## February 2024

### Fixed Issues&#x20;

* Fixable CRITICAL and HIGH CVEs are fixed.
* Fixed the failing UT cases in CloudDriver, Gate, and Kork.&#x20;
* Fixed the issue of clouddriver not getting ready for more than 1300 Kubernetes accounts.
* Fixed failing test cases in SQL core module.&#x20;
* Default profiles not effective resulting in “APPLICATION FAILED TO START" error's CloudDriver, Echo, Igor, and Gate.
* Fixed Default profiles issue of the CloudDriver image with AWS component.
* Fixed the Docker accounts not loading issue by removing docker related configuration in clouddriver.yml&#x20;
* Fixed the issue of Custom Stage Jobs failing with "Index -1 out of bounds for length 0".
* Fixed the issue of gate service with the external Redis cache as well as spin-gate in 0/1 state with LDAP authentication.
* Fixed the issue of igor crash with a large number of user roles.
* Fixed the loading issue of Swagger API with updated Spring boot.

## November 2023

### Fixed Issues

* Fixed the failing UT cases in CloudDriver, Gate, and Kork&#x20;
* Junit4 to Junit5 migration and fix related test cases&#x20;
* snakeyaml vulnerability fix&#x20;
* Fiat role-sync is running long due to user roles in SAML is fixed by adding rest api only for syncing unrestricted user
* Additional metric requested in Igor
* Spring boot version 3.0.7 > 3.0.9 upgrade
* Upgrade pf4j version to 3.10.0

## June 2023

### Fixed Issues

* FIPS compliant base image Redhat UBI8.8
* Spring Boot upgraded to 3.0
* springframework 3.0.6
* Java upgraded to 17
* SnakeYAML upgraded to version 2.0&#x20;