# OES Release Notes for Spinnaker Version v1.33.3 ### OSS Spinnaker reference The images are forked out of OSS Spinnaker 1.33.3 The halyard version is forked out of [Halyard Commits](https://github.com/spinnaker/halyard/commits/v1.65.0) except for the following two auto bump commits [https://github.com/spinnaker/halyard/commit/397efbf2f71d3deca8db3667ef3f287c392c 9097 ](https://github.com/spinnaker/halyard/commit/397efbf2f71d3deca8db3667ef3f287c392c9097)[https://github.com/spinnaker/halyard/commit/c01d64838569d6a8c651130d0bc1e65de7 13cc93](https://github.com/spinnaker/halyard/commit/c01d64838569d6a8c651130d0bc1e65de713cc93) ## Release Notes The following are the releases made in OES after v1.33.3 ## OES 1.33.3.20250301 (27 May 2025) ### Enhancements * Library updates have been made to address critical security vulnerabilities as provided in the table below:


Sl No	CVE	Package	Upgrade Version From	Upgrade Version To	Service Name
1	CVE-2024-38821	org.projectlombok:lombok	-	1.18.38	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
2	CVE-2024-38821	org.springframework.boot:spring-boot-configuration-processor	7.9	3.3.11	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
3	CVE-2024-38821	org.jetbrains.kotlin:kotlin-stdlib	2.8.0	1.9.21	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
4	CVE-2024-38821	org.apache.logging.log4j:log4j-bom	2.20.0	2.23.1	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
5	CVE-2024-38821	com.thoughtworks.xstream:xstream	1.4.20	1.4.21	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
6	CVE-2024-38821	org.codehaus.jettison:jettison	1.5.2	1.5.4	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
7	CVE-2024-38821	org.jsoup:jsoup	1.14.2	1.15.3	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
8	CVE-2024-38821	org.apache.httpcomponents.client5:httpclient5	5.1.4	5.4.2	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
9	CVE-2024-38821	io.grpc:grpc-protobuf	1.45.1	1.53.0	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
10	CVE-2024-38821	org.jooq:jooq-kotlin	3.17.14	3.19.22	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
11	CVE-2024-38821	com.squareup.okhttp3:logging-interceptor com.squareup.okhttp3:mockwebserver com.squareup.okhttp3:okhttp-sse com.squareup.okhttp3:okhttp-urlconnection com.squareup.okhttp3:okhttp	4.9.3	4.12.0	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
12	CV-2024-38821	org.springframework.boot:spring-boot-dependencies	3.0.9	3.3.11	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
13	CV-2024-38821	org.springframework.boot : spring-boot org.springframework.boot : spring-boot-actuator org.springframework.boot : spring-boot-actuator-autoconfigure org.springframework.boot : spring-boot-autoconfigure org.springframework.boot : spring-boot-starter org.springframework.boot : spring-boot-starter-actuator org.springframework.boot : spring-boot-starter-aop org.springframework.boot : spring-boot-starter-json org.springframework.boot : spring-boot-starter-logging org.springframework.boot : spring-boot-starter-reactor-netty org.springframework.boot : spring-boot-starter-security org.springframework.boot : spring-boot-starter-test org.springframework.boot : spring-boot-starter-tomcat org.springframework.boot : spring-boot-starter-validation org.springframework.boot : spring-boot-starter-web org.springframework.boot : spring-boot-starter-webflux org.springframework.boot : spring-boot-test org.springframework.boot : spring-boot-test-autoconfigure org.springframework.boot : spring-boot-configuration-processor	3.0.9	3.3.11	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
14	CVE-2024-38821	org.springframework.cloud:spring-cloud-dependencies	2022.0.2	2023.0.5	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
15	CVE-2024-38821	org.springframework.cloud:spring-cloud-commons org.springframework.cloud:spring-cloud-config-client org.springframework.cloud:spring-cloud-config-server org.springframework.cloud:spring-cloud-context	4.0.2	4.1.5	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
16	CVE-2023-34042 CVE-2024-22257 CVE-2024-38827 CVE-2024-38821	org.springframework.security:spring-security-config org.springframework.security:spring-security-core org.springframework.security:spring-security-crypto org.springframework.security:spring-security-web	6.0.5	6.3.9	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
17	CVE-2024-38821	org.springframework:spring-webmvc	6.0.14	6.1.14	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
18	CVE-2024-38820 CVE-2024-22243 CVE-2024-22259 CVE-2024-22262 CVE-2024-38809 CVE-2024-38816 CVE-2024-38819 CVE-2024-38816 CVE-2024-38819	org.springframework:spring-aop org.springframework:spring-context org.springframework:spring-core org.springframework:spring-expression org.springframework:spring-jcl org.springframework:spring-jdbc org.springframework:spring-test org.springframework:spring-tx org.springframework:spring-web org.springframework:spring-webflux org.springframework:spring-webmvc	6.0.14	6.1.19	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
19	CVE-2024-38821	ch.qos.logback:logback-access	1.4.12	1.5.18	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
20	CVE-2024-38821	ch.qos.logback:logback-classic	1.4.12	1.5.18	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
21	CVE-2024-38821	ch.qos.logback:logback-core	1.4.12	1.5.18	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
22	CVE-2024-34750 CVE-2024-50379 CVE-2024-56337 CVE-2024-24549 CVE-2024-23672	org.apache.tomcat.embed:tomcat-embed-core org.apache.tomcat.embed:tomcat-embed-el org.apache.tomcat.embed:tomcat-embed-websocket	10.1.16	10.1.40	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
23	CVE-2024-38821	com.mysql:mysql-connector-j	8.0.33	8.2.0	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
24	CVE-2024-3882CVE-2024-388211	io.micrometer:micrometer-registry-prometheus	-	1.13.13	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
25	CVE-2024-38821	org.springframework:spring-webmvc	6.0.14	6.1.14	Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
26	CVE-2023-24538,CVE-2023-24540,CVE-2024-24790	HELM_VERSION	3.14.4	3.18.0	rosco
27	CVE-2023-24538,CVE-2023-24540,CVE-2024-24790	PACKER_VERSION	1.11.0	1.12.0	rosco

## OES 1.33.3.20241100 (25 Nov 2024) ### Enhancements * Library updates have been made to address critical security vulnerabilities as provided in the table below:


Sl. No	CVE	Package	Upgraded from Version	Upgraded to Version	Services
1	CVE-2024-24790 CVE-2022-23806 CVE-2023-24538 CVE-2023-24540	KUBECTL_RELEASE	1.22.0	1.31.0	clouddriver, rosco,halyrad
2	CVE-2024-24790	AWS_CLI_S3_CMD	2.0.2	2.4.0	clouddriver
3	CVE-2024-24790	AWS_AIM_AUTHENTICATOR	0.6.14	0.6.27	clouddriver
4	CVE-2024-24790	GOOGLE_CLOUD_SDK	468.0.0	496.0.0	clouddriver
5	CVE-2024-22790	PACKER_VERSION	1.10.1	1.11.2	rosco
6	CVE-2024-22790	KUSTOMIZE_VERSION	5.0.3	5.4.3	rosco
7	CVE-2024-45490 CVE-2024-45491 CVE-2024-45492	expat	2.2.5-11.el8	2.2.5-15.el8_10	clouddriver, fiat, front50, kayenta, orca, igor, gate, echo, rosco
8	CVE-2024-37371	krb5-libs	1.18.2-28.el8_10	1.18.2-29.el8_10	clouddriver, fiat, front50, kayenta, orca, igor, gate, echo, Rosco

## OES 1.33.3.20240600 (9 Aug 2024) ### Enhancements * The Spinnaker version is upgraded from v1.30.1 to v1.33.3. For more information on Spinnaker versions, see [Versions](https://spinnaker.io/docs/releases/versions/).