OES Release Notes for Spinnaker Version v1.30.1

OSS Spinnaker reference

The images are forked out of OSS Spinnaker 1.30.1

The halyard version is forked out of Halyard Commits except for the following two auto bump commits

https://github.com/spinnaker/halyard/commit/397efbf2f71d3deca8db3667ef3f287c392c 9097 https://github.com/spinnaker/halyard/commit/c01d64838569d6a8c651130d0bc1e65de7 13cc93

Releases

The following are the releases made in OES for Spinnaker version prior to v1.33.3

OES 1.30.1.20240301 - Patch 1 (18 June 2024)

Fixed Issues

  • Pipeline payload gets skipped if expected artifact ID is not found.

Refer OES 1.30.1.20240300 (29 March 2024) for details on the main release.

OES 1.30.1.20240300 (29 March 2024)

Fixed Issues

The following CVEs are fixed in this release:

CVE

Package

Severity

CVE-2024-1597

org.postgresql:postgresql

Critical

CVE-2015-8549

PyAMF

High

CVE-2016-10745

Jinja2

High

CVE-2019-10906

Jinja2

High

CVE-2023-31582

org.bitbucket.b_c:jose4j

High

CVE-2023-3635

com.squareup.okio:okio-jvm

High

CVE-2023-39017

quartz

High

CVE-2023-46589

org.apache.tomcat.embed:tomcat-embed-core

High

CVE-2023-44487

org.apache.tomcat.embed:tomcat-embed-core

High

CVE-2023-49569

http://github.com/go-git/go-git/v5

High

February 2024

Fixed Issues

  • Fixable CRITICAL and HIGH CVEs are fixed.

  • Fixed the failing UT cases in CloudDriver, Gate, and Kork.

  • Fixed the issue of clouddriver not getting ready for more than 1300 Kubernetes accounts.

  • Fixed failing test cases in SQL core module.

  • Default profiles not effective resulting in “APPLICATION FAILED TO START" error's CloudDriver, Echo, Igor, and Gate.

  • Fixed Default profiles issue of the CloudDriver image with AWS component.

  • Fixed the Docker accounts not loading issue by removing docker related configuration in clouddriver.yml

  • Fixed the issue of Custom Stage Jobs failing with "Index -1 out of bounds for length 0".

  • Fixed the issue of gate service with the external Redis cache as well as spin-gate in 0/1 state with LDAP authentication.

  • Fixed the issue of igor crash with a large number of user roles.

  • Fixed the loading issue of Swagger API with updated Spring boot.

November 2023

Fixed Issues

  • Fixed the failing UT cases in CloudDriver, Gate, and Kork

  • Junit4 to Junit5 migration and fix related test cases

  • snakeyaml vulnerability fix

  • Fiat role-sync is running long due to user roles in SAML is fixed by adding rest api only for syncing unrestricted user

  • Additional metric requested in Igor

  • Spring boot version 3.0.7 > 3.0.9 upgrade

  • Upgrade pf4j version to 3.10.0

June 2023

Fixed Issues

  • FIPS compliant base image Redhat UBI8.8

  • Spring Boot upgraded to 3.0

  • springframework 3.0.6

  • Java upgraded to 17

  • SnakeYAML upgraded to version 2.0

PreviousOES Release Notes for Spinnaker Version v1.33.3NextISD 4.0.x Release Notes

Last updated