OES Release Notes for Spinnaker Version v1.33.3

OSS Spinnaker reference

The images are forked out of OSS Spinnaker 1.33.3

The halyard version is forked out of Halyard Commits except for the following two auto bump commits

https://github.com/spinnaker/halyard/commit/397efbf2f71d3deca8db3667ef3f287c392c 9097 https://github.com/spinnaker/halyard/commit/c01d64838569d6a8c651130d0bc1e65de7 13cc93

Release Notes

The following are the releases made in OES after v1.33.3

OES 1.33.3.20250301 (27 May 2025)

Enhancements

  • Library updates have been made to address critical security vulnerabilities as provided in the table below:

Sl No

CVE

Package

Upgrade Version From

Upgrade Version To

Service Name

1

CVE-2024-38821

org.projectlombok:lombok

-

1.18.38

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

2

CVE-2024-38821

org.springframework.boot:spring-boot-configuration-processor

7.9

3.3.11

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

3

CVE-2024-38821

org.jetbrains.kotlin:kotlin-stdlib

2.8.0

1.9.21

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

4

CVE-2024-38821

org.apache.logging.log4j:log4j-bom

2.20.0

2.23.1

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

5

CVE-2024-38821

com.thoughtworks.xstream:xstream

1.4.20

1.4.21

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

6

CVE-2024-38821

org.codehaus.jettison:jettison

1.5.2

1.5.4

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

7

CVE-2024-38821

org.jsoup:jsoup

1.14.2

1.15.3

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

8

CVE-2024-38821

org.apache.httpcomponents.client5:httpclient5

5.1.4

5.4.2

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

9

CVE-2024-38821

io.grpc:grpc-protobuf

1.45.1

1.53.0

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

10

CVE-2024-38821

org.jooq:jooq-kotlin

3.17.14

3.19.22

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

11

CVE-2024-38821

com.squareup.okhttp3:logging-interceptor

com.squareup.okhttp3:mockwebserver

com.squareup.okhttp3:okhttp-sse

com.squareup.okhttp3:okhttp-urlconnection

com.squareup.okhttp3:okhttp

4.9.3

4.12.0

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

12

CV-2024-38821

org.springframework.boot:spring-boot-dependencies

3.0.9

3.3.11

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

13

CV-2024-38821

org.springframework.boot : spring-boot

org.springframework.boot : spring-boot-actuator

org.springframework.boot : spring-boot-actuator-autoconfigure

org.springframework.boot : spring-boot-autoconfigure

org.springframework.boot : spring-boot-starter

org.springframework.boot : spring-boot-starter-actuator

org.springframework.boot : spring-boot-starter-aop

org.springframework.boot : spring-boot-starter-json

org.springframework.boot : spring-boot-starter-logging

org.springframework.boot : spring-boot-starter-reactor-netty

org.springframework.boot : spring-boot-starter-security

org.springframework.boot : spring-boot-starter-test

org.springframework.boot : spring-boot-starter-tomcat

org.springframework.boot : spring-boot-starter-validation

org.springframework.boot : spring-boot-starter-web

org.springframework.boot : spring-boot-starter-webflux

org.springframework.boot : spring-boot-test

org.springframework.boot : spring-boot-test-autoconfigure

org.springframework.boot : spring-boot-configuration-processor

3.0.9

3.3.11

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

14

CVE-2024-38821

org.springframework.cloud:spring-cloud-dependencies

2022.0.2

2023.0.5

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

15

CVE-2024-38821

org.springframework.cloud:spring-cloud-commons

org.springframework.cloud:spring-cloud-config-client

org.springframework.cloud:spring-cloud-config-server

org.springframework.cloud:spring-cloud-context

4.0.2

4.1.5

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

16

CVE-2023-34042

CVE-2024-22257

CVE-2024-38827

CVE-2024-38821

org.springframework.security:spring-security-config

org.springframework.security:spring-security-core

org.springframework.security:spring-security-crypto

org.springframework.security:spring-security-web

6.0.5

6.3.9

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

17

CVE-2024-38821

org.springframework:spring-webmvc

6.0.14

6.1.14

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

18

CVE-2024-38820

CVE-2024-22243

CVE-2024-22259

CVE-2024-22262

CVE-2024-38809

CVE-2024-38816

CVE-2024-38819

CVE-2024-38816

CVE-2024-38819

org.springframework:spring-aop

org.springframework:spring-context

org.springframework:spring-core

org.springframework:spring-expression

org.springframework:spring-jcl

org.springframework:spring-jdbc

org.springframework:spring-test

org.springframework:spring-tx

org.springframework:spring-web

org.springframework:spring-webflux

org.springframework:spring-webmvc

6.0.14

6.1.19

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

19

CVE-2024-38821

ch.qos.logback:logback-access

1.4.12

1.5.18

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

20

CVE-2024-38821

ch.qos.logback:logback-classic

1.4.12

1.5.18

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

21

CVE-2024-38821

ch.qos.logback:logback-core

1.4.12

1.5.18

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

22

CVE-2024-34750

CVE-2024-50379

CVE-2024-56337

CVE-2024-24549

CVE-2024-23672

org.apache.tomcat.embed:tomcat-embed-core

org.apache.tomcat.embed:tomcat-embed-el

org.apache.tomcat.embed:tomcat-embed-websocket

10.1.16

10.1.40

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

23

CVE-2024-38821

com.mysql:mysql-connector-j

8.0.33

8.2.0

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

24

CVE-2024-3882CVE-2024-388211

io.micrometer:micrometer-registry-prometheus

-

1.13.13

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

25

CVE-2024-38821

org.springframework:spring-webmvc

6.0.14

6.1.14

Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard

26

CVE-2023-24538,CVE-2023-24540,CVE-2024-24790

HELM_VERSION

3.14.4

3.18.0

rosco

27

CVE-2023-24538,CVE-2023-24540,CVE-2024-24790

PACKER_VERSION

1.11.0

1.12.0

rosco

OES 1.33.3.20241100 (25 Nov 2024)

Enhancements

  • Library updates have been made to address critical security vulnerabilities as provided in the table below:

Sl. No

CVE

Package

Upgraded from Version

Upgraded to Version

Services

1

CVE-2024-24790

CVE-2022-23806

CVE-2023-24538

CVE-2023-24540

KUBECTL_RELEASE

1.22.0

1.31.0

clouddriver, rosco,halyrad

2

CVE-2024-24790

AWS_CLI_S3_CMD

2.0.2

2.4.0

clouddriver

3

CVE-2024-24790

AWS_AIM_AUTHENTICATOR

0.6.14

0.6.27

clouddriver

4

CVE-2024-24790

GOOGLE_CLOUD_SDK

468.0.0

496.0.0

clouddriver

5

CVE-2024-22790

PACKER_VERSION

1.10.1

1.11.2

rosco

6

CVE-2024-22790

KUSTOMIZE_VERSION

5.0.3

5.4.3

rosco

7

CVE-2024-45490

CVE-2024-45491

CVE-2024-45492

expat

2.2.5-11.el8

2.2.5-15.el8_10

clouddriver, fiat, front50, kayenta, orca, igor, gate, echo, rosco

8

CVE-2024-37371

krb5-libs

1.18.2-28.el8_10

1.18.2-29.el8_10

clouddriver, fiat, front50, kayenta, orca, igor, gate, echo, Rosco

OES 1.33.3.20240600 (9 Aug 2024)

Enhancements

  • The Spinnaker version is upgraded from v1.30.1 to v1.33.3. For more information on Spinnaker versions, see Versions.

Last updated

Was this helpful?