OES Release Notes for Spinnaker Version v1.33.3
OSS Spinnaker reference
The images are forked out of OSS Spinnaker 1.33.3
The halyard version is forked out of Halyard Commits except for the following two auto bump commits
https://github.com/spinnaker/halyard/commit/397efbf2f71d3deca8db3667ef3f287c392c 9097 https://github.com/spinnaker/halyard/commit/c01d64838569d6a8c651130d0bc1e65de7 13cc93
Release Notes
The following are the releases made in OES after v1.33.3
OES 1.33.3.20250301 (27 May 2025)
Enhancements
Library updates have been made to address critical security vulnerabilities as provided in the table below:
Sl No
CVE
Package
Upgrade Version From
Upgrade Version To
Service Name
1
CVE-2024-38821
org.projectlombok:lombok
-
1.18.38
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
2
CVE-2024-38821
org.springframework.boot:spring-boot-configuration-processor
7.9
3.3.11
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
3
CVE-2024-38821
org.jetbrains.kotlin:kotlin-stdlib
2.8.0
1.9.21
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
4
CVE-2024-38821
org.apache.logging.log4j:log4j-bom
2.20.0
2.23.1
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
5
CVE-2024-38821
com.thoughtworks.xstream:xstream
1.4.20
1.4.21
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
6
CVE-2024-38821
org.codehaus.jettison:jettison
1.5.2
1.5.4
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
7
CVE-2024-38821
org.jsoup:jsoup
1.14.2
1.15.3
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
8
CVE-2024-38821
org.apache.httpcomponents.client5:httpclient5
5.1.4
5.4.2
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
9
CVE-2024-38821
io.grpc:grpc-protobuf
1.45.1
1.53.0
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
10
CVE-2024-38821
org.jooq:jooq-kotlin
3.17.14
3.19.22
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
11
CVE-2024-38821
com.squareup.okhttp3:logging-interceptor
com.squareup.okhttp3:mockwebserver
com.squareup.okhttp3:okhttp-sse
com.squareup.okhttp3:okhttp-urlconnection
com.squareup.okhttp3:okhttp
4.9.3
4.12.0
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
12
CV-2024-38821
org.springframework.boot:spring-boot-dependencies
3.0.9
3.3.11
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
13
CV-2024-38821
org.springframework.boot : spring-boot
org.springframework.boot : spring-boot-actuator
org.springframework.boot : spring-boot-actuator-autoconfigure
org.springframework.boot : spring-boot-autoconfigure
org.springframework.boot : spring-boot-starter
org.springframework.boot : spring-boot-starter-actuator
org.springframework.boot : spring-boot-starter-aop
org.springframework.boot : spring-boot-starter-json
org.springframework.boot : spring-boot-starter-logging
org.springframework.boot : spring-boot-starter-reactor-netty
org.springframework.boot : spring-boot-starter-security
org.springframework.boot : spring-boot-starter-test
org.springframework.boot : spring-boot-starter-tomcat
org.springframework.boot : spring-boot-starter-validation
org.springframework.boot : spring-boot-starter-web
org.springframework.boot : spring-boot-starter-webflux
org.springframework.boot : spring-boot-test
org.springframework.boot : spring-boot-test-autoconfigure
org.springframework.boot : spring-boot-configuration-processor
3.0.9
3.3.11
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
14
CVE-2024-38821
org.springframework.cloud:spring-cloud-dependencies
2022.0.2
2023.0.5
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
15
CVE-2024-38821
org.springframework.cloud:spring-cloud-commons
org.springframework.cloud:spring-cloud-config-client
org.springframework.cloud:spring-cloud-config-server
org.springframework.cloud:spring-cloud-context
4.0.2
4.1.5
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
16
CVE-2023-34042
CVE-2024-22257
CVE-2024-38827
CVE-2024-38821
org.springframework.security:spring-security-config
org.springframework.security:spring-security-core
org.springframework.security:spring-security-crypto
org.springframework.security:spring-security-web
6.0.5
6.3.9
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
17
CVE-2024-38821
org.springframework:spring-webmvc
6.0.14
6.1.14
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
18
CVE-2024-38820
CVE-2024-22243
CVE-2024-22259
CVE-2024-22262
CVE-2024-38809
CVE-2024-38816
CVE-2024-38819
CVE-2024-38816
CVE-2024-38819
org.springframework:spring-aop
org.springframework:spring-context
org.springframework:spring-core
org.springframework:spring-expression
org.springframework:spring-jcl
org.springframework:spring-jdbc
org.springframework:spring-test
org.springframework:spring-tx
org.springframework:spring-web
org.springframework:spring-webflux
org.springframework:spring-webmvc
6.0.14
6.1.19
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
19
CVE-2024-38821
ch.qos.logback:logback-access
1.4.12
1.5.18
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
20
CVE-2024-38821
ch.qos.logback:logback-classic
1.4.12
1.5.18
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
21
CVE-2024-38821
ch.qos.logback:logback-core
1.4.12
1.5.18
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
22
CVE-2024-34750
CVE-2024-50379
CVE-2024-56337
CVE-2024-24549
CVE-2024-23672
org.apache.tomcat.embed:tomcat-embed-core
org.apache.tomcat.embed:tomcat-embed-el
org.apache.tomcat.embed:tomcat-embed-websocket
10.1.16
10.1.40
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
23
CVE-2024-38821
com.mysql:mysql-connector-j
8.0.33
8.2.0
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
24
CVE-2024-3882CVE-2024-388211
io.micrometer:micrometer-registry-prometheus
-
1.13.13
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
25
CVE-2024-38821
org.springframework:spring-webmvc
6.0.14
6.1.14
Gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo, halyard
26
CVE-2023-24538,CVE-2023-24540,CVE-2024-24790
HELM_VERSION
3.14.4
3.18.0
rosco
27
CVE-2023-24538,CVE-2023-24540,CVE-2024-24790
PACKER_VERSION
1.11.0
1.12.0
rosco
OES 1.33.3.20241100 (25 Nov 2024)
Enhancements
Library updates have been made to address critical security vulnerabilities as provided in the table below:
Sl. No
CVE
Package
Upgraded from Version
Upgraded to Version
Services
1
CVE-2024-24790
CVE-2022-23806
CVE-2023-24538
CVE-2023-24540
KUBECTL_RELEASE
1.22.0
1.31.0
clouddriver, rosco,halyrad
2
CVE-2024-24790
AWS_CLI_S3_CMD
2.0.2
2.4.0
clouddriver
3
CVE-2024-24790
AWS_AIM_AUTHENTICATOR
0.6.14
0.6.27
clouddriver
4
CVE-2024-24790
GOOGLE_CLOUD_SDK
468.0.0
496.0.0
clouddriver
5
CVE-2024-22790
PACKER_VERSION
1.10.1
1.11.2
rosco
6
CVE-2024-22790
KUSTOMIZE_VERSION
5.0.3
5.4.3
rosco
7
CVE-2024-45490
CVE-2024-45491
CVE-2024-45492
expat
2.2.5-11.el8
2.2.5-15.el8_10
clouddriver, fiat, front50, kayenta, orca, igor, gate, echo, rosco
8
CVE-2024-37371
krb5-libs
1.18.2-28.el8_10
1.18.2-29.el8_10
clouddriver, fiat, front50, kayenta, orca, igor, gate, echo, Rosco
OES 1.33.3.20240600 (9 Aug 2024)
Enhancements
The Spinnaker version is upgraded from v1.30.1 to v1.33.3. For more information on Spinnaker versions, see Versions.
Last updated