Skip to content

v1.474.0
Compare
Choose a tag to compare
@cloudposse-releaser cloudposse-releaser released this 24 Jul 15:08
· 99 commits to refs/heads/main since this release
1.474.0
2c73ce3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Upgrade Supported ArgoCD Chart Version @RoseSecurity (#1081)

what and why

  • Argo versions 0.1.0 through 2.10.0-rc1, v2.9.3, v2.8.7, v2.7.15 are affected by CVE-2024-22424, a CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD.
  • Propose that we update the default values for Argo's chart from:
argo/argo-cd	5.19.12      	v2.5.9

to an unaffected version patched after 2.10-rc2, 2.9.4, 2.8.8, 2.7.16

notable changes

  • Argo CD 2.10 upgraded kubectl from 1.24 to 1.26. This upgrade introduced a change where client-side-applied labels and annotations are no longer preserved when using a server-side kubectl apply
  • Note that bundled Helm version has been upgraded from 3.13.2 to 3.14.3
  • Starting with Argo CD 2.10.11, the NetworkPolicy for the argocd-redis and argocd-redis-ha-haproxy dropped Egress restrictions. This change was made to allow access to the Kubernetes API to create a secret to secure Redis access

testing

  • This version has been tested and verified to work with the existing component configuration

references

Contributors

RoseSecurity
Assets 2
Loading