v1.20.2

Latest

Latest

hc-github-team-es-release-engineering released this 06 Jan 04:50

33e5727

1.20.2 (December 26, 2024)

SECURITY:

Removed ability to use bexpr to filter results without ACL read on endpoint [GH-21950]
Resolved issue where hcl would allow duplicates of the same key in acl policy configuration. [GH-21908]
Update github.com/golang-jwt/jwt/v4 to v4.5.1 to address GHSA-29wx-vh33-7x7r. [GH-21951]
Update golang.org/x/crypto to v0.31.0 to address GO-2024-3321. [GH-22001]
Update golang.org/x/net to v0.33.0 to address GO-2024-3333. [GH-22021]
Update registry.access.redhat.com/ubi9-minimal image to 9.5 to address CVE-2024-3596,CVE-2024-2511,CVE-2024-26458. [GH-22011]
api: Enforces strict content-type header validation to protect against XSS vulnerability. [GH-21930]

FEATURES:

docs: added the docs for the grafana dashboards [GH-21795]

BUG FIXES:

proxycfg: fix a bug where peered upstreams watches are canceled even when another target needs it. [GH-21871]
state: ensure that identical manual virtual IP updates result in not bumping the modify indexes [GH-21909]

Assets 2