Releases: haproxytech/kubernetes-ingress
HAProxy Ingress Controller v1.10.2
Changelog
- 40c71a7 BUILD/MINOR: go.mod: update Go packages
HAProxy Ingress Controller v1.9.7
Changelog
- 16ffc00 MINOR: settings for deep comparison to consider nil and empty as the same.
HAProxy Ingress Controller v1.10.1
Changelog
- a17d6a4 BUG/MINOR: ci: resolve goreleaser build procedure
HAProxy Ingress Controller v1.9.6
Changelog
- 250803e BUG/MEDIUM: sec: update config parser to v4.0.0
HAProxy Ingress Controller v1.8.13
Changelog
- 72b4efc BUG/MEDIUM: sec: update config parser to v4.0.0
HAProxy Ingress Controller v1.9.5
Changelog
- 24d2561 BUG/MINOR: use project go version in go release
- 0d11684 BUILD/MINOR: security: update golang.org/x/net package
- 7bd4e49 BUG/MINOR: fix ingress with same path and different ports
- b0066f9 BUG/MINOR: backends should be reprocessed after fixing a failed transaction
- 92aca4e BUILD/MAJOR: go: increase Go version to 1.20
- 2673fff BUILD/MINOR: lint: use new linter that does not have issue with Go 1.20
- 8de6e87 CLEANUP/MINOR: ci: update docker image versions
- c1a980e BUILD/MAJOR: ci: apply new linting rules
- 892052b BUILD/MEDIUM: update linters, use local version
- 213c160 CLEANUP/MINOR: remove server state save
- 9a81850 BUG/MINOR: fix formating of log message for default backend service
- e8e23a5 MINOR: docker: Additionally tag Docker images with branch
HAProxy Ingress Controller v1.8.12
Changelog
d20e38f BUG/MINOR: fix ingress with same path and different ports
bb2625e BUILD/MINOR: security: update golang.org/x/net package
15f4861 BUG/MINOR: backends should be reprocessed after fixing a failed transaction
612aaf6 BUILD/MINOR: lint: use new linter that does not have issue with Go 1.20
61ee8b3 CLEANUP/MINOR: remove server state save
822b999 BUG/MINOR: fix formating of log message for default backend service
e9eaedb MINOR: docker: Additionally tag Docker images with branch
HAProxy Ingress Controller v1.9.3
HAProxy Technologies has announced that HAProxy 2.0 or newer, HAProxy Enterprise 2.0 or newer, and HAProxy ALOHA 12.5 or newer are affected by CVE-2023-25725. If you are using an affected product you should upgrade to the latest version immediately or apply the configuration detailed below.
For the latest information on this issue and our response, read our blog post at https://www.haproxy.com/blog/february-2023-header-parser-fixed. We will post any future updates on this page.
This vulnerability affects the header parser and permits header manipulations that might be unauthorized or dangerous.
Examples:
• a transfer-encoding header may be hidden after the presence of a content-length header is confirmed and sent to another proxy
• a transfer-encoding header or a content-length header may be hidden after the internal parser has confirmed its presence; in this scenario, the parser will consider the missing header to still be present.
Affected Versions and Remediation
HAProxy Technologies released new versions of HAProxy, HAProxy Enterprise, and HAProxy ALOHA on Tuesday, 14 February 2023. These releases patch the vulnerability described in CVE-2023-25725.
Users of the affected products should upgrade to the fixed version as soon as possible.
• HAProxy Enterprise users can follow the upgrade instructions here: https://www.haproxy.com/documentation/hapee/latest/getting-started/upgrade/linux/#update-haproxy-enterprise
• HAProxy ALOHA users can follow the upgrade instructions here: https://www.haproxy.com/documentation/aloha/latest/getting-started/firmware-updates/
Users of container images: please note that we are currently building fixed versions of the container images. We will update the blog post when they become available.
Affected Version > Fixed Version
HAProxy 2.0 > HAProxy 2.0.31
HAProxy 2.2 > HAProxy 2.2.29
HAProxy 2.4 > HAProxy 2.4.22
HAProxy 2.5 > HAProxy 2.5.12
HAProxy 2.6 > HAProxy 2.6.9
HAProxy 2.7 > HAProxy 2.7.3
HAProxy Enterprise 2.0r1 > 2.0r1-1.0.0-248.1534
HAProxy Enterprise 2.2r1 > 2.2r1-1.0.0-254.929
HAProxy Enterprise 2.4r1 > 2.4r1-1.0.0-285.1010
HAProxy Enterprise 2.5r1 > 2.5r1-1.0.0-285.653
HAProxy Enterprise 2.6r1 > 2.6r1-1.0.0-288.770
HAProxy ALOHA 12.5 > HAProxy ALOHA 12.5.18
HAProxy ALOHA 13.5 > HAProxy ALOHA 13.5.19
HAProxy ALOHA 14.0 > HAProxy ALOHA 14.0.11
HAProxy ALOHA 14.5 > HAProxy ALOHA 14.5.6
HAProxy Kubernetes Ingress Controller 1.7 > 1.7.12
HAProxy Kubernetes Ingress Controller 1.8 > 1.8.11
HAProxy Kubernetes Ingress Controller 1.9 > 1.9.3
HAProxy Enterprise Kubernetes Ingress Controller 1.7 > 1.7.12-ee1
Workaround
If you are not able to update right away, you can apply the following rules to mitigate the issues. Add this to your frontend exposed and then restart your HAProxy instance.
frontend myfrontend
http-request deny if { fc_http_major 1 } !{ req.body_size 0 } !{ req.hdr(content-length) -m found } !{ req.hdr(transfer-encoding) -m found } !{ method CONNECT }
Support
If you are an HAProxy Enterprise or HAProxy ALOHA customer and have questions about upgrading to the latest version or applying the configuration workaround detailed above, please get in touch with the HAProxy support team.
HAProxy Ingress Controller v1.8.11
HAProxy Technologies has announced that HAProxy 2.0 or newer, HAProxy Enterprise 2.0 or newer, and HAProxy ALOHA 12.5 or newer are affected by CVE-2023-25725. If you are using an affected product you should upgrade to the latest version immediately or apply the configuration detailed below.
For the latest information on this issue and our response, read our blog post at https://www.haproxy.com/blog/february-2023-header-parser-fixed. We will post any future updates on this page.
This vulnerability affects the header parser and permits header manipulations that might be unauthorized or dangerous.
Examples:
• a transfer-encoding header may be hidden after the presence of a content-length header is confirmed and sent to another proxy
• a transfer-encoding header or a content-length header may be hidden after the internal parser has confirmed its presence; in this scenario, the parser will consider the missing header to still be present.
Affected Versions and Remediation
HAProxy Technologies released new versions of HAProxy, HAProxy Enterprise, and HAProxy ALOHA on Tuesday, 14 February 2023. These releases patch the vulnerability described in CVE-2023-25725.
Users of the affected products should upgrade to the fixed version as soon as possible.
• HAProxy Enterprise users can follow the upgrade instructions here: https://www.haproxy.com/documentation/hapee/latest/getting-started/upgrade/linux/#update-haproxy-enterprise
• HAProxy ALOHA users can follow the upgrade instructions here: https://www.haproxy.com/documentation/aloha/latest/getting-started/firmware-updates/
Users of container images: please note that we are currently building fixed versions of the container images. We will update the blog post when they become available.
Affected Version > Fixed Version
HAProxy 2.0 > HAProxy 2.0.31
HAProxy 2.2 > HAProxy 2.2.29
HAProxy 2.4 > HAProxy 2.4.22
HAProxy 2.5 > HAProxy 2.5.12
HAProxy 2.6 > HAProxy 2.6.9
HAProxy 2.7 > HAProxy 2.7.3
HAProxy Enterprise 2.0r1 > 2.0r1-1.0.0-248.1534
HAProxy Enterprise 2.2r1 > 2.2r1-1.0.0-254.929
HAProxy Enterprise 2.4r1 > 2.4r1-1.0.0-285.1010
HAProxy Enterprise 2.5r1 > 2.5r1-1.0.0-285.653
HAProxy Enterprise 2.6r1 > 2.6r1-1.0.0-288.770
HAProxy ALOHA 12.5 > HAProxy ALOHA 12.5.18
HAProxy ALOHA 13.5 > HAProxy ALOHA 13.5.19
HAProxy ALOHA 14.0 > HAProxy ALOHA 14.0.11
HAProxy ALOHA 14.5 > HAProxy ALOHA 14.5.6
HAProxy Kubernetes Ingress Controller 1.7 > 1.7.12
HAProxy Kubernetes Ingress Controller 1.8 > 1.8.11
HAProxy Kubernetes Ingress Controller 1.9 > 1.9.3
HAProxy Enterprise Kubernetes Ingress Controller 1.7 > 1.7.12-ee1
Workaround
If you are not able to update right away, you can apply the following rules to mitigate the issues. Add this to your frontend exposed and then restart your HAProxy instance.
frontend myfrontend
http-request deny if { fc_http_major 1 } !{ req.body_size 0 } !{ req.hdr(content-length) -m found } !{ req.hdr(transfer-encoding) -m found } !{ method CONNECT }
Support
If you are an HAProxy Enterprise or HAProxy ALOHA customer and have questions about upgrading to the latest version or applying the configuration workaround detailed above, please get in touch with the HAProxy support team.
HAProxy Ingress Controller v1.7.12
HAProxy Technologies has announced that HAProxy 2.0 or newer, HAProxy Enterprise 2.0 or newer, and HAProxy ALOHA 12.5 or newer are affected by CVE-2023-25725. If you are using an affected product you should upgrade to the latest version immediately or apply the configuration detailed below.
For the latest information on this issue and our response, read our blog post at https://www.haproxy.com/blog/february-2023-header-parser-fixed. We will post any future updates on this page.
This vulnerability affects the header parser and permits header manipulations that might be unauthorized or dangerous.
Examples:
• a transfer-encoding header may be hidden after the presence of a content-length header is confirmed and sent to another proxy
• a transfer-encoding header or a content-length header may be hidden after the internal parser has confirmed its presence; in this scenario, the parser will consider the missing header to still be present.
Affected Versions and Remediation
HAProxy Technologies released new versions of HAProxy, HAProxy Enterprise, and HAProxy ALOHA on Tuesday, 14 February 2023. These releases patch the vulnerability described in CVE-2023-25725.
Users of the affected products should upgrade to the fixed version as soon as possible.
• HAProxy Enterprise users can follow the upgrade instructions here: https://www.haproxy.com/documentation/hapee/latest/getting-started/upgrade/linux/#update-haproxy-enterprise
• HAProxy ALOHA users can follow the upgrade instructions here: https://www.haproxy.com/documentation/aloha/latest/getting-started/firmware-updates/
Users of container images: please note that we are currently building fixed versions of the container images. We will update the blog post when they become available.
Affected Version > Fixed Version
HAProxy 2.0 > HAProxy 2.0.31
HAProxy 2.2 > HAProxy 2.2.29
HAProxy 2.4 > HAProxy 2.4.22
HAProxy 2.5 > HAProxy 2.5.12
HAProxy 2.6 > HAProxy 2.6.9
HAProxy 2.7 > HAProxy 2.7.3
HAProxy Enterprise 2.0r1 > 2.0r1-1.0.0-248.1534
HAProxy Enterprise 2.2r1 > 2.2r1-1.0.0-254.929
HAProxy Enterprise 2.4r1 > 2.4r1-1.0.0-285.1010
HAProxy Enterprise 2.5r1 > 2.5r1-1.0.0-285.653
HAProxy Enterprise 2.6r1 > 2.6r1-1.0.0-288.770
HAProxy ALOHA 12.5 > HAProxy ALOHA 12.5.18
HAProxy ALOHA 13.5 > HAProxy ALOHA 13.5.19
HAProxy ALOHA 14.0 > HAProxy ALOHA 14.0.11
HAProxy ALOHA 14.5 > HAProxy ALOHA 14.5.6
HAProxy Kubernetes Ingress Controller 1.7 > 1.7.12
HAProxy Kubernetes Ingress Controller 1.8 > 1.8.11
HAProxy Kubernetes Ingress Controller 1.9 > 1.9.3
HAProxy Enterprise Kubernetes Ingress Controller 1.7 > 1.7.12-ee1
Workaround
If you are not able to update right away, you can apply the following rules to mitigate the issues. Add this to your frontend exposed and then restart your HAProxy instance.
frontend myfrontend
http-request deny if { fc_http_major 1 } !{ req.body_size 0 } !{ req.hdr(content-length) -m found } !{ req.hdr(transfer-encoding) -m found } !{ method CONNECT }
Support
If you are an HAProxy Enterprise or HAProxy ALOHA customer and have questions about upgrading to the latest version or applying the configuration workaround detailed above, please get in touch with the HAProxy support team.