We have released a new Security Release for Avisi Cloud Kubernetes, which contains fixes for CVE-2022-3162 and CVE-2022-3294. We recommend all our customers to upgrade their clusters to the latest patch version available to them. Please see our documentation on how to upgrade your cluster.
This release patches the following CVE's in Kubernetes:
- CVE-2022-3162: Unauthorized read of Custom Resources
- CVE-2022-3294: Node address isn't always verified when proxying
Affected Versions
This affects the following Avisi Cloud Kubernetes versions:
- Avisi Cloud Kubernetes <= v1.24.7-u-ame.0
- Avisi Cloud Kubernetes <= v1.23.13-u-ame.0
Fixed Versions
- Avisi Cloud Kubernetes v1.24.8-u-ame.1
- Avisi Cloud Kubernetes v1.23.14-u-ame.1
Please see our release notes for the full changelog.