Two security vulnerabilities were reported this week. CVE-2020-8561 allows webhook owners to hijack sessions if --profiling is on in the APIserver; disable profiling or lock down webhook permissions to avoid. CVE-2021-25741 permits users to bypass volume restrictions in VolumeSubpath to access files outside of designated directories; fixed in current update releases.
The kind/design tag is being retired in favor of kind/feature for most repositories. kind/design was created as a label for a Kubernetes feature workflow that has been replaced by the Enhancements process, and as such is mostly just confusing today. If your repo still actively uses kind/design, you must opt-in to keep it after Sept. 27.
Verónica López is now a full Release Manager in the release-engineering group.
WG K8s Infra should be SIG K8s Infra by the time you read this. On the other hand, WG Component Standard is being dissolved due to lack of participation. During its time, WG-CS created the Component Base repo which will be managed by SIG-Arch.
SIG Leads can now manage changes to their SIG’s google groups.
The Prow team has added long-requested features to enable editing release notes and transfer issues between repos.
Next Deadline: All Exceptions due Nov. 1
We are in the “feature development” phase of the release. As you hack on your features, consider if they are suitable for the Feature blog due Nov 2; more info from the Release Lead. 1.23-alpha2 is released for your testing enjoyment.
1.19.15, 1.20.11, 1.21.5, and 1.22.2 are out, including a Golang update.
alpine-bash and bazel-krte images are no longer in use, and the project will stop publishing themmaster is removedStructured logging migration: proxy app, winuserspace