Releases: kubescape/storage
Releases · kubescape/storage
Release v0.0.274
Summary by CodeRabbit
-
Bug Fixes
- Improved cleanup operations to properly handle pod-based workloads as cleanable resource types. Pods are now correctly processed during cleanup cycles, ensuring orphaned pod profiles are appropriately removed.
-
Tests
- Added tests validating pod cleanup behavior in standalone scenarios, confirming proper profile removal and retention across different workload configurations.
Release v0.0.272
Summary
Fixes open Dependabot security alerts for the main module (go.mod):
- #68 (HIGH):
github.com/go-jose/go-jose/v4— Go JOSE Panics in JWE decryption — bumped v4.1.3 → v4.1.4 - #58 (MEDIUM):
github.com/anchore/syft— Syft improper temporary file cleanup — bumped v1.32.0 → v1.42.3
The syft bump also transitively upgrades github.com/docker/docker from v28.3.3 → v28.5.2, providing partial mitigation for alerts #64 and #66 (no fully patched version ≥ 29.3.1 is available yet via the dependency chain).
Test plan
-
go build ./...succeeds -
go mod tidyapplied cleanly - CI passes
🤖 Generated with Claude Code
Summary by CodeRabbit
- Chores
- Updated Go toolchain to a newer patch version for improved stability and security.
- Upgraded core and indirect dependencies across the project, including security libraries and container ecosystem tools, to their latest versions for enhanced functionality and bug fixes.
Release v0.0.271
Summary
Fixes open Dependabot security alerts for tests/integration-test-suite/go.mod:
| Alert | Package | Old | New | Severity |
|---|---|---|---|---|
| #76 | go.opentelemetry.io/otel/sdk |
1.35.0 | 1.43.0 | HIGH |
| #75 | otlptrace/otlptracehttp |
1.35.0 | 1.43.0 | MEDIUM |
| #71 | otlpmetric/otlpmetrichttp |
1.35.0 | 1.43.0 | MEDIUM |
| #69 | otlplog/otlploghttp |
0.11.0 | 0.19.0 | MEDIUM |
| #67 | github.com/go-jose/go-jose/v4 |
4.0.5 | 4.1.4 | HIGH |
All packages are indirect dependencies pulled via github.com/kubescape/node-agent and github.com/kubescape/storage. The upgrades were applied with go get and go mod tidy.
Remaining unfixable alerts
- #64/#66:
github.com/docker/docker— Moby AuthZ plugin bypass / off-by-one error — no patched version available yet (requires ≥ 29.3.1, which isn't released as a Go module). These alerts are also present in the integration-test-suite but cannot be resolved until upstream releases a fix.
Test plan
-
go mod tidyapplied cleanly - All target packages at patched versions (verified via grep)
- CI passes
🤖 Generated with Claude Code
Release v0.0.270
Merge pull request #312 from kubescape/bump chore(deps): update go-logger to v0.0.28
Release v0.0.268
Summary
HostTypeEksEc2 was accidentally removed alongside HostTypeEcsService/HostTypeEcsTask in #310. Only the latter two were deleted from armoapi-go — HostTypeEksEc2 still exists and is a valid host type.
Summary by CodeRabbit
- Bug Fixes
- EksEc2 host type configuration is now supported. Previously, configurations specifying this host type would fail with an unsupported error; they now process correctly.
Release v0.0.267
Summary
- Remove references to
armotypes.HostTypeEcsServiceandarmotypes.HostTypeEcsTask— deleted from armoapi-go in armosec/armoapi-go#628 (SUB-6879, redundant host types) - Bump
armoapi-gofrom v0.0.693 to v0.0.696
These were duplicates of HostTypeEcsEc2 / HostTypeEcsFargate which remain. The removal unblocks downstream repos (postgres-connector, event-ingester-service) from upgrading armoapi-go.
Summary by CodeRabbit
-
Breaking Changes
- Removed support for ECS Service, ECS Task, and EKS EC2 host types. Configurations using these host types will now return an error.
-
Dependencies
- Updated internal dependencies.
Release v0.0.266
Sorry, we do not accept changes directly against this repository. Please see
CONTRIBUTING.md for information on where and how to contribute instead.
Summary by CodeRabbit
- Refactor
- Registry storage keys expanded to include cloud account identifier and region for improved multi-cloud organization.
- Default host entries now populate and validate the additional cloud account and region fields when reading and writing stored keys.
Release v0.0.265
Summary by CodeRabbit
-
Bug Fixes
- Fixed locking behavior during container profile retrieval to prevent race conditions and ensure consistent reads during concurrent access.
-
Performance
- Improved concurrent access and migration handling to reduce contention and speed up storage read/write operations under load.
Release v0.0.264
Fixes #304
This is safe to do after ensuring kubescape/kubevuln#339
Summary by CodeRabbit
- Bug Fixes
- Improved error resilience by gracefully initializing default values instead of returning errors in edge cases.
Release v0.0.263
Bumps github.com/cilium/cilium from 1.16.17 to 1.17.14.
Release notes
Sourced from github.com/cilium/cilium's releases.
1.17.14
Summary of Changes
Bugfixes:
- bpf: nodeport: use hairpin redirect for L7 LB on bridge devices (Backport PR cilium/cilium#44709, Upstream PR cilium/cilium#44658,
@smagnani96)- Fix envoy admin socket being created as world-accessible (Backport PR cilium/cilium#44591, Upstream PR cilium/cilium#44512,
@0xch4z)- l7lb: fix bypassing ingress policies for local backends (Backport PR cilium/cilium#44805, Upstream PR cilium/cilium#44693,
@smagnani96)CI Changes:
- pkg: Mark node_linux_test.go as unparallel (Backport PR cilium/cilium#44591, Upstream PR cilium/cilium#38172,
@jschwinger233)Misc Changes:
cilium/cilium#44752@sayboras)cilium/cilium#44376@cilium-renovate[bot])cilium/cilium#44485@cilium-renovate[bot])cilium/cilium#44583@cilium-renovate[bot])cilium/cilium#44687@cilium-renovate[bot])cilium/cilium#44794@cilium-renovate[bot])cilium/cilium#44373@cilium-renovate[bot])cilium/cilium#44811@cilium-renovate[bot])cilium/cilium#44345@cilium-renovate[bot])cilium/cilium#44402@cilium-renovate[bot])cilium/cilium#44552@cilium-renovate[bot])cilium/cilium#44684@cilium-renovate[bot])cilium/cilium#44584@cilium-renovate[bot])cilium/cilium#44685@cilium-renovate[bot])cilium/cilium#44481@cilium-renovate[bot])cilium/cilium#44798@cilium-renovate[bot])cilium/cilium#44581@cilium-renovate[bot])cilium/cilium#44686@cilium-renovate[bot])cilium/cilium#44374@cilium-renovate[bot])cilium/cilium#44483@cilium-renovate[bot])cilium/cilium#44682@cilium-renovate[bot])cilium/cilium#44792@cilium-renovate[bot])cilium/cilium#44808@cilium-renovate[bot])cilium/cilium#44375@cilium-renovate[bot])cilium/cilium#44484@cilium-renovate[bot])cilium/cilium#44683@cilium-renovate[bot])cilium/cilium#44793@cilium-renovate[bot])cilium/cilium#44508@cilium-renovate[bot])cilium/cilium#44582@cilium-renovate[bot])cilium/cilium#44482@cilium-renovate[bot])- Include the results of
find /sys/fs/bpfin bugtool output (Backport PR cilium/cilium#44591, Upstream PR cilium/cilium#38980,@ti-mo)Other Changes:
cilium/cilium#44558@Artyop)cilium/cilium#44325@cilium-release-bot[bot])
... (truncated)
Changelog
Sourced from github.com/cilium/cilium's changelog.
v1.17.14
Summary of Changes
Bugfixes:
- bpf: nodeport: use hairpin redirect for L7 LB on bridge devices (Backport PR cilium/cilium#44709, Upstream PR cilium/cilium#44658,
@smagnani96)- Fix envoy admin socket being created as world-accessible (Backport PR cilium/cilium#44591, Upstream PR cilium/cilium#44512,
@0xch4z)- l7lb: fix bypassing ingress policies for local backends (Backport PR cilium/cilium#44805, Upstream PR cilium/cilium#44693,
@smagnani96)CI Changes:
- pkg: Mark node_linux_test.go as unparallel (Backport PR cilium/cilium#44591, Upstream PR cilium/cilium#38172,
@jschwinger233)Misc Changes:
cilium/cilium#44752@sayboras)cilium/cilium#44376@cilium-renovate[bot])cilium/cilium#44485@cilium-renovate[bot])cilium/cilium#44583@cilium-renovate[bot])cilium/cilium#44687@cilium-renovate[bot])cilium/cilium#44794@cilium-renovate[bot])cilium/cilium#44373@cilium-renovate[bot])cilium/cilium#44811@cilium-renovate[bot])cilium/cilium#44345@cilium-renovate[bot])cilium/cilium#44402@cilium-renovate[bot])cilium/cilium#44552@cilium-renovate[bot])cilium/cilium#44684@cilium-renovate[bot])cilium/cilium#44584@cilium-renovate[bot])cilium/cilium#44685@cilium-renovate[bot])cilium/cilium#44481@cilium-renovate[bot])cilium/cilium#44798