Releases: kubernetes-sigs/secrets-store-csi-driver
Releases · kubernetes-sigs/secrets-store-csi-driver
v1.3.2
v1.3.1
v1.3.0
v1.3.0 - 2022-12-13
Changelog
Bug Fixes 🐞
- cdf0b77 fix: put annotations in right position of daemonset
- bb1815a fix: escape dot in target path regex
- 97d3452 fix: fix CVE-2022-32149 and CVE-2022-27664 (#1059)
- d98c93c fix: handles pfx certs in k8s secrets sync
- 9fcdbb2 fix: update base image reference in script
- ede4c70 fix: sanitize service account tokens in logs
- 2ee77ca fix: use
os.Lstat
to resolveos.Stat
issue in windows - 3ae12bd fix: remove files before cleanup mount point in unpublish
- 0af2483 fix: panic when using --log-format-json
- 830d184 fix: update err variable in defer to prevent err shadowing
- c452ac4 fix: add unit test to validate error shadowed bug
Code Refactoring 💎
- b0af2b9 refactor: use NewSharedInformerFactoryWithOptions for new shared informer
- 14489c7 refactor: update mdbook install and serve
Continuous Integration 💜
- 12cdcb4 ci: ignore slack badge in markdown link check
- a3c0e4e ci: add codeql action
- 9a120ea ci: bump kubernetes version to v1.25.0
- f8e3435 ci: bump kind version to v0.14.0
- d1181e3 ci: add kubernetes 1.24 in e2e matrix
- ce47672 ci: fix aws eks cluster creation
- 384db8b ci: fix markdown link check workflow failures
- 12d1c99 ci: update kubernetes version matrix in staging e2e workflow
- 0246e35 ci: update e2e_mock_provider_tests kubernetes versions
- 2f16132 ci: add goreleaser workflow for release
- d0e614f ci: fix shellcheck file paths
- 00a1445 ci: add markdown-link-check workflow
Documentation 📘
- b8c64cc docs: add security vuln scanning to release mgmt
- e195c55 docs: update supported releases - v1.2.x and v1.1.x
- 3787ca2 docs: include security explanations for root/privileged/and pod tokens
- b55eaef docs: update instructions on generating release notes
- c0e97a5 docs: add subPath volume mount limitation
- 592ad7b docs: update supported versions and replace v1alpha1 with v1
- 8c41c4a docs: remove helm repo url change note in install steps
- 052429b docs: add slack badge
- 95218a6 docs: fix dead links based on errors
- 0391489 docs: update features and add toc
- ba364e1 docs: Update helm README.md with linux crd image values (#797)
- 856ad85 docs: update supported feature by current providers
- a760c18 docs: fix typo in api version group name
- ed9ecf3 docs: add design docs and roadmap to website
- 99aafa5 docs: add project status to docs
Features 🌈
- b4d2608 feat: add default toleration for all taints
- 34cb436 feat: Support disabling Helm chart CRD hooks
- 0723e1e feat: support provider paths under /var/run
- 7ac887a feat: add token requests client (#805)
- 4b8c442 feat: send NodePublishVolumeRequest.VolumeContext in MountRequest to provider
Maintenance 🔧
- d412c88 chore: bump version to v1.3.0 in release-1.3
- 7513988 chore: reenable trivy scan for binary
- 4c1a8f5 chore: use kubectl v1.26.0 in driver-crds
- da5a280 chore: switch to
registry.k8s.io
- 215e5c2 chore: update node-driver-registrar to v2.6.2
- 4e6cc57 chore: bump github/codeql-action from 2.1.32 to 2.1.35
- c60d93f chore: bump stefanprodan/helm-gh-pages from 1.6.0 to 1.7.0
- 6a64a91 chore: bump k8s.io/code-generator from 0.25.3 to 0.25.4 in /hack/tools
- c9ec363 chore: bump github/codeql-action from 2.1.31 to 2.1.32
- 1111a97 chore: use kubectl 1.25.4 in driver-crds
- ca89feb chore: remove k8s.io/kubernetes dep
- 59473a2 chore: bump github/codeql-action from 2.1.29 to 2.1.31
- 8778a4c chore: update livenessprobe to v2.8.0
- b12d68a chore: bump github/codeql-action from 2.1.28 to 2.1.29
- 2beee6f chore: bump sigs.k8s.io/controller-tools in /hack/tools
- 4776c62 chore: bump k8s.io/code-generator from 0.25.0 to 0.25.3 in /hack/tools
- 603bb66 chore: bump github.com/golangci/golangci-lint in /hack/tools
- 358b8a3 chore: bump google.golang.org/protobuf in /hack/tools
- 75b1134 chore: bump actions/checkout from 2 to 3
- 6841c6d chore: bump sigs.k8s.io/kustomize/kustomize/v4 in /hack/tools
- f6021d8 chore: bump goreleaser/goreleaser-action from 2.8.1 to 3.2.0
- d3e4260 chore: adds
ok-to-test
label on dependabot prs - 8a52d33 chore: bump github.com/golangci/golangci-lint in /hack/tools
- c8fc68f chore: bump stefanprodan/helm-gh-pages from 1.4.1 to 1.6.0
- 57a5cb9 chore: bump gaurav-nelson/github-action-markdown-link-check
- 762f81f chore: add dependabot.yml
- e3ed2f2 chore: use kubectl 1.25.x in driver-crds
- f938672 chore: update golangci-lint to v1.49.0
- 6fda350 chore: run apt update && apt upgrade -y in dockerfile
- 0dc8c0f chore: support kubernetes v1.25.0
- 980a539 chore: remove psp
- f020bdf chore: update debian-base to bullseye-v1.4.2
- 5680241 chore: update k8s deps to v0.24.4
- 4be2208 chore: update to go 1.19
- e272dc9 chore: update debian-base to bullseye-v1.4.1
- efb3274 chore: update debian-base to bullseye-v1.4.0
- 27032f6 chore: update boilerplate for the generated proto files
- fe049c3 chore: use
google.golang.org/protobuf
and regenerate proto - a95f0e5 chore: update kustomize to v4
- 1d264d2 chore: update tools dependencies and generate manifests
- e0f1850 chore: update kubernetes deps to v1.24.1
- 5ddc969 chore: add
crds.podLabels
for helm hook jobs (#962) - d70d198 chore: update debian-base to bullseye-v1.3.0
- a48fdde chore: bump
node-driver-registrar:v2.5.1
andlivenessprobe:v2.7.0
- 68ef471 chore: bump kind version to v0.13.0 to support kubernetes v1.24
- 75d28a4 chore: update pull request template
- 1faac89 chore: change default to
/var/run
for providers path - e6cc3d5 chore: upgrade makefile test binary versions
- 4b09e85 chore: upgrade to go 1.18
- 1ec0f8b chore: remove deprecated minimumProviderVersions in helm chart
- b46dfcb chore: make token requests conditional for v1.20+
- 37f55b2 chore: bump
node-driver-registrar:v2.5.0
andlivenessprobe:v2.6.0
- ca257a8 chore: mark
v1alpha1
api version as deprecated - ae87243 chore: remove old helm packages and index
- ccb9fa4 chore: updates trivy command
- a596624 chore: log invalid key in error
- dac5381 chore: update debian-base to bullseye-v1.1.0
- f694be2 chore: bump node-driver-reegistrar image to v2.4.0
- 9750771 chore: remove deprecated
--filtered-watch-secret
flag - c78559e chore: bump livenessprobe image to v2.5.0
- 2b27e0c chore: upgrade kubernetes deps
- 6069215 chore: use TARGETARCH for image build and makefile update
- e1f143c chore: use
corev1
as import alias instead ofv1
Security Fix 🛡️
- 369ab7b security: fix CVE-2022-41717
- fe26e98 security: fix CVE-2022-27664
- 586ff3f security: fix CVE-2022-27664
- e24efb7 security: fix multiple CVEs
- 0dde850 security: fix CVE-2022-37434
- 2d85ba6 security: fix CVE-2022-1996
- 94077a6 security: fix multiple CVEs
- 3bfd4f2 security: fix CVE-2022-29526
- ce8133d security: fix CVE-2021-4209
- 9357134 security: fix CVE-2022-1996
- 0c70232 security: fix CVE-2022-34903
- 6152bf1 security: fix CVE-2022-2068
- 84f8b21 security: fix CVE-2022-1664
- 860c83e security: fix CVE-2022-1292
- 28a14d2 security: fix CVE-2022-1271
- f4b9d0f security: fix CVE-2018-25032 and update to debian-base:bullseye-v1.2.0
- 5a34967 security: fix CVEs
- b558858 security: fix CVE-2022-0778, CVE-2021-4160
- e6d1c8f security: fix CVE-2021-3995, CVE-2021-3996
- 6462375 security: fix CVE-2021-43618
Testing 💚
v1.2.4
v1.2.4 - 2022-09-07
Changelog
Bug Fixes 🐞
- 3fb0170 fix: update base image reference in script
- 7bb3a61 fix: (fileutil) WritePayloads atomically for nested paths
Maintenance 🔧
- e0c09c8 chore: bump version to v1.2.4 in release-1.2
- 64f96c2 chore: update debian-base to bullseye-v1.4.2
- ce14ea1 chore: update k8s deps to v0.24.4
- 0fc707b chore: support common labels in helm chart
Security Fix 🛡️
- 8fb7654 security: fix CVE-2022-37434
- fd8adba security: fix CVE-2022-1996
v1.2.3
v1.2.3 - 2022-08-11
Changelog
Bug Fixes 🐞
- 8775b33 fix: sanitize service account tokens in logs
Maintenance 🔧
- a8a646e chore: bump version to v1.2.3 in release-1.2
- f8d0e25 chore: update debian-base to bullseye-v1.4.1
Security Fix 🛡️
- 116118f security: fix multiple CVEs
- 5db802f security: fix CVE-2022-29526
v1.2.2
v1.2.1
v1.2.1 - 2022-07-12
Changelog
Maintenance 🔧
- 42fd02c chore: bump version to v1.2.1 in release-1.2
- b6f0933 chore: update debian-base to bullseye-v1.4.0
Security Fix 🛡️
- 53d6341 security: fix CVE-2021-4209
- 9e8aaa2 security: fix CVE-2022-1996
- a23f86a security: fix CVE-2022-34903
- c524aef security: fix CVE-2022-2068
v1.2.0
v1.2.0 - 2022-06-22
Changelog
Bug Fixes 🐞
- 3ae12bd fix: remove files before cleanup mount point in unpublish
- 0af2483 fix: panic when using --log-format-json
- 830d184 fix: update err variable in defer to prevent err shadowing
- c452ac4 fix: add unit test to validate error shadowed bug
Code Refactoring 💎
- b0af2b9 refactor: use NewSharedInformerFactoryWithOptions for new shared informer
- 14489c7 refactor: update mdbook install and serve
Continuous Integration 💜
- d1181e3 ci: add kubernetes 1.24 in e2e matrix
- ce47672 ci: fix aws eks cluster creation
- 384db8b ci: fix markdown link check workflow failures
- 12d1c99 ci: update kubernetes version matrix in staging e2e workflow
- 0246e35 ci: update e2e_mock_provider_tests kubernetes versions
- 2f16132 ci: add goreleaser workflow for release
- d0e614f ci: fix shellcheck file paths
- 00a1445 ci: add markdown-link-check workflow
Documentation 📘
- 3787ca2 docs: include security explanations for root/privileged/and pod tokens
- b55eaef docs: update instructions on generating release notes
- c0e97a5 docs: add subPath volume mount limitation
- 592ad7b docs: update supported versions and replace v1alpha1 with v1
- 8c41c4a docs: remove helm repo url change note in install steps
- 052429b docs: add slack badge
- 95218a6 docs: fix dead links based on errors
- 0391489 docs: update features and add toc
- ba364e1 docs: Update helm README.md with linux crd image values (#797)
- 856ad85 docs: update supported feature by current providers
- a760c18 docs: fix typo in api version group name
- ed9ecf3 docs: add design docs and roadmap to website
- 99aafa5 docs: add project status to docs
Features 🌈
- 0723e1e feat: support provider paths under /var/run
- 7ac887a feat: add token requests client (#805)
- 4b8c442 feat: send NodePublishVolumeRequest.VolumeContext in MountRequest to provider
Maintenance 🔧
- 23ae1fb chore: bump version to v1.2.0 in release-1.2
- a95f0e5 chore: update kustomize to v4
- 1d264d2 chore: update tools dependencies and generate manifests
- e0f1850 chore: update kubernetes deps to v1.24.1
- 5ddc969 chore: add
crds.podLabels
for helm hook jobs (#962) - d70d198 chore: update debian-base to bullseye-v1.3.0
- a48fdde chore: bump
node-driver-registrar:v2.5.1
andlivenessprobe:v2.7.0
- 68ef471 chore: bump kind version to v0.13.0 to support kubernetes v1.24
- 75d28a4 chore: update pull request template
- 1faac89 chore: change default to
/var/run
for providers path - e6cc3d5 chore: upgrade makefile test binary versions
- 4b09e85 chore: upgrade to go 1.18
- 1ec0f8b chore: remove deprecated minimumProviderVersions in helm chart
- b46dfcb chore: make token requests conditional for v1.20+
- 37f55b2 chore: bump
node-driver-registrar:v2.5.0
andlivenessprobe:v2.6.0
- ca257a8 chore: mark
v1alpha1
api version as deprecated - ae87243 chore: remove old helm packages and index
- ccb9fa4 chore: updates trivy command
- a596624 chore: log invalid key in error
- dac5381 chore: update debian-base to bullseye-v1.1.0
- f694be2 chore: bump node-driver-reegistrar image to v2.4.0
- 9750771 chore: remove deprecated
--filtered-watch-secret
flag - c78559e chore: bump livenessprobe image to v2.5.0
- 2b27e0c chore: upgrade kubernetes deps
- 6069215 chore: use TARGETARCH for image build and makefile update
- e1f143c chore: use
corev1
as import alias instead ofv1
Security Fix 🛡️
- 84f8b21 security: fix CVE-2022-1664
- 860c83e security: fix CVE-2022-1292
- 28a14d2 security: fix CVE-2022-1271
- f4b9d0f security: fix CVE-2018-25032 and update to debian-base:bullseye-v1.2.0
- 5a34967 security: fix CVEs
- b558858 security: fix CVE-2022-0778, CVE-2021-4160
- e6d1c8f security: fix CVE-2021-3995, CVE-2021-3996
- 6462375 security: fix CVE-2021-43618
Testing 💚
v1.1.2
v1.1.2 - 2022-03-31
Changelog
Bug Fixes 🐞
- 9e39ed6 Automated cherry pick of #898: fix: validate additionalProviderPaths does not contain providers dir (#902)
Maintenance 🔧
- cf55d98 chore: bump version to 1.1.2 in release-1.1
- 2c0743e chore: update golangci-lint to v1.45.2 and pin to go 1.17
Security Fix 🛡️
- 78d2507 security: fix CVEs
- 8cd6b62 security: fix CVE-2022-0778, CVE-2021-4160