[ANNOUNCE] haproxy-ingress v0.12.22
1 view
Skip to first unread message
Joao Morais
Jul 29, 2025, 8:33:22 AM7/29/25
to haproxy...@googlegroups.com
HAProxy Ingress v0.12.22 is here!
This release updates dependencies, and fixes a vulnerability found in
the v0.12 branch:
* An user with update ingress privilege can escalate their own
privilege to the controller one, by exploring the config snippet
annotation if it was not disabled via --disable-config-keywords=*
command-line option. Mitigate this vulnerability by updating
controller version, or disabling config snippet.
Note that this is the last v0.12 release, please consider moving to
v0.14 after reading v0.13 and v0.14 release and upgrade notes.
Dependencies:
* go from 1.18.10 to 1.23.11, having //go:debug default=go1.18 for
backward compatibility
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.12.md#v01222
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.12.22
* Release date: 2025-07-29
* Helm chart: --version 0.12.22
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.12.22
* Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.12.22
* Embedded HAProxy version: 2.2.33
Changes since v0.12.21:
* block attempt to read cluster credentials [#1273] (jcmoraisjr)
* update go from 1.18.10 to 1.23.11 [6907f16] (Joao Morais)
* update dependencies [b5bb131] (Joao Morais)
This release updates dependencies, and fixes a vulnerability found in
the v0.12 branch:
* An user with update ingress privilege can escalate their own
privilege to the controller one, by exploring the config snippet
annotation if it was not disabled via --disable-config-keywords=*
command-line option. Mitigate this vulnerability by updating
controller version, or disabling config snippet.
Note that this is the last v0.12 release, please consider moving to
v0.14 after reading v0.13 and v0.14 release and upgrade notes.
Dependencies:
* go from 1.18.10 to 1.23.11, having //go:debug default=go1.18 for
backward compatibility
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.12.md#v01222
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.12.22
* Release date: 2025-07-29
* Helm chart: --version 0.12.22
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.12.22
* Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.12.22
* Embedded HAProxy version: 2.2.33
Changes since v0.12.21:
* block attempt to read cluster credentials [#1273] (jcmoraisjr)
* update go from 1.18.10 to 1.23.11 [6907f16] (Joao Morais)
* update dependencies [b5bb131] (Joao Morais)
Reply all
Reply to author
Forward
0 new messages