[ANNOUNCE] haproxy-ingress v0.14.9
0 views
Skip to first unread message
Joao Morais
Jul 29, 2025, 8:33:54 AM7/29/25
to haproxy...@googlegroups.com
HAProxy Ingress v0.14.9 is here!
This release updates the embedded haproxy version, dependencies, and
fixes issues and vulnerabilities found in the v0.14 branch.
* An user with update ingress privilege can escalate their own
privilege to the controller one, by exploring the config snippet
annotation if it was not disabled via --disable-config-keywords=*
command-line option. Mitigate this vulnerability by updating
controller version, or disabling config snippet.
* Fixes a panic on controller shutdown due to closing the same
connection twice, if its startup failed the very first reconciliation.
* Fixes a race during haproxy reload, when the controller connects
fast enough via the master socket, finds the old instance still
running and thinks it's the new one already. If this happens, it might
lead to problems in the synchronization of the in-memory model to the
running instance, sometimes making haproxy to reflect an older state.
Dependencies:
* embedded haproxy from 2.4.28 to 2.4.29
* go from 1.23.7 to 1.23.11
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.14.md#v0149
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.14.9
* Release date: 2025-07-29
* Helm chart: --version 0.14.9
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.14.9
* Image (Docker Hub): docker.io/jcmoraisjr/haproxy-ingress:v0.14.9
* Embedded HAProxy version: 2.4.29
Fixes and improvements since v0.14.8:
* check if haproxy reloaded already [#1265] (jcmoraisjr)
* ensure that embedded haproxy starts just once [#1266] (jcmoraisjr)
* block attempt to read cluster credentials [#1273] (jcmoraisjr)
* update embedded haproxy from 2.4.28 to 2.4.29 [dda1554] (Joao Morais)
* update go from 1.23.7 to 1.23.11 [d8a7712] (Joao Morais)
* update dependencies [752b502] (Joao Morais)
Chart improvements since v0.14.8:
* Allow custom labels to be added to the controllers
DaemonSet/Deployment [#93] (gezb)
This release updates the embedded haproxy version, dependencies, and
fixes issues and vulnerabilities found in the v0.14 branch.
* An user with update ingress privilege can escalate their own
privilege to the controller one, by exploring the config snippet
annotation if it was not disabled via --disable-config-keywords=*
command-line option. Mitigate this vulnerability by updating
controller version, or disabling config snippet.
* Fixes a panic on controller shutdown due to closing the same
connection twice, if its startup failed the very first reconciliation.
* Fixes a race during haproxy reload, when the controller connects
fast enough via the master socket, finds the old instance still
running and thinks it's the new one already. If this happens, it might
lead to problems in the synchronization of the in-memory model to the
running instance, sometimes making haproxy to reflect an older state.
Dependencies:
* embedded haproxy from 2.4.28 to 2.4.29
* go from 1.23.7 to 1.23.11
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.14.md#v0149
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.14.9
* Release date: 2025-07-29
* Helm chart: --version 0.14.9
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.14.9
* Image (Docker Hub): docker.io/jcmoraisjr/haproxy-ingress:v0.14.9
* Embedded HAProxy version: 2.4.29
Fixes and improvements since v0.14.8:
* check if haproxy reloaded already [#1265] (jcmoraisjr)
* ensure that embedded haproxy starts just once [#1266] (jcmoraisjr)
* block attempt to read cluster credentials [#1273] (jcmoraisjr)
* update embedded haproxy from 2.4.28 to 2.4.29 [dda1554] (Joao Morais)
* update go from 1.23.7 to 1.23.11 [d8a7712] (Joao Morais)
* update dependencies [752b502] (Joao Morais)
Chart improvements since v0.14.8:
* Allow custom labels to be added to the controllers
DaemonSet/Deployment [#93] (gezb)
Reply all
Reply to author
Forward
0 new messages