[ANNOUNCE] haproxy-ingress v0.13.18
0 views
Skip to first unread message
Joao Morais
Jul 29, 2025, 8:33:39 AMJul 29
to haproxy...@googlegroups.com
HAProxy Ingress v0.13.18 is here!
This release updates the embedded haproxy version, dependencies, and
fixes a vulnerability found in the v0.13 branch.
* An user with update ingress privilege can escalate their own
privilege to the controller one, by exploring the config snippet
annotation if it was not disabled via --disable-config-keywords=*
command-line option. Mitigate this vulnerability by updating
controller version, or disabling config snippet.
Dependencies:
* embedded haproxy from 2.4.28 to 2.4.29
* go from 1.23.7 to 1.23.11
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.13.md#v01318
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.13.18
* Release date: 2025-07-29
* Helm chart: --version 0.13.18
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.13.18
* Image (Docker Hub): docker.io/jcmoraisjr/haproxy-ingress:v0.13.18
* Embedded HAProxy version: 2.4.29
List of merged fixes and improvements since v0.13.17:
* block attempt to read cluster credentials [#1273] (jcmoraisjr)
* update embedded haproxy from 2.4.28 to 2.4.29 [7420ded] (Joao Morais)
* update go from 1.23.7 to 1.23.11 [a8b369b] (Joao Morais)
* update dependencies [1357b6b] (Joao Morais)
This release updates the embedded haproxy version, dependencies, and
fixes a vulnerability found in the v0.13 branch.
* An user with update ingress privilege can escalate their own
privilege to the controller one, by exploring the config snippet
annotation if it was not disabled via --disable-config-keywords=*
command-line option. Mitigate this vulnerability by updating
controller version, or disabling config snippet.
Dependencies:
* embedded haproxy from 2.4.28 to 2.4.29
* go from 1.23.7 to 1.23.11
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.13.md#v01318
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.13.18
* Release date: 2025-07-29
* Helm chart: --version 0.13.18
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.13.18
* Image (Docker Hub): docker.io/jcmoraisjr/haproxy-ingress:v0.13.18
* Embedded HAProxy version: 2.4.29
List of merged fixes and improvements since v0.13.17:
* block attempt to read cluster credentials [#1273] (jcmoraisjr)
* update embedded haproxy from 2.4.28 to 2.4.29 [7420ded] (Joao Morais)
* update go from 1.23.7 to 1.23.11 [a8b369b] (Joao Morais)
* update dependencies [1357b6b] (Joao Morais)
Reply all
Reply to author
Forward
0 new messages