LWKD logo

Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.


View LWKD on GitHub

Week Ending April 5, 2020

Developer News

CJ Cullen reported CVE-2019-11254 a denial-of-service vulnerability in Kubernetes. Maliciously crafted YAML can cause the Kube-APIserver to lock up. Upgrade to the latest patch release of 1.15-1.17 to fix this – but maybe make sure that only authorized users can send API requests, regardless?

Kevin Weismueller has proposed creating an API Expression Working Group, with the goal of codifying the structure of our API objects. In the meantime, WG Resource Management is shutting down.

Kubernetes is no longer permitting merges of PRs that themselves contain merge commits on the main repos. We’ve also added a kind/regression label to all Kubernetes namespace repos, in order to distiguish regression issues from other kinds of bugs.

Release Schedule

Next Deadline: Release schedule published, this week

Patch Releases: v1.17.3, v1.16.7, and v1.15.10 were released last week to patch a security hole. Since that’s now public, update as soon as you can.



Version Updates

Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.