CJ Cullen reported CVE-2019-11254 a denial-of-service vulnerability in Kubernetes. Maliciously crafted YAML can cause the Kube-APIserver to lock up. Upgrade to the latest patch release of 1.15-1.17 to fix this – but maybe make sure that only authorized users can send API requests, regardless?
Kubernetes is no longer permitting merges of PRs that themselves contain merge commits on the main repos. We’ve also added a
kind/regression label to all Kubernetes namespace repos, in order to distiguish regression issues from other kinds of bugs.
Next Deadline: Release schedule published, this week
Patch Releases: v1.17.3, v1.16.7, and v1.15.10 were released last week to patch a security hole. Since that’s now public, update as soon as you can.
kubectl applywill build everything it can instead of halting on any error
kubectl describegets some tests for CSI info
beta.kubernetes.io/osendpoint, deprecated in 1.14 and scheduled for removal in 1.18, will actually get removed in 1.19
kubescheduler.config.k8s.io/v1alpha1, was removed in prep for scheduler config going beta
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.