Two security vulnerabilities were reported this week. CVE-2020-8561 allows webhook owners to hijack sessions if
--profiling is on in the APIserver; disable profiling or lock down webhook permissions to avoid. CVE-2021-25741 permits users to bypass volume restrictions in VolumeSubpath to access files outside of designated directories; fixed in current update releases.
kind/design tag is being retired in favor of
kind/feature for most repositories.
kind/design was created as a label for a Kubernetes feature workflow that has been replaced by the Enhancements process, and as such is mostly just confusing today. If your repo still actively uses
kind/design, you must opt-in to keep it after Sept. 27.
Verónica López is now a full Release Manager in the release-engineering group.
WG K8s Infra should be SIG K8s Infra by the time you read this. On the other hand, WG Component Standard is being dissolved due to lack of participation. During its time, WG-CS created the Component Base repo which will be managed by SIG-Arch.
SIG Leads can now manage changes to their SIG’s google groups.
Next Deadline: All Exceptions due Nov. 1
We are in the “feature development” phase of the release. As you hack on your features, consider if they are suitable for the Feature blog due Nov 2; more info from the Release Lead. 1.23-alpha2 is released for your testing enjoyment.
bazel-krteimages are no longer in use, and the project will stop publishing them
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.