Recommended update for helm

Announcement ID: SUSE-RU-2024:4213-1
Release Date: 2024-12-05T16:06:20Z
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2024-25620 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
  • CVE-2024-26147 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • Containers Module 15-SP5
  • Containers Module 15-SP6
  • openSUSE Leap 15.5
  • openSUSE Leap 15.6
  • openSUSE Leap Micro 5.5
  • SUSE Linux Enterprise Desktop 15 SP5
  • SUSE Linux Enterprise Desktop 15 SP6
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise Micro 5.5
  • SUSE Linux Enterprise Real Time 15 SP5
  • SUSE Linux Enterprise Real Time 15 SP6
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP6
  • SUSE Package Hub 15 15-SP5
  • SUSE Package Hub 15 15-SP6

An update that solves two vulnerabilities and contains two features can now be installed.

Description:

helm was updated to fix the following issues:

Update to version 3.16.3:

  • fix: fix label name
  • Fix typo in pkg/lint/rules/chartfile_test.go
  • Increasing the size of the runner used for releases.
  • fix(hooks): correct hooks delete order
  • Bump github.com/containerd/containerd from 1.7.12 to 1.7.23

Update to version 3.16.2:

  • Revering change unrelated to issue #13176
  • adds tests for handling of Helm index with broken chart versions #13176
  • improves handling of Helm index with broken helm chart versions #13176
  • Bump the k8s-io group with 7 updates
  • adding check-latest:true
  • Grammar fixes
  • Fix typos

Update to version 3.16.1:

  • bumping version to 1.22.7
  • Merge pull request #13327 from mattfarina/revert-11726

Update to version 3.16.0:

Helm v3.16.0 is a feature release. Users are encouraged to upgrade for the best experience. * Notable Changes - added sha512sum template function - added ActiveHelp for cmds that don't take any more args - drops very old Kubernetes versions support in helm create - add --skip-schema-validation flag to helm 'install', 'upgrade' and 'lint' - fixed bug to now use burst limit setting for discovery - Added windows arm64 support * Full changelog see https://github.com/helm/helm/releases/tag/v3.16.0

Update to version 3.15.4:

  • Bump the k8s-io group across 1 directory with 7 updates
  • Bump github.com/docker/docker

Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de

  • Update to version 3.15.3:
  • fix(helm): Use burst limit setting for discovery
  • fixed dependency_update_test.go
  • fix(dependencyBuild): prevent race condition in concurrent helm dependency
  • fix: respect proxy envvars on helm install/upgrade
  • Merge pull request #13085 from alex-kattathra-johnson/issue-12961

Update to version 3.15.2:

  • fix: wrong cli description
  • fix typo in load_plugins.go
  • fix docs of DeployedAll
  • Bump github.com/docker/docker
  • bump oras minor version
  • feat(load.go): add warning on requirements.lock

Update to version 3.15.1:

  • Fixing build issue where wrong version is used

Update to version 3.15.0:

Helm v3.15.0 is a feature release. Users are encouraged to upgrade for the best experience.

  • Updating to k8s 1.30 c4e37b3 (Matt Farina)
  • bump version to v3.15.0 d7afa3b (Matt Farina)
  • bump version to 7743467 (Matt Farina)
  • Fix namespace on kubeconfig error 214fb6e (Calvin Krist)
  • Update testdata PKI with keys that have validity until 3393 (Fixes #12880) 1b75d48 (Dirk Müller)
  • Modified how created annotation is populated based on package creation time 0a69a0d (Andrew Block)
  • Enabling hide secrets on install and upgrade dry run 25c4738 (Matt Farina)
  • Fixing all the linting errors d58d7b3 (Robert Sirchia)
  • Add a note about --dry-run displaying secrets a23dd9e (Matt Farina)
  • Updating .gitignore 8b424ba (Robert Sirchia)
  • add error messages 8d19bcb (George Jenkins)
  • Fix: Ignore alias validation error for index load 68294fd (George Jenkins)
  • validation fix 8e6a514 (Matt Farina)
  • bug: add proxy support for oci getter 94c1dea (Ricardo Maraschini)
  • Update architecture detection method 57a1bb8 (weidongkl)
  • Improve release action 4790bb9 (George Jenkins)
  • Fix grammatical error c25736c (Matt Carr)
  • Updated for review comments d2cf8c6 (MichaelMorris)
  • Add robustness to wait status checks fc74964 (MichaelMorris)
  • refactor: create a helper for checking if a release is uninstalled f908379 (Alex Petrov)
  • fix: reinstall previously uninstalled chart with --keep-history 9e198fa (Alex Petrov)

Update to version 3.14.4:

Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

  • refactor: create a helper for checking if a release is uninstalled 81c902a (Alex Petrov)
  • fix: reinstall previously uninstalled chart with --keep-history 5a11c76 (Alex Petrov)
  • bug: add proxy support for oci getter aa7d953 (Ricardo Maraschini)

Update to version 3.14.3:

  • Add a note about --dry-run displaying secrets
  • add error messages
  • Fix: Ignore alias validation error for index load
  • Update architecture detection method

Update to version 3.14.2 (bsc#1220207, CVE-2024-26147):

  • Fix for uninitialized variable in yaml parsing

Update to version 3.14.1 (bsc#1219969, CVE-2024-25620):

  • validation fix

Update to version 3.14.0:

  • Notable Changes
    • New helm search flag of --fail-on-no-result
    • Allow a nested tpl invocation access to defines
    • Speed up the tpl function
    • Added qps/HELM_QPS parameter that tells Kubernetes packages how to operate
    • Added --kube-version to lint command
    • The ignore pkg is now public
  • Changelog
    • Improve release action
    • Fix issues when verify generation readiness was merged
    • fix test to use the default code's k8sVersionMinor
    • lint: Add --kube-version flag to set capabilities and deprecation rules
    • Removing Asset Transparency
    • tests(pkg/engine): test RenderWithClientProvider
    • Make the ignore pkg public again
    • feature(pkg/engine): introduce RenderWithClientProvider
    • Updating Helm libraries for k8s 1.28.4
    • Remove excessive logging
    • Update CONTRIBUTING.md
    • Fixing release labelling in rollback
    • feat: move livenessProbe and readinessProbe values to default values file
    • Revert "fix(main): fix basic auth for helm pull or push"
    • Revert "fix(registry): address anonymous pull issue"
    • Update get-helm-3
    • Drop filterSystemLabels usage from Query method
    • Apply review suggestions
    • Update get-helm-3 to get version through get.helm.sh
    • feat: print failed hook name
    • Fixing precedence issue with the import of values.
    • chore(create): indent to spaces
    • Allow using label selectors for system labels for sql backend.
    • Allow using label selectors for system labels for secrets and configmap backends.
    • remove useless print during prepareUpgrade
    • Add missing with clause to release gh action
    • FIX Default ServiceAccount yaml
    • fix(registry): address anonymous pull issue
    • fix(registry): unswallow error
    • Fix missing run statement on release action
    • Add qps/HELM_QPS parameter
    • Write latest version to get.helm.sh bucket
    • Increased release information key name max length.
    • Pin gox to specific commit
    • Remove GoFish from package managers for installing the binary
    • Test update for "Allow a nested tpl invocation access to defines in a containing one"
    • Test update for "Speed up tpl"
    • Add support for RISC-V
    • lint and validate dependency metadata to reference dependencies with a unique key (name or alias)
    • Work around template.Clone omitting options
    • fix: pass 'passCredentialsAll' as env-var to getter
    • feat: pass basic auth to env-vars when running download plugins
    • helm search: New CLI Flag --fail-on-no-result
    • Update pkg/kube/ready.go
    • fix post install hook deletion due to before-hook-creation policy
    • Allow a nested tpl invocation access to defines in a containing one
    • Remove the 'reference templates' concept
    • Speed up tpl
    • ready checker- comment update
    • ready checker- remove duplicate statefulset generational check
    • Verify generation in readiness checks
    • feat(helm): add --reset-then-reuse-values flag to 'helm upgrade'

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap Micro 5.5
    zypper in -t patch openSUSE-Leap-Micro-5.5-2024-4213=1
  • openSUSE Leap 15.5
    zypper in -t patch openSUSE-SLE-15.5-2024-4213=1
  • openSUSE Leap 15.6
    zypper in -t patch openSUSE-SLE-15.6-2024-4213=1
  • SUSE Linux Enterprise Micro 5.5
    zypper in -t patch SUSE-SLE-Micro-5.5-2024-4213=1
  • Containers Module 15-SP5
    zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-4213=1
  • Containers Module 15-SP6
    zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-4213=1
  • SUSE Package Hub 15 15-SP5
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4213=1
  • SUSE Package Hub 15 15-SP6
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4213=1

Package List:

  • openSUSE Leap Micro 5.5 (aarch64 ppc64le s390x x86_64)
    • helm-debuginfo-3.16.3-150000.1.38.1
    • helm-3.16.3-150000.1.38.1
  • openSUSE Leap Micro 5.5 (noarch)
    • helm-zsh-completion-3.16.3-150000.1.38.1
    • helm-bash-completion-3.16.3-150000.1.38.1
    • helm-fish-completion-3.16.3-150000.1.38.1
  • openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
    • helm-debuginfo-3.16.3-150000.1.38.1
    • helm-3.16.3-150000.1.38.1
  • openSUSE Leap 15.5 (noarch)
    • helm-zsh-completion-3.16.3-150000.1.38.1
    • helm-bash-completion-3.16.3-150000.1.38.1
    • helm-fish-completion-3.16.3-150000.1.38.1
  • openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
    • helm-debuginfo-3.16.3-150000.1.38.1
    • helm-3.16.3-150000.1.38.1
  • openSUSE Leap 15.6 (noarch)
    • helm-zsh-completion-3.16.3-150000.1.38.1
    • helm-bash-completion-3.16.3-150000.1.38.1
    • helm-fish-completion-3.16.3-150000.1.38.1
  • SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
    • helm-debuginfo-3.16.3-150000.1.38.1
    • helm-3.16.3-150000.1.38.1
  • SUSE Linux Enterprise Micro 5.5 (noarch)
    • helm-bash-completion-3.16.3-150000.1.38.1
  • Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
    • helm-debuginfo-3.16.3-150000.1.38.1
    • helm-3.16.3-150000.1.38.1
  • Containers Module 15-SP5 (noarch)
    • helm-zsh-completion-3.16.3-150000.1.38.1
    • helm-bash-completion-3.16.3-150000.1.38.1
  • Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    • helm-debuginfo-3.16.3-150000.1.38.1
    • helm-3.16.3-150000.1.38.1
  • Containers Module 15-SP6 (noarch)
    • helm-zsh-completion-3.16.3-150000.1.38.1
    • helm-bash-completion-3.16.3-150000.1.38.1
  • SUSE Package Hub 15 15-SP5 (noarch)
    • helm-fish-completion-3.16.3-150000.1.38.1
  • SUSE Package Hub 15 15-SP6 (noarch)
    • helm-fish-completion-3.16.3-150000.1.38.1

References: