Containerized private minion (CPM) release notesRSS

Improvements

• Adds support for Kubernetes 1.21+ by enabling BoundServiceAccountToken by default

Fixes

• Upgrades Fabric8 Kubernetes client version to remediate CVE-2021-20218
• Upgrades apache-commons and netty-all version to remediate CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090
• Upgrades jetty-io version to remediate CVE-2021-34429, CVE-2022-2048

Improvements

• Updated base ubuntu image to remediate CVE-2023-0286

Fixes

• Updated vulnerability found in runner version 3.0.0 resolving CVE-2017-16226

Fixes

• Updated lodash version to address CVE-2019-10744

Fixes

• Updated base ubuntu image to remediate CVE-2022-3515

Fixes

• Updated Artifactory hostnames to implement migration to artifacts.datanerd.us
• Updated Minion Java version and Runner base image to remediate CVEs

Fixes

• Added Private Minion network cleanup to address NEWRELIC-2759
• Updated the version of thrift to address minion runner 2.0.0 build errors

Fixes

• Updated base ubuntu image to address security vulnerabilities
• Updated the version of jnr-posix to address CVE-2014-4043
• Updated the version of liquibase-core to address CVE-2022-0839
• Updated the version of jetty-io to address CVE-2021-28165
• Updated the version of jetty-webapp to address CVE-2020-27216

Fixes

• Updated the Java minor version and base ubuntu image to address security vulnerabilities
• Updated the version of log4j to address CVE-2021-44832