This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| argoproj/argo-cd | Kustomization | patch |
v2.6.5 -> v2.6.7
|
Release Notes
argoproj/argo-cd
v2.6.7
Quick Start
Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.6.7/manifests/install.yamlHA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.6.7/manifests/ha/install.yamlBreaking changes
As part of the fix for https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq, the API will now return "Unauthorized" instead of "Not found" if an Application does not exist. This change prevents leaking the existence or non-existence of Applications to unauthorized parties.
This change may break applications which depend on "Not found" responses from the Argo CD API's application endpoints.
Workarounds and potential long-term solutions will be discussed on https://github.com/argoproj/argo-cd/issues/13000.
The argocd app create CLI command for versions >= 2.5.0-rc1 and before this security patch is one such application which was affected. (See upgrade notes for details on that issue.)
Release signatures
All Argo CD container images and CLI binaries are signed by cosign. See the documentation on how to verify the signatures.
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEesHEB7vX5Y2RxXypjMy1nI1z7iRG
JI9/gt/sYqzpsa65aaNP4npM43DDxoIy/MQBo9s/mxGxmA+8UXeDpVC9vw==
-----END PUBLIC KEY-----Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changes
This release includes 1 contributions from 1 contributors with 0 features and 0 bug fixes.
Security (1)
- MODERATE: Authenticated but unauthorized users may enumerate Application names via the API (https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq)
v2.6.6
Quick Start
Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.6.6/manifests/install.yamlHA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.6.6/manifests/ha/install.yamlRelease signatures
All Argo CD container images and CLI binaries are signed by cosign. See the documentation on how to verify the signatures.
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEesHEB7vX5Y2RxXypjMy1nI1z7iRG
JI9/gt/sYqzpsa65aaNP4npM43DDxoIy/MQBo9s/mxGxmA+8UXeDpVC9vw==
-----END PUBLIC KEY-----Upgrading
If upgrading from a different minor version, be sure to read the upgrading documentation.
Changes
This release includes 12 contributions from 4 contributors with 0 features and 3 bug fixes.
Bug fixes (3)
- fix(appset): git files generator in matrix generator produces no params (#12881) (#12882)
- fix: log plugin commands in a better format (#12260) (#12875)
- fix: support 'project' filter field for backwards-compatibility (#12594)
Documentation (4)
- docs: fix version numbers in upgrade notes (#12896)
- docs: cleanup HA operator manual (#10409) (#12867)
- docs: fix list formatting in keycloak.md (#11061) (#12864)
- docs: Post Selector moved to Generators section (#11109) (#12858)
Other (5)
- chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#12888)
- chore(deps): bump actions/checkout from 3.3.0 to 3.4.0 (#12889)
- build: Enable CI checks on MRs to release branches (#12887)
- test: wait longer after repo server restarted to avoid errors on s390x (#12839) (#12886)
- chore(deps): bump actions/cache from 3.2.6 to 3.3.1 (#12845)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.