fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Release v1.0.0-rc.3 

Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This commit is contained in:
Hidde Beydals 2023-05-12 11:53:59 +02:00
parent 1d5f118b5a
commit 96bf87261e
No known key found for this signature in database
GPG Key ID: 979F380FC2341744
3 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CHANGELOG.md
View File

@ -2,6 +2,33 @@
All notable changes to this project are documented in this file.
## 1.0.0-rc.3
**Release date:** 2023-05-12
This release candidate introduces the verification of the Artifact digest in
storage during reconciliation. This ensures that the Artifact is not tampered
with after it was written to storage. When the digest does not match, the
controller will emit a warning event and remove the file from storage, forcing
the Artifact to be re-downloaded.
In addition, files with executable permissions are now archived with their mode
set to `0o744` instead of `0o644`. Allowing the extracted file to be executable
by the user.
Lastly, the controller's dependencies were updated to mitigate CVE-2023-1732
and CVE-2023-2253, and the controller base image was updated to Alpine 3.18.
Improvements:
- Verify digest of Artifact in Storage
[#1088](https://github.com/fluxcd/source-controller/pull/1088)
- build(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3
[#1092](https://github.com/fluxcd/source-controller/pull/1092)
- build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible
[#1093](https://github.com/fluxcd/source-controller/pull/1093)
- storage: set `0o744` for files with exec mode set
[#1094](https://github.com/fluxcd/source-controller/pull/1094)
## 1.0.0-rc.2
**Release date:** 2023-05-09

2
config/manager/kustomization.yaml
View File

@ -6,4 +6,4 @@ resources:
images:
- name: fluxcd/source-controller
newName: fluxcd/source-controller
newTag: v1.0.0-rc.2
newTag: v1.0.0-rc.3

2
go.mod
View File

@ -42,7 +42,7 @@ require (
github.com/fluxcd/pkg/testserver v0.4.0
github.com/fluxcd/pkg/untar v0.3.0
github.com/fluxcd/pkg/version v0.2.1
github.com/fluxcd/source-controller/api v1.0.0-rc.2
github.com/fluxcd/source-controller/api v1.0.0-rc.3
github.com/go-git/go-billy/v5 v5.4.1
github.com/go-logr/logr v1.2.4
github.com/google/go-containerregistry v0.15.1