Skip to content

Commit

Permalink
Add release v2.8.4
Browse files Browse the repository at this point in the history
  • Loading branch information
@rajch
rajch committed Mar 20, 2024
1 parent 8c14812 commit c3afe55
Show file tree
Hide file tree
Showing 6 changed files with 96 additions and 111 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
## Release 2.8.4

The alpine base image used by `weave-kube` and `weave-npc` was upgraded to version 3.19.1 in the previous release. In this version, the default iptables backend is nftables, and the legacy backend is not included. Our scripts and programs assume legacy as the default backend, and change to nft if autodetected, or if we ask for it. So, the build Dockerfile (reweave/build/Dockerfile) was changed to also install the Alpine `iptables-legacy` package , and change the `iptables-{save,restore}` symbolic links to point to the legacy backend by default.

The `weave-kube` and `weave-npc` images can now log traces if the environment WEAVE_DEBUG is set in the manifest.

## Release 2.8.3

The docker API client version, used by the proxy package and the weaveutil command, was bumped from 1.18 to 1.24. As of March 2024, Docker API versions below 1.24 are deprecated. This means that the minimum supported Docker version is now 1.12.0.
Expand Down
18 changes: 12 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@
This repository contains a fork of Weave Net, the first product developed by Weaveworks. Since Weaveworks has shut down, this repo aims to continue maintaining Weave Net, and to publish releases regularly.

[![Go Report Card](https://goreportcard.com/badge/github.com/rajch/weave)](https://goreportcard.com/report/github.com/rajch/weave)
[![Docker Pulls](https://img.shields.io/docker/pulls/rajchaudhuri/weave-kube)](https://hub.docker.com/r/rajchaudhuri/weave-kube)
![GitHub release (latest by date)](https://img.shields.io/github/v/release/rajch/weave?include_prereleases)
[![Unique vulnerability count in all images](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Frajch%2Fweave%2Fmaster%2Freweave%2Fscans%2Fbadge.json&label=Vulnerabilty%20count)](reweave/scans/report.md)
[![Docker Pulls](https://img.shields.io/docker/pulls/rajchaudhuri/weave-kube "Number of times the weave-kube image was pulled from the Docker Hub")](https://hub.docker.com/r/rajchaudhuri/weave-kube)
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/rajch/weave?include_prereleases)](https://github.com/rajch/weave/releases)
[![Unique CVE count in all images](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Frajch%2Fweave%2Fmaster%2Freweave%2Fscans%2Fbadge.json&label=CVE%20count "The number of unique CVEs reported by scanning all images")](reweave/scans/report.md)

The history of the ReWeave effort can be found in [HISTORY.md](HISTORY.md).

## Using Weave on Kubernetes
## Using Weave Net on Kubernetes

On a newly created Kubernetes cluster, the Weave Net CNI pluging can be installed by running the following command:

Expand All @@ -21,10 +21,16 @@ Replace `v1.28` with the version on Kubernetes on your cluster.

That endpoint is provided by the companion project [weave-endpoint](https://github.com/rajch/weave-endpoint).

## Building Weave
## Using Weave Net in other ways

Please refer to the [documentation](https://rajch.github.io/weave).

## Building Weave Net

Details can be found [here](reweave/BUILDING.md).

## Documentation status

At this point, any information found in directories other than `reweave`, such as `docs` or `site`, should be considered obsolete. In time, those will be updated.
The public documentation that used to exist in the `site` directory has been moved to the `original/site` directory. A new `website` directory has been created, and populated with the content of the `original/site` directory, rearranged and reformatted for being built with Jekyll and published to the GitHub pages site [https://rajch.github.io/weave](https://rajch.github.io/weave).

The documentation will now be maintained and published from the `website` directory exclusively.
14 changes: 11 additions & 3 deletions reweave/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,15 @@

All changes made to the weave net codebase during the reweave effort will be documented in this file.

## latest
## 2.8.4

### Changed

* Changed version in `reweave/Makefile` to 2.8.4
* Modified reweave and main CHANGELOG.md
* Modified README.md

## 2.8.4-beta3 (8c148120)

### Changed

Expand All @@ -22,8 +30,8 @@ All changes made to the weave net codebase during the reweave effort will be doc
## 2.8.4-beta1 (bcab10a4)

### Changed
* Added tracing The `launch.sh` and `init.sh` scripts if the WEAVE_DEBUG environment variable is set.
* When publishing images, the `:latest` tag is also applied. It will not be applied any more if the tag includes "-beta" anywhere.
* Added tracing to `launch.sh` and `init.sh` scripts if the WEAVE_DEBUG environment variable is set.
* When publishing images, the `:latest` tag is also applied. It will not be applied any more if the published tag includes "-beta" anywhere.

### Fixed

Expand Down
2 changes: 1 addition & 1 deletion reweave/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
IMAGE_VERSION ?= 2.8.4-beta3
IMAGE_VERSION ?= 2.8.4
REGISTRY_USER ?= rajchaudhuri

ALPINE_BASEIMAGE ?= alpine:3.19.1
Expand Down
2 changes: 1 addition & 1 deletion reweave/scans/badge.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"schemaVersion": 1, "label": "Vulnerabilty count", "message": "39", "color": "orange"}
{"schemaVersion": 1, "label": "Vulnerabilty count", "message": "19", "color": "orange"}
165 changes: 65 additions & 100 deletions reweave/scans/report.md
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# Vulnerability Report

```
Report date: 2024-03-19
Unique vulnerability count: 39
Images version: 2.8.4-beta2
Report date: 2024-03-20
Unique vulnerability count: 19
Images version: 2.8.4
```

## Scanner Details
Expand All @@ -23,115 +23,80 @@ Supported DB Schema: 5

## Vulnerabilities

### weave-kube: (20)
### weave-kube: (19)

```
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox 1.36.1-r15 apk CVE-2023-42366 Medium
busybox 1.36.1-r15 apk CVE-2023-42365 Medium
busybox 1.36.1-r15 apk CVE-2023-42364 Medium
busybox 1.36.1-r15 apk CVE-2023-42363 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
curl 8.5.0-r0 apk CVE-2024-0853 Medium
google.golang.org/protobuf v1.31.0 1.33.0 go-module GHSA-8r3f-844c-mc37 Medium
libuv 1.47.0-r0 apk CVE-2024-24806 High
ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
stdlib go1.21.6 go-module CVE-2024-24785 Unknown
stdlib go1.21.6 go-module CVE-2024-24784 Unknown
stdlib go1.21.6 go-module CVE-2024-24783 Unknown
stdlib go1.21.6 go-module CVE-2023-45290 Unknown
stdlib go1.21.6 go-module CVE-2023-45289 Unknown
```

### weave-npc: (18)

```
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox 1.36.1-r15 apk CVE-2023-42366 Medium
busybox 1.36.1-r15 apk CVE-2023-42365 Medium
busybox 1.36.1-r15 apk CVE-2023-42364 Medium
busybox 1.36.1-r15 apk CVE-2023-42363 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
google.golang.org/protobuf v1.31.0 1.33.0 go-module GHSA-8r3f-844c-mc37 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
stdlib go1.21.6 go-module CVE-2024-24785 Unknown
stdlib go1.21.6 go-module CVE-2024-24784 Unknown
stdlib go1.21.6 go-module CVE-2024-24783 Unknown
stdlib go1.21.6 go-module CVE-2023-45290 Unknown
stdlib go1.21.6 go-module CVE-2023-45289 Unknown
```

### weave: (20)

```
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox 1.36.1-r15 apk CVE-2023-42366 Medium
busybox 1.36.1-r15 apk CVE-2023-42365 Medium
busybox 1.36.1-r15 apk CVE-2023-42364 Medium
busybox 1.36.1-r15 apk CVE-2023-42363 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
curl 8.5.0-r0 apk CVE-2024-0853 Medium
google.golang.org/protobuf v1.31.0 1.33.0 go-module GHSA-8r3f-844c-mc37 Medium
libuv 1.47.0-r0 apk CVE-2024-24806 High
ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
stdlib go1.21.6 go-module CVE-2024-24785 Unknown
stdlib go1.21.6 go-module CVE-2024-24784 Unknown
stdlib go1.21.6 go-module CVE-2024-24783 Unknown
stdlib go1.21.6 go-module CVE-2023-45290 Unknown
stdlib go1.21.6 go-module CVE-2023-45289 Unknown
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox 1.36.1-r15 apk CVE-2023-42366 Medium
busybox 1.36.1-r15 apk CVE-2023-42365 Medium
busybox 1.36.1-r15 apk CVE-2023-42364 Medium
busybox 1.36.1-r15 apk CVE-2023-42363 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
curl 8.5.0-r0 apk CVE-2024-0853 Medium
libuv 1.47.0-r0 apk CVE-2024-24806 High
ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
stdlib go1.21.6 go-module CVE-2024-24785 Unknown
stdlib go1.21.6 go-module CVE-2024-24784 Unknown
stdlib go1.21.6 go-module CVE-2024-24783 Unknown
stdlib go1.21.6 go-module CVE-2023-45290 Unknown
stdlib go1.21.6 go-module CVE-2023-45289 Unknown
```

### weaveexec: (20)
### weave-npc: (17)

```
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox 1.36.1-r15 apk CVE-2023-42366 Medium
busybox 1.36.1-r15 apk CVE-2023-42365 Medium
busybox 1.36.1-r15 apk CVE-2023-42364 Medium
busybox 1.36.1-r15 apk CVE-2023-42363 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
curl 8.5.0-r0 apk CVE-2024-0853 Medium
google.golang.org/protobuf v1.31.0 1.33.0 go-module GHSA-8r3f-844c-mc37 Medium
libuv 1.47.0-r0 apk CVE-2024-24806 High
ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
stdlib go1.21.6 go-module CVE-2024-24785 Unknown
stdlib go1.21.6 go-module CVE-2024-24784 Unknown
stdlib go1.21.6 go-module CVE-2024-24783 Unknown
stdlib go1.21.6 go-module CVE-2023-45290 Unknown
stdlib go1.21.6 go-module CVE-2023-45289 Unknown
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox 1.36.1-r15 apk CVE-2023-42366 Medium
busybox 1.36.1-r15 apk CVE-2023-42365 Medium
busybox 1.36.1-r15 apk CVE-2023-42364 Medium
busybox 1.36.1-r15 apk CVE-2023-42363 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
stdlib go1.21.6 go-module CVE-2024-24785 Unknown
stdlib go1.21.6 go-module CVE-2024-24784 Unknown
stdlib go1.21.6 go-module CVE-2024-24783 Unknown
stdlib go1.21.6 go-module CVE-2023-45290 Unknown
stdlib go1.21.6 go-module CVE-2023-45289 Unknown
```

### weavedb: (0)
### weave: (19)

```
No vulnerabilities found
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox 1.36.1-r15 apk CVE-2023-42366 Medium
busybox 1.36.1-r15 apk CVE-2023-42365 Medium
busybox 1.36.1-r15 apk CVE-2023-42364 Medium
busybox 1.36.1-r15 apk CVE-2023-42363 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium
busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium
curl 8.5.0-r0 apk CVE-2024-0853 Medium
libuv 1.47.0-r0 apk CVE-2024-24806 High
ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium
ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium
stdlib go1.21.6 go-module CVE-2024-24785 Unknown
stdlib go1.21.6 go-module CVE-2024-24784 Unknown
stdlib go1.21.6 go-module CVE-2024-24783 Unknown
stdlib go1.21.6 go-module CVE-2023-45290 Unknown
stdlib go1.21.6 go-module CVE-2023-45289 Unknown
```

### network-tester: (19)
### weaveexec: (19)

```
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
Expand Down

0 comments on commit c3afe55

Please sign in to comment.