diff --git a/CHANGELOG.md b/CHANGELOG.md index ea7f454be..f30555fc9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## Release 2.8.4 + +The alpine base image used by `weave-kube` and `weave-npc` was upgraded to version 3.19.1 in the previous release. In this version, the default iptables backend is nftables, and the legacy backend is not included. Our scripts and programs assume legacy as the default backend, and change to nft if autodetected, or if we ask for it. So, the build Dockerfile (reweave/build/Dockerfile) was changed to also install the Alpine `iptables-legacy` package , and change the `iptables-{save,restore}` symbolic links to point to the legacy backend by default. + +The `weave-kube` and `weave-npc` images can now log traces if the environment WEAVE_DEBUG is set in the manifest. + ## Release 2.8.3 The docker API client version, used by the proxy package and the weaveutil command, was bumped from 1.18 to 1.24. As of March 2024, Docker API versions below 1.24 are deprecated. This means that the minimum supported Docker version is now 1.12.0. diff --git a/README.md b/README.md index 806669025..2fbd70fd7 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,13 @@ This repository contains a fork of Weave Net, the first product developed by Weaveworks. Since Weaveworks has shut down, this repo aims to continue maintaining Weave Net, and to publish releases regularly. [![Go Report Card](https://goreportcard.com/badge/github.com/rajch/weave)](https://goreportcard.com/report/github.com/rajch/weave) -[![Docker Pulls](https://img.shields.io/docker/pulls/rajchaudhuri/weave-kube)](https://hub.docker.com/r/rajchaudhuri/weave-kube) -![GitHub release (latest by date)](https://img.shields.io/github/v/release/rajch/weave?include_prereleases) -[![Unique vulnerability count in all images](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Frajch%2Fweave%2Fmaster%2Freweave%2Fscans%2Fbadge.json&label=Vulnerabilty%20count)](reweave/scans/report.md) +[![Docker Pulls](https://img.shields.io/docker/pulls/rajchaudhuri/weave-kube "Number of times the weave-kube image was pulled from the Docker Hub")](https://hub.docker.com/r/rajchaudhuri/weave-kube) +[![GitHub release (latest by date)](https://img.shields.io/github/v/release/rajch/weave?include_prereleases)](https://github.com/rajch/weave/releases) +[![Unique CVE count in all images](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Frajch%2Fweave%2Fmaster%2Freweave%2Fscans%2Fbadge.json&label=CVE%20count "The number of unique CVEs reported by scanning all images")](reweave/scans/report.md) The history of the ReWeave effort can be found in [HISTORY.md](HISTORY.md). -## Using Weave on Kubernetes +## Using Weave Net on Kubernetes On a newly created Kubernetes cluster, the Weave Net CNI pluging can be installed by running the following command: @@ -21,10 +21,16 @@ Replace `v1.28` with the version on Kubernetes on your cluster. That endpoint is provided by the companion project [weave-endpoint](https://github.com/rajch/weave-endpoint). -## Building Weave +## Using Weave Net in other ways + +Please refer to the [documentation](https://rajch.github.io/weave). + +## Building Weave Net Details can be found [here](reweave/BUILDING.md). ## Documentation status -At this point, any information found in directories other than `reweave`, such as `docs` or `site`, should be considered obsolete. In time, those will be updated. +The public documentation that used to exist in the `site` directory has been moved to the `original/site` directory. A new `website` directory has been created, and populated with the content of the `original/site` directory, rearranged and reformatted for being built with Jekyll and published to the GitHub pages site [https://rajch.github.io/weave](https://rajch.github.io/weave). + +The documentation will now be maintained and published from the `website` directory exclusively. diff --git a/reweave/CHANGELOG.md b/reweave/CHANGELOG.md index 9add99abe..337a8720b 100644 --- a/reweave/CHANGELOG.md +++ b/reweave/CHANGELOG.md @@ -2,7 +2,15 @@ All changes made to the weave net codebase during the reweave effort will be documented in this file. -## latest +## 2.8.4 + +### Changed + +* Changed version in `reweave/Makefile` to 2.8.4 +* Modified reweave and main CHANGELOG.md +* Modified README.md + +## 2.8.4-beta3 (8c148120) ### Changed @@ -22,8 +30,8 @@ All changes made to the weave net codebase during the reweave effort will be doc ## 2.8.4-beta1 (bcab10a4) ### Changed -* Added tracing The `launch.sh` and `init.sh` scripts if the WEAVE_DEBUG environment variable is set. -* When publishing images, the `:latest` tag is also applied. It will not be applied any more if the tag includes "-beta" anywhere. +* Added tracing to `launch.sh` and `init.sh` scripts if the WEAVE_DEBUG environment variable is set. +* When publishing images, the `:latest` tag is also applied. It will not be applied any more if the published tag includes "-beta" anywhere. ### Fixed diff --git a/reweave/Makefile b/reweave/Makefile index ef91aedc7..ced1cb091 100644 --- a/reweave/Makefile +++ b/reweave/Makefile @@ -1,4 +1,4 @@ -IMAGE_VERSION ?= 2.8.4-beta3 +IMAGE_VERSION ?= 2.8.4 REGISTRY_USER ?= rajchaudhuri ALPINE_BASEIMAGE ?= alpine:3.19.1 diff --git a/reweave/scans/badge.json b/reweave/scans/badge.json index 95bb1d180..f93607a66 100644 --- a/reweave/scans/badge.json +++ b/reweave/scans/badge.json @@ -1 +1 @@ -{"schemaVersion": 1, "label": "Vulnerabilty count", "message": "39", "color": "orange"} +{"schemaVersion": 1, "label": "Vulnerabilty count", "message": "19", "color": "orange"} diff --git a/reweave/scans/report.md b/reweave/scans/report.md index ad28d7c80..15213ab9f 100644 --- a/reweave/scans/report.md +++ b/reweave/scans/report.md @@ -1,9 +1,9 @@ # Vulnerability Report ``` -Report date: 2024-03-19 -Unique vulnerability count: 39 -Images version: 2.8.4-beta2 +Report date: 2024-03-20 +Unique vulnerability count: 19 +Images version: 2.8.4 ``` ## Scanner Details @@ -23,115 +23,80 @@ Supported DB Schema: 5 ## Vulnerabilities -### weave-kube: (20) +### weave-kube: (19) ``` -NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY -busybox 1.36.1-r15 apk CVE-2023-42366 Medium -busybox 1.36.1-r15 apk CVE-2023-42365 Medium -busybox 1.36.1-r15 apk CVE-2023-42364 Medium -busybox 1.36.1-r15 apk CVE-2023-42363 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium -curl 8.5.0-r0 apk CVE-2024-0853 Medium -google.golang.org/protobuf v1.31.0 1.33.0 go-module GHSA-8r3f-844c-mc37 Medium -libuv 1.47.0-r0 apk CVE-2024-24806 High -ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium -stdlib go1.21.6 go-module CVE-2024-24785 Unknown -stdlib go1.21.6 go-module CVE-2024-24784 Unknown -stdlib go1.21.6 go-module CVE-2024-24783 Unknown -stdlib go1.21.6 go-module CVE-2023-45290 Unknown -stdlib go1.21.6 go-module CVE-2023-45289 Unknown -``` - -### weave-npc: (18) - -``` -NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY -busybox 1.36.1-r15 apk CVE-2023-42366 Medium -busybox 1.36.1-r15 apk CVE-2023-42365 Medium -busybox 1.36.1-r15 apk CVE-2023-42364 Medium -busybox 1.36.1-r15 apk CVE-2023-42363 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium -google.golang.org/protobuf v1.31.0 1.33.0 go-module GHSA-8r3f-844c-mc37 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium -stdlib go1.21.6 go-module CVE-2024-24785 Unknown -stdlib go1.21.6 go-module CVE-2024-24784 Unknown -stdlib go1.21.6 go-module CVE-2024-24783 Unknown -stdlib go1.21.6 go-module CVE-2023-45290 Unknown -stdlib go1.21.6 go-module CVE-2023-45289 Unknown -``` - -### weave: (20) - -``` -NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY -busybox 1.36.1-r15 apk CVE-2023-42366 Medium -busybox 1.36.1-r15 apk CVE-2023-42365 Medium -busybox 1.36.1-r15 apk CVE-2023-42364 Medium -busybox 1.36.1-r15 apk CVE-2023-42363 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium -curl 8.5.0-r0 apk CVE-2024-0853 Medium -google.golang.org/protobuf v1.31.0 1.33.0 go-module GHSA-8r3f-844c-mc37 Medium -libuv 1.47.0-r0 apk CVE-2024-24806 High -ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium -stdlib go1.21.6 go-module CVE-2024-24785 Unknown -stdlib go1.21.6 go-module CVE-2024-24784 Unknown -stdlib go1.21.6 go-module CVE-2024-24783 Unknown -stdlib go1.21.6 go-module CVE-2023-45290 Unknown -stdlib go1.21.6 go-module CVE-2023-45289 Unknown +NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY +busybox 1.36.1-r15 apk CVE-2023-42366 Medium +busybox 1.36.1-r15 apk CVE-2023-42365 Medium +busybox 1.36.1-r15 apk CVE-2023-42364 Medium +busybox 1.36.1-r15 apk CVE-2023-42363 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium +curl 8.5.0-r0 apk CVE-2024-0853 Medium +libuv 1.47.0-r0 apk CVE-2024-24806 High +ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium +ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium +ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium +ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium +stdlib go1.21.6 go-module CVE-2024-24785 Unknown +stdlib go1.21.6 go-module CVE-2024-24784 Unknown +stdlib go1.21.6 go-module CVE-2024-24783 Unknown +stdlib go1.21.6 go-module CVE-2023-45290 Unknown +stdlib go1.21.6 go-module CVE-2023-45289 Unknown ``` -### weaveexec: (20) +### weave-npc: (17) ``` -NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY -busybox 1.36.1-r15 apk CVE-2023-42366 Medium -busybox 1.36.1-r15 apk CVE-2023-42365 Medium -busybox 1.36.1-r15 apk CVE-2023-42364 Medium -busybox 1.36.1-r15 apk CVE-2023-42363 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium -busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium -curl 8.5.0-r0 apk CVE-2024-0853 Medium -google.golang.org/protobuf v1.31.0 1.33.0 go-module GHSA-8r3f-844c-mc37 Medium -libuv 1.47.0-r0 apk CVE-2024-24806 High -ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium -ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium -stdlib go1.21.6 go-module CVE-2024-24785 Unknown -stdlib go1.21.6 go-module CVE-2024-24784 Unknown -stdlib go1.21.6 go-module CVE-2024-24783 Unknown -stdlib go1.21.6 go-module CVE-2023-45290 Unknown -stdlib go1.21.6 go-module CVE-2023-45289 Unknown +NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY +busybox 1.36.1-r15 apk CVE-2023-42366 Medium +busybox 1.36.1-r15 apk CVE-2023-42365 Medium +busybox 1.36.1-r15 apk CVE-2023-42364 Medium +busybox 1.36.1-r15 apk CVE-2023-42363 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium +ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium +ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium +ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium +ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium +stdlib go1.21.6 go-module CVE-2024-24785 Unknown +stdlib go1.21.6 go-module CVE-2024-24784 Unknown +stdlib go1.21.6 go-module CVE-2024-24783 Unknown +stdlib go1.21.6 go-module CVE-2023-45290 Unknown +stdlib go1.21.6 go-module CVE-2023-45289 Unknown ``` -### weavedb: (0) +### weave: (19) ``` -No vulnerabilities found +NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY +busybox 1.36.1-r15 apk CVE-2023-42366 Medium +busybox 1.36.1-r15 apk CVE-2023-42365 Medium +busybox 1.36.1-r15 apk CVE-2023-42364 Medium +busybox 1.36.1-r15 apk CVE-2023-42363 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42366 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42365 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42364 Medium +busybox-binsh 1.36.1-r15 apk CVE-2023-42363 Medium +curl 8.5.0-r0 apk CVE-2024-0853 Medium +libuv 1.47.0-r0 apk CVE-2024-24806 High +ssl_client 1.36.1-r15 apk CVE-2023-42366 Medium +ssl_client 1.36.1-r15 apk CVE-2023-42365 Medium +ssl_client 1.36.1-r15 apk CVE-2023-42364 Medium +ssl_client 1.36.1-r15 apk CVE-2023-42363 Medium +stdlib go1.21.6 go-module CVE-2024-24785 Unknown +stdlib go1.21.6 go-module CVE-2024-24784 Unknown +stdlib go1.21.6 go-module CVE-2024-24783 Unknown +stdlib go1.21.6 go-module CVE-2023-45290 Unknown +stdlib go1.21.6 go-module CVE-2023-45289 Unknown ``` -### network-tester: (19) +### weaveexec: (19) ``` NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY