kubearmor-client
kubearmor-client copied to clipboard
kubearmor
Update module helm.sh/helm/v3 to v3.17.3 [SECURITY]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| helm.sh/helm/v3 | v3.17.0 -> v3.17.3 |
GitHub Vulnerability Alerts
CVE-2025-32386
A Helm contributor discovered that a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory (OOM) termination.
Impact
A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate.
Patches
This issue has been resolved in Helm v3.17.3.
Workarounds
Ensure that any chart archive files being loaded by Helm do not contain files that are large enough to cause the Helm Client or SDK to use up available memory leading to a termination.
For more information
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Jakub Ciolek at AlphaSense.
CVE-2025-32387
A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow.
Impact
A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow.
Patches
This issue has been resolved in Helm v3.17.3.
Workarounds
Ensure that the JSON Schema within any charts loaded by Helm does not have a large number of nested references. These JSON Schema files are larger than 10 MiB.
For more information
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Jakub Ciolek at AlphaSense.
Release Notes
helm/helm (helm.sh/helm/v3)
v3.17.3: Helm v3.17.3
Helm v3.17.3 is a security (patch) release. Users are strongly recommended to update to this release.
The community keeps growing, and we'd love to see you there!
- Join the discussion in Kubernetes Slack:
- for questions and just to hang out
- for discussing PRs, code, and bugs
- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
- Test, debug, and contribute charts: ArtifactHub/packages
Installation and Upgrading
Download Helm v3.17.3. The common platform binaries are here:
- MacOS amd64 (checksum / 20ef8df4671349a6fc556a621be1170dd709c6c0cf5f7e83a2d9fb0515fd97fc)
- MacOS arm64 (checksum / 89aec43ce07b06239f1bba4a6507236bb48ae487bc5065a8e254d3ce58a16997)
- Linux amd64 (checksum / ee88b3c851ae6466a3de507f7be73fe94d54cbf2987cbaa3d1a3832ea331f2cd)
- Linux arm (checksum / 60d76d1e12d3e058a9e9a8209eff748a6fab5948028a1f0860f48e141243d33d)
- Linux arm64 (checksum / 7944e3defd386c76fd92d9e6fec5c2d65a323f6fadc19bfb5e704e3eee10348e)
- Linux i386 (checksum / 51742d78c066437e23b3ca98370df341f9136b408381fe5a150d70b9d9bf24d7)
- Linux ppc64le (checksum / b821885a502b2fa159e3ef3afe9cde6e6c9876d4a623f18868829c3ee4a3c64c)
- Linux s390x (checksum / 71a9c6058e29a7eef0bc72a61843ccbade11997e383dd3e13e1a591ddffd8598)
- Linux riscv64 (checksum / 4e4563d43a593e11533024c7a0ddb79fb7d1dec85f9a9f8417ed1bacda0d7d0e)
- Windows amd64 (checksum / 8ea93e2f6285e649dede583ac90ff8cdb938ca53ec6cf5fe909f2303fbc22d96)
- Windows arm64 (checksum / 70ce9dfdbc1ce6142626a829dbdc5920405146f3ce4dc6f6e6739dd308cc7baf)
The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.
What's Next
- 3.18.0 is the next minor release and will be on May 14, 2025
Changelog
- Unarchiving fix
e4da497(Matt Farina)
v3.17.2: Helm v3.17.2
Helm v3.17.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
- Join the discussion in Kubernetes Slack:
- for questions and just to hang out
- for discussing PRs, code, and bugs
- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
- Test, debug, and contribute charts: ArtifactHub/packages
Installation and Upgrading
Download Helm v3.17.2. The common platform binaries are here:
- MacOS amd64 (checksum / 3e240238c7a3a10efd37b8e16615b28e94ba5db5957247bb42009ba6d52f76e9)
- MacOS arm64 (checksum / b843cebcbebc9eccb1e43aba9cca7693d32e9f2c4a35344990e3b7b381933948)
- Linux amd64 (checksum / 90c28792a1eb5fb0b50028e39ebf826531ebfcf73f599050dbd79bab2f277241)
- Linux arm (checksum / 0b13ec8580dd5498b5a2d7cb34146e098049f59500a266db1bb98f59649eb90a)
- Linux arm64 (checksum / d78d76ec7625a94991e887ac049d93f44bd70e4876200b945f813c9e1ed1df7c)
- Linux i386 (checksum / 1c599c4559b97d8cf2100704f5cdc3269dcb369b553711b09a564e1d89c725dc)
- Linux ppc64le (checksum / 6bb1c83078bdd5e9acad5793dfc9ab3b5b56d410723a660ff1da61dbdff3207b)
- Linux s390x (checksum / 55ce412c48a79020a435eed2d7895e3cf74293d939da60a287c7c5fc15480f58)
- Linux riscv64 (checksum / 70e27a5b73fe848233f3e43bbe393a84d5ccfea2db666906ed37ef9b54468876)
- Windows amd64 (checksum / f76fe76fa116d2bae948aee9bb54ba11bf5b726a09f732ce6a74eb65af2886b1)
- Windows arm64 (checksum / a47a0059285347d44c2ac81aa09398cfa527eb60bcddd7e1836f9459e503697d)
This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.
The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.
What's Next
- 3.17.3 is the next patch release and will be on April 09, 2025
- 3.18.0 is the next minor release and will be on May 14, 2025
Changelog
- Updating to 0.37.0 for x/net
cc0bbbd(Matt Farina) - build(deps): bump the k8s-io group with 7 updates
ecb7a74(dependabot[bot])
v3.17.1: Helm v3.17.1
Helm v3.17.1 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
- Join the discussion in Kubernetes Slack:
- for questions and just to hang out
- for discussing PRs, code, and bugs
- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
- Test, debug, and contribute charts: ArtifactHub/packages
Installation and Upgrading
Download Helm v3.17.1. The common platform binaries are here:
- MacOS amd64 (checksum / aba59ba9511971a71943b5c76f15d52ace1681197bb3f71ed1f0b15caceacb2c)
- MacOS arm64 (checksum / b823a213d8d7937222becc63d9c7bb3d15a090e7ecd1f70f3a583ed39657e21b)
- Linux amd64 (checksum / 3b66f3cd28409f29832b1b35b43d9922959a32d795003149707fea84cbcd4469)
- Linux arm (checksum / 1dc5ed54350f4f7ae87441e878be4f4fd9b727a86b11b1d20b1001358c83bed3)
- Linux arm64 (checksum / c86c9b23602d4abbfae39d9634e25ab1d0ea6c4c16c5b154113efe316a402547)
- Linux i386 (checksum / b972562a1171673db2892f000248b2540ddcd6f76850ec152852a8e9ce7972cb)
- Linux ppc64le (checksum / 4223394f3fca82a7f8e8d083caf6faf0ee0639d8f235071334579237078a2c2e)
- Linux s390x (checksum / fe47e5ee8abd6baef01bb1c4fc995343121bf5fc7dead1f67e97484a441ba9e8)
- Linux riscv64 (checksum / cf174b1ff83032255f798278152c637d01dd1d1533fd77915ab751d8cf4191a7)
- Windows amd64 (checksum / 08281ee6d4d272835ff10c510b8b39736d112d9cb89dfbc853fe83913fbe48d0)
- Windows arm64 (checksum / 44c9c8246f643ea45bb45013a182fc25da2a8206a6f322a0c6fa47a1f4bcf1e4)
The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.
What's Next
- 3.17.2 is the next patch release and will be on March 12, 2025
- 3.18.0 is the next minor release and will be on May 14, 2025
Changelog
- add test for nullifying nested global value
980d8ac(Ryan Hockstad) - Add test case for removing an entire object
c23e3b6(Ryan Hockstad) - Tests for bugfix: Override subcharts with null values #12879
3110d5f(Scott Rigby) - merge null child chart objects
9520c71(Ryan Hockstad) - build(deps): bump the k8s-io group with 7 updates
ab7dedd(dependabot[bot]) - fix: check group for resource info match
a2d3602(Jiasheng Zhu)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
⚠️ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: go.sum
Command failed: install-tool golang 1.22.12