added
v2.3.1-stable Release
about 1 year ago by Tapan Desai
Version 2.3.1-stable migrated Sidecar from a legacy baseline to a modern, hardened environment, significantly improving overall system security with no API changes.
Changed
- The Sidecar is now built with Go 1.21.13.
- Upgraded OpenSSL to 3.3.3 to address security vulnerabilities.
- Upgraded System C Library to 1.2.5-r1 to fix memory corruption issues.
Fixed
- Removed a total of 19 vulnerabilities, including 1 critical and 8 high.
- CVE-2024-24790: Resolved a memory mismanagement issue when handling network addresses that could lead to unauthorized system access.
- CVE-2024-5535: Fixed a vulnerability where malicious actors could send specially crafted packets during the SSL handshake process.
- CVE-2025-26519: Addressed a system flaw to prevent memory corruption that occurred when the system processes text or character encodings.