v2.2.9
github-actions
released this
18 May 12:11
·
0 commits
to 0fc0d10a4e74b5970fdaf8c7165bd8d7bcecb2e3
since this release
Quick Start
Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.2.9/manifests/install.yaml
HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.2.9/manifests/ha/install.yaml
Notes
This is a security release. We urge all users of the 2.2.z branch to update as soon as possible. Please refer to the Security fixes section below for more details.
Security fixes
- CRITICAL: Argo CD will trust invalid JWT claims if anonymous access is enabled (GHSA-r642-gv9p-2wjj)
- LOW: Login screen allows message spoofing if SSO is enabled (GHSA-xmg8-99r8-jc2j)
- MODERATE: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server (GHSA-6gcg-hp2x-q54h)