Skip to content

v2.2.9

Compare
Choose a tag to compare
@github-actions github-actions released this 18 May 12:11
· 0 commits to 0fc0d10a4e74b5970fdaf8c7165bd8d7bcecb2e3 since this release

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.2.9/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.2.9/manifests/ha/install.yaml

Notes

This is a security release. We urge all users of the 2.2.z branch to update as soon as possible. Please refer to the Security fixes section below for more details.

Security fixes

  • CRITICAL: Argo CD will trust invalid JWT claims if anonymous access is enabled (GHSA-r642-gv9p-2wjj)
  • LOW: Login screen allows message spoofing if SSO is enabled (GHSA-xmg8-99r8-jc2j)
  • MODERATE: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server (GHSA-6gcg-hp2x-q54h)