From 19d6f6c45247db10c59931019790a07a76d1486a Mon Sep 17 00:00:00 2001 From: Ioannis Tsouvalas Date: Tue, 20 Jun 2023 13:26:27 +0000 Subject: [PATCH] update release notes --- ci/release_notes.md | 413 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 413 insertions(+) create mode 100644 ci/release_notes.md diff --git a/ci/release_notes.md b/ci/release_notes.md new file mode 100644 index 00000000..ff74d797 --- /dev/null +++ b/ci/release_notes.md @@ -0,0 +1,413 @@ + +[Features] +- Update to cf-deployment v.29.0.0: +- With this release we use Jammy as the default stemcell. If you want to stay on Bionic, you can add the operations/use-bionic-stemcell.yml file to your configuration. + +[BugFixes] +- Update log-cahce on rename-network-and-deployment.yml +- update overlay addons to match updated UAA scope format +- upstream_path on pull script updated +- update nfs-volume release + +[Chores] +- Update credhub, haproxy and uaa on overlay manifests + +[Security Updates] + +A list of the CVEs identified and addressed through each release bump +| Release | Version | CVE | +| ------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------- | +| [bpm](https://github.com/cloudfoundry/bpm-release/releases) | [v1.1.21](https://github.com/cloudfoundry/bpm-release/releases/tag/v1.1.21) | [CVE-2021-44716](https://github.com/advisories/GHSA-vc3p-29h2-gpcp) | +| | | [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) | +| | | [CVE-2022-32149](https://github.com/advisories/GHSA-69ch-w2m2-3vjp) | +| | [v1.1.23](https://github.com/cloudfoundry/bpm-release/releases/tag/v1.1.23) | [CVE-2022-41723](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h) | +| [cflinuxfs3](https://github.com/cloudfoundry/cflinuxfs3/releases) | [0.263.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.263.0) | [CVE-2020-16592](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16592) | +| | | [CVE-2021-3487](https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3487) | +| | [0.264.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.264.0) | [CVE-2020-21913](https://ubuntu.com//security/CVE-2020-21913) | +| | [0.265.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.265.0) | [CVE-2021-3933](https://ubuntu.com//security/CVE-2021-3933) | +| | [0.267.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.267.0) | [CVE-2021-3941](https://ubuntu.com//security/CVE-2021-3941) | +| | [0.269.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.269.0) | [CVE-2021-28831](https://ubuntu.com//security/CVE-2021-28831) | +| | | [CVE-2021-42374](https://ubuntu.com//security/CVE-2021-42374) | +| | | [CVE-2021-42381](https://ubuntu.com//security/CVE-2021-42381) | +| | | [CVE-2021-42386](https://ubuntu.com//security/CVE-2021-42386) | +| | | [CVE-2021-28831](https://ubuntu.com//security/CVE-2021-28831) | +| | | [CVE-2021-42378](https://ubuntu.com//security/CVE-2021-42378) | +| | | [CVE-2021-42386](https://ubuntu.com//security/CVE-2021-42386) | +| | | [CVE-2021-42385](https://ubuntu.com//security/CVE-2021-42385) | +| | | [CVE-2021-42382](https://ubuntu.com//security/CVE-2021-42382) | +| | | [CVE-2021-42384](https://ubuntu.com//security/CVE-2021-42384) | +| | | [CVE-2021-42379](https://ubuntu.com//security/CVE-2021-42379) | +| | | [CVE-2021-42374](https://ubuntu.com//security/CVE-2021-42374) | +| | | [CVE-2021-42380](https://ubuntu.com//security/CVE-2021-42380) | +| | | [CVE-2021-42381](https://ubuntu.com//security/CVE-2021-42381) | +| | [0.270.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.270.0) | [CVE-2021-3800](https://ubuntu.com//security/CVE-2021-3800) | +| | [0.271.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.271.0) | [CVE-2021-3733](https://ubuntu.com//security/CVE-2021-3733) | +| | | [CVE-2021-3737](https://ubuntu.com//security/CVE-2021-3737) | +| | [0.272.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.272.0) | [CVE-2021-41816](https://ubuntu.com//security/CVE-2021-41816) | +| | | [CVE-2021-41817](https://ubuntu.com//security/CVE-2021-41817) | +| | | [CVE-2021-41819](https://ubuntu.com//security/CVE-2021-41819) | +| | [0.273.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.273.0) | [CVE-2017-12424](https://ubuntu.com//security/CVE-2017-12424) | +| | | [CVE-2018-7169](https://ubuntu.com//security/CVE-2018-7169) | +| | [0.274.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.274.0) | [CVE-2022-22823](https://ubuntu.com//security/CVE-2022-22823) | +| | | [CVE-2021-45960](https://ubuntu.com//security/CVE-2021-45960) | +| | | [CVE-2022-25235](https://ubuntu.com//security/CVE-2022-25235) | +| | | [CVE-2022-25236](https://ubuntu.com//security/CVE-2022-25236) | +| | | [CVE-2022-22825](https://ubuntu.com//security/CVE-2022-22825) | +| | | [CVE-2022-22827](https://ubuntu.com//security/CVE-2022-22827) | +| | | [CVE-2022-22826](https://ubuntu.com//security/CVE-2022-22826) | +| | | [CVE-2021-46143](https://ubuntu.com//security/CVE-2021-46143) | +| | | [CVE-2022-23990](https://ubuntu.com//security/CVE-2022-23990) | +| | | [CVE-2022-22824](https://ubuntu.com//security/CVE-2022-22824) | +| | | [CVE-2022-23852](https://ubuntu.com//security/CVE-2022-23852) | +| | | [CVE-2022-22822](https://ubuntu.com//security/CVE-2022-22822) | +| | [0.275.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.275.0) | [CVE-2020-27618](https://ubuntu.com//security/CVE-2020-27618) | +| | | [CVE-2021-3326](https://ubuntu.com//security/CVE-2021-3326) | +| | | [CVE-2020-6096](https://ubuntu.com//security/CVE-2020-6096) | +| | | [CVE-2021-27645](https://ubuntu.com//security/CVE-2021-27645) | +| | | [CVE-2021-35942](https://ubuntu.com//security/CVE-2021-35942) | +| | | [CVE-2021-3998](https://ubuntu.com//security/CVE-2021-3998) | +| | | [CVE-2021-3999](https://ubuntu.com//security/CVE-2021-3999) | +| | | [CVE-2022-23218](https://ubuntu.com//security/CVE-2022-23218) | +| | | [CVE-2022-23219](https://ubuntu.com//security/CVE-2022-23219) | +| | | [CVE-2019-25013](https://ubuntu.com//security/CVE-2019-25013) | +| | | [CVE-2016-10228](https://ubuntu.com//security/CVE-2016-10228) | +| | | [CVE-2020-29562](https://ubuntu.com//security/CVE-2020-29562) | +| | [0.276.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.276.0) | [CVE-2022-25236](https://ubuntu.com//security/CVE-2022-25236) | +| | | [CVE-2022-25313](https://ubuntu.com//security/CVE-2022-25313) | +| | | [CVE-2022-25314](https://ubuntu.com//security/CVE-2022-25314) | +| | | [CVE-2022-25315](https://ubuntu.com//security/CVE-2022-25315) | +| | [0.277.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.277.0) | [CVE-2022-23308](https://ubuntu.com//security/CVE-2022-23308) | +| | [0.278.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.278.0) | [CVE-2022-0778](https://ubuntu.com//security/CVE-2022-0778) | +| | [0.279.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.279.0) | [CVE-2021-3426](https://ubuntu.com//security/CVE-2021-3426) | +| | | [CVE-2021-4189](https://ubuntu.com//security/CVE-2021-4189) | +| | | [CVE-2022-0391](https://ubuntu.com//security/CVE-2022-0391) | +| | [0.280.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.280.0) | [CVE-2018-25032](https://ubuntu.com//security/CVE-2018-25032) | +| | [0.282.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.282.0) | [CVE-2022-25308](https://ubuntu.com//security/CVE-2022-25308) | +| | | [CVE-2022-25309](https://ubuntu.com//security/CVE-2022-25309) | +| | | [CVE-2022-25310](https://ubuntu.com//security/CVE-2022-25310) | +| | [0.283.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.283.0) | [CVE-2018-16301](https://ubuntu.com//security/CVE-2018-16301) | +| | | [CVE-2020-8037](https://ubuntu.com//security/CVE-2020-8037) | +| | [0.284.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.284.0) | [CVE-2022-24765](https://ubuntu.com//security/CVE-2022-24765) | +| | [0.285.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.285.0) | [CVE-2022-1271](https://ubuntu.com//security/CVE-2022-1271) | +| | [0.286.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.286.0) | [CVE-2021-31870](https://ubuntu.com//security/CVE-2021-31870) | +| | | [CVE-2021-31871](https://ubuntu.com//security/CVE-2021-31871) | +| | | [CVE-2021-31872](https://ubuntu.com//security/CVE-2021-31872) | +| | | [CVE-2021-31873](https://ubuntu.com//security/CVE-2021-31873) | +| | [0.287.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.287.0) | [CVE-2019-18276](https://ubuntu.com//security/CVE-2019-18276) | +| | [0.290.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.290.0) | [CVE-2021-36084](https://ubuntu.com//security/CVE-2021-36084) | +| | | [CVE-2021-36085](https://ubuntu.com//security/CVE-2021-36085) | +| | | [CVE-2021-36086](https://ubuntu.com//security/CVE-2021-36086) | +| | | [CVE-2021-36087](https://ubuntu.com//security/CVE-2021-36087) | +| | [0.291.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.291.0) | [CVE-2022-22576](https://ubuntu.com//security/CVE-2022-22576) | +| | | [CVE-2022-27776](https://ubuntu.com//security/CVE-2022-27776) | +| | | [CVE-2022-27774](https://ubuntu.com//security/CVE-2022-27774) | +| | | [CVE-2022-27775](https://ubuntu.com//security/CVE-2022-27775) | +| | [0.292.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.292.0) | [CVE-2022-1292](https://ubuntu.com//security/CVE-2022-1292) | +| | | [CVE-2022-1343](https://ubuntu.com//security/CVE-2022-1343) | +| | | [CVE-2022-1434](https://ubuntu.com//security/CVE-2022-1434) | +| | | [CVE-2022-1473](https://ubuntu.com//security/CVE-2022-1473) | +| | [0.294.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.294.0) | [CVE-2020-35512](https://ubuntu.com//security/CVE-2020-35512) | +| | | [CVE-2017-9525](https://ubuntu.com//security/CVE-2017-9525) | +| | | [CVE-2019-9704](https://ubuntu.com//security/CVE-2019-9704) | +| | | [CVE-2019-9705](https://ubuntu.com//security/CVE-2019-9705) | +| | | [CVE-2019-9706](https://ubuntu.com//security/CVE-2019-9706) | +| | [0.296.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.296.0) | [CVE-2022-27780](https://ubuntu.com//security/CVE-2022-27780) | +| | | [CVE-2022-27781](https://ubuntu.com//security/CVE-2022-27781) | +| | | [CVE-2022-27782](https://ubuntu.com//security/CVE-2022-27782) | +| | [0.298.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.298.0) | [CVE-2022-23308](https://ubuntu.com//security/CVE-2022-23308) | +| | | [CVE-2022-29824](https://ubuntu.com//security/CVE-2022-29824) | +| | [0.299.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.299.0) | [CVE-2019-20838](https://ubuntu.com//security/CVE-2019-20838) | +| | | [CVE-2020-14155](https://ubuntu.com//security/CVE-2020-14155) | +| | [0.300.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.300.0) | [CVE-2018-11782](https://ubuntu.com//security/CVE-2018-11782) | +| | | [CVE-2019-0203](https://ubuntu.com//security/CVE-2019-0203) | +| | | [CVE-2020-17525](https://ubuntu.com//security/CVE-2020-17525) | +| | [0.301.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.301.0) | [CVE-2022-1664](https://ubuntu.com//security/CVE-2022-1664) | +| | [0.302.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.302.0) | [CVE-2022-28463](https://ubuntu.com//security/CVE-2022-28463) | +| | [0.303.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.303.0) | [CVE-2022-28739](https://ubuntu.com//security/CVE-2022-28739) | +| | | [CVE-2022-28738](https://ubuntu.com//security/CVE-2022-28738) | +| | [0.304.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.304.0) | [CVE-2022-1304](https://ubuntu.com//security/CVE-2022-1304) | +| | [0.307.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.307.0) | [CVE-2022-2068](https://ubuntu.com//security/CVE-2022-2068) | +| | | [CVE-2020-20446](https://ubuntu.com//security/CVE-2020-20446) | +| | | [CVE-2020-20453](https://ubuntu.com//security/CVE-2020-20453) | +| | | [CVE-2020-20450](https://ubuntu.com//security/CVE-2020-20450) | +| | | [CVE-2020-21041](https://ubuntu.com//security/CVE-2020-21041) | +| | | [CVE-2020-21688](https://ubuntu.com//security/CVE-2020-21688) | +| | | [CVE-2020-21697](https://ubuntu.com//security/CVE-2020-21697) | +| | | [CVE-2020-22015](https://ubuntu.com//security/CVE-2020-22015) | +| | | [CVE-2020-22016](https://ubuntu.com//security/CVE-2020-22016) | +| | | [CVE-2020-22022](https://ubuntu.com//security/CVE-2020-22022) | +| | | [CVE-2020-22031](https://ubuntu.com//security/CVE-2020-22031) | +| | | [CVE-2020-22042](https://ubuntu.com//security/CVE-2020-22042) | +| | | [CVE-2020-22021](https://ubuntu.com//security/CVE-2020-22021) | +| | | [CVE-2020-22033](https://ubuntu.com//security/CVE-2020-22033) | +| | | [CVE-2020-22035](https://ubuntu.com//security/CVE-2020-22035) | +| | | [CVE-2020-22037](https://ubuntu.com//security/CVE-2020-22037) | +| | | [CVE-2020-35965](https://ubuntu.com//security/CVE-2020-35965) | +| | | [CVE-2021-38114](https://ubuntu.com//security/CVE-2021-38114) | +| | | [CVE-2021-38171](https://ubuntu.com//security/CVE-2021-38171) | +| | | [CVE-2022-1475](https://ubuntu.com//security/CVE-2022-1475) | +| | | [CVE-2020-22035](https://ubuntu.com//security/CVE-2020-22035) | +| | | [CVE-2020-22042](https://ubuntu.com//security/CVE-2020-22042) | +| | | [CVE-2020-22032](https://ubuntu.com//security/CVE-2020-22032) | +| | | [CVE-2020-22017](https://ubuntu.com//security/CVE-2020-22017) | +| | | [CVE-2020-22026](https://ubuntu.com//security/CVE-2020-22026) | +| | | [CVE-2020-20445](https://ubuntu.com//security/CVE-2020-20445) | +| | | [CVE-2020-22020](https://ubuntu.com//security/CVE-2020-22020) | +| | | [CVE-2020-22027](https://ubuntu.com//security/CVE-2020-22027) | +| | | [CVE-2020-22034](https://ubuntu.com//security/CVE-2020-22034) | +| | | [CVE-2020-22028](https://ubuntu.com//security/CVE-2020-22028) | +| | | [CVE-2020-22025](https://ubuntu.com//security/CVE-2020-22025) | +| | | [CVE-2020-21041](https://ubuntu.com//security/CVE-2020-21041) | +| | | [CVE-2020-22019](https://ubuntu.com//security/CVE-2020-22019) | +| | | [CVE-2020-22036](https://ubuntu.com//security/CVE-2020-22036) | +| | [0.308.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.308.0) | [CVE-2022-32205](https://ubuntu.com//security/CVE-2022-32205) | +| | | [CVE-2022-32206](https://ubuntu.com//security/CVE-2022-32206) | +| | | [CVE-2022-32207](https://ubuntu.com//security/CVE-2022-32207) | +| | | [CVE-2022-32208](https://ubuntu.com//security/CVE-2022-32208) | +| | [0.309.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.309.0) | [CVE-2022-2097](https://ubuntu.com//security/CVE-2022-2097) | +| | [0.310.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.310.0) | [CVE-2022-24765](https://ubuntu.com//security/CVE-2022-24765) | +| | | [CVE-2022-29187](https://ubuntu.com//security/CVE-2022-29187) | +| | [0.311.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.311.0) | [CVE-2015-20107](https://ubuntu.com//security/CVE-2015-20107) | +| | [0.312.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.312.0) | [CVE-2022-27405](https://ubuntu.com//security/CVE-2022-27405) | +| | | [CVE-2022-27406](https://ubuntu.com//security/CVE-2022-27406) | +| | | [CVE-2022-27404](https://ubuntu.com//security/CVE-2022-27404) | +| | | [CVE-2022-31782](https://ubuntu.com//security/CVE-2022-31782) | +| | [0.313.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.313.0) | [CVE-2021-4209](https://ubuntu.com//security/CVE-2021-4209) | +| | | [CVE-2022-2509](https://ubuntu.com//security/CVE-2022-2509) | +| | [0.314.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.314.0) | [CVE-2016-3709](https://ubuntu.com//security/CVE-2016-3709) | +| | [0.315.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.315.0) | [CVE-2022-30699](https://ubuntu.com//security/CVE-2022-30699) | +| | | [CVE-2022-30698](https://ubuntu.com//security/CVE-2022-30698) | +| | [0.316.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.316.0) | [CVE-2022-37434](https://ubuntu.com//security/CVE-2022-37434) | +| | [0.318.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.318.0) | [CVE-2019-5815](https://ubuntu.com//security/CVE-2019-5815) | +| | | [CVE-2021-30560](https://ubuntu.com//security/CVE-2021-30560) | +| | [0.319.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.319.0) | [CVE-2022-2526](https://ubuntu.com//security/CVE-2022-2526) | +| | [0.320.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.320.0) | [CVE-2022-35252](https://ubuntu.com//security/CVE-2022-35252) | +| | [0.322.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.322.0) | [CVE-2022-0909](https://ubuntu.com//security/CVE-2022-0909) | +| | | [CVE-2022-22844](https://ubuntu.com//security/CVE-2022-22844) | +| | | [CVE-2022-0908](https://ubuntu.com//security/CVE-2022-0908) | +| | | [CVE-2022-0909](https://ubuntu.com//security/CVE-2022-0909) | +| | | [CVE-2022-0924](https://ubuntu.com//security/CVE-2022-0924) | +| | | [CVE-2020-19131](https://ubuntu.com//security/CVE-2020-19131) | +| | | [CVE-2020-19144](https://ubuntu.com//security/CVE-2020-19144) | +| | | [CVE-2022-0907](https://ubuntu.com//security/CVE-2022-0907) | +| | | [CVE-2022-0924](https://ubuntu.com//security/CVE-2022-0924) | +| | [0.324.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.324.0) | [CVE-2020-19131](https://ubuntu.com//security/CVE-2020-19131) | +| | | [CVE-2022-1354](https://ubuntu.com//security/CVE-2022-1354) | +| | | [CVE-2022-1355](https://ubuntu.com//security/CVE-2022-1355) | +| | | [CVE-2022-2058](https://ubuntu.com//security/CVE-2022-2058) | +| | | [CVE-2022-2056](https://ubuntu.com//security/CVE-2022-2056) | +| | | [CVE-2022-2057](https://ubuntu.com//security/CVE-2022-2057) | +| | [0.326.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.326.0) | [CVE-2018-11813](https://ubuntu.com//security/CVE-2018-11813) | +| | | [CVE-2020-17541](https://ubuntu.com//security/CVE-2020-17541) | +| | | [CVE-2020-35538](https://ubuntu.com//security/CVE-2020-35538) | +| | | [CVE-2021-46822](https://ubuntu.com//security/CVE-2021-46822) | +| | [0.327.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.327.0) | [CVE-2022-2928](https://ubuntu.com//security/CVE-2022-2928) | +| | | [CVE-2022-2929](https://ubuntu.com//security/CVE-2022-2929) | +| | [0.328.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.328.0) | [CVE-2018-16860](https://ubuntu.com//security/CVE-2018-16860) | +| | | [CVE-2019-12098](https://ubuntu.com//security/CVE-2019-12098) | +| | | [CVE-2021-3671](https://ubuntu.com//security/CVE-2021-3671) | +| | | [CVE-2022-3116](https://ubuntu.com//security/CVE-2022-3116) | +| | | [CVE-2021-4217](https://ubuntu.com//security/CVE-2021-4217) | +| | | [CVE-2022-0530](https://ubuntu.com//security/CVE-2022-0530) | +| | | [CVE-2022-0529](https://ubuntu.com//security/CVE-2022-0529) | +| | | [CVE-2021-43618](https://ubuntu.com//security/CVE-2021-43618) | +| | [0.329.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.329.0) | [CVE-2020-16156](https://ubuntu.com//security/CVE-2020-16156) | +| | | [CVE-2022-39253](https://ubuntu.com//security/CVE-2022-39253) | +| | | [CVE-2022-39260](https://ubuntu.com//security/CVE-2022-39260) | +| | [0.330.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.330.0) | [CVE-2022-32221](https://ubuntu.com//security/CVE-2022-32221) | +| | | [CVE-2022-35260](https://ubuntu.com//security/CVE-2022-35260) | +| | | [CVE-2022-42915](https://ubuntu.com//security/CVE-2022-42915) | +| | | [CVE-2022-42916](https://ubuntu.com//security/CVE-2022-42916) | +| | [0.331.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.331.0) | [CVE-2022-42010](https://ubuntu.com//security/CVE-2022-42010) | +| | | [CVE-2022-42011](https://ubuntu.com//security/CVE-2022-42011) | +| | | [CVE-2022-42012](https://ubuntu.com//security/CVE-2022-42012) | +| | [0.332.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.332.0) | [CVE-2022-35737](https://ubuntu.com//security/CVE-2022-35737) | +| | [0.333.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.333.0) | [CVE-2022-44638](https://ubuntu.com//security/CVE-2022-44638) | +| | [0.335.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.335.0) | [CVE-2022-43680](https://ubuntu.com//security/CVE-2022-43680) | +| | | [CVE-2022-40674](https://ubuntu.com//security/CVE-2022-40674) | +| | [0.336.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.336.0) | [CVE-2022-3204](https://ubuntu.com//security/CVE-2022-3204) | +| | [0.337.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.337.0) | [CVE-2017-6888](https://ubuntu.com//security/CVE-2017-6888) | +| | | [CVE-2020-0499](https://ubuntu.com//security/CVE-2020-0499) | +| | | [CVE-2021-0561](https://ubuntu.com//security/CVE-2021-0561) | +| | [0.338.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.338.0) | [CVE-2022-43680](https://ubuntu.com//security/CVE-2022-43680) | +| | [0.339.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.339.0) | [CVE-2021-20224](https://ubuntu.com//security/CVE-2021-20224) | +| | | [CVE-2021-20241](https://ubuntu.com//security/CVE-2021-20241) | +| | | [CVE-2021-20243](https://ubuntu.com//security/CVE-2021-20243) | +| | | [CVE-2021-20244](https://ubuntu.com//security/CVE-2021-20244) | +| | | [CVE-2021-20245](https://ubuntu.com//security/CVE-2021-20245) | +| | | [CVE-2021-20246](https://ubuntu.com//security/CVE-2021-20246) | +| | | [CVE-2021-20309](https://ubuntu.com//security/CVE-2021-20309) | +| | | [CVE-2021-20312](https://ubuntu.com//security/CVE-2021-20312) | +| | | [CVE-2021-20313](https://ubuntu.com//security/CVE-2021-20313) | +| | | [CVE-2021-3574](https://ubuntu.com//security/CVE-2021-3574) | +| | | [CVE-2021-39212](https://ubuntu.com//security/CVE-2021-39212) | +| | | [CVE-2021-4219](https://ubuntu.com//security/CVE-2021-4219) | +| | | [CVE-2022-1114](https://ubuntu.com//security/CVE-2022-1114) | +| | | [CVE-2022-28463](https://ubuntu.com//security/CVE-2022-28463) | +| | | [CVE-2022-32546](https://ubuntu.com//security/CVE-2022-32546) | +| | | [CVE-2022-32547](https://ubuntu.com//security/CVE-2022-32547) | +| | | [CVE-2021-20313](https://ubuntu.com//security/CVE-2021-20313) | +| | | [CVE-2022-32545](https://ubuntu.com//security/CVE-2022-32545) | +| | [0.340.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.340.0) | [CVE-2017-9937](https://ubuntu.com//security/CVE-2017-9937) | +| | [0.341.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.341.0) | [CVE-2013-4235](https://ubuntu.com//security/CVE-2013-4235) | +| | | [CVE-2017-2626](https://ubuntu.com//security/CVE-2017-2626) | +| | [0.342.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.342.0) | [CVE-2022-39377](https://ubuntu.com//security/CVE-2022-39377) | +| | [0.343.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.343.0) | [CVE-2022-3970](https://ubuntu.com//security/CVE-2022-3970) | +| | [0.344.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.344.0) | [CVE-2022-38533](https://ubuntu.com//security/CVE-2022-38533) | +| | | [CVE-2022-2309](https://ubuntu.com//security/CVE-2022-2309) | +| | | [CVE-2022-40303](https://ubuntu.com//security/CVE-2022-40303) | +| | | [CVE-2022-40304](https://ubuntu.com//security/CVE-2022-40304) | +| | [0.345.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.345.0) | [CVE-2022-41916](https://ubuntu.com//security/CVE-2022-41916) | +| | [0.346.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.346.0) | [CVE-2022-37454](https://ubuntu.com//security/CVE-2022-37454) | +| | | [CVE-2022-45061](https://ubuntu.com//security/CVE-2022-45061) | +| | [0.348.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.348.0) | [CVE-2022-43551](https://ubuntu.com//security/CVE-2022-43551) | +| | | [CVE-2022-43552](https://ubuntu.com//security/CVE-2022-43552) | +| | [0.349.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.349.0) | [CVE-2021-44758](https://ubuntu.com//security/CVE-2021-44758) | +| | | [CVE-2022-3437](https://ubuntu.com//security/CVE-2022-3437) | +| | | [CVE-2022-42898](https://ubuntu.com//security/CVE-2022-42898) | +| | | [CVE-2022-44640](https://ubuntu.com//security/CVE-2022-44640) | +| | [0.351.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.351.0) | [CVE-2022-45142](https://ubuntu.com//security/CVE-2022-45142) | +| | | [CVE-2023-0286](https://ubuntu.com//security/CVE-2023-0286) | +| | | [CVE-2023-0215](https://ubuntu.com//security/CVE-2023-0215) | +| | | [CVE-2022-4203](https://ubuntu.com//security/CVE-2022-4203) | +| | | [CVE-2022-4304](https://ubuntu.com//security/CVE-2022-4304) | +| | | [CVE-2022-4450](https://ubuntu.com//security/CVE-2022-4450) | +| | | [CVE-2023-0215](https://ubuntu.com//security/CVE-2023-0215) | +| | [0.352.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.352.0) | [CVE-2022-25147](https://ubuntu.com//security/CVE-2022-25147) | +| | | [CVE-2023-22490](https://ubuntu.com//security/CVE-2023-22490) | +| | | [CVE-2023-23946](https://ubuntu.com//security/CVE-2023-23946) | +| | | [CVE-2022-44268](https://ubuntu.com//security/CVE-2022-44268) | +| | | [CVE-2022-44267](https://ubuntu.com//security/CVE-2022-44267) | +| | [0.353.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.353.0) | [CVE-2022-48303](https://ubuntu.com//security/CVE-2022-48303) | +| | | [CVE-2023-23914](https://ubuntu.com//security/CVE-2023-23914) | +| | | [CVE-2023-23915](https://ubuntu.com//security/CVE-2023-23915) | +| | | [CVE-2023-23916](https://ubuntu.com//security/CVE-2023-23916) | +| | [0.354.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.354.0) | [CVE-2023-22490](https://ubuntu.com//security/CVE-2023-22490) | +| | [0.355.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.355.0) | [CVE-2022-37454](https://ubuntu.com//security/CVE-2022-37454) | +| | [0.356.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.356.0) | [CVE-2023-0797](https://ubuntu.com//security/CVE-2023-0797) | +| | | [CVE-2023-0799](https://ubuntu.com//security/CVE-2023-0799) | +| | | [CVE-2023-0800](https://ubuntu.com//security/CVE-2023-0800) | +| | | [CVE-2023-0804](https://ubuntu.com//security/CVE-2023-0804) | +| | | [CVE-2023-0802](https://ubuntu.com//security/CVE-2023-0802) | +| | | [CVE-2023-0796](https://ubuntu.com//security/CVE-2023-0796) | +| | | [CVE-2023-0803](https://ubuntu.com//security/CVE-2023-0803) | +| | | [CVE-2023-0801](https://ubuntu.com//security/CVE-2023-0801) | +| | | [CVE-2023-0798](https://ubuntu.com//security/CVE-2023-0798) | +| | | [CVE-2023-0795](https://ubuntu.com//security/CVE-2023-0795) | +| | | [CVE-2023-0797](https://ubuntu.com//security/CVE-2023-0797) | +| | [0.357.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.357.0) | [CVE-2023-27533](https://ubuntu.com//security/CVE-2023-27533) | +| | | [CVE-2023-27534](https://ubuntu.com//security/CVE-2023-27534) | +| | | [CVE-2023-27535](https://ubuntu.com//security/CVE-2023-27535) | +| | | [CVE-2023-27536](https://ubuntu.com//security/CVE-2023-27536) | +| | | [CVE-2023-27538](https://ubuntu.com//security/CVE-2023-27538) | +| | | [CVE-2022-47024](https://ubuntu.com//security/CVE-2022-47024) | +| | | [CVE-2023-0433](https://ubuntu.com//security/CVE-2023-0433) | +| | | [CVE-2023-0051](https://ubuntu.com//security/CVE-2023-0051) | +| | | [CVE-2023-1175](https://ubuntu.com//security/CVE-2023-1175) | +| | | [CVE-2023-1264](https://ubuntu.com//security/CVE-2023-1264) | +| | | [CVE-2023-0054](https://ubuntu.com//security/CVE-2023-0054) | +| | | [CVE-2023-0049](https://ubuntu.com//security/CVE-2023-0049) | +| | | [CVE-2023-1264](https://ubuntu.com//security/CVE-2023-1264) | +| | | [CVE-2023-0433](https://ubuntu.com//security/CVE-2023-0433) | +| | | [CVE-2023-0288](https://ubuntu.com//security/CVE-2023-0288) | +| | | [CVE-2023-1170](https://ubuntu.com//security/CVE-2023-1170) | +| | | [CVE-2023-24329](https://ubuntu.com//security/CVE-2023-24329) | +| | | [CVE-2020-8112](https://ubuntu.com//security/CVE-2020-8112) | +| | | [CVE-2020-27824](https://ubuntu.com//security/CVE-2020-27824) | +| | | [CVE-2020-27845](https://ubuntu.com//security/CVE-2020-27845) | +| | | [CVE-2020-27843](https://ubuntu.com//security/CVE-2020-27843) | +| | | [CVE-2020-27814](https://ubuntu.com//security/CVE-2020-27814) | +| | | [CVE-2020-6851](https://ubuntu.com//security/CVE-2020-6851) | +| | | [CVE-2020-15389](https://ubuntu.com//security/CVE-2020-15389) | +| | | [CVE-2020-27823](https://ubuntu.com//security/CVE-2020-27823) | +| | | [CVE-2020-27842](https://ubuntu.com//security/CVE-2020-27842) | +| | | [CVE-2020-27841](https://ubuntu.com//security/CVE-2020-27841) | +| | | [CVE-2022-3821](https://ubuntu.com//security/CVE-2022-3821) | +| | | [CVE-2022-4415](https://ubuntu.com//security/CVE-2022-4415) | +| | | [CVE-2022-45873](https://ubuntu.com//security/CVE-2022-45873) | +| | [0.360.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.360.0) | [CVE-2022-1674](https://ubuntu.com//security/CVE-2022-1674) | +| | | [CVE-2022-1851](https://ubuntu.com//security/CVE-2022-1851) | +| | | [CVE-2022-2125](https://ubuntu.com//security/CVE-2022-2125) | +| | | [CVE-2022-2206](https://ubuntu.com//security/CVE-2022-2206) | +| | | [CVE-2022-2581](https://ubuntu.com//security/CVE-2022-2581) | +| | | [CVE-2022-2849](https://ubuntu.com//security/CVE-2022-2849) | +| | | [CVE-2022-2923](https://ubuntu.com//security/CVE-2022-2923) | +| | | [CVE-2022-1927](https://ubuntu.com//security/CVE-2022-1927) | +| | | [CVE-2022-2344](https://ubuntu.com//security/CVE-2022-2344) | +| | | [CVE-2022-2946](https://ubuntu.com//security/CVE-2022-2946) | +| | | [CVE-2022-2980](https://ubuntu.com//security/CVE-2022-2980) | +| | | [CVE-2022-1968](https://ubuntu.com//security/CVE-2022-1968) | +| | | [CVE-2022-2304](https://ubuntu.com//security/CVE-2022-2304) | +| | | [CVE-2022-1629](https://ubuntu.com//security/CVE-2022-1629) | +| | | [CVE-2022-0413](https://ubuntu.com//security/CVE-2022-0413) | +| | | [CVE-2022-1785](https://ubuntu.com//security/CVE-2022-1785) | +| | | [CVE-2022-2845](https://ubuntu.com//security/CVE-2022-2845) | +| | | [CVE-2022-1927](https://ubuntu.com//security/CVE-2022-1927) | +| | | [CVE-2022-2345](https://ubuntu.com//security/CVE-2022-2345) | +| | | [CVE-2022-2126](https://ubuntu.com//security/CVE-2022-2126) | +| | | [CVE-2022-1898](https://ubuntu.com//security/CVE-2022-1898) | +| | | [CVE-2022-1720](https://ubuntu.com//security/CVE-2022-1720) | +| | | [CVE-2022-2183](https://ubuntu.com//security/CVE-2022-2183) | +| | | [CVE-2022-2124](https://ubuntu.com//security/CVE-2022-2124) | +| | | [CVE-2022-1735](https://ubuntu.com//security/CVE-2022-1735) | +| | | [CVE-2022-1733](https://ubuntu.com//security/CVE-2022-1733) | +| | | [CVE-2022-2129](https://ubuntu.com//security/CVE-2022-2129) | +| | | [CVE-2022-1796](https://ubuntu.com//security/CVE-2022-1796) | +| | | [CVE-2022-2175](https://ubuntu.com//security/CVE-2022-2175) | +| | | [CVE-2022-1942](https://ubuntu.com//security/CVE-2022-1942) | +| | | [CVE-2022-2571](https://ubuntu.com//security/CVE-2022-2571) | +| | [0.361.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.361.0) | [CVE-2023-28486](https://ubuntu.com//security/CVE-2023-28486) | +| | | [CVE-2023-28487](https://ubuntu.com//security/CVE-2023-28487) | +| | [0.362.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.362.0) | [CVE-2023-28484](https://ubuntu.com//security/CVE-2023-28484) | +| | | [CVE-2023-29469](https://ubuntu.com//security/CVE-2023-29469) | +| | [0.364.0](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.364.0) | [CVE-2022-3996](https://ubuntu.com//security/CVE-2022-3996) | +| | | [CVE-2023-0464](https://ubuntu.com//security/CVE-2023-0464) | +| | | [CVE-2023-0465](https://ubuntu.com//security/CVE-2023-0465) | +| | | [CVE-2023-0466](https://ubuntu.com//security/CVE-2023-0466) | +| [credhub-release](https://github.com/pivotal/credhub-release) | [2.11.0](https://github.com/pivotal/credhub-release/releases/tag/2.11.0) | [CVE-2021-44228](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q) | +| | [2.12.8](https://github.com/pivotal/credhub-release/releases/tag/2.12.8) | [CVE-2022-31197](https://nvd.nist.gov/vuln/detail/CVE-2022-31197) | +| [garden-runc](https://github.com/cloudfoundry/garden-runc-release/releases) | [1.19.32](https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.19.32) | [CVE-2021-43816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43816) | +| | [1.20.1](https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.20.1) | [CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806) | +| | | [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772) | +| | [1.20.3](https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.20.3) | [CVE-2021-21284](https://nvd.nist.gov/vuln/detail/CVE-2021-21284) | +| [](https://github.com/cloudfoundry/routing-release/releases)[routing](https://github.com/cloudfoundry/routing-release/releases) | [0.228.0](https://github.com/cloudfoundry/routing-release/releases/tag/0.228.0) | [CVE-2021-44716](https://github.com/advisories/GHSA-vc3p-29h2-gpcp) | +| | [0.239.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.239.0) | [CVE-2022-27664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664) | +| | [0.266.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.266.0) | [CVE-2023-20882](https://www.cloudfoundry.org/blog/cve-2023-20882-gorouter-pruning-via-client-disconnect-resulting-in-dos/) | +| [](https://github.com/cloudfoundry/silk-release/releases)[silk](https://github.com/cloudfoundry/silk-release/releases) | [3.1.0](https://github.com/cloudfoundry/silk-release/releases/tag/3.1.0) | [CVE-2022-23772](https://github.com/advisories/GHSA-q99m-p7hq-5v4f) | +| | | [CVE-2022-23806](https://github.com/advisories/GHSA-8c83-vp4v-h7fq) | +| [uaa](https://github.com/cloudfoundry/uaa-release/releases) | [v75.10.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v75.10.0) | [CVE-2021-40690](https://github.com/advisories/GHSA-j8wc-gxx9-82hx) | +| | | [CVE-2021-43466](https://github.com/advisories/GHSA-qcj6-jqrg-4wp2) | +| | [v75.11.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v75.11.0) | [CVE-2021-44228](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q) | +| | | [CVE-2021-41973](https://github.com/advisories/GHSA-6mcm-j9cj-3vc3) | +| | [v75.14.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v75.14.0) | [CVE-2021-22098](https://github.com/advisories/GHSA-gmmg-mg5x-45rp) | +| | [v75.15.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v75.15.0) | [CVE-2022-23437](https://github.com/advisories/GHSA-h65f-jvqw-m9fj) | +| | [v75.17.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v75.17.0) | [CVE-2020-36518](https://github.com/advisories/GHSA-57j2-w4cx-62h2) | +| | [v75.18.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v75.18.0) | [CVE-2022-22965](https://github.com/advisories/GHSA-36p3-wjmg-h94x) | +| | [v75.19.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v75.19.0) | [CVE-2022-22968](https://github.com/advisories/GHSA-g5mm-vmx4-3rg7) | +| | | [CVE-2022-22969](https://github.com/advisories/GHSA-c2cp-3xj9-97w9) | +| | [v75.20.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v75.20.0) | [CVE-2022-23457](https://github.com/advisories/GHSA-8m5h-hrqm-pxm2) | +| | | [CVE-2022-24891](https://github.com/advisories/GHSA-q77q-vx4q-xx6q) | +| | | [CVE-2022-22976](https://github.com/advisories/GHSA-wx54-3278-m5g4) | +| | | [CVE-2022-22978](https://github.com/advisories/GHSA-hh32-7344-cg2f) | +| | [v75.22.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v75.22.0) | [CVE-2022-34169](https://github.com/advisories/GHSA-9339-86wc-4qgf) | +| | [v75.23.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v75.23.0) | [CVE-2022-31197](https://github.com/advisories/GHSA-r38f-c4h4-hqq2) | +| | [v76.1.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v76.1.0) | [CVE-2022-38751](https://github.com/advisories/GHSA-98wm-3w3q-mw94) | +| | | [CVE-2022-38752](https://github.com/advisories/GHSA-9w3m-gqgf-c4p9) | +| | [v76.2.0](https://github.com/cloudfoundry/uaa-release/releases/tag/v76.2.0) | [CVE-2022-42003](https://github.com/advisories/GHSA-jjjh-jjxp-wpff) | +| [cf-deployment](https://github.com/cloudfoundry/cf-deployment/releases) | [v17.1.0](https://github.com/cloudfoundry/cf-deployment/releases/tag/v17.1.0) | [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) | +| | | [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046) | +| | [v20.0.0](https://github.com/cloudfoundry/cf-deployment/releases/tag/v20.0.0) | [CVE-2022-22965](https://www.cloudfoundry.org/blog/cve-2022-22965/) | + +[Deprecations/Noteworthy Changes] + +Review cf-deployment release notes for specifics + +- Remove plaintext NATS job +- Remove unused q-s3.log-cache.default.cf.bosh +- Remove obsolete cc_bulk_api_password +- The UAA VM size has been increased from minimal to small. This may affect your IaaS quotas. +- Custom ops-files which manipulate scopes of UAA clients cc-service-dashboards, cf or ssh-proxy (scope key in manifest) might not work anymore due to manifest changes. See manifest changes section for more details. +- Remove obsolete credential internal_api_password in cf-deployment.yml as mTLS is now used instead +- The deprecated Log Cache Nozzle ops files have been removed +- operations/experimental/add-disabled-syslog-agent-for-upgrade.yml, which has been deprecated for some time. +- operations/experimental/enable-smb-volume-service.yml, which was promoted some time ago, the promoted ops file should be used instead: operations/enable-smb-volume-service.yml. \ No newline at end of file