We're happy to announce the release of Buoyant Enterprise for Linkerd 2.15.5. This latest stable release fixes a potential panic in the destination controller, and includes a fix for CVE-2024-40632, a low criticality CVE in Linkerd.

BEL 2.15.5 is our fifth stable release in the Linkerd 2.15 line. Like every BEL release, it has undergone rigorous production testing across a variety of platforms including EKS, AKS, GKE, and OpenShift, as well as running in production at Buoyant itself.

You can read the full 2.15.5 release notes on our docs site, or just download BEL 2.15.5 today and give it a try!

Fixes to a panic in the destination controller

Linkerd's destination controller is a core component of the control plane that performs service discovery for proxies. Under certain circumstances when reading endpoint data from the API, the destination controller would crash. Buoyant Enterprise for Linkerd 2.15.5 includes a fix for the underlying issue.

CVE-2024-40632

CVE-2024-40632 is a low-criticality vulnerability in Linkerd where, if Linkerd is deployed on an application that is already vulnerable to Server Side Request Forgery (SSRF) attacks, the proxy's "shutdown" endpoint is also vulnerable which could lead to an additional denial of service attack. Buoyant Enterprise for Linkerd 2.15.5 includes a remediation for CVE-2024-40632 that allows the shutdown endpoint to be disabled.

Improved CLI behavior

Buoyant Enterprise for Linkerd 2.15.5 removes the requirement that the BUOYANT_LICENSE environment variable be present before the CLI will function. As of this release, the CLI will function without this environment variable.

Other CVE remediations

This release also remediates OpenSSL CVEs CVE-2023-5678, CVE-2023-6129, and CVE-2024-0727. These CVEs do not present a notable attack surface area for Linkerd and have been remediated for hygienic and compliance reasons.

Tested platforms

As always, BEL 2.15.5 has undergone a rigorous set of production testing across a variety of Kubernetes versions, including:

• EKS 1.27, 1.28, and 1.29, including ARM
• GKE 1.27, and 1.28
• AKS 1.27, 1.28.3, 1.28.5
• Red Hat OpenShift (OKD 4.13.0)

See the current list of tested platforms for more details.

Try Linkerd today!

A recent evaluation by cloud native consulting company LiveWyre showed that Linkerd outperformed both Istio and Cilium. This is the latest in a long line of benchmarks that consistently show Linkerd is fastest, lightest service mesh on the market.

BEL is our production-ready distribution of the Linkerd service mesh, and the distribution of Linkerd that we run ourselves in production. Anyone can download and try BEL. Just start here and get meshing!

What’s next for Linkerd?

As the creators and maintainers of Linkerd, we're happy to report that the pace of Linkerd development is faster than ever. Over the next few months, we'll be shipping improvements to mesh expansion ergonomics, adding support for IPv6, bringing parity to our Gateway API and pre-Gateway API featureset, and tackling big features like egress metrics and control. Stay tuned for lots, lots more great features from team Linkerd, coming soon to a Buoyant Enterprise for Linkerd release near you.