SUSE-SU-2026:2643-1: critical: Security update for aws-iam-authenticator
SLE-UPDATES
null at suse.de
Fri Jun 26 16:31:34 UTC 2026
# Security update for aws-iam-authenticator
Announcement ID: SUSE-SU-2026:2643-1
Release Date: 2026-06-26T08:35:07Z
Rating: critical
References:
* bsc#1200528
* bsc#1201395
* bsc#1227519
* bsc#1239947
* bsc#1249141
* bsc#1265842
* bsc#1266651
Cross-References:
* CVE-2022-1996
* CVE-2022-2385
* CVE-2024-39689
* CVE-2025-47910
* CVE-2026-33814
* CVE-2026-39821
CVSS scores:
* CVE-2022-1996 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2022-1996 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2022-1996 ( NVD ): 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
* CVE-2022-2385 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2022-2385 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-39689 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-39689 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-39689 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-47910 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-47910 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39821 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products:
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Public Cloud Module 15-SP6
* Public Cloud Module 15-SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves six vulnerabilities and has one security fix can now be
installed.
## Description:
This update for aws-iam-authenticator fixes the following issues
* CVE-2022-1996: CORS bypass (bsc#1200528).
* CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass
(bsc#1201395).
* CVE-2024-39689: remove root certificates from `GLOBALTRUST` from the root
store.
* CVE-2025-47910: net/http: CrossOriginProtection bypass patterns are over-
broad.
* CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport
when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265842).
* CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only
Punycode-encoded labels allows for validation bypass and privilege
escalation (bsc#1266651).
Changes for aws-iam-authenticator:
* Update to version 0.7.18
* Merge pull request (#1062) from CaidenBorrego/new-release
* Creating new release for CVE mitigation
* Merge pull request (#1057) from CaidenBorrego/caidenb-versionbump
* Merge remote-tracking branch 'upstream/master' into caidenb-versionbump
* Bump x/net and x/sys to remediate CVEs (bsc#1266651, CVE-2026-39821)
* Update to 0.7.17
* Merge pull request #1051 from CaidenBorrego/caidenb-versionbump
* bumping version from 0.7.16->0.7.17
* Merge pull request #1047 from CaidenBorrego/caidenb-reservedprefix-fix
* fix: honor reservedPrefixConfig for ConfigMap and CRD backends
* Merge pull request #1046 from CaidenBorrego/caidenb-gorunner-bump
* fix: reject malformed mapping ARN in userIDStrict mode for dynamic files
* Update to 0.7.16
* Merge pull request #1041 from ronaldngounou/rngounou/bump-go-1.26.3
* Pin GitHub Actions to full-length commit SHAs
* fix: bump go version to 1.26.3 for CVEs
* from version 0.7.15
* Merge pull request #1035 from Ganiredi/bump-version-0.7.15
* Bump version to 0.7.15
* Merge pull request #1030 from Ganiredi/1.36-k8s-deps
* 1.36.0 dependency update
* from version 0.7.14
* Merge pull request #1029 from CaidenBorrego/caidenb-gorunner-bump
* Bump version to 0.7.14
* Bumping gorunner image tag in Dockerfile for CVE mitigation
* from version 0.7.13
* Merge pull request #1020 from dheeraj-coding/master
* feat: add manual dispatch function for create-release.yml
* Merge pull request #1019 from dheeraj-coding/master
* fix: create-release workflow failures
* Merge pull request #1017 from Ganiredi/1.36-k8s-deps
* Merge pull request #1018 from dheeraj-coding/master
* fix: build failure due to stale gcb image by updating to latest
* Release 0.7.13
* Merge pull request #1016 from Ganiredi/1.36-k8s-deps
* Merge branch 'master' into 1.36-k8s-deps
* Merge pull request #1013 from kubernetes-sigs/dependabot/go_modules/misc-
dependencies-be00ae3611
* 1.36.rc release
* Merge pull request #1015 from dheeraj-coding/master
* fix: bump go version 1.26.2 for CVEs
* chore(deps): Bump the misc-dependencies group across 3 directories with 6
updates (bsc#1265842, CVE-2026-33814)
* Merge pull request #1011 from kubernetes-
sigs/dependabot/go_modules/observability-dependencies-9e34dd3c34
* Merge pull request #1009 from kubernetes-sigs/dependabot/go_modules/misc-
dependencies-b5e1eeb2d5
* Merge pull request #1004 from bryantbiggs/chore/fix-goreleaser-deprecations
* Merge pull request #1010 from kubernetes-sigs/dependabot/go_modules/aws-
dependencies-7118f1d525
* chore(deps): Bump the observability-dependencies group across 2 directories
with 2 updates
* chore(deps): Bump the aws-dependencies group across 2 directories with 6
updates
* chore(deps): Bump the misc-dependencies group across 3 directories with 2
updates
* Merge pull request #1008 from kubernetes-sigs/dependabot/go_modules/aws-
dependencies-3ce7b5fcac
* chore(deps): Bump the aws-dependencies group across 2 directories with 12
updates
* Merge pull request #1006 from kubernetes-
sigs/dependabot/go_modules/k8s-dependencies-09346e948b
* chore(deps): Bump the k8s-dependencies group across 3 directories with 8
updates
* Merge pull request #1005 from kubernetes-sigs/dependabot/go_modules/aws-
dependencies-508cd0fd8e
* chore(deps): Bump the aws-dependencies group across 2 directories with 15
updates
* fix: update Makefile goreleaser target for v2 compatibility
* fix: resolve goreleaser v2 deprecations
* Update to version 0.7.12
* Update OWNERS in reviewers and approvers list
* Release 0.7.12
* ci: add verify job to catch unrun gofmt and go mod tidy
* chore(lint): harden linter config and fix coverage gaps
* fix(lint): add revive and unparam linters with full compliance
* ci: add unit test job, expand golangci config, add make update/verify
* docs(e2e): fix Go version, remove non-existent make target, fix typo
* docs(release): remove stale ECR image update instructions and fix asset
version placeholders
* fix: address code review findings in repo cleanup branch
* docs: rewrite development.md as a practical local dev guide
* chore: repo cleanup, developer experience improvements
* chore: reduce binary size by 59% (80 MB -> 33 MB)
* fix(lint): replace deprecated NewSimpleClientset and fix embedded field
selector
* fix(tests): address code review findings in integration test framework
* fix(tests): address post-refactor issues and add go workspace
* refactor(tests): remove k8s.io/kubernetes dependency from test modules
* chore: update all dependencies to latest versions
* Set GOWORK=off to make building with vendored dependencies work
* Update to version 0.7.11
* Merge pull request #988 from dstdfx/bump-version
* Bump version to 0.7.11
* Merge pull request #985 from dstdfx/bump-go-version-1.25.7
* Update go.mod for e2e/int tests
* Update go.mod
* Merge pull request #986 from ShiriNmi1520/master
* Clarify README "Run the server" deployment instructions
* Bump go to 1.25.7
* Merge pull request #983 from eks-distro-pr-bot/eks-distro-pr-bot/go-version-
bumps
* Creating PR to update Go version to 1.25.6
* Update to version 0.7.10:
* 1.35.0 dependency update
* Creating PR to update Go version to 1.25.5
* chore(deps): Bump the observability-dependencies group across 2 directories
with 1 update
* chore(deps): Bump the misc-dependencies group across 3 directories with 13
updates
* chore(deps): Bump the observability-dependencies group across 1 directory
with 2 updates
* chore(deps): Bump the misc-dependencies group across 3 directories with 27
updates
* chore(deps): Bump the aws-dependencies group across 2 directories with 11
updates
* chore(deps): Bump the misc-dependencies group across 2 directories with 17
updates
* Update to version 0.7.9
* Creating PR to update Go version to 1.25.4
* chore(deps): Bump the aws-dependencies group across 2 directories with 13
updates
* chore(deps): Bump golangci/golangci-lint-action in the actions group
* chore(deps): Bump the observability-dependencies group across 3 directories
with 2 updates
* chore(deps): Bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client
* chore(deps): Bump the aws-dependencies group across 2 directories with 14
updates
* bump golang version to 1.25.3
* Creating PR to update Go version to 1.25.3
* chore(deps): Bump github.com/onsi/ginkgo/v2
* chore(deps): Bump the observability-dependencies group across 3 directories
with 1 update
* chore(deps): Bump the misc-dependencies group across 3 directories with 11
updates
* chore(deps): Bump the misc-dependencies group across 3 directories with 5
updates
* chore(deps): Bump the aws-dependencies group across 2 directories with 3
updates
* Update to version 0.7.8
* chore: Bump indirect Kubernetes dependencies to latest
* chore: Bump Kubernetes dependencies to latest
* Bump the misc-dependencies group across 3 directories with 18 updates
* Bump the aws-dependencies group across 2 directories with 11 updates
* Fix CVE-2025-47910
* Bump go.opentelemetry.io/auto/sdk
* Bump the aws-dependencies group across 2 directories with 1 update
* Bump the misc-dependencies group across 3 directories with 10 updates
* from version 0.7.7
* add support for aws-eusc partition
* chore: Commit changes from `make codegen`
* fix: Use `.go-version` for the go version
* feat: Add `golanglint-ci` pull request review; resolve all findings
* Add haoranleo as approver
* Bump the observability-dependencies group across 3 directories with 3
updates
* Bump actions/setup-go from 5 to 6 in the actions group
* Bump the misc-dependencies group across 3 directories with 8 updates
* Bump github.com/coreos/go-oidc
* Bump the observability-dependencies group across 3 directories with 12
updates
* from version 0.7.6
* feat: Update go version to `1.25`; update dependencies to latest to patch
reported vulnerabilities
* Force TCP URLs for etcd compatibility
* Update go dependencies with 1.34.0
* Bump the k8s-dependencies group across 3 directories with 8 updates
* Bump the k8s-dependencies group across 3 directories with 1 update
* Bump actions/checkout from 4 to 5 in the actions group
* Bump the aws-dependencies group across 2 directories with 13 updates
* from version 0.7.5
* migrate hostname verification to sdk go v2
* from version 0.7.4
* chore: Move observability dependencies to separate dependabot update group
* Bump the aws-dependencies group across 2 directories with 12 updates
* from version 0.7.3
* update Approvers/reviewers
* update go version to 1.24.4
* added logs for global region fallback
* added global region fallback to imds
* Bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client
* bumps kops and k8s versions, replaced node label "master" with "control-
plane"
* added imds logic back in, with EC2_METADATA enabled by default
* removed headersourceacct from ststest, return err if no region cfg
* added context chaining, cleanup
* add context chaining, client config fixes
* Move non problematic cache logs into debug
* Rename log-level to log-verbosity, remove AutomaticEnv
* lint fixes
* get region from imds if not in config
* added go.sum entries for tests/integration, fixed imds nil pointer
dereference
* Revert "Bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client"
* added some context chaining, fixed region config in GetWithOptions
* updated arn, deleted v1-v2 creds converter
* updated pkg/token to v2
* updated pkg/filecache
* updated arn in pkg/server to use v2
* updated pkg/server to use v2
* upgraded ec2provider
* Bump the misc-dependencies group across 3 directories with 5 updates
* Bump the misc-dependencies group across 3 directories with 6 updates
* Bump the misc-dependencies group across 3 directories with 9 updates
* Use logrus for filecache logs
* Add quiet mode (cache only)
* from version 0.7.2
* Bump the misc-dependencies group across 3 directories with 43 updates
* Bump the k8s-dependencies group across 3 directories with 2 updates
* from version 0.7.1
* Revert "Add 2 more tag validation checks"
* Update the gorunner to v0.18.0-eks-1-32-latest
* update the go version to 1.24.2
* adding yue9944882 to owner
* adds http2 support
* Bump the aws-dependencies group across 2 directories with 3 updates
* Update configmap.go
* release authenticator from mainline with 0.7.0
* Bump goreleaser/goreleaser-action from 5 to 6 in the actions group
* Bump the misc-dependencies group across 3 directories with 41 updates
* Remove no-op err assignment
* Fix credential expirability check
* chore: Update golan x package transitive dependencies
* fix: Correct codgen script due to deprecated script removal
* Update configmap test per 1.32.0 change in client-go
* Update upstream dependencies to v1.32.0
* chore: Update to go `1.23.4`
* deps: Update `golang.org/x/crypto` library to remediate high CVE
* chore: Add dependabot configuration to automatically check for package
updates weekly
* handle scenario when the file is created but doesn't have content
* update code and add tests
* remove nnmin-aws from approver list
* add kmala to the owners list
* update metrics dimention to stsregion
* add default timeout for http client
* log sts host instead of global/regional
* update log
* remove typo and log line
* remove typo
* Bump test go versions
* add logs and metrics dimentions to find sts call success/failures on
global/regional endpoints
* Bump go minor version
* Update aws-iam-authenticator installation command
* use protobuf content type instead of json for k8s client
* Update RELEASE.md
* Bump go-restful in e2e and integration tests
* Bump go-restful
* Remove outdated changelog artifacts
* Bump deploy/example.yaml version
* Update filecache to use AWS SDK Go V2 with wrappers
* Refactored token filecache
* Fix x-amz-expires header value
* Remove parameterized AWS session from token.go
* Parse source account from sourceARN
* Add sourceArn to sts through headers
* Add configurable Now time for signature generation
* cleanup to use composite literals
* update to sig.k8s.io namespace
* retain original field
* update the image to latest to fix CVE-2024-39689
* add a namespaced field
* Update upstream dependencies to v1.31.0
* update the go version to 1.22.5
* Add unit test
* skip service validation to get the default regions endpoint
* fix: Run `go mod tidy` to fix `go.sum` files
* fix: Update goreleaser workflow to fix warnings and artifact generation
* update aws go sdk to 1.54.6
* chore: Remove emeritus reviewers from `SECURITY_CONTACTS`
* fix: Add random string to e2e test role to avoid pipeline run conflicts
* fix: Run `go mod tidy` from `tests/integration` directory
* chore: Update CLI dependencies `cobra` and `viper`
* updating google.golang.org/grpc/otelgrpc to v0.47.0
* chore: Update CI action versions, remove `push` trigger
* chore: Align go versions and remove unused files
* updating k8s client libraries and go version
* adding new approvers - nnmin-aws
* Bump go version to 1.21.8
* Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
* chore: Re-update to latest patch version of K8s packages
* fix time formatting
* refactor structs for dynamic file load
* add support for adoption rate metrics for cam
* add support for e2e latency for dynamic mode
* Switch to GOTOOLCHAIN env setting from gimme
* Switch back to use go-version from go-image-tag
* Switch to use go-image-tag from go-version
* Repo controlled build go version
* chore: Re-update and align
* fix semantic error
* feat: Re-update K8s packages to latest release
* fix: Use `SIGDescribe`
* fix: Use `framework.WithDisruptive()`
* fix: [Disruptive] in plain text is deprecated and must be added through
WithDisruptive instead
* chore: Update dependencies for `e2e` tests
* fix: Add context to `StartTestServer`
* fix: Align integration test `replace` versions in `go.mod`
* fix: Fix codegen and update `replace` test integration dependencies
* fix: Integration test dependencies run `go mod tidy`
* fix: Downgrade `k8s.io/sample-controller` which requires updating context
handling
* chore: Update app K8s dependencies
* adding nnmin-aws into reviewers
* Replace deprecated `ioutil` package
* fix base image to use latest
* minor fix the IAM user arn verification
* Fix role ARN comparison for user ID strict check (#669)
* Check ARN for user ID strict check (#660)
* Update go to 1.21.5
* Change s3 bucket for e2e tests, current default exists somewhere (#652)
* Bump minimum Go version to 1.25 in BuildRequires
* Update to version 0.6.31
* from version 0.6.30
* Small fixes missed during cherrypicking
* Cherry-picked file changes from commit https://github.com/kubernetes-
sigs/aws-iam-authenticator/pull/554/commits
* Simplify featuregate flag parsing for SSORoleMatch
* Support un-canonicalized ARNs in filemapper
* Add SSO Role suffix support (#416)
* Chore: Update golang x package transitive dependencies
* Add -buildmode=pie to go build command line (bsc#1239947)
* Update to version 0.6.29
* from version 0.6.28
* Update owners list to sync master branch
* Lpdate log
* Add logs and metrics dimentions to find sts call success/failures on
global/regional endpoints
* Return 429 for STS throttling
* Update to 0.6.27
* from version 0.6.26
* from version 0.6.25
* from version 0.6.24
* Update the image to latest to fix CVE-2024-3968
* from version 0.6.23
* Update to version 0.6.22
* Update to version 0.6.21
* from version 0.6.20
* Merge pull request #713 from jaidevmane/updating-otelgrpc-to-v0.51.0
* Merge pull request #709 from bryantbiggs/chore/update-ci-versions
* Merge pull request #708 from jaidevmane/updating-deps
* Merge pull request #707 from jaidevmane/adding-new-approvers
* Merge pull request #687 from bryantbiggs/chore/update-app-k8s-dependencies
* from version 0.6.19
* Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
* from version 0.6.18
* from version 0.6.17
* Fix base image to use latest and release v0.6.17
* from version 0.6.16
* from version 0.6.15
* Fix role ARN comparison for user ID strict check (#669) (#671)
* Bump minimum Go version to 1.22 in BuildRequires
* Update to version 0.6.14
* Check ARN for user ID strict check (#660) (#664)
* Update go to 1.21.5 (#663)
* Update go to 1.21.4 (#648) (#659)
* Update to version 0.6.13
* Cherry-pick: Fix federated user ID parsing #644 (#654)
* Fix issue 606: use latest version of aws-sdk-go (#650)
* Change s3 bucket for e2e tests, current default exists somewhere (#653)
* from version 0.6.12
* Avoid parsing single quote empty inputs
* Avoid parsing known empty inputs
* Update to version 0.6.11
* Optimize only rebuild mapper when the actual backend modes change
* Add int test for dynamic backend mode
* Add DynamicBackendMode
* Allow running create release from Github UI
* Update to version 0.6.10
* Update go.sum
* Only replace x/net
* Add build-all-images make target
* Enable cross-compilation in Dockerfile
* from version 0.6.9
* Add DynamicFileError Metric
* from version 0.6.8
* Add comments explicitly on what we need to do later
* Shutdown gracefully and avoid the extra thread leak checks that EtcdMain
barfs on
* Switch to newer ginkgo v2
* Bump dependencies and go version (in go.mod) (bsc#1200528, CVE-2022-1996)
* from version 0.6.7
* (no changes)
* from version 0.6.6
* Add Username Prefix Enforce for DynamicFile mode
* from version 0.6.5
* Update the aws sdk go version to latest
* Update base image in Docker file
* from version 0.6.4
* Loop up RoleMapping with UserId in dynamocfile mode
* Install kind if it doesn't exist to _output
* Update server_test for expose principal ID in audit log
* Expose Principal Id to audit log
* Migrate away from google.com gcp project k8s-testimages
* Build s390x/ppc64le binaries
* Add default instance region in sts hostname
* from version 0.6.3
* Bump aws sdk go to v1.44.145
* Update Dockerfile to pull from https://gallery.ecr.aws/ \ eks-distro-build-
tooling/golang to avoid reaching pull rate limit from docker.io
* Add go mod for E2E
* Add install kind into e2e script
* Move e2e test from start dev script + minor fix for run.sh
* Add end to end test for mountfile mode in kind Update Makefile to support
run e2e from either kind or kops.
* Add end to end test for dynamicfile backend
* Update to version 0.6.2
* Add automatic release creation
* Add tag workflow to release-0.6 branch
* Remove dependency from PR #416
* Revert "Add SSO Role suffix support (#416)
* from version 0.6.1
* Test release tagging
* Fix file permissions
* Tag release on update to version.txt
* Update Dockerfile to pull from https://gallery.ecr.aws/eks-distro-build-
tooling/golang to avoid reaching pull rate limit from docker.io
* Added Issue and PR templates (#517)
* Update Dockerfile to use Golang as builder
* from version 0.6.0
* Print CommitID too on startup
* Print version on startup
* Add new backend mode DYNAMICFILE
* Update go.mod and go.sum for tests/integrations
* Replace tabs with spaces in go.mod
* Bump aws sdk go to v1.44.107
* Minor fix on the script to solve permission denied issue when run make
start-dev
* Working E2E tests in prow
* Non-blocking E2E tests
* Add e2e recipe to Makefile
* Basic E2E testing for authenticator
* Initialize metrics in NewVerifier() if needed
* Added ConfiguredInitDirectories featuregate for init command
* rm more v1alpha1 version
* Bump 0.6 (#471)
* Bump version in Makefile
* Add query parameter validation for multiple parameters
* Replace deprecated seccomp annotation with seccompProfile.
* Replace deprecated critical pod annotation with priorityClassName.
* Whitespace consistency fixes.
* Use rbac.authorization.k8s.io/v1 instead of v1beta1 in example manifest.
* Lowercase the ARN keys
* Remove vendor directory
* linux/amd64 only for image target
* Don't push on image target
* from version 0.5.16
* Shutdown gracefully and avoid the extra thread leak checks that EtcdMain
barfs on
* Bump dependencies and go version (in go.mod)
* from version 0.5.15
* from version 0.5.14
* from version 0.5.13
* from version 0.5.12
* Fix Makefile on branch release-0.5 (#520)
* rm more v1alpha1 version (#516)
* from version 0.5.11
* Add end to end test for mountfile mode in kind Update Makefile to support
run e2e from either kind or kops.
* Update to version 0.5.10
* Automated cherry pick of #491: Bump aws sdk go to v1.44.107 (#493)
* Remove vendor from release-0.5 (#498)
* Update to version 0.5.9
* Add query parameter validation for multiple parameters (#469) (bsc#1201395,
CVE-2022-2385)
* from version 0.5.8
* Revert use of upstream yaml parsing (#455)
* from version 0.5.7
* Remove duplicate InitMetrics by @jngo2 in (#448)
* Fixes a crash when executing authenticator in server mode
* from version 0.5.6
* Bump AWS SDK to v1.43.28 (#445)
* Use the apiversion from KUBERNETES_EXEC_INFO (#439)
* Bump promptui module to v0.9.0 (#437)
* from version 0.5.5
* Use full package name for goreleaser version (#433)
* Add sts error metric (#430)
* Emit metric for EC2 describeInstance calls (#428)
* Rename configmap_watch_failures to configmap_watch_failures_total (#432)
* Simplify goreleaser Dockerfiles (#431)
* Don't pass metrics around (#423)
* from version 0.5.4
* Embed go-runner into the image (#426)
* Bump Go to 1.17 in Travis (#414)
* Build multi-arch images (#417)
* Add kind-based development environment (#422
* Add jaypipes to approvers/reviewers (#407
* Fix deps (#396
* Fix panic when cache file can't be Stat-ed (#410
* Fix missing status definition in v1 CRD (#411)
* Use ./hack/install-etcd.sh (#405
* Run integration tests with per-test role (#402
* Add a counter for API server watch failures (#400)
* Upgrade CRD manifest to v1 (#397
* Move inactives to emeritus_approvers and add active users (#399)
* Fix tests add vendor (#398)
* Integration test framework (#395)
* Add cloudbuild & improvements (#394)
* Fix typo (#390)
* Add user/role subcommands (#381)
* goreleaser: bump release to 0.164.0 and fix config deprecations (#371)
* Run go mod vendor (#388)
* doc: fix typo in RELEASE.md (#376)
* [pkg/token]: Update credential API version (#386)
* Enrich Audit Logs with additional AWS Identity details (via audit logs'
"extra" map) (#372)
* Enable vendoring for Go module dependencies
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Public Cloud Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-2643=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-2643=1
* Public Cloud Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-2643=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-2643=1
## Package List:
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* aws-iam-authenticator-0.7.18-150000.1.17.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* aws-iam-authenticator-0.7.18-150000.1.17.1
* Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* aws-iam-authenticator-0.7.18-150000.1.17.1
* Public Cloud Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* aws-iam-authenticator-0.7.18-150000.1.17.1
## References:
* https://www.suse.com/security/cve/CVE-2022-1996.html
* https://www.suse.com/security/cve/CVE-2022-2385.html
* https://www.suse.com/security/cve/CVE-2024-39689.html
* https://www.suse.com/security/cve/CVE-2025-47910.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://bugzilla.suse.com/show_bug.cgi?id=1200528
* https://bugzilla.suse.com/show_bug.cgi?id=1201395
* https://bugzilla.suse.com/show_bug.cgi?id=1227519
* https://bugzilla.suse.com/show_bug.cgi?id=1239947
* https://bugzilla.suse.com/show_bug.cgi?id=1249141
* https://bugzilla.suse.com/show_bug.cgi?id=1265842
* https://bugzilla.suse.com/show_bug.cgi?id=1266651
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260626/b8d83cc5/attachment.htm>
More information about the sle-updates
mailing list