Skip to content

kubetail

vcli/v0.17.0 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 29d Logging
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 4 known CVEs

Topics

cluster web devops kubernetes logging monitoring
+3 more
observability private real-time

Summary

AI summary

Harden CSRF token handling to prevent abuse of client‑supplied authorization headers.

Full changelog

What's Changed

  • ✨ Support forwarded host in same-origin check by @amorey in https://github.com/kubetail-org/kubetail/pull/1103
  • 🎣 Relax hex requirement for session key-pairs by @amorey in https://github.com/kubetail-org/kubetail/pull/1107
  • ✨ Trigger publish workflows only on stable releases by @amorey in https://github.com/kubetail-org/kubetail/pull/1110
  • ✨ Add CSRF token support to GraphiQL page by @amorey in https://github.com/kubetail-org/kubetail/pull/1111
  • 🎣 Fix CSRF rejection of legitimate same-origin POSTs by @amorey in https://github.com/kubetail-org/kubetail/pull/1112
  • 🎣 Prevent client-supplied X-Forwarded-Authorization from shadowing service-account-token by @amorey in https://github.com/kubetail-org/kubetail/pull/1113
  • 🎣 Harden CSRF token handling by @amorey in https://github.com/kubetail-org/kubetail/pull/1114
  • 🎣 Stop trusting X-Forwarded-* headers in same-origin check by @amorey in https://github.com/kubetail-org/kubetail/pull/1117
  • ✨ Add allowed-origins config for proxied deployments by @amorey in https://github.com/kubetail-org/kubetail/pull/1118
  • ✨ Consolidate publish-guru workflow and add pkgcheck by @amorey in https://github.com/kubetail-org/kubetail/pull/1120
  • 🎣 Fix context cancellation in mergeLogStreams by @jerome-wilson in https://github.com/kubetail-org/kubetail/pull/1121
  • ✨ Add end-to-end test suite by @amorey in https://github.com/kubetail-org/kubetail/pull/1127
  • ✨ Put cluster-api behind kube-apiserver aggregation layer by @amorey in https://github.com/kubetail-org/kubetail/pull/1125
  • ✨ Simplify e2e suite by dropping env/backend parametrization by @amorey in https://github.com/kubetail-org/kubetail/pull/1129
  • ✨ Migrate e2e cluster tool from k3d to kind by @amorey in https://github.com/kubetail-org/kubetail/pull/1130
  • ✨ Bump grpc-dispatcher-go to v0.1.6 by @amorey in https://github.com/kubetail-org/kubetail/pull/1132
  • 🐋 Add Kubetail API backend to kubetail logs by @amorey in https://github.com/kubetail-org/kubetail/pull/1133
  • 🎣 Remove invalid --upload flag from cosign sign in release workflow by @amorey in https://github.com/kubetail-org/kubetail/pull/1134
  • 🎣 Fix kubetail logs backend fallback, filters, and pagination by @amorey in https://github.com/kubetail-org/kubetail/pull/1135
  • ✨ Add background update check with notification by @amorey in https://github.com/kubetail-org/kubetail/pull/1137

Full Changelog: https://github.com/kubetail-org/kubetail/compare/cli/v0.15.0...cli/v0.17.0

Security Fixes

  • Prevent client‑supplied X-Forwarded-Authorization from shadowing service‑account-token
  • Harden CSRF token handling
  • Stop trusting X-Forwarded-* headers in same-origin check
  • Fix CSRF rejection of legitimate same-origin POSTs
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track kubetail

Get notified when new releases ship.

Sign up free

About kubetail

Real-time logging dashboard for Kubernetes. View logs in a terminal or a browser. Run anywhere - desktop, cluster, docker.

All releases →

Related context

Beta — feedback welcome: [email protected]