Skip to content

pipecd

v0.52.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 10mo Pipelines
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ci-cd cloudrun cncf cncf-project devops ecs
+10 more
fargate gitops infrastructure istio kubernetes lambda pipecd sandbox serverless terraform

Affected surfaces

deps breaking_upgrade

Summary

AI summary

Security fix for git CVE-2024-xxxxx (ref: https://github.com/pipe-cd/pipecd/pull/6018#issuecomment-3067877256).

Full changelog

Release v0.52.2 with changes since v0.52.1

Notable Changes

  1. We updated the base image to solve the CVE for git(ref: https://github.com/pipe-cd/pipecd/pull/6018#issuecomment-3067877256). Please update the piped or launcher image version to this version.
    Not just update via PipeCD controlplane UI.

  2. We introduce tini to remove zombie processes.
    If you use launcher container, be sure to update launcher image version. Not just update via PipeCD controlplane UI.

Changes

  • refactor metricsAnalyzer to render queries before execution. (#6010)
  • Update piped-base container image version (#6018)
  • Update piped-base-okd image for piped and launcher (#6023)
  • Use tini to remove zombie process (#5997)
  • Add tini into piped-base image (#5991)

Security Fixes

  • CVE-2024-xxxxx (git) — updated base image in piped and launcher containers per https://github.com/pipe-cd/pipecd/pull/6018#issuecomment-3067877256
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track pipecd

Get notified when new releases ship.

Sign up free

About pipecd

The One CD for All {applications, platforms, operations}

All releases →

Related context

Beta — feedback welcome: [email protected]