Skip to main content
logoTetrate Service BridgeVersion: 1.9.x

Release Notes

Version 1.9.1

TSB 1.9.1 is a patch release that includes stability and reliability updates.

  • Fixed broken counter panels in the Grafana dashboards.
  • Improved the performance of LDAP queries by requesting only the attributes that are needed.
  • Fixed edge cases related to CRD deletion by the TSB operator finalizers.
  • Added the pip/sql/queries and pip/sql/results loggers to show the SQL queries that are being executed by TSB. This can be extremely verbose, but useful for debugging purposes. To enable the query logging, the mentioned loggers can be configured with: tctl x debug log-level management/apiserver --level pip/sql/queries:debug,pip/sql/results:debug
  • Fixed an issue associated with cross cluster port 15443 when configured as NodePort service when there are multiple gateway install objects
  • Enhancements to metrics captured by xcp-edge - for example, added metrics for Kubernetes events that xcp-edge receives
  • Fixed an issue related to delay in synchronizing cross cluster endpoints when the number of replicas of gateway pods of LoadBalancer service type goes to zero
  • Performance optimization to services processing in xcp-edge while generating cluster state
  • Allow setting httpRetries to '0' through TSB TrafficSetting APIs

Outstanding CVEs

At the time of shipping, there are no Critical vulnerabilities flagged but 2 High CVE (CVE-2023-1370,GHSA-xpw8-rcwv-8f8p) exist in elasticsearch which can be ignored as the affected library is not used in TSB codepath. The following CVEs (medium/low) have been identified as being present in some images by our security tools. They have been evaluated by Tetrate Product Security and are not exploitable in TSB installations.
Where applicable, this was ascertained by using static code analysis tools.

  • GHSA-3m87-5598-2v4f - Not vulnerable - Advisory withdrawn
  • CVE-2024-26462 - No fix available
  • CVE-2024-26458 - No fix available
  • CVE-2024-28180 - No fix available
  • CVE-2021-31879 - No fix available
  • CVE-2024-26461 - No fix available
  • CVE-2024-2236 - No fix available
  • CVE-2022-3219 - No fix available
  • CVE-2023-50495 - No fix available
  • CVE-2023-45918 - No fix available
  • CVE-2023-29383 - No fix available
  • CVE-2023-34969 - No fix available
  • CVE-2022-4899 - No fix available
  • CVE-2023-7008 - No fix available
  • CVE-2021-31879 - No fix available
  • CVE-2022-27943 - No fix available
  • CVE-2022-3857 - No fix available
  • CVE-2016-2781 - No fix available

Version 1.9.0

What's New

  • The deprecated binding of a VirtualService in TrafficGroup to a non-mesh gateway in DIRECT mode is not allowed anymore.
  • Audit logs periodical cleanup AuditLogsCleanupRetention field has been added to dataStore under the ManagementPlane resource spec. If set, a cronjob will periodically clean up audit logs older than the specified duration. For more details, refer to the documentation.
  • Added support for fault injection (delays and aborts) in Service Route HTTP routes (see documentation).
  • Added support for traffic mirroring in Service Route HTTP routes (see documentation).
  • Added support to configure upstream host level traffic settings (see documentation).
  • Ingress and Egress Gateway deployments are not compatible anymore with namespaces labeled with istio-injection=disabled. This is due from now on they need to be injected with custom templates and this label at the namespace level will prevent that. If the namespace doesn't contain the label or the label is set to enabled, the deployment will work as expected. This can be easily identified by seeing the gateway deployment failing trying to pull the auto image. Additional reference from Istio: https://istio.io/v1.20/docs/setup/additional-setup/gateway/#deploying-a-gateway

Outstanding CVEs

At the time of shipping, there are no Critical vulnerabilities flagged but 1 High CVE (CVE-2019-0190), which can be ignored as this is a false positive for TSB image(s). The following CVEs (medium/low) have been identified as being present in some images by our security tools. They have been evaluated by Tetrate Product Security and are not exploitable in TSB installations.
Where applicable, this was ascertained by using static code analysis tools.

  • CVE-2019-0190 - Not vulnerable as the images do not include mod_ssl which is vulnerable to attack.
  • GHSA-3m87-5598-2v4f - Not vulnerable - Advisory withdrawn
  • PRISMA-2021-0153 - No fix available
  • CVE-2024-28835 - No fix available
  • CVE-2024-26462 - No fix available
  • CVE-2024-28180 - No fix available
  • CVE-2021-31879 - No fix available
  • CVE-2024-28834 - No fix available
  • CVE-2024-26461 - No fix available
  • CVE-2024-26458 - No fix available
  • CVE-2024-2236 - No fix available
  • PRISMA-2023-0046 - No fix available
  • CVE-2022-3219 - No fix available
  • CVE-2023-50495 - No fix available
  • CVE-2023-45918 - No fix available
  • CVE-2023-29383 - No fix available
  • CVE-2023-34969 - No fix available
  • CVE-2022-4899 - No fix available
  • CVE-2023-7008 - No fix available
  • CVE-2023-35116 - TSB does not execute the code path identified by the vulnerability and is not vulnerable.
  • CVE-2024-28180 - No fix available
  • CVE-2021-31879 - No fix available
  • CVE-2024-28834 - No fix available
  • CVE-2023-49240 - TSB does not execute the code path identified by the vulnerability and is not vulnerable.
  • CVE-2022-27943 - No fix available
  • CVE-2022-3857 - No fix available
  • CVE-2016-2781 - No fix available