Skip to main content
logoTetrate Service BridgeVersion: 1.9.x

Release Notes

Version 1.9.0

What's New

  • The deprecated binding of a VirtualService in TrafficGroup to a non-mesh gateway in DIRECT mode is not allowed anymore.
  • Audit logs periodical cleanup AuditLogsCleanupRetention field has been added to dataStore under the ManagementPlane resource spec. If set, a cronjob will periodically clean up audit logs older than the specified duration. For more details, refer to the documentation.
  • Added support for fault injection (delays and aborts) in Service Route HTTP routes (see documentation).
  • Added support for traffic mirroring in Service Route HTTP routes (see documentation).
  • Added support to configure upstream host level traffic settings (see documentation).
  • Ingress and Egress Gateway deployments are not compatible anymore with namespaces labeled with istio-injection=disabled. This is due from now on they need to be injected with custom templates and this label at the namespace level will prevent that. If the namespace doesn't contain the label or the label is set to enabled, the deployment will work as expected. This can be easily identified by seeing the gateway deployment failing trying to pull the auto image. Additional reference from Istio: https://istio.io/v1.20/docs/setup/additional-setup/gateway/#deploying-a-gateway

Outstanding CVEs

At the time of shipping, there are no Critical vulnerabilities flagged but 1 High CVE (CVE-2019-0190), which can be ignored as this is a false positive for TSB image(s). The following CVEs (medium/low) have been identified as being present in some images by our security tools. They have been evaluated by Tetrate Product Security and are not exploitable in TSB installations.
Where applicable, this was ascertained by using static code analysis tools.

  • CVE-2019-0190 - Not vulnerable as the images do not include mod_ssl which is vulnerable to attack.
  • GHSA-3m87-5598-2v4f - Not vulnerable - Advisory withdrawn
  • PRISMA-2021-0153 - No fix available
  • CVE-2024-28835 - No fix available
  • CVE-2024-26462 - No fix available
  • CVE-2024-28180 - No fix available
  • CVE-2021-31879 - No fix available
  • CVE-2024-28834 - No fix available
  • CVE-2024-26461 - No fix available
  • CVE-2024-26458 - No fix available
  • CVE-2024-2236 - No fix available
  • PRISMA-2023-0046 - No fix available
  • CVE-2022-3219 - No fix available
  • CVE-2023-50495 - No fix available
  • CVE-2023-45918 - No fix available
  • CVE-2023-29383 - No fix available
  • CVE-2023-34969 - No fix available
  • CVE-2022-4899 - No fix available
  • CVE-2023-7008 - No fix available
  • CVE-2023-35116 - TSB does not execute the code path identified by the vulnerability and is not vulnerable.
  • CVE-2024-28180 - No fix available
  • CVE-2021-31879 - No fix available
  • CVE-2024-28834 - No fix available
  • CVE-2023-49240 - TSB does not execute the code path identified by the vulnerability and is not vulnerable.
  • CVE-2022-27943 - No fix available
  • CVE-2022-3857 - No fix available
  • CVE-2016-2781 - No fix available