Skip to content

v2.1.15

Compare
Choose a tag to compare
@github-actions github-actions released this 18 May 12:48
· 0 commits to 10491767cfbf63b10883d81574feb0430cd20f70 since this release

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.1.15/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.1.15/manifests/ha/install.yaml

Notes

This is a security release. We urge all users of the 2.1.z branch to update as soon as possible. Please refer to the Security fixes section below for more details.

Security fixes

  • CRITICAL: Argo CD will trust invalid JWT claims if anonymous access is enabled (GHSA-r642-gv9p-2wjj)
  • LOW: Login screen allows message spoofing if SSO is enabled (GHSA-xmg8-99r8-jc2j)
  • MODERATE: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server (GHSA-6gcg-hp2x-q54h)