Skip to content

Bump ECK operator 3.3.2 and golang.org/x/* libs for CVE alignment#4928

Merged
rene-dekker merged 2 commits into
tigera:masterfrom
vara2504:vara/master-cve-version-bumps
Jun 17, 2026
Merged

Bump ECK operator 3.3.2 and golang.org/x/* libs for CVE alignment#4928
rene-dekker merged 2 commits into
tigera:masterfrom
vara2504:vara/master-cve-version-bumps

Conversation

@vara2504

@vara2504 vara2504 commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

…nment

Align operator master with calico-private master CVE patches:

  • eck-elasticsearch-operator: 2.16.0 -> 3.3.2
  • x/crypto v0.52.0 -> v0.53.0 (GO-2026-5026, x/crypto SSH)
  • x/net v0.55.0 -> v0.56.0 (GO-2026-5026)
  • x/mod v0.36.0 -> v0.37.0
  • x/sync v0.20.0 -> v0.21.0
  • x/sys v0.45.0 -> v0.46.0
  • x/term v0.43.0 -> v0.44.0
  • x/text v0.37.0 -> v0.38.0
  • x/tools v0.44.0 -> v0.45.0
  • api/: x/net v0.52.0 -> v0.56.0, x/text v0.35.0 -> v0.38.0

Regenerated pkg/components/enterprise.go via make gen-versions.

Description

Release Note

Summary

  • Bump eck-elasticsearch-operator 2.16.0 → 3.3.2
  • Bump golang.org/x/* libs (x/crypto v0.53.0, x/net v0.56.0, etc.) to match release-v1.40 CVE levels

Aligns operator master with calico-private PR #12297 which bumps third-party deps for CVE patches.

 Bump ECK operator to 3.3.2 and Go x/ libraries to address CVEs (GO-2026-5026).

For PR author

  • Tests for change.
  • If changing pkg/apis/, run make gen-files
  • If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

  • Milestone set according to targeted release.
  • Appropriate labels:
    • kind/bug if this is a bugfix.
    • kind/enhancement if this is a a new feature.
    • enterprise if this PR applies to Calico Enterprise only.

@vara2504 vara2504 requested a review from a team as a code owner June 16, 2026 03:06
@marvin-tigera marvin-tigera added this to the v1.44.0 milestone Jun 16, 2026
vara2504 and others added 2 commits June 16, 2026 10:40
@vara2504 @claude
[master] Bump ECK operator 3.3.2 and golang.org/x/* libs for CVE alig…
ed2b9cc 
…nment

Align operator master with calico-private master CVE patches:
- eck-elasticsearch-operator: 2.16.0 -> 3.3.2
- x/crypto v0.52.0 -> v0.53.0 (GO-2026-5026, x/crypto SSH)
- x/net    v0.55.0 -> v0.56.0 (GO-2026-5026)
- x/mod    v0.36.0 -> v0.37.0
- x/sync   v0.20.0 -> v0.21.0
- x/sys    v0.45.0 -> v0.46.0
- x/term   v0.43.0 -> v0.44.0
- x/text   v0.37.0 -> v0.38.0
- x/tools  v0.44.0 -> v0.45.0
- api/: x/net v0.52.0 -> v0.56.0, x/text v0.35.0 -> v0.38.0

Regenerated pkg/components/enterprise.go via make gen-versions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vara2504 @claude
[master] Bump coreos-alertmanager v0.31.1 -> v0.32.1
145c1af 
Align with calico-private master which now builds alertmanager v0.32.1.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vara2504 vara2504 force-pushed the vara/master-cve-version-bumps branch from c6a851f to 145c1af Compare June 16, 2026 17:45
@rene-dekker rene-dekker merged commit d70e1bf into tigera:master Jun 17, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hjiawei hjiawei hjiawei approved these changes

Assignees

No one assigned

Labels

docs-pr-required release-note-required

Projects

None yet

Milestone

v1.44.0

Development

Successfully merging this pull request may close these issues.

4 participants

@vara2504 @hjiawei @rene-dekker @marvin-tigera