RATATOSKRATATOSK
Sign in

etcd

v3.5.32Kubernetes Core
Jul 2, 2026

etcd v3.5.32 is a security release patching a HIGH-severity CRL enforcement bypass (GHSA-3wh4-j44w-pg92) on the gRPC listener when --listen-client-http-urls is set. It also adds a v2-deprecation bypass option and several bug fixes.

  • securityCRL enforcement bypass on gRPC listener (GHSA-3wh4-j44w-pg92)

    When --listen-client-http-urls is configured, the CRL was not enforced on the gRPC listener, allowing revoked certificates through. Upgrade to v3.5.32 if you use this flag with mTLS and a certificate revocation list.

Key changes (6)

  • Security (HIGH): CRL enforcement bypass on gRPC listener fixed when --listen-client-http-urls is configured (GHSA-3wh4-j44w-pg92)
  • New write-only-skip-check option for the --v2-deprecation flag to bypass the v2 content check
  • Server now accepts non-admin maintenance status requests
  • etcdutl check v2store now inspects both v2 snapshot and WAL records
  • Websocket authentication fixed for bearer-prefixed auth tokens
  • JWT token content no longer logged when token parsing fails