Linkerd
edge-26.4.1Networking & MessagingMostly a dependency maintenance release with two proxy bumps (v2.346.0, v2.347.0), a multicluster RBAC fix, and a Prometheus config correction for viz admin port names.
breakingCheck Prometheus metrics after upgrading if you use Linkerd Viz
The Prometheus config was corrected to match new admin port names. If you're running Linkerd Viz and upgraded from an earlier edge build, verify your dashboards still show expected metrics after the upgrade. Gaps in scraping could have silently existed before this fix — cross-check your Prometheus targets to confirm scrape health.
enhancementMulticluster users: review Server/AuthorizationPolicy coverage
Missing Server and AuthorizationPolicy resources were added for the multicluster extension. If you use Linkerd multicluster, upgrade and audit your cross-cluster authorization posture. The previous gap meant some traffic paths lacked proper policy objects, which could have caused unexpected allow/deny behavior depending on your default policy.
securityCrypto dependency updates — low urgency but keep your upgrade cadence
openssl, rustls-webpki, aws-lc-rs, and aws-lc-sys all received patch bumps this cycle. None carry disclosed CVEs, but these are core cryptographic libraries in the proxy. Stay on a regular edge upgrade cadence rather than skipping multiple releases, so these patches don't accumulate.
Key changes (5)
- Proxy updated twice to v2.346.0 and v2.347.0 — pick up any fixes included in those proxy releases
- Multicluster: missing Server/AuthorizationPolicy resources added, closing a gap in RBAC coverage for cross-cluster traffic
- Viz: Prometheus scrape config corrected to match renamed admin port names — previously mismatched names could cause missing metrics
- openssl (0.10.76), rustls-webpki (0.103.10), aws-lc-rs (1.16.2), and zerocopy (0.8.48) all bumped — routine but relevant for supply-chain hygiene
- Oliver Gould (@olix0r) moved to emeritus; MAINTAINERS.md updated