Argo
v3.4.2CI/CD & App DeliveryArgo CD v3.4.2 is a patch release fixing a panic in the permission validator, reverting a problematic revision update optimization, and patching secret data exposure in server-side diffs.
securitySecret values could appear in diff output — patch now
Server-side diff results for Secret resources were not having HideSecretData applied, meaning secret values could be exposed in diff views through the UI or API. If you use server-side apply or server-side diff previews, upgrade to 3.4.2 immediately. Audit your ArgoCD API access logs if you suspect exposure.
breakingUpdateRevisionForPaths revert may re-introduce previous behavior
The optimization that avoided unnecessary UpdateRevisionForPaths calls (merged in 3.4.x) caused regressions and has been reverted. If you were relying on that behavior for performance or correctness, expect the pre-fix behavior to return. Monitor sync operations after upgrading, especially for path-filtered applications.
enhancementPermission validator panic fix improves stability
A nil APIResource in the permission validator could crash the ArgoCD server process. This is now guarded. If you've seen unexpected pod restarts on the ArgoCD server, especially in environments with non-standard CRDs or API aggregation, this patch likely addresses it.
主な変更 (5)
- Reverted the 'avoid calling UpdateRevisionForPaths unnecessarily' fix from v3.4.x due to regressions it introduced
- Fixed nil pointer panic in permission validator when APIResource is nil — a stability fix for edge-case RBAC scenarios
- HideSecretData now correctly applied to server-side diff results for Secrets, preventing potential secret leakage in UI/API diff views
- OpenTelemetry SDK bumped to 1.43.0 and moby/spdystream updated to 0.5.1
- CI pipeline image pinning added for supply chain integrity