RATATOSKRATATOSK
ログイン

Linkerd

edge-26.4.4Networking & Messaging
2026年4月24日

Maintenance-heavy edge release with OpenSSL/rustls security bumps, a policy admission fix for Gateway routes, and a more robust annotation-to-metric-label conversion in the injector.

  • securityPick up OpenSSL and rustls-webpki patches now

    Two OpenSSL crate bumps landed in this release, plus a rustls-webpki update. These sit in the proxy's TLS stack. If you're running any Linkerd edge build in a security-sensitive environment, upgrade to edge-26.4.4 to get the patched cryptographic dependencies rather than waiting for the next stable.

  • breakingVerify Gateway route policies after the admission webhook fix

    The admission webhook previously ran full validation on Gateway routes even when they contained fields Linkerd doesn't support, causing legitimate routes to be rejected. That's fixed now — but if you worked around this by restructuring routes, review whether those workarounds are still needed or are now masking misconfigurations.

  • enhancementTest chart override behavior if you use custom install values

    The fix to apply overrides to chart values on install closes a gap where certain Helm value overrides weren't being applied. If you have installation automation that relies on specific override patterns, run a dry-run install against this version to confirm the resulting values match expectations before rolling to production.

主な変更 (5)

  • OpenSSL crates bumped twice (0.10.76→0.10.78) and rustls-webpki updated — relevant for Rust-based proxy TLS surface
  • Policy admission webhook now skips validation for Gateway routes with unsupported fields, preventing false rejections
  • Injector uses more robust logic to convert annotations to metric labels, reducing edge-case label corruption
  • Chart install now applies overrides to chart values correctly, fixing a long-standing install customization gap
  • proxy-init updated to v2.4.8 and cni-plugin to v1.6.7 alongside proxy v2.350.0