Releases: PrPlanIT/istio-meshmedic
Releases · PrPlanIT/istio-meshmedic
v0.0.1
📦 release — v0.0.1
Release type: stable • Commit:
85e863d
Security: 🛡️ ❌ Critical — 1 critical and 1 high vulnerabilities detected
Image Availability
| Registry | Image | Tags |
|---|---|---|
| Docker Hub | docker.io/prplanit/istio-meshmedic |
v0.0.1 latest |
| cr.pcfae.com | cr.pcfae.com/prplanit/istio-meshmedic |
v0.0.1 latest |
Digest pull commands & supply chain artifacts
docker.io/prplanit/istio-meshmedic
docker pull docker.io/prplanit/istio-meshmedic@sha256:b0aec5bc1908f8e3e16de9ac3f05ddb7a137aacc5e79f445874f983d048543b0
cr.pcfae.com/prplanit/istio-meshmedic
docker pull cr.pcfae.com/prplanit/istio-meshmedic@sha256:b0aec5bc1908f8e3e16de9ac3f05ddb7a137aacc5e79f445874f983d048543b0
Highlights
- agent: assess mesh health independent of readiness; surface + optionally heal stuck orphans
- agent: node-agent DaemonSet — reads /host/proc directly (no injection), flap-guarded auto-repair
- scan: behavioral pre-filter (scan --behavioral) + repair command (label-toggle re-enroll)
- scan: scope scan to a namespace (-n/--namespace) so it need not probe every ambient pod
- meshmedic: initial meshmedic — ambient enrollment orphan scanner + StageFreight CI
- scan: stop ephemeral-probe littering + make repair restart-first (toggle flaps)
- ci: bootstrap version (no_lineage explicit) and add docs/reference/CLI.md
- deps: bump moby/spdystream 0.5.0->0.5.1 (CVE GO-2026-4958), go 1.26.4, harden dockerignore
Notable Changes
Features
- agent: assess mesh health independent of readiness; surface + optionally heal stuck orphans (SoFMeRight)
- agent: node-agent DaemonSet — reads /host/proc directly (no injection), flap-guarded auto-repair (SoFMeRight)
- scan: behavioral pre-filter (scan --behavioral) + repair command (label-toggle re-enroll) (SoFMeRight)
- scan: scope scan to a namespace (-n/--namespace) so it need not probe every ambient pod (SoFMeRight)
- meshmedic: initial meshmedic — ambient enrollment orphan scanner + StageFreight CI (SoFMeRight)
Bug Fixes
- scan: stop ephemeral-probe littering + make repair restart-first (toggle flaps) (SoFMeRight)
- ci: bootstrap version (no_lineage explicit) and add docs/reference/CLI.md (SoFMeRight)
- deps: bump moby/spdystream 0.5.0->0.5.1 (CVE GO-2026-4958), go 1.26.4, harden dockerignore (SoFMeRight)
Documentation
- deploy: add flux deploy templates + guide; archive the superseded ansible predecessor (SoFMeRight)
- agent: operations, scan model + measured performance for the node-agent (SoFMeRight)
- refresh generated docs and badges [skip ci] (stagefreight) ×5
- rewrite README for the real tool (netns detector, behavioral, repair, agent) (SoFMeRight)
Maintenance
- deps: update managed dependencies (stagefreight)
- ci: ignore .stagefreight runtime artifacts so audition's git-clean check passes (SoFMeRight)
Other Changes
- cache: cap the local BuildKit cache at 8GB (match StageFreight on the shared runner) (SoFMeRight)
Security
🛡️ ❌ Critical — 1 critical and 1 high vulnerabilities detected
Vulnerability details (1 critical, 1 high, 5 medium, 1 low)
| Severity | CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|---|
| Critical | GO-2026-5026 | golang.org/x/net | v0.49.0 | 0.55.0 | The ToASCII and ToUnicode functions incorrectly accept Pu... |
| High | GO-2026-4918 | golang.org/x/net | v0.49.0 | 0.53.0 | When processing HTTP/2 SETTINGS frames, transport will en... |
| Medium | GO-2026-5028 | golang.org/x/net | v0.49.0 | 0.55.0 | Parsing arbitrary HTML can consume excessive CPU time, po... |
| Medium | GO-2026-5025 | golang.org/x/net | v0.49.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | GO-2026-5027 | golang.org/x/net | v0.49.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | GO-2026-5029 | golang.org/x/net | v0.49.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | GO-2026-5030 | golang.org/x/net | v0.49.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Low | GO-2026-5024 | golang.org/x/sys | v0.40.0 | 0.44.0 | NewNTUnicodeString does not check for string length overf... |
Full changelog
- [
85e863d] cap the local BuildKit cache at 8GB (match StageFreight on the shared runner) (SoFMeRight) - [
97b0376] add flux deploy templates + guide; archive the superseded ansible predecessor (SoFMeRight) - [
8f45bdd] operations, scan model + measured performance for the node-agent (SoFMeRight) - [
7f0497d] refresh generated docs and badges [skip ci] (stagefreight) - [
9523e7e] assess mesh health independent of readiness; surface + optionally heal stuck orphans (SoFMeRight) - [
4257228] refresh generated docs and badges [skip ci] (stagefreight) - [
a27c9b7] rewrite README for the real tool (netns detector, behavioral, repair, agent) (SoFMeRight) - [
6bcd9e7] node-agent DaemonSet — reads /host/proc directly (no injection), flap-guarded auto-repair (SoFMeRight) - [
6c23295] refresh generated docs and badges [skip ci] (stagefreight) - [
ff41b1d] stop ephemeral-probe littering + make repair restart-first (toggle flaps) (SoFMeRight) - [
6d769ae] refresh generated docs and badges [skip ci] (stagefreight) - [
f64f879] behavioral pre-filter (scan --behavioral) + repair command (label-toggle re-enroll) (SoFMeRight) - [
f2bcb74] refresh generated docs and badges [skip ci] (stagefreight) - [
4dca2a8] bootstrap version (no_lineage explicit) and add docs/reference/CLI.md (SoFMeRight) - [
1dbe52c] scope scan to a namespace (-n/--namespace) so it need not probe every ambient pod (SoFMeRight) - [
40c3334] update managed dependencies (stagefreight) - [
6fcff4d] ignore .stagefreight runtime artifacts so audition's git-clean check passes (SoFMeRight) - [
0565f94] bump moby/spdystream 0.5.0->0.5.1 (CVE GO-2026-4958), go 1.26.4, harden dockerignore (SoFMeRight) - [
b934d76] initial meshmedic — ambient enrollment orphan scanner + StageFreight CI (SoFMeRight)