Skip to content

v0.6.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 18 Jun 07:53
v0.6.0
769d13d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

0.6.0 (2026-06-18)

Features

  • controller: dial husk pods pinning the per-namespace identity (326533d)
  • controller: husk pods serve the per-namespace leaf; stop replicating the forkd key (63bc29e)
  • controller: issue a per-namespace husk server leaf (mitos-husk-tls) (3f11ed2)
  • pki: ClientTLSConfigFor pins an arbitrary server name; ClientTLSConfig delegates (3654541)
  • pki: issue per-namespace husk server leaves (husk.<ns>.mitos, server-auth) (d1cac0c)

Bug Fixes

  • controller: bind claim spec.serviceAccount to authorization via admission webhook (5d80d2a)
  • controller: require controller owner ref before activating a husk pod (8682306)
  • deploy: verify guest kernel integrity and drop SA tokens on privileged pods (9e0ee4c)
  • dnsproxy: block IPv6-embedded private targets in rebind filter (NAT64/6to4/site-local) (f50fc03)
  • guest: fail closed when the fork RNG reseed is not credited (§1) (58614d6)
  • husk: filter guest-to-pod-local traffic on the nftables input hook (52eb1bf)
  • security audit remediation (6 findings) + fork-correctness reseed fail-closed (835f457)
Assets 2
Loading