{"affected":[{"ecosystem_specific":{"binaries":[{"helm":"3.16.3-150000.1.38.1","helm-bash-completion":"3.16.3-150000.1.38.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.3-150000.1.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm":"3.16.3-150000.1.38.1","helm-bash-completion":"3.16.3-150000.1.38.1","helm-zsh-completion":"3.16.3-150000.1.38.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 15 SP5","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.3-150000.1.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm":"3.16.3-150000.1.38.1","helm-bash-completion":"3.16.3-150000.1.38.1","helm-zsh-completion":"3.16.3-150000.1.38.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 15 SP6","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.3-150000.1.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm-fish-completion":"3.16.3-150000.1.38.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.3-150000.1.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm-fish-completion":"3.16.3-150000.1.38.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"helm","purl":"pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.3-150000.1.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm":"3.16.3-150000.1.38.1","helm-bash-completion":"3.16.3-150000.1.38.1","helm-fish-completion":"3.16.3-150000.1.38.1","helm-zsh-completion":"3.16.3-150000.1.38.1"}]},"package":{"ecosystem":"openSUSE:Leap Micro 5.5","name":"helm","purl":"pkg:rpm/opensuse/helm&distro=openSUSE%20Leap%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.3-150000.1.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm":"3.16.3-150000.1.38.1","helm-bash-completion":"3.16.3-150000.1.38.1","helm-fish-completion":"3.16.3-150000.1.38.1","helm-zsh-completion":"3.16.3-150000.1.38.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"helm","purl":"pkg:rpm/opensuse/helm&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.3-150000.1.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"helm":"3.16.3-150000.1.38.1","helm-bash-completion":"3.16.3-150000.1.38.1","helm-fish-completion":"3.16.3-150000.1.38.1","helm-zsh-completion":"3.16.3-150000.1.38.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"helm","purl":"pkg:rpm/opensuse/helm&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.3-150000.1.38.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nhelm was updated to fix the following issues:\n\nUpdate to version 3.16.3:\n\n  * fix: fix label name\n  * Fix typo in pkg/lint/rules/chartfile_test.go\n  * Increasing the size of the runner used for releases.\n  * fix(hooks): correct hooks delete order\n  * Bump github.com/containerd/containerd from 1.7.12 to 1.7.23\n\nUpdate to version 3.16.2:\n\n  * Revering change unrelated to issue #13176\n  * adds tests for handling of Helm index with broken chart\n    versions #13176\n  * improves handling of Helm index with broken helm chart versions\n    #13176\n  * Bump the k8s-io group with 7 updates\n  * adding check-latest:true\n  * Grammar fixes\n  * Fix typos\n\nUpdate to version 3.16.1:\n\n  * bumping version to 1.22.7\n  * Merge pull request #13327 from mattfarina/revert-11726\n\nUpdate to version 3.16.0:\n\n  Helm v3.16.0 is a feature release. Users are encouraged to\n  upgrade for the best experience.\n  * Notable Changes\n    - added sha512sum template function\n    - added ActiveHelp for cmds that don't take any more args\n    - drops very old Kubernetes versions support in helm create\n    - add --skip-schema-validation flag to helm 'install',\n      'upgrade' and 'lint'\n    - fixed bug to now use burst limit setting for discovery\n    - Added windows arm64 support\n  * Full changelog see\n    https://github.com/helm/helm/releases/tag/v3.16.0\n\nUpdate to version 3.15.4:\n\n  * Bump the k8s-io group across 1 directory with 7 updates\n  * Bump github.com/docker/docker\n\n-------------------------------------------------------------------\nThu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de\n\n- Update to version 3.15.3:\n  * fix(helm): Use burst limit setting for discovery\n  * fixed dependency_update_test.go\n  * fix(dependencyBuild): prevent race condition in concurrent helm\n    dependency\n  * fix: respect proxy envvars on helm install/upgrade\n  * Merge pull request #13085 from\n    alex-kattathra-johnson/issue-12961\n\nUpdate to version 3.15.2:\n\n  * fix: wrong cli description\n  * fix typo in load_plugins.go\n  * fix docs of DeployedAll\n  * Bump github.com/docker/docker\n  * bump oras minor version\n  * feat(load.go): add warning on requirements.lock\n\nUpdate to version 3.15.1:\n\n  * Fixing build issue where wrong version is used\n\nUpdate to version 3.15.0:\n\n  Helm v3.15.0 is a feature release. Users are encouraged to\n  upgrade for the best experience.\n\n  * Updating to k8s 1.30 c4e37b3 (Matt Farina)\n  * bump version to v3.15.0 d7afa3b (Matt Farina)\n  * bump version to 7743467 (Matt Farina)\n  * Fix namespace on kubeconfig error 214fb6e (Calvin Krist)\n  * Update testdata PKI with keys that have validity until 3393\n    (Fixes #12880) 1b75d48 (Dirk Müller)\n  * Modified how created annotation is populated based on package\n    creation time 0a69a0d (Andrew Block)\n  * Enabling hide secrets on install and upgrade dry run 25c4738\n    (Matt Farina)\n  * Fixing all the linting errors d58d7b3 (Robert Sirchia)\n  * Add a note about --dry-run displaying secrets a23dd9e (Matt\n    Farina)\n  * Updating .gitignore 8b424ba (Robert Sirchia)\n  * add error messages 8d19bcb (George Jenkins)\n  * Fix: Ignore alias validation error for index load 68294fd\n    (George Jenkins)\n  * validation fix 8e6a514 (Matt Farina)\n  * bug: add proxy support for oci getter 94c1dea (Ricardo\n    Maraschini)\n  * Update architecture detection method 57a1bb8 (weidongkl)\n  * Improve release action 4790bb9 (George Jenkins)\n  * Fix grammatical error c25736c (Matt Carr)\n  * Updated for review comments d2cf8c6 (MichaelMorris)\n  * Add robustness to wait status checks fc74964 (MichaelMorris)\n  * refactor: create a helper for checking if a release is\n    uninstalled f908379 (Alex Petrov)\n  * fix: reinstall previously uninstalled chart with --keep-history\n    9e198fa (Alex Petrov)\n\nUpdate to version 3.14.4:\n\n  Helm v3.14.4 is a patch release. Users are encouraged to upgrade\n  for the best experience. Users are encouraged to upgrade for the\n  best experience.\n\n  * refactor: create a helper for checking if a release is\n    uninstalled 81c902a (Alex Petrov)\n  * fix: reinstall previously uninstalled chart with --keep-history\n    5a11c76 (Alex Petrov)\n  * bug: add proxy support for oci getter aa7d953 (Ricardo\n    Maraschini)\n\nUpdate to version 3.14.3:\n\n  * Add a note about --dry-run displaying secrets\n  * add error messages\n  * Fix: Ignore alias validation error for index load\n  * Update architecture detection method\n\nUpdate to version 3.14.2 (bsc#1220207, CVE-2024-26147):\n\n   * Fix for uninitialized variable in yaml parsing\n \nUpdate to version 3.14.1 (bsc#1219969, CVE-2024-25620):\n\n  * validation fix\n\nUpdate to version 3.14.0:\n\n  * Notable Changes\n    - New helm search flag of --fail-on-no-result\n    - Allow a nested tpl invocation access to defines\n    - Speed up the tpl function\n    - Added qps/HELM_QPS parameter that tells Kubernetes packages\n      how to operate\n    - Added --kube-version to lint command\n    - The ignore pkg is now public\n  * Changelog\n    - Improve release action\n    - Fix issues when verify generation readiness was merged\n    - fix test to use the default code's k8sVersionMinor\n    - lint: Add --kube-version flag to set capabilities and\n      deprecation rules\n    - Removing Asset Transparency\n    - tests(pkg/engine): test RenderWithClientProvider\n    - Make the `ignore` pkg public again\n    - feature(pkg/engine): introduce RenderWithClientProvider\n    - Updating Helm libraries for k8s 1.28.4\n    - Remove excessive logging\n    - Update CONTRIBUTING.md\n    - Fixing release labelling in rollback\n    - feat: move livenessProbe and readinessProbe values to default\n      values file\n    - Revert 'fix(main): fix basic auth for helm pull or push'\n    - Revert 'fix(registry): address anonymous pull issue'\n    - Update get-helm-3\n    - Drop filterSystemLabels usage from Query method\n    - Apply review suggestions\n    - Update get-helm-3 to get version through get.helm.sh\n    - feat: print failed hook name\n    - Fixing precedence issue with the import of values.\n    - chore(create): indent to spaces\n    - Allow using label selectors for system labels for sql\n      backend.\n    - Allow using label selectors for system labels for secrets and\n      configmap backends.\n    - remove useless print during prepareUpgrade\n    - Add missing with clause to release gh action\n    - FIX Default ServiceAccount yaml\n    - fix(registry): address anonymous pull issue\n    - fix(registry): unswallow error\n    - Fix missing run statement on release action\n    - Add qps/HELM_QPS parameter\n    - Write latest version to get.helm.sh bucket\n    - Increased release information key name max length.\n    - Pin gox to specific commit\n    - Remove `GoFish` from package managers for installing  the\n      binary\n    - Test update for 'Allow a nested `tpl` invocation access to\n      `defines` in a containing one'\n    - Test update for 'Speed up `tpl`'\n    - Add support for RISC-V\n    - lint and validate dependency metadata to reference\n      dependencies with a unique key (name or alias)\n    - Work around template.Clone omitting options\n    - fix: pass 'passCredentialsAll' as env-var to getter\n    - feat: pass basic auth to env-vars when running download\n      plugins\n    - helm search: New CLI Flag --fail-on-no-result\n    - Update pkg/kube/ready.go\n    - fix post install hook deletion due to before-hook-creation\n      policy\n    - Allow a nested `tpl` invocation access to `defines` in a\n      containing one\n    - Remove the 'reference templates' concept\n    - Speed up `tpl`\n    - ready checker- comment update\n    - ready checker- remove duplicate statefulset generational\n      check\n    - Verify generation in readiness checks\n    - feat(helm): add --reset-then-reuse-values flag to 'helm\n      upgrade'\n","id":"SUSE-RU-2024:4213-1","modified":"2024-12-05T16:05:58Z","published":"2024-12-05T16:05:58Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/-2024-4213/suse-ru-20244213-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219969"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220207"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-25620"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-26147"}],"related":["CVE-2024-25620","CVE-2024-26147"],"summary":"Recommended update for helm","upstream":["CVE-2024-25620","CVE-2024-26147"]}