cc-0.4.1
Pre-release
Pre-release
·
1157 commits
to cc-msft-prototypes
since this release
Permissive default Policy and CVE fixes
-
The default Security Policy allows all or most API calls from the Host to the UVM. This allows tests to work as before the Policy feature was implemented. However, this is not a secure/Confidential policy.
-
To use an appropriate (secure) policy for your pods, add that policy to your YAML files as described in the genpolicy doc.
-
In future AKS-CC images, a very restrictive Policy will be used by default. Then, adding an appropriate Policy to your YAML will be mandatory - otherwise your pods will not work at all.
-
Fix CVEs: GHSA-g4h2-4wvh-grc5 GHSA-96jv-r488-c2rj GHSA-7rrj-xr53-82p7 GHSA-f8vr-r385-rh5r GHSA-v5w6-wcm8-jm4q GHSA-r7jw-wp68-3xch GHSA-x4qr-2fvf-3mr5 GHSA-w2w6-xp88-5cvw GHSA-p52g-cm5j-mjv4