You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG/CHANGELOG-3.4.md
+9-2Lines changed: 9 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,17 +4,24 @@ Previous change logs can be found at [CHANGELOG-3.3](https://github.com/etcd-io/
4
4
5
5
---
6
6
7
-
## v3.4.42 (TBC)
7
+
## v3.4.43 (TBC)
8
+
9
+
---
10
+
11
+
## v3.4.42 (2026-03-20)
8
12
9
13
### etcd server
10
14
11
15
- Fix [Race between read index and leader change](https://github.com/etcd-io/etcd/pull/21385)
12
16
- Fix [Stale reads caused by process pausing](https://github.com/etcd-io/etcd/pull/21423)
17
+
- Guard unauthenticated endpoints with auth checks to fix [Authorization bypasses in multiple APIs (CVE-2026-33413)](https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg)
18
+
- Enforce auth checks for nested txn ops to fix [Nested etcd transactions bypass RBAC authorization checks (CVE-2026-33343)](https://github.com/etcd-io/etcd/security/advisories/GHSA-rfx7-8w68-q57q)
13
19
14
20
### Dependencies
15
21
16
-
- Compile binaries using [go 1.25.7](https://github.com/etcd-io/etcd/pull/21406)
22
+
- Compile binaries using [go 1.25.8](https://github.com/etcd-io/etcd/pull/21461)
17
23
-[Bump golang.org/x/net to v0.51.0 to resolve GO-2026-4559](https://github.com/etcd-io/etcd/pull/21444)
24
+
-[Bump google.golang.org/grpc to 1.79.3 to resolve CVE-2026-33186](https://github.com/etcd-io/etcd/pull/21502)
0 commit comments