File tree Expand file tree Collapse file tree 1 file changed +23
-0
lines changed
content/en/docs/reference/command-line-tools-reference/feature-gates Expand file tree Collapse file tree 1 file changed +23
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ title : StrictIPCIDRValidation
3+ content_type : feature_gate
4+ _build :
5+ list : never
6+ render : false
7+
8+ stages :
9+ - stage : alpha
10+ defaultValue : false
11+ fromVersion : " 1.33"
12+ ---
13+ Use stricter validation for fields containing IP addresses and CIDR values.
14+
15+ In particular, with this feature gate enabled, octets within IPv4 addresses are
16+ not allowed to have any leading ` 0 ` s, and IPv4-mapped IPv6 values (e.g.
17+ ` ::ffff:192.168.0.1 ` ) are forbidden. These sorts of values can potentially cause
18+ security problems when different components interpret the same string as
19+ referring to different IP addresses (as in CVE-2021 -29923).
20+
21+ This tightening applies only to fields in build-in API kinds, and not to
22+ custom resource kinds, values in Kubernetes configuration files, or
23+ command-line arguments.
You can’t perform that action at this time.
0 commit comments