Update Info

openSUSE-2026-150

Security update for flannel

Type: security
Severity: important
Issued: 2026-04-23
Description:
This update for flannel fixes the following issues:

- Update to version 0.28.4:
  * fix go version (don't set patch version) (#2428)
  * Bump flannel-cni-plugin to v1.9.1-flannel1 (#2427)
  * Bump the other-go-modules group across 1 directory with 3 updates (#2425)
  * Bump the tencent group with 2 updates (#2417)
  * Bump the etcd group with 4 updates (#2398), includes fix for CVE-2026-33413 (boo#1260853) and CVE-2026-33343 (boo#1260847)
  * Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#2420)
  * Bump go to 1.25 (#2424)
  * Bump actions/upload-pages-artifact from 4.0.0 to 5.0.0
  * Bump docker/build-push-action from 7.0.0 to 7.1.0
  * Bump docker/login-action from 4.0.0 to 4.1.0
  * Verify the kubectl sha256sum
  * Secure makefile (#2414)
  * Improve the security of Dockerfile
  * Bump github/codeql-action from 4.34.1 to 4.35.1 (#2409)
  * Bump actions/deploy-pages from 4.0.5 to 5.0.0
  * lease: only print BackendData when json.Marshal succeeds
  * vxlan: delete v6 direct route with correct Route struct
  * fix: honor --stderrthreshold flag when --logtostderr is enabled
  * Bump actions/configure-pages from 5.0.0 to 6.0.0
  * Bump actions/setup-go from 6.3.0 to 6.4.0
  * don't use unquoted shell vars in extensions backend example
  * Don't use shell invocations in extensions backend.
  * Bump google.golang.org/grpc from 1.71.1 to 1.79.3
  * Bump ossf/scorecard-action from 2.4.1 to 2.4.3
  * Bump actions/upload-artifact from 4.6.1 to 7.0.0
  * Bump docker/metadata-action from 5.10.0 to 6.0.0
  * Bump actions/checkout from 4.2.2 to 6.0.2
  * Bump docker/setup-buildx-action from 3.12.0 to 4.0.0
  * Bump aquasecurity/trivy-action from 0.33.1 to 0.35.0
  * Bump docker/setup-qemu-action from 3.7.0 to 4.0.0
  * [StepSecurity] Apply security best practices
  * Bump actions/attest-build-provenance from 3.2.0 to 4.1.0
  * Fix logic in AddBlackholeV4Route and AddBlackholeV6Route to correctly check for existing routes
  * Added check for nftables before checking br_netfilter module
  * Bump golang.org/x/crypto from 0.36.0 to 0.45.0
  * Bump k8s deps to v0.32.10
  * Bump golang-ci-lint to v2.7.2
  * Bump golangci/golangci-lint-action from 6.1.1 to 9.2.0
  * Additional check on podCIDR
  * ip: improve primary address selection to account for address flags
  * Added TAG to fix bin version

References

Packages

  • flannel-0.28.4-bp156.4.6.1