diff --git a/linkerd.io/content/blog/2025/1031-announcing-linkerd-2.19/cover.jpg b/linkerd.io/content/blog/2025/1031-announcing-linkerd-2.19/cover.jpg new file mode 100644 index 0000000000..2afa08878a Binary files /dev/null and b/linkerd.io/content/blog/2025/1031-announcing-linkerd-2.19/cover.jpg differ diff --git a/linkerd.io/content/blog/2025/1031-announcing-linkerd-2.19/index.md b/linkerd.io/content/blog/2025/1031-announcing-linkerd-2.19/index.md new file mode 100644 index 0000000000..c0ba9fb0dc --- /dev/null +++ b/linkerd.io/content/blog/2025/1031-announcing-linkerd-2.19/index.md @@ -0,0 +1,80 @@ +--- +date: 2025-10-31T00:00:00Z +slug: announcing-linkerd-2.19 +title: |- + Announcing Linkerd 2.19: Post-quantum cryptography +keywords: [linkerd, "2.19", features] +params: + author: william + showCover: true +--- + +Today we're happy to announce Linkerd 2.19! This release introduces a +significant state-of-the-art security improvement for Linkerd: a modernized TLS +stack that uses post-quantum key exchange algorithms by default. + +Linkerd has now seen almost a decade of continuous improvement and evolution. +Our goal is to build a service mesh that our users can rely on for 100 years. To +do this, we +[partner with users like Grammarly to ensure that Linkerd can accelerate the full scale and scope of modern software environments](https://www.grammarly.com/blog/engineering/the-great-linkerd-mystery/)—and +then we feed those lessons directly back into the product. Linkerd 2.19 release +is the third major version since the +[announcement of Buoyant's profitability and Linkerd project sustainability a year ago](https://buoyant.io/blog/linkerd-forever), +and continues our laser focus on operational simplicity—delivering the +notoriously complex service mesh feature set in a way that is manageable, +scalable, and performant. + +## Related announcements + +- [Announcing Buoyant Enterprise for Linkerd 2.19: Windows service mesh, post-quantum cryptography, supply chain security, FIPS 140-3, and a new on-cluster dashboard](http://buoyant.io/blog/linkerd-enterprise-2-19-windows-service-mesh-post-quantum-cryptography-supply-chain-security-fips-140-3-and-a-new-on-cluster-dashboard) + +## Post-quantum TLS + +Linkerd's internal TLS infrastructure received an overhaul in Linkerd 2.19, +preparing it for a potential post-quantum future. We've updated the core +cryptographic module in the proxy from `ring` to `aws-lc`, and added support for +the AES_256_GCM ciphersuite and the post-quantum ML-KEM-768 key exchange +algorithm, which are used by default for all communication between meshed pods. +Additionally, the TLS cipher, key exchange, and signature algorithms are now +exported as part of the standard metrics suite. + +## Other fun stuff + +Linkerd 2.19 officially promotes its support of native sidecars from alpha to +beta. Native sidecars were first supported by Linkerd 2.15, and moved to +graduated status in Kubernetes this April. This feature +[fixes some of the long-standing annoyances of using sidecar containers in Kubernetes](https://buoyant.io/blog/kubernetes-1-28-revenge-of-the-sidecars), +especially around support for Jobs and race conditions around container startup. +Native sidecars can now be enabled by setting the +`config.beta.linkerd.io/proxy-enable-native-sidecar` annotation. + +The 2.19 release also fixes a smattering of smaller issues. Linkerd will now +block connections to ports of a clusterIP Service which are not defined in the +Service spec, matching the behavior of kube-proxy. We fixed discovery staleness +when targeting the linkerd-admin port in native-sidecar mode; a potential panic +in the control plane when processing discovery requests with invalid hostnames; +and an issue where invalid podSelectors in Server resources could prevent all +Server resources from being processed. + +## Getting your hands on Linkerd 2.19 + +See our [releases and versions](/releases/) page for how to get ahold of a +Linkerd 2.19 package. Happy meshing! + +## Linkerd is for everyone + +Linkerd is a graduated project of the +[Cloud Native Computing Foundation](https://cncf.io/). Linkerd is +[committed to open governance.](/2019/10/03/linkerds-commitment-to-open-governance/) +If you have feature requests, questions, or comments, we’d love to have you join +our rapidly-growing community! Linkerd is hosted on +[GitHub](https://github.com/linkerd/), and we have a thriving community on +[Slack](https://slack.linkerd.io/), [Twitter](https://twitter.com/linkerd), and +the [mailing lists](/community/get-involved/). Come and join the fun! + +## Photo credit + +Photo by +[A Chosen Soul](https://unsplash.com/@a_chosensoul?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText) +on +[Unsplash](https://unsplash.com/photos/a-computer-generated-image-of-a-complex-structure-tGGuWW28-5M?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText). diff --git a/linkerd.io/content/blog/_index.md b/linkerd.io/content/blog/_index.md index 20385e5e82..1e93be9784 100644 --- a/linkerd.io/content/blog/_index.md +++ b/linkerd.io/content/blog/_index.md @@ -8,6 +8,6 @@ outputs: - RSS # Enable RSS params: feature: + - /blog/2025/1031-announcing-linkerd-2.19 - /blog/2025/1020-hands-off-linkerd-certificate-rotation - - /blog/2025/0909-linkerd-with-opentelemetry --- diff --git a/linkerd.io/data/announcement.yaml b/linkerd.io/data/announcement.yaml index 3250db0811..ae098dabad 100644 --- a/linkerd.io/data/announcement.yaml +++ b/linkerd.io/data/announcement.yaml @@ -1,4 +1,4 @@ -content: "**Announcing Linkerd 2.18:** Battlescars, lessons learned, and preliminary Windows support" +content: "**Announcing Linkerd 2.19:** Post-quantum cryptography" link: text: "Learn more" - href: "/2025/04/23/announcing-linkerd-2.18/" + href: "/2025/10/31/announcing-linkerd-2.19/" diff --git a/linkerd.io/data/versions.yaml b/linkerd.io/data/versions.yaml index d59699a2b9..44c6db1710 100644 --- a/linkerd.io/data/versions.yaml +++ b/linkerd.io/data/versions.yaml @@ -1,3 +1,7 @@ +- version: "2.19" + edge: "edge-25.10.7" + releaseDate: "October 31, 2025" + announcement: "/blog/2025/1031-announcing-linkerd-2.19/" - version: "2.18" edge: "edge-25.4.4" releaseDate: "April 23, 2025"