IAG 5.3.1 focuses on security hardening and CLI improvements. Key updates include resolution of high-severity CVEs affecting tofu and iagctl binaries, enhanced mTLS support via explicit web proxy, and fixes for command-line parsing issues. This release ensures improved security posture and better usability of IAG 5 command-line tools.
Improvements
| Feature |
Description |
| mTLS Support via Explicit Web Proxy (ENG-18944) |
Added mTLS support via explicit web proxy. |
Security Fixes
| Issue |
Description |
| High-Severity CVE Resolutions (ENG-18049) |
Resolved three high-severity security vulnerabilities (CVE-2025-8959, CVE-2025-22868, CVE-2023-46402) affecting the tofu and iagctl binaries, addressing symlink attack, memory exhaustion, and ReDoS risks. |
| Go-Git Security Vulnerability (ENG-19325) |
Resolved go-git security vulnerability. |
Bug Fixes
| Issue |
Description |
| Secret Description Field (ENG-19078) |
Fixed an issue where the --description flag when creating a secret in torero was silently ignored, ensuring descriptions are now properly saved and displayed. |
| iagctl Flag Parsing with Equals Signs (ENG-19249) |
Fixed iagctl parsing issue where --set flag values containing equals signs (=) were incorrectly parsed, preventing users from passing key-value pairs with = in the value. |