
Don't read release notes for 73 CNCF projects.
Alerts only when your stack needs action, and what to do about it.
73 projects · 557 analyses · this week 18 reviewed → 5 alerts
Latest alert · Jul 1, 2026 – Jul 8, 2026
Action needed: 5
security3
Flux v2.9.1 is a patch release fixing a CRD schema corruption bug where post-build variable substitution could rewrite Flux's own CRD definitions, plus smaller fixes for SOPS .ini decryption and a dry-run strategic merge patch error. No new breaking changes or CVEs are disclosed.
breakingCRD schema corruption from variable substitution fixed
If you run Kustomizations with post-build variable substitution enabled and your manifests contain ${...} sequences that happen to match Flux CRD schema fields, earlier versions could corrupt the CRD schemas. v2.9.1 fixes this by annotating Flux's own CRDs with kustomize.toolkit.fluxcd.io/substitute: disabled, so substitution no longer touches them. Upgrade if you use post-build substitution.
Key changes (4)
- Fixed CRD schema corruption: Flux's own CRDs are now annotated kustomize.toolkit.fluxcd.io/substitute: disabled to stop post-build substitution from rewriting their schemas
- Fixed SOPS .ini file decryption
- Fixed a dry-run error in strategic merge patch handling
- No new breaking changes, deprecations, or CVEs disclosed
OpenTelemetry Collector v0.156.0 is a bugfix rollup with one operator-relevant behavior change: the memory_limiter processor switches from continuous forced GC to exponential backoff, with the cap exposed via two new config fields. Several targeted fixes address permanent-error handling in otlp_http, receiver startup ordering, env var nil resolution, and retry config validation.
enhancementmemory_limiter GC backoff now configurable via two new fields
The memory_limiter processor now backs off GC calls exponentially when GC is deemed ineffective (soft limit still exceeded and less than 5% memory reclaimed). The backoff cap is controlled by max_gc_interval_when_soft_limited and max_gc_interval_when_hard_limited, both defaulting to 30s. If you tune GC aggressiveness, review these new fields; the default behavior changes from continuous forced GC to capped backoff.
Key changes (7)
- memory_limiter processor: forced GC now uses exponential backoff when ineffective, capped by new fields max_gc_interval_when_soft_limited and max_gc_interval_when_hard_limited (default 30s each)
- otlp_http exporter: parse errors on truncated 2xx response bodies are now permanent errors, preventing duplicate exports on retry
- pkg/service: receivers now start only after all other components have fully initialized, fixing a race with shared-implementation receivers like OTLP
- env provider: an unset variable with ${env:VAR:-} syntax now resolves to empty string instead of nil
- configretry BackOffConfig fields validated regardless of the Enabled flag
- memory_limiter processor now emits componentstatus health events reflecting its current state
- mdatagen enhancements: stability levels for resource attributes, semantic convention references, field_name option in go_struct, enum validator support, and distinct named Go types for primitive exported config schemas