RATATOSKRATATOSK
Sign in

Kyverno

v1.18.2Security
Jul 10, 2026

Kyverno v1.18.2 is a patch release fixing a HIGH security issue (GHSA-79gf-7frw-68m9) where generator policies could bypass namespace boundaries, plus backported security dependency updates, watcher restart fixes, and several CLI and policy improvements.

  • securityPatch namespace boundary bypass in generator policies

    Generator policies could bypass namespace boundaries when applying rules, allowing cross-namespace policy enforcement. Upgrade to v1.18.2 to restore proper isolation.

  • securityApply security dependency updates

    Security dependency updates have been backported to address known vulnerabilities in transitive dependencies.

Key changes (7)

  • HIGH: Namespace boundary enforcement in generator policies patched (GHSA-79gf-7frw-68m9)
  • Security dependency updates backported
  • Background reporting now restarts dynamic watchers correctly on 410 Gone responses
  • Required validation policies no longer abort on image mismatches
  • CLI now accepts multiple CRDs in a single --crd-path file
  • pss-helm policy chart adds 'image' to allowed volume types
  • Report label prefixes corrected for multi/delegated policies