Kyverno
v1.18.2SecurityJul 10, 2026
Kyverno v1.18.2 is a patch release fixing a HIGH security issue (GHSA-79gf-7frw-68m9) where generator policies could bypass namespace boundaries, plus backported security dependency updates, watcher restart fixes, and several CLI and policy improvements.
securityPatch namespace boundary bypass in generator policies
Generator policies could bypass namespace boundaries when applying rules, allowing cross-namespace policy enforcement. Upgrade to v1.18.2 to restore proper isolation.
securityApply security dependency updates
Security dependency updates have been backported to address known vulnerabilities in transitive dependencies.
Key changes (7)
- HIGH: Namespace boundary enforcement in generator policies patched (GHSA-79gf-7frw-68m9)
- Security dependency updates backported
- Background reporting now restarts dynamic watchers correctly on 410 Gone responses
- Required validation policies no longer abort on image mismatches
- CLI now accepts multiple CRDs in a single --crd-path file
- pss-helm policy chart adds 'image' to allowed volume types
- Report label prefixes corrected for multi/delegated policies