RATATOSKRATATOSK
Sign in

Releases

AI-analyzed release notes for CNCF graduated and incubating projects.

Mar 2026Clear ×

Kubeflow

AI & MLMar 22, 2026

Kubeflow 26.03 is a manifests and version-alignment release for the AI Reference Platform, syncing many components (Kubernetes 1.34+, Knative 1.20, cert-manager 1.19.4, Istio 1.29.0, KFP 2.16.0, and others) while tightening pod security enforcement to baseline and hardening network policies across core namespaces. Operators running Kubeflow Pipelines under PSS restricted should check compatibility before upgrading.

  • breakingPod security standard default now baseline

    Pod security enforcement across the reference platform manifests moves to the baseline profile. Review workloads that previously relied on privileged or restricted-incompatible settings before rolling this out.

  • breakingNetworkpolicies tightened for core namespaces

    Network policies for cert-manager, knative-serving, istio-system, dex, and oauth2-proxy have been tightened. Confirm any custom traffic paths into or out of these namespaces still work after upgrading.

  • breakingKFP v1/v2 compatibility gap under PSS restricted

    Kubeflow Pipelines v1 and v2 may not run cleanly in namespaces enforcing PSS restricted. If you run KFP under restricted pod security, test before upgrading or plan for a workaround.

Key changes (8)
  • Pod security enforcement default changed to baseline across the platform
  • Network policies tightened for cert-manager, knative-serving, istio-system, dex, and oauth2-proxy
  • Known compatibility gap: Kubeflow Pipelines v1/v2 under PSS restricted namespaces
  • Broad component version bumps: Kubernetes 1.34+, Knative 1.20.0, cert-manager 1.19.4, Istio 1.29.0, oauth2-proxy v7.14.3, Dex v2.45.0, KFP v2.16.0
  • Additional manifest syncs: KServe v0.16.0 (models web app v0.16.1), model-registry through v0.3.7, spark-operator v2.5.0, katib v0.19.0
  • Istio topology setting switched from PreferClose to PreferSameZone for Kubernetes v1.34 compatibility
  • PodDisruptionBudgets updated for Knative to allow node drain during in-place updates
  • Install tooling simplified with automatic Kustomize/Kubectl version matching and SHA256 verification, plus expanded KServe auth/auth test coverage
Source

KServe

AI & MLMar 13, 2026

v0.17.0 delivers substantial LLM-focused improvements with the new LLMInferenceService beta, enhanced storage parallelization, vLLM 0.15.1 upgrade, and important CVE fixes affecting production deployments.

  • securityApply critical CVE patches immediately

    This release addresses several high-impact CVEs including path traversal (storage-initializer), HTTP parser vulnerabilities (h11, starlette), and cryptography subgroup attacks. Update to v0.17.0 promptly, especially if you're using storage-initializer or external model downloads. Review your current CVE scanning results against the patched versions.

  • breakingPlan LLMInferenceService migration path

    The new LLMInferenceService CRD introduces a dedicated API for LLM workloads with different semantics than standard InferenceService. If you're running LLM models, evaluate migrating to this new resource type for better autoscaling, routing, and operational features. The CRD includes breaking changes in API structure.

  • enhancementLeverage parallel storage downloads for faster deployments

    Storage-initializer now downloads blobs in parallel from S3 and Azure, dramatically reducing model loading times for large models. This is particularly beneficial for LLM workloads. No configuration changes needed - the improvement is automatic upon upgrade.

Key changes (5)
  • Introduced LLMInferenceService CRD with webhooks, autoscaling support, and comprehensive Gateway API integration
  • Added parallel blob downloads for S3 and Azure storage, significantly improving model loading performance
  • Upgraded vLLM runtime to 0.15.1 with enhanced startup probes and configuration flexibility
  • Fixed multiple CVEs including path traversal, HTTP parser vulnerabilities, and cryptography issues
  • Added OpenVINO model server runtime and predictive inference server for expanded model format support
Source
Browse by month