Releases
AI-analyzed release notes for CNCF graduated and incubating projects.
Litmus 3.29.0 patches a gRPC CVE, fixes duplicate chaos triggers under concurrent reconciles, and adds Prometheus metrics support for experiment observability.
securityPatch CVE-2026-33186 by upgrading to 3.29.0 now
The gRPC library was upgraded to v1.79.3 to fix CVE-2026-33186. If you're running any Litmus version prior to 3.29.0, your control plane is exposed. Upgrade immediately — this isn't a 'schedule it next sprint' situation.
breakingVerify event-tracker behavior after the duplicate-trigger fix
The fix for duplicate chaos experiment triggers under concurrent reconciles changes how the event-tracker handles race conditions. If you rely on the event-tracker for automated chaos injection, test your pipelines post-upgrade to confirm expected trigger counts. Duplicate runs may have been masking gaps in your experiment coverage.
enhancementWire up Prometheus metrics to your existing dashboards
Prometheus metrics are now natively exposed by ChaosCenter. The release includes a getting-started guide and unit tests, so integration is straightforward. Add Litmus as a scrape target and start tracking experiment pass/fail rates, run durations, and infra connectivity — this fills a long-standing observability gap for chaos workflows.
Key changes (5)
- Security: gRPC bumped to v1.79.3 to address CVE-2026-33186
- Bug fix: concurrent reconciliation no longer triggers duplicate chaos experiments via the event-tracker
- New feature: Prometheus metrics added to ChaosCenter for experiment observability, with unit tests and a getting-started guide
- Bug fix: experiments can now be stopped even when the connected infra is disconnected
- Bug fix: CronWorkflow run history no longer shows a blank page in the UI
Litmus 3.28.0 is a focused maintenance release fixing a probe config leak, a subscriber crash on workflow events, and a Python vulnerability in the frontend base image.
securityUpgrade frontend to resolve Python CVE in base image
The frontend container was running on a ubi8 base image with a Python vulnerability. The fix upgrades it to ubi9. If you run Litmus in environments with strict image scanning policies (e.g., Trivy in CI, ACS, or Prisma), this upgrade will clear those alerts. Pull the 3.28.0 frontend image and redeploy — no config changes needed.
breakingProbe config leak fix may change behavior for shared-type probe setups
If you run multiple probes of the same type in a single experiment, previous releases silently shared stale config between them. The fix now isolates config per probe. Audit any experiments where multiple probes of the same type are defined — if you were unknowingly relying on config bleed-over, results may differ after upgrading.
enhancementSubscriber crash fix improves reliability for GitOps and event-driven workflows
Teams using Litmus in GitOps mode or triggering experiments via Argo Workflow ADD events with ChaosEngine nodes were hitting silent subscriber crashes. After upgrading to 3.28.0, those workflows should resume without manual subscriber restarts. No action required beyond the upgrade, but verify subscriber pod stability post-deploy if you've been seeing unexplained restarts.
Key changes (5)
- Fixed stale config leak across multiple probes of the same type — this could cause probes to incorrectly inherit config from a previous probe run
- Subscriber no longer crashes when Workflow ADD events contain ChaosEngine nodes, improving experiment reliability
- Frontend base image upgraded from ubi8 to ubi9, resolving a known Python vulnerability
- Fixed image registry bug when editing or cloning experiments in Litmus Checker
- Canonical added as an official adopter
Litmus 3.27.0 ships Job targeting for chaos experiments and fixes a cluster of stability bugs: nil pointer crashes, GitOps deadlocks, race conditions, and probe detection failures.
breakingGitOps two-way sync was silently broken — verify your sync state after upgrading
The GitOps sync handler goroutine was disabled, meaning changes in Git were not propagating back to Litmus in two-way mode. After upgrading to 3.27.0, manually trigger a sync and confirm experiment state matches your Git source of truth. Any drift that accumulated should be reconciled.
enhancementTarget Kubernetes Jobs in chaos experiments
If your team runs batch workloads or CI pipelines as Kubernetes Jobs, you can now inject chaos directly into them. Update your experiment manifests to reference Job resources and validate resilience of batch processing paths — something previously impossible without workarounds.
enhancementMultiple nil pointer and race condition fixes reduce silent failures
At least three separate nil pointer dereferences are fixed in this release (subscriber, QueryServerVersion, YAML parser), plus experiment run race conditions. If you've seen intermittent crashes or experiments stuck in inconsistent states, upgrading is the straightforward fix — no config changes needed.
Key changes (5)
- New: Kubernetes Jobs can now be targeted in chaos experiments, expanding workload coverage beyond Deployments and StatefulSets
- 503 returned when MongoDB is down, enabling probes to correctly detect infrastructure failures instead of hanging
- Subscriber crash on Workflow ADD events (nil pointer dereference) fixed — previously could silently break experiment scheduling
- GitOps deadlock in GitMutexLock.Unlock resolved, and the GitOps sync handler goroutine re-enabled to restore two-way sync
- CMD probe command limit raised from 1024 characters, unblocking complex probe scripts