RATATOSKRATATOSK
Sign in

Releases

AI-analyzed release notes for CNCF graduated and incubating projects.

Harbor

Storage & DataMay 6, 2026

Harbor v2.15.1 is a patch release focused on CVE fixes, security hardening, and several behavioral bug fixes including proxy cache, session management, and GC credential leak.

  • securityRedeploy now to stop Redis credentials leaking from GC job metadata

    Before this fix, the GC job stored the Redis URL (including credentials) in its extra attributes, which are accessible via the Harbor API and potentially logged. If you run GC jobs and have Redis auth configured, treat any previously captured GC job metadata as potentially containing plaintext credentials. Rotate Redis passwords and upgrade to v2.15.1 promptly.

  • securityCVE patches in base image — upgrade before your next scan cycle

    The Photon base image was updated specifically to address CVEs, then stabilized on photon:5.0. If you're running v2.15.0 in a security-conscious environment, your vulnerability scanner will likely flag the older image. Upgrade to v2.15.1 to clear those findings before they become audit issues.

  • enhancementSession behavior change: idle timeouts will now work as configured

    Background polling in the UI was silently keeping sessions alive indefinitely by resetting the TTL on every poll cycle. After this fix, sessions will actually expire when users are idle. If your org relies on session timeouts for compliance, this fix makes them effective. Warn users they may now be logged out after inactivity — this is correct behavior, not a regression.

Key changes (5)
  • Photon base image updated to fix CVEs; base image reverted to goharbor/photon:5.0
  • GC job now redacts Redis URL credentials from extra attributes — previously these could be exposed in logs or API responses
  • Background UI polling no longer renews session TTL, preventing phantom session extensions
  • DockerHub adapter now correctly calls /v2/auth/token for bearer token acquisition
  • go-jose and OpenTelemetry SDK dependencies bumped; Go runtime updated to 1.23.9
Source

Argo

CI/CD & App DeliveryMay 6, 2026

Argo CD 3.4.1 is the first 3.4 release (skipping 3.4.0), bringing a breaking cluster version format change for ApplicationSets, plus a large wave of bug fixes, performance improvements, and UI enhancements.

  • securityAdd X-Frame-Options/CSP headers and JWT logout invalidation

    Two security fixes landed: Swagger UI endpoints now return X-Frame-Options and Content-Security-Policy headers (mitigates clickjacking), and JWT tokens are invalidated server-side on logout (prevents session reuse after logout). Both are passive — no config changes needed — but if you run Argo CD behind a reverse proxy that strips security headers, verify the headers reach clients after upgrading.

  • breakingUpdate ApplicationSet cluster version labels before upgrading

    The kubernetes-version label format changed from Major.Minor (e.g., '1.29') to vMajor.Minor.Patch (e.g., 'v1.29.3') to match Helm 3.19.0. If you use ApplicationSet Cluster Generators with argocd.argoproj.io/auto-label-cluster-info, your existing cluster secrets carry the old format. After upgrading, update those secrets to use argocd.argoproj.io/kubernetes-version with the new format, or your cluster-version-based filters will stop matching. Check the 3.3-3.4 upgrade guide before rolling out.

  • enhancementAppSet controller and repo-server performance improvements worth monitoring

    Several perf fixes shipped: optimized parentUIDToChildren data structure, reduced secret deep-copies in the controller, parallel batching in CLI server-side diff, and optimized repoLock on checkout. If you've been seeing slow reconciliation or high CPU in the appset controller on large clusters, this upgrade should show measurable improvement. Monitor controller CPU and reconciliation latency metrics after rollout.

Key changes (5)
  • Breaking: Kubernetes cluster version format changed from Major.Minor to vMajor.Minor.Patch to align with Helm 3.19.0 behavior — ApplicationSet Cluster Generators using auto-label-cluster-info must update their label key
  • JWT tokens are now invalidated on logout, closing a session persistence gap
  • X-Frame-Options and CSP headers added to Swagger UI endpoints
  • Stack overflow fix for circular ownerRef processing in resource graphs — affects anyone with complex resource hierarchies
  • AppSet controller performance improved: optimized cluster secret fetching, application cache synchronization, and reduced secret deep-copies
Source

CRI-O

Kubernetes CoreMay 5, 2026

CRI-O v1.36.0 ships CNI health monitoring, configurable GOMAXPROCS injection, TLS hardening options, and a CVE fix — alongside a batch of race condition and cgroupv2 bug fixes.

  • securityPatch CVE-2026-35469 by upgrading to v1.36.0

    The spdystream dependency carried CVE-2026-35469. If you're running v1.35.x, this is a direct reason to upgrade. After upgrading, verify the release bundle with cosign against the signed bundle artifacts — the SLSA provenance and OpenVEX report are both available for this release.

  • breakingValidate CNI plugin behavior under new continuous health monitoring

    CRI-O now polls CNI plugins with STATUS after initial readiness. A plugin that was silently degraded will now actively set NetworkReady=false on the node, blocking pod scheduling. Before upgrading, confirm your CNI plugin properly implements the STATUS verb (Cilium, Calico, and Flannel do; older or custom plugins may not). Test in a non-production cluster first — this is a behavioral change that could surface latent CNI issues.

  • enhancementSet TLS minimums for the CRI-O API — don't leave defaults in production

    New `tls_min_version` and `tls_cipher_suites` options under `[crio.api]` let you enforce TLS 1.2+ and restrict weak cipher suites on the streaming and metrics endpoints. The default is TLS 1.2, but you should explicitly set `tls_min_version = TLS13` in security-sensitive environments and review your cipher suite policy. Update your configuration management (Ansible, SaltStack, etc.) to codify this before the next node rollout.

Key changes (5)
  • CVE-2026-35469 patched via spdystream dependency update — upgrade immediately if you're on v1.35.x
  • CNI plugin health is now continuously monitored via STATUS verb; unhealthy plugins flip the node to NetworkReady=false and self-heal on recovery
  • New `min_injected_gomaxprocs` config option sets a floor for GOMAXPROCS injected into every container, useful for CPU-constrained workloads
  • TLS 1.2/1.3 and cipher suite configuration added to the `[crio.api]` section for streaming and metrics servers
  • Fixed v1.35.0 regression: systemd containers with user namespaces (hostUsers: false) were failing with 'Permission denied' on cgroup creation
Source

wasmCloud

Orchestration & ManagementMay 5, 2026

A maintenance release focused on operator reliability, security hardening, and CI improvements. Key fixes address NATS workload readiness and Kubernetes operator deployment status accuracy.

  • securityWasmtime bump + cargo audit added — review your own Wasm supply chain

    This release bumps wasmtime and drops rustls-pemfile, while adding cargo audit to CI. If you're building custom wasmCloud components or providers in Rust, add cargo audit to your own pipelines now. The removal of rustls-pemfile suggests a dependency consolidation — check if any of your code directly imports it and update accordingly.

  • breakingOperator WorkloadDeployment readiness semantics changed

    The Ready condition on WorkloadDeployment now reflects actual replica availability rather than just the existence of the deployment. Any automation or health checks that relied on Ready=True firing quickly after deployment creation will now correctly wait for replicas to be up. Review any CD pipelines or readiness probes that poll WorkloadDeployment status — they should now behave more accurately, but may appear 'slower' to reach Ready.

  • enhancementNATS subscription readiness fix reduces false-positive healthy states

    Previously, hosts could report as ready before NATS subscriptions were actually established. After this fix, readiness is tied to actual subscription availability. If you're running wasmCloud in Kubernetes and using readiness gates or traffic routing based on host health, upgrade to get accurate readiness signals and avoid routing traffic to hosts that aren't yet fully connected.

Key changes (5)
  • Fixed NATS subscription workload readiness checks — hosts now correctly report ready state based on actual NATS sub availability
  • Kubernetes operator WorkloadDeployment Ready status now gates on actual replica availability, not just deployment creation
  • Bumped wasmtime, dropped rustls-pemfile, and added cargo audit to the build pipeline for supply chain security
  • HTTP router now returns typed RouteError with accurate HTTP status codes instead of generic errors
  • Upgraded async-nats to 0.47 and Go to 1.26 across the codebase
Source

Argo

CI/CD & App DeliveryMay 5, 2026

Argo CD v3.1.16 is a minor patch fixing a server-side double-delete error and bumping the SonarQube scan action dependency.

  • securityVerify cosign signatures after upgrading

    Every release is a good reminder to validate image provenance in your admission pipeline. Argo CD images meet SLSA Level 3 — if you're not yet enforcing signature verification at deploy time, now is a practical moment to wire that into your policy engine (e.g., Kyverno or OPA Gatekeeper).

  • enhancementApply patch if double-delete errors are hitting your workflows

    If your GitOps pipelines or operators occasionally retry delete operations (e.g., during cascade deletes or reconciliation loops), the previous behavior could surface spurious errors that confused alerting or caused retries to fail loudly. This fix cleans that up. Upgrade is low-risk given the narrow scope of changes.

Key changes (3)
  • Bug fix: server no longer throws an error when a second delete operation is attempted on the same resource
  • SonarQube scan action bumped from 5.2.0 to 8.0.0 in CI pipeline
  • All container images remain cosign-signed with SLSA Level 3 provenance
Source

CRI-O

Kubernetes CoreMay 5, 2026

v1.35.3 patches CVE-2026-35469, fixes a container stop panic and exit-code race, adds CNI health monitoring (then reverts it), and introduces GOMAXPROCS floor injection for containers.

  • securityPatch CVE-2026-35469 by upgrading to v1.35.3

    The spdystream dependency had a vulnerability (CVE-2026-35469) fixed by bumping to moby/spdystream v0.5.1. If you're running v1.35.x, upgrade to v1.35.3 now. There's no workaround — the fix is only in the updated binary.

  • breakingCNI health monitoring was added and then reverted in the same release

    CRI-O briefly added continuous CNI plugin health checks using the STATUS verb, which would have marked nodes NetworkReady=false on plugin failures. It was reverted before this release shipped because it caused bootstrapping regressions. Net result: no behavior change for CNI in v1.35.3. But if you saw this feature in changelogs and planned for it, don't — it's gone and will likely return in a future release with fixes.

  • enhancementUse 'min_injected_gomaxprocs' to prevent CPU underutilization in containers with low CPU requests

    Containers with very low cpu.request values can end up with GOMAXPROCS=1, throttling Go-based workloads. The new 'min_injected_gomaxprocs' config field sets a floor so CRI-O injects max(floor, cpu.request) as GOMAXPROCS. This is particularly useful for Go-based sidecars or agents that are request-constrained but need threading headroom. Set this in your CRI-O config if you run Go workloads with conservative CPU requests.

Key changes (6)
  • CVE-2026-35469 fixed via spdystream dependency bump from v0.5.0 to v0.5.1
  • Panic on concurrent StopContainer calls fixed — this was a real crash risk in high-churn environments
  • Exit code 255 race condition resolved for fast-exiting containers
  • New 'min_injected_gomaxprocs' config option sets a floor for GOMAXPROCS injected into every container
  • CNI health monitoring (STATUS verb polling) was added then immediately reverted due to node bootstrapping regressions — net effect is no CNI monitoring change in this release
  • New 'container_runtime_crio_default_runtime' metric exposes which runtime is configured on the node
Source

CRI-O

Kubernetes CoreMay 5, 2026

CRI-O v1.34.8 patches CVE-2026-35469 in the spdystream dependency and adds two operator-facing features: a new runtime metric and configurable GOMAXPROCS injection.

  • securityPatch CVE-2026-35469 — update to v1.34.8 now

    The spdystream library had a vulnerability fixed in this release. spdystream is used for streaming connections (exec, attach, port-forward), so exposure is real in any cluster. Upgrade CRI-O to v1.34.8 on all nodes. No config changes required — the fix is purely a dependency bump.

  • enhancementUse the new runtime metric to audit node configurations

    The `container_runtime_crio_default_runtime` metric lets you confirm — via your existing Prometheus stack — that every node is actually running the runtime you expect (e.g., runc vs. kata-containers). This is particularly useful in mixed-runtime clusters or after node image upgrades where config drift can go undetected. Add an alert for unexpected runtime values once you've upgraded.

  • enhancementEvaluate min_injected_gomaxprocs for CPU-constrained workloads

    If you run containers with very low cpu.request values (e.g., 0.1 cores), Go runtimes default to GOMAXPROCS=1, which can serialize work that should be parallel. Setting `min_injected_gomaxprocs` raises the floor so those containers get a more reasonable thread count. Be cautious on dense nodes: raising GOMAXPROCS across all containers increases goroutine scheduling overhead. Test with a non-Guaranteed workload first and watch CPU throttling metrics before rolling out cluster-wide.

Key changes (4)
  • CVE-2026-35469 fixed by bumping moby/spdystream from v0.5.0 to v0.5.1
  • New `container_runtime_crio_default_runtime` metric exposes which container runtime is configured as default on each node
  • New `min_injected_gomaxprocs` config option sets a floor for GOMAXPROCS injected into every container CRI-O creates
  • GOMAXPROCS injection logic: CRI-O uses max(floor, cpu.request) except for Guaranteed QoS pods or partitioned workloads
Source

CRI-O

Kubernetes CoreMay 5, 2026

v1.33.12 patches CVE-2026-35469 via a spdystream dependency bump and adds a new min_injected_gomaxprocs option for controlling GOMAXPROCS floor in containers.

  • securityPatch CVE-2026-35469 — upgrade now

    The spdystream dependency update addresses CVE-2026-35469. Since spdystream handles HTTP/2 multiplexing in CRI-O's communication paths, any cluster running v1.33.x should move to v1.33.12 promptly. Check your vulnerability scanner results for this CVE and treat this as a routine security patch cycle rather than waiting for your next maintenance window.

  • enhancementUse min_injected_gomaxprocs to prevent CPU underutilization in Go workloads

    Go runtimes default GOMAXPROCS to the number of logical CPUs on the node, which causes goroutine scheduling inefficiency when containers have small cpu.request values. This new option lets you set a floor (e.g., 2 or 4) so containers don't get starved of OS threads. It only applies to Burstable and BestEffort pods — Guaranteed QoS pods and partitioned workloads are unaffected. Start by auditing Go-based workloads in your cluster that run with low cpu.request; set min_injected_gomaxprocs conservatively and monitor goroutine behavior before widening the floor.

Key changes (4)
  • CVE-2026-35469 fixed by updating moby/spdystream from v0.5.0 to v0.5.1
  • New min_injected_gomaxprocs config option sets a GOMAXPROCS floor for all containers CRI-O creates
  • GOMAXPROCS injection logic: CRI-O injects max(floor, cpu.request), but only for non-Guaranteed QoS pods or partitioned workloads
  • Guaranteed QoS pods and partitioned workloads are excluded from the GOMAXPROCS injection behavior
Source

Kubescape

SecurityMay 4, 2026

v4.0.6 tackles a wave of false negatives, silent errors, and correctness bugs in scanning — namespace filters, exception matching, and OPA eval failures all get fixes that change scan results.

  • securityAudit vulnerability exception lists for case inconsistencies

    Exception matching for image scan CVE IDs was case-sensitive before this fix, meaning 'ghsa-xxxx' and 'GHSA-xxxx' were treated as different identifiers. Any exceptions defined with lowercase CVE/GHSA IDs were silently not applied. After upgrading, check that your exception lists use consistent casing and re-verify which vulnerabilities are actually being excepted.

  • securityRaw request bodies are no longer logged — review your log retention

    Kubescape's HTTP handler was logging full scan request bodies, which could include sensitive resource manifests or configuration data. That logging is now removed. If you've been collecting these logs, review and rotate any stored log data that may contain manifest content.

  • breakingExpect scan result changes after upgrading — false negatives are now real failures

    Two distinct bugs caused resources to silently disappear from scan results: OPA eval errors were swallowed, and partial GVR collection failures were suppressed. Both are fixed. If your baseline compliance scores looked suspiciously clean, re-run scans after upgrading and treat new failures as real findings that were always there, not regressions introduced by the upgrade.

Key changes (5)
  • OPA eval errors no longer silently drop resources — failures now surface instead of producing false negatives
  • Namespace filter now correctly preserves cluster-scoped resource results when --include-namespaces is set
  • CVE exception matching is now case-insensitive, fixing missed exceptions on lowercase CVE IDs
  • Helm value overrides can now be passed through kubescape scan, and Kustomize directories with Helm dependencies render correctly
  • Raw scan request bodies are no longer logged, and concurrent exception file writes get unique temp files per request
Source

wasmCloud

Orchestration & ManagementMay 1, 2026

A maintenance release focused on operator reliability, NATS subscription readiness, and security dependency bumps — no API changes, but a few fixes matter in production.

  • securityUpgrade to pick up wasmtime security bump and new audit pipeline

    wasmtime was bumped and rustls-pemfile was removed as a dependency in this release. cargo audit has also been wired into CI, meaning future vulnerabilities in the dependency tree will be caught earlier. If you're running 2.0.5 or earlier, upgrade now — there's no reason to stay on an older wasmtime in a Wasm runtime.

  • breakingOperator readiness behavior changed — review your health checks and rollout strategies

    WorkloadDeployment Ready status is now gated on replica availability, not just the existence of a deployment object. If your CI/CD pipelines or monitoring systems check for the Ready condition to gate traffic or proceed with rollouts, they'll now see a more accurate (and potentially longer) 'not ready' window. Verify your rollout wait conditions and alerting thresholds won't false-alarm during normal startup.

  • enhancementNATS subscription readiness fix — relevant if you've seen premature ready signals

    The fix for NATS subscription workload readiness means the host now correctly waits before reporting ready. If you've dealt with race conditions at startup where components tried to subscribe before NATS connections were fully established, this should resolve those. No config changes needed — just upgrade and validate your startup sequence behaves as expected.

Key changes (5)
  • HTTP routing now returns typed RouteError with accurate HTTP status codes instead of generic errors
  • Operator WorkloadDeployment readiness is now gated on actual replica availability, not just deployment creation
  • Fixed workload readiness detection for NATS subscriptions — previously could report ready prematurely
  • wasmtime bumped, rustls-pemfile dropped, and cargo audit added to the CI pipeline for ongoing vulnerability scanning
  • async-nats upgraded to 0.47 and Go runtime upgraded to 1.26
Source

Linkerd

Networking & MessagingMay 1, 2026

A routine edge release dominated by dependency bumps, with two meaningful bug fixes: multicluster service cleanup now respects namespaces, and a CLI gateway API version correction.

  • securityRust TLS stack updated — aws-lc-rs, rustls-webpki, rustls-pki-types all bumped

    Several TLS-adjacent crates were updated in one shot: aws-lc-rs 1.16.3, rustls-webpki 0.103.13, and rustls-pki-types 1.14.1. No CVEs are called out explicitly, but these are the cryptographic underpinnings of Linkerd's mTLS. If you're in a security-sensitive environment, this is a good reason to pull this edge over older ones.

  • breakingKubernetes 1.31 is now the minimum supported version

    The MSKV bump to 1.31 means clusters running 1.30 or older are no longer in the supported envelope. Check your cluster versions before adopting this edge release — if you're still on 1.30, upgrade Kubernetes first or hold on this Linkerd edge.

  • enhancementFix multicluster namespace-scoped service cleanup before upgrading

    If you run Linkerd multicluster and have services spread across multiple namespaces, the previous cleanup logic could operate beyond its intended namespace scope. This fix is a correctness improvement — after upgrading, verify your mirrored services are in the expected state, especially if you've seen unexpected service deletions or stale mirrors in non-default namespaces.

Key changes (6)
  • Multicluster service cleanup logic now correctly scopes to namespaces, preventing cross-namespace service deletion bugs
  • CLI user instructions now reference the correct Gateway API version
  • New Helm value `gateway.healthCheckNodePort` added for gateway deployments
  • Destination controller refactored to use shared-filtering logic
  • Minimum supported Kubernetes version (MSKV) bumped to 1.31
  • Multiple Rust dependency updates: hyper 1.9.0, tokio 1.52.1, aws-lc-rs 1.16.3, rustls-webpki 0.103.13
Source

OpenFeature

CI/CD & App DeliveryApr 30, 2026

flagd core v0.15.5 fixes evaluation correctness bugs in fractional rollouts and JSONLogic and/or operators — teams relying on complex flag targeting rules should upgrade.

  • securityDependency security alerts resolved

    Dependabot security alerts were resolved in this release. No CVEs are called out explicitly, but the dependency updates address known vulnerabilities in transitive deps. Upgrade if you're running flagd in a security-sensitive environment.

  • breakingFractional evaluator fix: upgrade if you use targeting keys

    Null or missing targeting keys in fractional evaluators previously caused undefined behavior. If your flag rules use fractional/percentage rollouts and some users may lack a targeting key (e.g. anonymous users), upgrade to avoid incorrect bucket assignments.

  • breakingJSONLogic and/or bug fix may change evaluation results

    The jsonlogic and/or operator bug could cause flag rules with compound boolean logic to evaluate incorrectly. Review any rules relying on and/or conditions after upgrading — results may change from what you saw in v0.15.4.

Key changes (5)
  • Fractional evaluator now handles missing or null targeting keys without crashing or misbehaving
  • JSONLogic and/or operator bug fixed — compound boolean flag rules evaluate correctly now
  • Custom operator conformance fixes improve spec compliance
  • OTel service name and version can now be overridden correctly
  • Dependabot security alert dependencies updated
Source

Argo

CI/CD & App DeliveryApr 30, 2026

v3.3.9 is a focused patch addressing four bugs — including a panic in ApplicationSet DuckType Generator and a UI crash in pod logs — plus a Go version bump to resolve CVEs.

  • securityUpgrade to patch Go-level CVEs

    The Go runtime was bumped specifically to resolve CVEs. The release notes don't enumerate the exact CVE IDs, but if you're running 3.3.x in production, upgrade to 3.3.9 now rather than waiting for your next maintenance window. All container images are cosign-signed and SLSA Level 3 provenance is available — verify signatures before deploying if your pipeline requires it.

  • breakingApplicationSet DuckType Generator panic is now fixed — review affected ApplicationSets

    If you use DuckType Generators and have clusters with non-string label values, previous versions would silently panic. After upgrading, those ApplicationSets will now process correctly rather than crashing. Do a quick audit of your ApplicationSet resources post-upgrade to confirm they're reconciling as expected — you may see previously-failing sets suddenly become active.

  • enhancementOCI metadata caching restored — expect reduced registry pressure

    The Redis cache for OCI metadata was broken, meaning every OCI source lookup was hitting the registry directly. With this fix, caching works again. If you use OCI-sourced ApplicationSets or Helm charts, you should see reduced latency and fewer registry requests after upgrading. No configuration change needed.

Key changes (5)
  • Fixed panic in ApplicationSet DuckType Generator when encountering non-string values in cluster labels
  • Fixed pod logs viewer UI crash caused by stale container index references
  • Fixed double-delete error on the server side to prevent spurious errors during cleanup operations
  • Fixed OCI metadata put/get to/from Redis cache, restoring proper caching behavior
  • Bumped Go version to patch CVEs in the Go standard library
Source

Open Policy Agent (OPA)

SecurityApr 30, 2026

v1.16.0 brings new URI builtins, Data API metadata support, OTLP metrics export, and critical fixes for log dropping and log buffer eviction bugs introduced in v1.15.x.

  • securityunits.parse_bytes exponent cap prevents timeout bypass

    Extremely large exponent values in units.parse_bytes could be used to cause evaluation timeouts, potentially bypassing policy enforcement. This is fixed in v1.16.0 by capping the exponent size. If your policies accept user-controlled input that gets passed to units.parse_bytes, this fix is directly relevant — upgrade and review any policies that parse byte strings from untrusted sources.

  • breakingUpgrade from v1.15.x immediately — logs are silently dropped

    A BufferedLogger bug in v1.15.x caused bundle download logs, print() debug output, and plugin logs to be dropped after the first flush. This is silent data loss in your observability stack. If you're running v1.15.x in any environment where decision logs or debug output matter, upgrade to v1.16.0 now. Check your log pipeline for gaps if you've been running v1.15.x in production.

  • enhancementUse new uri.parse / uri.is_valid builtins to replace fragile regex-based URL validation

    Many OPA policies today use regex or string manipulation to validate or decompose URLs — a brittle approach. The new uri.parse builtin returns structured RFC 3986 components (scheme, host, path, query, etc.), and uri.is_valid does a clean true/false structural check. If you have policies handling redirect URIs, webhook URLs, or any URL-bearing input, replace your custom parsing logic with these builtins. The structured output makes it easier to write precise, readable rules.

Key changes (5)
  • New uri.parse and uri.is_valid builtins for RFC 3986-compliant URI handling in policy
  • Data API now supports request/response metadata for wrapping projects — custom fields logged under decision log Custom['request_metadata']
  • Prometheus metrics can now be exported via OTLP, unifying observability pipelines
  • Critical fix: v1.15.x dropped logs for bundle downloads, print() calls, and plugin-originated logs — upgrade immediately if on v1.15.x
  • units.parse_bytes exponent size now capped to prevent potential timeout bypass (security hardening)
Source

Vitess

Storage & DataApr 30, 2026

Vitess v24 ships structured JSON logging by default, window function pushdown for sharded keyspaces, OpenTelemetry tracing, and a security fix for backup manifest command injection. 460 PRs merged.

  • securityBackup MANIFEST command injection is now blocked by default

    Prior to v24, an attacker with write access to backup storage could modify the MANIFEST file to inject arbitrary shell commands that VTTablet would execute during restore. This is now blocked — the MANIFEST decompressor field is ignored unless you explicitly pass --external-decompressor-use-manifest. If you're on v23 or earlier, treat backup storage access controls as a security boundary and audit who can write to it.

  • breakingAudit backup restore configs for MANIFEST decompressor

    If your VTTablet restore process relied on the decompressor command stored in backup MANIFESTs (i.e., you never set --external-decompressor but backups still decompressed), restores will silently skip decompression in v24 and likely fail. Add --external-decompressor-use-manifest to your VTTablet config to preserve old behavior, but read the security advisory first: a compromised backup store could execute arbitrary commands on your tablet. Evaluate whether you actually need this or can pass --external-decompressor explicitly instead.

  • breakingRemove deprecated VTOrc API endpoint and metric references

    The /api/replication-analysis endpoint returns 404 in v24 — any monitoring scripts, Grafana dashboards, or alerting rules hitting that URL will break silently or with errors. Switch to /api/detection-analysis (same params, same response format). Also replace DiscoverInstanceTimings with DiscoveryInstanceTimings in dashboards. Do this before deploying v24 to production.

  • enhancementMigrate tracing to OpenTelemetry now, not in v25

    opentracing-jaeger and opentracing-datadog are deprecated in v24 and will be removed in v25. The migration is straightforward: replace --tracer opentracing-jaeger with --tracer opentelemetry, and swap --jaeger-agent-host host:port for --otel-endpoint host:4317. Jaeger v1.35+ accepts OTLP on port 4317 by default. Datadog users should point to the Agent's OTLP ingestion endpoint. Do this upgrade cycle, not the next one.

  • enhancementAdd --cell flag to VTOrc now

    --cell is optional in v24 but becomes required in v25. Multi-cell deployments especially should add it now — startup validation against the topology will catch misconfiguration early, and it unblocks future cross-cell recovery logic in VTOrc. One flag, no downtime, avoids a forced change next release.

Key changes (6)
  • Structured JSON logging is now the default (--log-format=text for human-readable; glog deprecated, removed in v25)
  • Window functions can now push down to shards when PARTITION BY matches a unique vindex — no more forced single-shard routing
  • External decompressor command from backup MANIFEST is ignored by default (security fix); opt-in required via --external-decompressor-use-manifest
  • OpenTracing backends (jaeger, datadog) deprecated; migrate to --tracer opentelemetry before v25
  • VTOrc /api/replication-analysis endpoint and DiscoverInstanceTimings metric removed — update dashboards and scripts now
  • --grpc-send-session-in-streaming flag removed from VTGate; session is always sent in streaming responses
Source

Karmada

Orchestration & ManagementApr 30, 2026

Karmada v1.17.2 is a patch release fixing scheduler misrouting bugs, operator reconciliation failures, and a Job replica assignment error — plus an Alpine base image bump for security.

  • securityRebuild or pull updated images to get the Alpine 3.23.4 base

    The base image was bumped from Alpine 3.23.3 to 3.23.4. If you're running air-gapped or mirrored image setups, make sure to pull and mirror the new v1.17.2 images. Check Alpine's changelog for the specific CVEs addressed if your compliance process requires it.

  • breakingScheduler backoffQ misrouting may have masked real scheduling failures

    Bindings with insufficient cluster replicas were incorrectly queued in backoffQ instead of unschedulableBindings. This means your scheduler may have been retrying workloads on an exponential backoff schedule rather than surfacing them as unschedulable. After upgrading, expect some previously silent failures to become visible in unschedulableBindings — review any workloads that seemed stuck or slow to schedule.

  • enhancementUpgrade if you use karmada-operator with custom tolerations/affinity or multi-cluster Jobs

    Two high-impact fixes landed here: operator-managed deployments were silently ignoring tolerations and affinity configs, which could cause pods to land on unintended nodes. And Job completion counts were being assigned incorrectly across clusters, which could corrupt Job semantics in distributed workloads. Both are straightforward regressions worth patching immediately if either feature is in use.

Key changes (6)
  • karmada-operator now correctly applies tolerations and affinity settings to karmada-aggregated-apiserver and karmada-search deployments
  • Fixed non-idempotent secret creation that caused operator init reconciliation failures on repeated runs
  • Scheduler no longer misroutes bindings with insufficient replicas to backoffQ — they now correctly land in unschedulableBindings
  • Schedule success events with ClusterAffinities now include proper cluster information
  • Job completions are now distributed correctly across clusters instead of being assigned to wrong replicas
  • Base Alpine image bumped from 3.23.3 to 3.23.4 to address security concerns
Source

Karmada

Orchestration & ManagementApr 30, 2026

Karmada v1.16.5 is a focused patch release fixing scheduler queue misrouting, Job replica assignment errors, and operator reconciliation failures, plus an Alpine base image bump.

  • securityAlpine 3.23.4 base image — rebuild and redeploy your Karmada components

    The Alpine bump from 3.23.3 to 3.23.4 addresses upstream security concerns. If you're running custom-built Karmada images or have image scanning in your pipeline, update your base images accordingly. The official images in this release already include the updated base.

  • breakingScheduler queue misrouting causes stalled workloads — patch immediately

    The backoffQ vs unschedulableBindings misrouting bug means workloads with insufficient cluster replicas may have been stuck in the wrong queue, causing unexpected scheduling delays or failures. If you've seen bindings that appear perpetually pending despite enough cluster capacity becoming available, this fix directly addresses that. Upgrade to v1.16.5 and check for any bindings that are stuck — they should reschedule automatically after the upgrade.

  • breakingJob completions were assigned to wrong clusters — review existing Job distributions

    The Job completion replica assignment bug could have led to incorrect work distribution across member clusters. Jobs that ran on this version may have had skewed completion counts per cluster. After upgrading, inspect any multi-cluster Jobs that were scheduled on v1.16.4 to verify their completion semantics were not affected in production.

Key changes (5)
  • karmada-operator: Secret creation made idempotent, fixing init reconciliation failures on retry
  • karmada-scheduler: Bindings with insufficient cluster replicas now correctly land in unschedulableBindings queue instead of backoffQ
  • karmada-scheduler: Schedule success events now include cluster info when using ClusterAffinities
  • Job completions now assigned correctly per cluster instead of being misrouted across replicas
  • Base image updated from alpine:3.23.3 to alpine:3.23.4 for security fixes
Source

Karmada

Orchestration & ManagementApr 30, 2026

Karmada v1.15.8 is a targeted bug-fix patch addressing scheduler queue misrouting, missing cluster info in events, and an operator reconciliation failure. Alpine base image bumped for security.

  • securityRebuild and redeploy to pick up alpine:3.23.4 patches

    The alpine base image bump from 3.23.3 to 3.23.4 addresses unspecified security concerns. If you're running custom Karmada images built from the upstream base, rebuild against the new base. If you're using official images, pulling v1.15.8 is sufficient.

  • breakingScheduler queue misrouting can cause workloads to be stuck — patch immediately

    The backoffQ bug is particularly dangerous in production: when a binding hits insufficient replicas, it gets retried with exponential backoff instead of being placed in unschedulableBindings where it belongs. This means your workloads silently wait longer than expected before rescheduling. If you're running ClusterAffinities with replica constraints, upgrade to v1.15.8 — don't wait on this one.

  • enhancementOperator idempotency fix prevents init reconciliation crashes on restarts

    The non-idempotent secret creation in karmada-operator meant that if the operator restarted mid-initialization, reconciliation would fail. This is now fixed with an idempotent approach. If you've been seeing operator init failures after pod restarts or rolling updates, this patch resolves the root cause.

Key changes (4)
  • karmada-operator: Fixed non-idempotent secret creation that caused init reconciliation failures on retry
  • karmada-scheduler: Schedule success events now include cluster information when using ClusterAffinities
  • karmada-scheduler: Bindings with insufficient cluster replicas now correctly land in unschedulableBindings queue instead of backoffQ
  • Base image updated from alpine:3.23.3 to alpine:3.23.4 to address security concerns
Source

containerd

Kubernetes CoreApr 30, 2026

containerd API v1.11.0 ships a new shim bootstrap protocol, container filesystem copy transfer types, and sandbox spec field support — aligning with the containerd 2.3 runtime release.

  • securitygRPC updated from v1.59.0 to v1.79.3 — multiple CVE fixes included

    A 20-minor-version jump in gRPC covers a significant span of security and stability fixes. If your environment pins or vendors gRPC separately, reconcile your dependency tree against v1.79.3. The golang.org/x/* packages also moved forward across the board, so a full dependency audit is warranted before deploying this API version in production.

  • breakingSandbox API: Container field removed, update any sandbox metadata consumers

    The Container field has been dropped from sandbox metadata and replaced with a spec field. If you have tooling, controllers, or custom runtimes that read or write sandbox metadata directly, audit them now. This is an API-level change — anything compiled against the old proto definitions will break at runtime when targeting containerd 2.3.

  • breakingShim bootstrap protocol is now protobuf — custom shim implementations need updating

    The new shim bootstrap protocol switches from JSON to protobuf and uses enums instead of strings for capabilities and log levels. If you maintain a custom shim or vendor the containerd API, you must update your bootstrap handling before deploying containerd 2.3. Third-party shims (e.g., kata-containers, nydus) likely need corresponding releases — check their compatibility before upgrading.

Key changes (6)
  • New shim bootstrap protocol introduced: uses protobuf (not JSON), enums for capabilities/log levels, and includes containerd version at shim launch
  • Shim socket directory now uses the configured state directory instead of a hardcoded path
  • Transfer API gains new types for container filesystem copy operations
  • Sandbox API updated: Container field removed, spec field added to sandbox metadata
  • EROFS native container image support extended with os.features field in platform proto
  • gRPC dependency jumped from v1.59.0 to v1.79.3; protobuf toolchain migrated from protobuild to buf
Source

KServe

AI & MLApr 29, 2026

KServe v0.18.0 is a large release dominated by LLMInferenceService (llmisvc) maturation, two CVE fixes, and multi-node inference groundwork—teams running LLM workloads should review carefully before upgrading.

  • securityApply immediately: three CVE fixes in this release

    CVE-2026-32597 (PyJWT critical header bypass), CVE-2026-33186 (gRPC authorization bypass), and CVE-2026-30922 (pyasn1 DoS) are all patched here. If you're running KServe with gRPC inference endpoints or Python-based runtimes exposed externally, these are not optional. Upgrade to v0.18.0 or apply the patches to your current version. The gRPC bypass in particular could allow unauthenticated requests to reach protected inference endpoints.

  • breakingPYTHONPATH is now blocked in webhooks—audit your ServingRuntimes

    A new webhook validation blocks PYTHONPATH from being set in InferenceService or ServingRuntime specs. If any of your custom ServingRuntimes or ISVCs set PYTHONPATH (a common pattern for custom Python module paths), they will be rejected at admission after this upgrade. Audit all your ServingRuntime and ISVC manifests before upgrading and remove or replace PYTHONPATH usage.

  • breakingHelm chart renamed to 'kserve-resources'—update your Helm releases

    The KServe Helm chart name changed from 'kserve' to 'kserve-resources'. If you manage KServe via Helm, a naive upgrade will not find the old release name. Plan a migration: either rename the existing Helm release or uninstall/reinstall. CI pipelines, GitOps configs, and any tooling referencing the chart name need updating before you run the upgrade.

  • enhancementLLMInferenceService autoscaling is production-ready—evaluate for LLM workloads

    v0.18.0 ships KEDA/HPA and WVA-based autoscaling for LLMInferenceService, plus LWS as an autoscaling target for multi-node workloads. If you're running vLLM-backed inference at scale and hitting manual scaling pain, now is a good time to test llmisvc autoscaling in staging. The WVA dependency was bumped to v0.6.0-rc3, so treat it as near-stable but not fully GA.

Key changes (5)
  • Two CVEs patched: PyJWT critical-header validation (CVE-2026-32597), gRPC authorization bypass (CVE-2026-33186), and pyasn1 DoS (CVE-2026-30922)—security fixes affect Python serving runtimes and gRPC paths
  • LLMInferenceService gains autoscaling via KEDA/HPA/WVA, LWS multi-node autoscaling target, TLS support, storage migration, and InferencePool readiness evaluation
  • PYTHONPATH env var is now blocked in ISVC and ServingRuntime webhooks—any serving runtime injecting PYTHONPATH will fail admission
  • Namespace-scoped ModelCache added, with download jobs running in the job namespace
  • Helm chart renamed from 'kserve' to 'kserve-resources'; vLLM bumped to 0.19.0, MLServer to 1.7.1
Source

Kyverno

SecurityApr 29, 2026

Kyverno 1.18 hardens HTTP context security with blocklist enforcement and scoped tokens, fixes multiple image verification bugs including a silent bypass, and expands CLI policy testing coverage.

  • securityAudit HTTP context policies before upgrading — blocklist is now enforced

    Any policy using HTTP context loading will now be subject to a configurable blocklist. Calls that previously succeeded might be blocked after upgrade. Before rolling out 1.18, inventory all policies with HTTP context entries, verify their target URLs are not on the default blocklist, and configure FLAG_HTTP_BLOCKLIST overrides where needed. Also check that scoped token authorization doesn't break policies relying on broader token access. Test in a non-production cluster first.

  • securityImage verification silent bypass is patched — verify your policies are actually enforcing

    A bug in processResourceWithPatches caused it to return nil on patch failure, which silently skipped image verification. If you've been running image verification policies and assumed they were enforcing, run a retroactive compliance scan after upgrading to confirm enforcement was working as expected. Also check the CVE fixes: CVE-2026-32280 (intermediate cert limiting) and CVE-2026-32283 (Go toolchain upgrade) are included in this release and warrant upgrading promptly.

  • enhancementUse successEventActions to reduce event spam in large clusters

    High-traffic clusters with broad Kyverno policies generate enormous volumes of success events, which can overwhelm etcd and make event streams useless. The new successEventActions ConfigMap parameter lets you filter exactly which success events get emitted. Add this to your Kyverno ConfigMap after upgrading and tune it based on which policy actions actually need visibility. Pairs well with the existing omitEvents setting — watch out for the new warning if you configure conflicting values.

Key changes (5)
  • HTTP context calls now enforce a configurable blocklist and use scoped tokens — policies making external HTTP calls need review against new security constraints
  • imageRegistryCredentials can now reference namespaced secrets and pod-level imagePullSecrets, removing a long-standing limitation for multi-tenant image verification setups
  • Silent image verification bypass fixed: processResourceWithPatches was returning nil on patch failure, allowing images to slip through unverified
  • successEventActions ConfigMap parameter lets you filter which success events Kyverno emits, useful for high-volume clusters drowning in event noise
  • CLI now supports cleanup policies, HTTP/Envoy authz policies, and mutateExisting in kyverno apply and kyverno test — CI pipelines can finally test these policy types offline
Source

Microcks

CI/CD & App DeliveryApr 29, 2026

Microcks 1.14.0 adds Kafka request-reply for async mocking and expands Callback/Sync-to-Async support across REST, gRPC, and the UI. A bug fix prevents HTTP method mutation on mocked operations.

  • securityRebuild custom images on updated UBI9 base

    The base image bumps to UBI9 9.7-1776833838. If you build custom Microcks images on top of the official one, rebuild and re-test after upgrading to pick up the upstream OS patches included in this UBI update.

  • breakingVerify REST mock routing after operation method fix

    The fix for issue #2028 prevents the operation HTTP method from being overridden — a subtle bug that could cause mocks to respond incorrectly if the method was being mutated. Verify any existing REST mocks that rely on method-specific routing to confirm they behave as expected after upgrade.

  • enhancementAdopt Kafka request-reply for async testing

    Kafka async mocks now support request-reply semantics. If your team uses Microcks to mock event-driven services over Kafka, this unlocks proper two-way interaction testing without external tooling. Review the updated API for Callback and Sync-to-Async support alongside the new triggers UI before migrating existing Kafka mock setups.

Key changes (5)
  • Kafka async mocks now support request-reply pattern (previously only fire-and-forget was possible)
  • Callback and Sync-to-Async API updated; triggers info now visible in UI and usable as a second artifact
  • gRPC mocks gain triggers support
  • Operation HTTP method is no longer overridable (bug fix, #2028)
  • UBI9 base image updated to 9.7-1776833838; Angular bumped to 19.2.20; context propagation added with X-Trace-Id header support
Source

SPIRE

SecurityApr 27, 2026

SPIRE v1.14.6 patches two critical security vulnerabilities in node attestation: an EC2 instance impersonation flaw and a race condition in join token validation.

  • securityUpgrade immediately if using aws_iid node attestation

    The aws_iid bug is severe: any EC2 instance under attacker control could forge the identity of any other EC2 instance during attestation, bypassing all downstream SPIFFE ID assignment and workload authorization. If you use aws_iid attestation in any environment, treat this as a critical breach risk and upgrade to v1.14.6 now. After upgrading, audit your node attestation logs for anomalous registrations — specifically instances claiming identities inconsistent with their actual AWS metadata.

  • securityJoin token race condition allows double-registration — patch now

    The TOCTOU flaw means two concurrent requests with the same join token could both complete attestation successfully, resulting in two agents registered under one token. If join tokens are distributed in automated pipelines or ephemeral environments, an attacker who intercepts a token could race a legitimate agent to claim it. Upgrade to v1.14.6, then review your join token issuance and revocation policies. Consider switching to shorter-lived tokens or alternative attestation methods like x509pop for sensitive workloads.

Key changes (3)
  • Fixed aws_iid attestor: PKCS7 signature was verified against embedded content, but identity was parsed from an attacker-controlled field — allowing any EC2 instance to impersonate any other.
  • Fixed join token TOCTOU race: concurrent attestations with the same token could both succeed due to silent no-op deletes. Now uses row-locked read-modify-write transactions.
  • Both vulnerabilities reported by Tianshuo Han.
Source

SPIRE

SecurityApr 27, 2026

v1.13.6 patches two serious security vulnerabilities in SPIRE: an EC2 instance impersonation flaw in the AWS IID attestor and a race condition in join token handling. Upgrade immediately.

  • securityUpgrade now if you use AWS IID node attestation

    The AWS IID attestor vulnerability is severe: any attacker controlling an EC2 instance could forge the identity of any other EC2 instance in your environment during node attestation. All downstream RBAC, SVID issuance, and workload identity decisions would operate on the forged identity. If you run SPIRE with the aws_iid server plugin, treat this as a critical incident — patch to v1.13.6 before doing anything else. Review your SPIRE server logs for unexpected node attestation events from EC2 instances, especially cross-account or cross-region patterns.

  • securityAudit join token usage if you allow concurrent agent bootstrapping

    The TOCTOU bug in join token handling means two agents racing to attest with the same token could both succeed — violating the one-time-use guarantee. In practice this could allow unauthorized agents to join your trust domain. After upgrading, rotate any join tokens that may have been used during periods of concurrent agent bootstrapping. If you use join tokens in automation (e.g., init containers, CI pipelines), review whether parallel execution could have triggered this race.

Key changes (3)
  • Fixed AWS IID attestor bug where PKCS7 signature was verified against embedded content but identity was parsed from an attacker-controlled field — enabling full EC2 impersonation during node attestation
  • Fixed TOCTOU race in join token attestation: concurrent requests with the same token could both succeed; now enforced via read-modify-write transaction with row locking
  • Both vulnerabilities reported by Tianshuo Han; no new features or other changes in this release
Source

NATS

Networking & MessagingApr 27, 2026

NATS v2.12.8 is a substantial bug-fix release targeting JetStream stability — particularly clustered stream/consumer reliability, Raft edge cases, and a bearer JWT disclosure vulnerability in the monitoring API.

  • securityPatch immediately: /connz was leaking bearer JWTs

    Any deployment using JWT-based auth with the monitoring endpoint exposed (even internally) was potentially leaking bearer tokens in /connz responses. Rotate any JWTs that may have been exposed, audit monitoring endpoint access logs, and upgrade to v2.12.8 now. If you can't upgrade immediately, restrict /connz access via firewall or NATS monitoring auth.

  • securityCLI argument secrets now redacted in monitoring

    Route and cluster URLs passed as CLI arguments (which often contain credentials) were previously visible in monitoring output. Upgrade to v2.12.8 and review any monitoring dashboards or log aggregation pipelines that may have captured this data historically.

  • enhancementJetStream cluster operators: test your scaling and recovery paths

    This release fixes several nasty edge cases — stream leader catch-up from snapshots, Raft commit index resets on term mismatches, in-flight assignment visibility for stream/consumer info, and the 'last sequence mismatch' error from failed proposals. If you've been seeing any of these intermittent errors in clustered JetStream, v2.12.8 is a high-priority upgrade. After upgrading, monitor for reduced error rates in stream info and consumer info endpoints during scaling operations.

Key changes (5)
  • Bearer JWTs no longer exposed via the /connz monitoring endpoint — direct security fix requiring immediate attention
  • Route and cluster URL secrets are now redacted when passed as CLI arguments
  • Multiple JetStream panic fixes: consumer pause endpoint, scaling after stream update, and legacy Raft snapshot recovery
  • Stream sourcing duplicate message bug resolved for leafnode reconnection and proposal error scenarios
  • Consumer starting sequence scan is now async, removing a metalayer pause that could cause latency spikes
Source

NATS

Networking & MessagingApr 27, 2026

NATS v2.11.17 is a security and stability patch addressing JWT bearer token exposure in monitoring endpoints, credential redaction gaps, and several crash/correctness bugs.

  • securityPatch immediately: /connz was leaking bearer JWTs

    Any operator exposing the NATS monitoring port (default 8222) to internal or external networks should treat this as urgent. Bearer tokens visible in /connz could be harvested and replayed. Rotate any JWTs that may have been exposed, audit who had access to your monitoring endpoints, and upgrade to 2.11.17 now. If you cannot upgrade immediately, firewall the monitoring port.

  • securityCLI-embedded secrets were visible in monitoring output

    If your NATS deployment passes route or cluster URLs with embedded credentials as command-line arguments, those secrets were previously visible in monitoring output. Audit your monitoring data for any historical exposure, rotate affected credentials, and upgrade. Long-term, prefer config files or environment-based secret injection over CLI arguments.

  • breakingRepeated CONNECT behavior change may affect edge-case clients

    The fix for repeated CONNECT messages clearing subscriptions changes previously tolerated (but incorrect) behavior. Custom clients or unusual connection patterns that send multiple CONNECT messages on the same connection could see subscriptions unexpectedly dropped. Audit any non-standard client code before upgrading in production.

Key changes (5)
  • Bearer JWTs no longer exposed via the /connz monitoring endpoint — this was a credential leak
  • Route and cluster URL secrets passed as CLI args are now redacted in monitoring output
  • Repeated CONNECT messages on a connection now correctly clear subscriptions, preventing stale state
  • JWT claims spanning midnight now validate correctly — edge case that could silently break auth
  • Fixed a panic during leafnode compression negotiation and a header mutation bug affecting message buffers
Source

Prometheus

ObservabilityApr 27, 2026

Prometheus v3.11.3 patches three security vulnerabilities: a credential leak, a DoS vector via malformed snappy payloads, and a stored XSS in the classic UI.

  • securityRotate AzureAD client secrets if /-/config was accessible

    If you use AzureAD remote write and the /-/config endpoint was reachable by anyone other than trusted admins, treat your client_secret as compromised. Rotate it in Azure AD immediately, then upgrade to v3.11.3. Also audit who has access to that endpoint — it should never be public-facing.

  • securityUpgrade immediately if remote-read is enabled and exposed

    The snappy decode vulnerability lets an attacker send a crafted request with an inflated declared length, potentially exhausting memory. If your Prometheus remote-read endpoint is reachable from outside your trust boundary, this is a real DoS risk. Upgrade to v3.11.3 as soon as possible — there's no config-level workaround short of disabling remote-read entirely.

  • securityAssess XSS exposure if you still run the classic UI

    The stored XSS in the old UI heatmap affects any deployment where users can influence label values (e.g., via instrumented applications) and other users view those charts. If you've already migrated to the new UI, you're not affected. If you haven't, upgrade now — or at minimum restrict UI access to trusted users until you do.

Key changes (3)
  • CVE-2026-42151: AzureAD OAuth client_secret was exposed in plaintext through the /-/config endpoint
  • CVE-2026-42154: Remote-read now rejects snappy-compressed requests where declared decoded length exceeds the configured limit, closing a potential DoS vector
  • Stored XSS fixed in the old/classic UI heatmap chart — unescaped 'le' label values in tick labels were the injection point
Source

OpenFGA

SecurityApr 27, 2026

v1.15.0 brings latency improvements for complex authorization models via edge pruning, fixes a cache bug in the experimental weighted graph checker, and patches Go stdlib CVEs by upgrading to Go 1.26.2.

  • securityUpdate immediately to patch Go stdlib vulnerabilities

    This release ships Go 1.26.2, which addresses vulnerabilities in the Go standard library. If you run OpenFGA as a managed binary or container, pull the new image now. If you build from source, ensure your toolchain matches. Don't wait on this — stdlib vulns can affect TLS, HTTP parsing, and crypto paths that OpenFGA relies on.

  • enhancementRe-benchmark list objects performance on complex models

    Edge pruning in the list objects pipeline cuts unnecessary graph traversal. If your authorization model has deep or wide relationship graphs, you should see reduced p99 latency on ListObjects calls. Run your existing load tests against v1.15.0 and compare — this is a free win that requires no config changes.

  • enhancementRe-evaluate weighted_graph_check cache behavior if you hit cold-start issues

    The experimental weighted_graph_check feature was silently skipping its cache on cold start or when the cache controller was disabled, which could explain unexpected latency spikes early in pod lifecycle. The fix aligns behavior with the documented contract: zero invalidation time means use the cache. If you're using this experimental feature, test it again — behavior will differ from what you may have measured before.

Key changes (3)
  • Edge pruning added to list objects pipeline — measurable latency reduction for large, complex authorization models
  • Fixed weighted_graph_check cache being incorrectly bypassed when cache controller returns zero invalidation time (cold start or disabled state)
  • Go toolchain bumped to 1.26.2 to address Go standard library security vulnerabilities
Source

Prometheus

ObservabilityApr 27, 2026

Prometheus v3.5.3 is a security-only release patching four vulnerabilities: credential exposure, two snappy decompression bombs, and a stored XSS in the legacy UI.

  • securityRotate AzureAD client_secret immediately if /-/config was exposed

    Any Prometheus instance using AzureAD remote write had its OAuth client_secret visible in plaintext at the /-/config endpoint. If that endpoint was reachable by untrusted users or scraped by monitoring tools, treat the secret as compromised. Rotate it in Azure AD, update your Prometheus config, and then upgrade to v3.5.3. After upgrading, restrict /-/config access via --web.enable-admin-api controls or a reverse proxy allowlist.

  • securityUpgrade now if you accept remote-read or remote-write from untrusted sources

    Both remote-read and remote-write endpoints were vulnerable to decompression bomb attacks — a crafted snappy request with an inflated declared size could exhaust memory. If your Prometheus is internet-facing or accepts data from multiple tenants, this is a denial-of-service risk. Upgrade to v3.5.3 immediately. There is no config-level workaround; the fix is in the code.

  • securityPatch stored XSS if anyone uses the legacy UI with untrusted label values

    The old UI heatmap rendered 'le' label values without escaping, allowing stored XSS. If your users browse the legacy UI and your metrics include 'le' labels sourced from external or user-controlled systems, malicious JavaScript could execute in their browsers. Upgrade to v3.5.3. As a short-term measure, direct users to the new UI instead.

Key changes (4)
  • CVE-2026-42151: AzureAD OAuth client_secret leaked in plaintext via /-/config endpoint
  • CVE-2026-42154: Remote-read snappy decompression bomb — oversized declared decode length now rejected
  • Remote-write snappy decompression bomb fixed with same decode limit enforcement (no separate CVE listed)
  • Stored XSS via unescaped 'le' label values in legacy UI heatmap tick labels (GHSA-fw8g-cg8f-9j28)
Source

Flatcar Container Linux

Provisioning & RuntimeApr 27, 2026

A large security maintenance release for the LTS channel: kernel jumps from 6.6.107 to 6.6.127 and closes hundreds of CVEs accumulated since the last LTS point release, plus a ca-certificates update and a local dev fix for arm64 Macs.

  • securityApply the kernel update promptly — large CVE backlog closed

    This release rolls up roughly 20 kernel point releases (6.6.107 through 6.6.127), closing several hundred CVEs accumulated over that span. Treat this as a mandatory patch cycle rather than a routine bump — teams on 4081.3.6 or earlier have been running with months of unpatched kernel CVEs, some of which affect networking, filesystems, and memory management subsystems commonly hit in container workloads. Roll this out to fleets on the LTS channel as soon as your update ring allows.

  • enhancementVerify TLS trust chains after ca-certificates 3.116→3.122 jump

    ca-certificates jumped from 3.116 to 3.122, spanning multiple NSS releases. If you pin or vendor CA bundles separately from the OS image, check for any removed or distrusted root certificates in that range that could break TLS validation for internal services or older endpoints.

  • enhancementFaster local VM testing on Apple Silicon

    The QEMU launcher script now enables HVF acceleration on arm64 Macs (Flatcar#1901). If you develop or test Flatcar images locally on Apple Silicon, update your local scripts/tooling to pick this up — VM boot and test cycles should be noticeably faster.

Key changes (5)
  • Linux kernel updated from 6.6.107 to 6.6.127, bundling ~20 stable kernel releases
  • Several hundred CVEs patched in this single release, spanning 2023–2026 disclosures
  • ca-certificates updated from 3.116 to 3.122 (multiple NSS releases bundled)
  • QEMU launcher script fix adds HVF acceleration for arm64 Macs, improving local VM performance
  • No new features or config-breaking changes — this is a maintenance/security rollup
Source

Flatcar Container Linux

Provisioning & RuntimeApr 27, 2026

Flatcar stable-4593.2.0 is a large security + infrastructure release: 150+ kernel CVEs patched, openssh/openssl/curl/intel-microcode updated, and significant initrd/partition layout changes that need attention before upgrading.

  • securityMass CVE remediation across kernel and userspace — update now

    Linux kernel patches cover 150+ CVEs, and userspace components (openssh 10.2_p1, openssl 3.5.4, curl 8.16.0, intel-microcode, gnupg, pam) each carry their own CVE fixes. This is a large security catch-up from Stable 4459.2.4. Any Flatcar node on stable should be updated promptly — the auto-update mechanism will handle it, but verify nodes are actually cycling through updates if you have update pauses configured.

  • breakingsshd now uses OpenSSH upstream defaults including post-quantum key exchange

    sshd_config no longer hard-codes Ciphers, MACs, and KexAlgorithms; OpenSSH upstream defaults now apply, which includes post-quantum key exchange. If your environment requires specific legacy algorithms (e.g., for compliance tooling or older SSH clients), add drop-in config to /etc/ssh/sshd_config.d/ before upgrading. Test SSH connectivity after the update in a non-prod node first.

  • breakingPartition layout changed; kernel module availability in first-stage initrd is reduced

    Partition sizes have grown: /boot to 1 GB, /usr to 2 GB, /oem to 1 GB. Existing nodes can still update, but new disk images will use the larger layout. If you have tight disk quotas, pre-provision or verify disk images have room. Also, the kernel+initrd on /boot is now half the size due to a two-stage initrd split — if any required drivers were only in the first-stage initrd, you may see boot issues. Report regressions to the Flatcar team immediately.

Key changes (6)
  • Linux kernel updated to 6.12.81 with 150+ CVEs patched across the kernel alone
  • openssh updated to 10.2_p1 with sshd now using upstream defaults — post-quantum key exchange enabled by default, legacy cipher config removed
  • intel-microcode updated with 14 CVE fixes covering side-channel and information-disclosure issues on Intel hardware
  • Two-stage initrd introduced: first stage is minimal (smaller /boot footprint), full initrd runs second; custom kernel module builds now use upstream kernel method instead of Ubuntu-style approach
  • Partition sizes increased for /boot, /usr, and /oem; Ignition OEM config loading and PXE OEM customization fixed after earlier initrd rework broke them
  • SSSD/LDAP authentication restored — PAM sssd support and LDB modules were missing after a prior Samba update
Source

wasmCloud

Orchestration & ManagementApr 24, 2026

Patch release upgrading to Wasmtime 44 and fixing a pooling allocator crash, plus new glibc builds for GPU workloads on Linux.

  • securityUpgrade if you hit pooling allocator crashes — the fix prevents silent failures

    The pooling allocator was being enabled without checking whether the host hardware actually supports it, which could cause runtime crashes or unpredictable memory behavior. If you've seen wash-runtime instability on certain host types, this fix directly addresses that. Upgrade and monitor memory allocation behavior post-deploy.

  • breakingTest Wasmtime 44 upgrade in staging before rolling to production

    Wasmtime 44 is a major version bump for the underlying runtime. While wasmCloud wraps it, Wasmtime releases frequently carry behavior changes in memory handling, WASI interfaces, or component model semantics. Validate your component workloads in a non-production environment before upgrading clusters.

  • enhancementGPU workloads on Linux now have proper glibc builds — start testing if relevant

    If you're running or planning wasmCloud workloads that touch GPU features on Linux, the new glibc builds resolve compatibility issues with standard Linux distributions that expect dynamically linked runtimes. Pull the new artifacts and validate against your target GPU host environment.

Key changes (4)
  • Wasmtime runtime upgraded to version 44
  • Pooling allocator is now probed for hardware support before being enabled, preventing crashes on unsupported systems
  • New glibc-linked builds added for Linux systems requiring GPU feature support
  • Minor patch with no API or configuration breaking changes
Source

Linkerd

Networking & MessagingApr 24, 2026

Maintenance-heavy edge release with OpenSSL/rustls security bumps, a policy admission fix for Gateway routes, and a more robust annotation-to-metric-label conversion in the injector.

  • securityPick up OpenSSL and rustls-webpki patches now

    Two OpenSSL crate bumps landed in this release, plus a rustls-webpki update. These sit in the proxy's TLS stack. If you're running any Linkerd edge build in a security-sensitive environment, upgrade to edge-26.4.4 to get the patched cryptographic dependencies rather than waiting for the next stable.

  • breakingVerify Gateway route policies after the admission webhook fix

    The admission webhook previously ran full validation on Gateway routes even when they contained fields Linkerd doesn't support, causing legitimate routes to be rejected. That's fixed now — but if you worked around this by restructuring routes, review whether those workarounds are still needed or are now masking misconfigurations.

  • enhancementTest chart override behavior if you use custom install values

    The fix to apply overrides to chart values on install closes a gap where certain Helm value overrides weren't being applied. If you have installation automation that relies on specific override patterns, run a dry-run install against this version to confirm the resulting values match expectations before rolling to production.

Key changes (5)
  • OpenSSL crates bumped twice (0.10.76→0.10.78) and rustls-webpki updated — relevant for Rust-based proxy TLS surface
  • Policy admission webhook now skips validation for Gateway routes with unsupported fields, preventing false rejections
  • Injector uses more robust logic to convert annotations to metric labels, reducing edge-case label corruption
  • Chart install now applies overrides to chart values correctly, fixing a long-standing install customization gap
  • proxy-init updated to v2.4.8 and cni-plugin to v1.6.7 alongside proxy v2.350.0
Source

Envoy

Networking & MessagingApr 23, 2026

Envoy v1.38 is a massive release with several breaking changes requiring immediate action — RSA key usage enforcement, BoringSSL build flag changes, and tcp_proxy config validation are the top priorities before upgrading.

  • securityPatch CVE-2026-27135 by upgrading to v1.38

    This release includes the nghttp2 patch for CVE-2026-27135, which affects HTTP/2 header field handling. If you're running Envoy as an HTTP/2 gateway or proxy, this is a direct exposure. Prioritize upgrading clusters that terminate or proxy HTTP/2 traffic. RBAC header matcher also received a fix preventing concatenation-based bypass attacks — another reason to treat this upgrade as security-relevant.

  • breakingAudit TLS configs before upgrading — RSA key usage now enforced

    enforce_rsa_key_usage defaults to true starting this release and will be removed entirely next release, making it permanent. Any upstream TLS connection where the certificate's key usage doesn't match the negotiated cipher will be rejected. Before upgrading, audit your upstream certificate configurations. Test in staging first — silent failures in prod will be connection resets, not helpful error messages.

  • breakingUpdate BoringSSL FIPS build pipelines before building v1.38

    The --define=boringssl=fips Bazel flag is gone. CI/CD pipelines or Dockerfiles that build Envoy with FIPS mode will fail silently or error out. Replace with --config=boringssl-fips. If you're consuming official binaries rather than building from source, this doesn't affect you directly, but verify your supply-chain tooling if you maintain custom builds.

  • enhancementOpenTelemetry metrics over HTTP — drop the collector sidecar

    The OTel stat sink can now push metrics directly via OTLP/HTTP without requiring a collector sidecar. If you're running otel-collector as a DaemonSet purely for Envoy metrics forwarding, you can simplify that architecture. Evaluate whether direct OTLP/HTTP export to your backend (Grafana Cloud, Honeycomb, etc.) reduces operational overhead in your environment.

Key changes (6)
  • enforce_rsa_key_usage now defaults to true on upstream TLS contexts — connections using mismatched RSA key usage will fail
  • BoringSSL FIPS build flag changed from --define=boringssl=fips to --config=boringssl-fips, breaking existing build pipelines
  • tcp_proxy requires explicit max_early_data_bytes for non-IMMEDIATE upstream_connect_mode, failing validation at startup if missing
  • CVE-2026-27135 patched in nghttp2 HTTP/2 header handling
  • OAuth2 token encryption is now on by default; opt-out requires explicit disable_token_encryption flag
  • Dynamic modules gain significant new extension points including tracers, TLS validators, and custom LB policies with ABI forward-compatibility to v1.39
Source

Kyverno

SecurityApr 23, 2026

v1.16.4 is a security-focused patch release addressing 15+ CVEs across Kyverno's dependency chain, plus a critical behavioral change that disables HTTP in namespaced policies by default.

  • securityUpgrade immediately — 15+ CVEs patched, including supply chain components

    This release patches CVEs across sigstore/rekor, go-tuf, docker/cli, Go stdlib, and Kyverno's own code. Several of these touch the image verification and policy fetch paths. If you're running any image signing workflows with Kyverno, the rekor and go-tuf bumps are directly relevant. Plan an upgrade in your next maintenance window — do not wait for the next major cycle.

  • breakingHTTP disabled by default in namespaced policies (CVE-2026-4789) — test before upgrading

    Namespaced policies that fetch external data over plain HTTP will silently stop working after this upgrade. If you use URL context sources or external data fetches in namespaced ClusterPolicy or Policy resources, audit them for HTTP (non-HTTPS) endpoints before upgrading. This is a security hardening change, but it will break existing policies that relied on insecure endpoints. Switch those endpoints to HTTPS or migrate to HTTPS-capable data sources first.

  • breakingRestricted ConfigMap access for namespaced policies — RBAC may need review

    Namespaced policies now have reduced ConfigMap access scope. If your policies rely on reading ConfigMaps outside their namespace for context or configuration, those reads will fail post-upgrade. Review your policy definitions for cross-namespace ConfigMap references and adjust either the policy logic or the access grants accordingly before rolling out this version.

Key changes (5)
  • CVE-2026-4789: HTTP disabled by default in namespaced policies — this is a behavioral change, not just a dep bump
  • Namespaced policies now have restricted ConfigMap access, tightening the blast radius of compromised policy controllers
  • Scoped token used for request authorization, replacing broader token usage in policy evaluation
  • forEach mutation panic fixed — previously could crash the engine on certain mutate rule configurations
  • Dependency CVEs resolved: docker/cli, sigstore/rekor, go-tuf/v2, stdlib, and others updated
Source

Kyverno

SecurityApr 23, 2026

v1.17.2 is a security-heavy patch release addressing multiple CVEs and fixing critical bugs in MutatingPolicy, ValidatingPolicy, webhook reconciliation, and namespaced policy handling.

  • securityUpgrade immediately — 6+ CVEs fixed in this release

    This release patches at least six CVEs across dependencies and Go stdlib, plus CVE-2026-4789 which disables HTTP in namespaced policies by default. If you run namespaced policies that rely on HTTP-based external data sources or webhooks, audit those configurations before upgrading — they will stop working silently. Upgrade path: update your Helm chart or manifests to v1.17.2 and validate policy behavior in a staging environment first.

  • breakingNamespaced policies: HTTP disabled and ConfigMap access restricted

    Two separate hardening changes affect namespaced policies. HTTP is now disabled by default (CVE-2026-4789), and ConfigMap access has been scoped down. If your namespaced policies fetch context from HTTP endpoints or read ConfigMaps outside their namespace, those policies will fail silently or error post-upgrade. Run a dry-run or audit scan against your namespaced policies before deploying to production.

  • enhancementWebhook reconciliation loop fix — reduces controller churn in large clusters

    Inconsistent webhook rule ordering was causing repeated reconciliation loops, which generates excess API server load and noisy controller logs. This is fixed. If you've been seeing constant webhook object churn in your audit logs or elevated kyverno-controller CPU, this release resolves it. No action needed post-upgrade, but worth monitoring controller metrics after rollout to confirm stabilization.

Key changes (5)
  • Multiple CVEs patched: CVE-2026-24051, CVE-2026-15558, CVE-2026-1229, CVE-2026-33186, CVE-2026-34986, CVE-2026-4789 — plus Go stdlib CVE bumps
  • HTTP disabled by default in namespaced policies (CVE-2026-4789) — behavioral change for existing namespaced policy configurations
  • ConfigMap access restricted for namespaced policies — scope reduction to limit blast radius
  • Webhook reconciliation loop fixed: webhooks and webhook rules now maintain consistent ordering to prevent endless reconciliation cycles
  • forEach mutation engine panic prevented, wrong lister for NamespacedGeneratingPolicy on UPDATE fixed, and user info handling added to MutatingPolicy/ValidatingPolicy
Source

CoreDNS

Kubernetes CoreApr 22, 2026

CoreDNS v1.14.3 ships full TSIG verification across all transports, multiple Go security CVE fixes, cache prefetch improvements, and a new forward plugin max_age option — a solid operational hardening release.

  • securityUpgrade immediately for 13 Go CVE fixes and TSIG transport hardening

    Go 1.26.2 in this build addresses 13 CVEs. Beyond the runtime fixes, TSIG verification gaps in DoH, DoH3, QUIC, and gRPC transports are now closed — if you run any of those transports with TSIG, unauthenticated requests could previously slip through. Upgrade to v1.14.3 and verify your TSIG configurations are still valid after the stricter enforcement.

  • breakingDoH oversized GET requests are now rejected — validate your clients

    CoreDNS now rejects oversized dns query parameters in DoH GET requests. Any client sending unusually large DNS-over-HTTPS GET queries will start getting errors. Test your DoH clients against this build in staging before rolling out; most well-behaved clients are unaffected, but custom or non-standard DoH implementations should be checked.

  • enhancementUse max_age in the forward plugin to prevent stale upstream connections

    Long-lived upstream connections can silently degrade or get dropped by middleboxes. The new max_age option in the forward plugin lets you set an absolute connection lifetime. If you've seen sporadic upstream timeouts or resolution failures that resolve themselves, configure max_age to force periodic reconnection — start with something like 30s–5m depending on your upstream stability.

Key changes (5)
  • Full TSIG verification now enforced on DoH, DoH3, QUIC, and gRPC transports — previously these transports lacked complete verification
  • Built with Go 1.26.2, patching 13 CVEs including CVE-2026-32282, CVE-2026-32289, CVE-2026-33810, and others
  • Cache prefetching reworked to release client connections before fetching upstream, preventing connection exhaustion under load
  • New max_age option in the forward plugin enforces absolute connection lifetime, helping with stale upstream connection issues
  • Metrics endpoint now supports optional TLS, and Go runtime metrics can be selectively exported
Source

cert-manager

SecurityApr 21, 2026

Pure security patch: Go runtime bumped to 1.23.9 and vulnerable dependencies updated. No functional changes — upgrade is the only action needed.

  • securityUpgrade to v1.19.5 immediately — this is a pure CVE fix

    The cert-manager team explicitly recommends all users upgrade. The changes are limited to Go runtime and dependency bumps, so there is no functional risk in upgrading. If you are on any v1.19.x release, this is a straight swap with no migration steps. Check your deployment method (Helm, static manifests, OperatorHub) and roll it out to all clusters. Delaying leaves your cert-manager pods running with known vulnerable Go packages.

Key changes (3)
  • Go runtime upgraded from an older 1.23.x to 1.23.9 to address multiple CVEs in the Go toolchain
  • Third-party Go dependencies with reported vulnerabilities bumped to patched versions
  • No API, behavioral, or configuration changes — drop-in replacement for v1.19.x
Source

Contour

Networking & MessagingApr 20, 2026

v1.33.4 is a security-critical patch fixing a Lua code injection CVE in Contour's Cookie Rewriting feature — upgrade immediately, and note the hard Envoy 1.35.0 minimum requirement.

  • securityPatch CVE-2026-41246 immediately — arbitrary code execution risk in shared Envoy

    Any tenant with RBAC permissions to create or modify HTTPProxy resources could inject arbitrary Lua code through a crafted pathRewrite value. In multi-tenant clusters where Envoy is shared infrastructure, this means a compromised or malicious tenant could steal xDS client credentials or deny service to other tenants. Upgrade Contour to v1.33.4 and ensure Envoy is at 1.35.0 or later before deploying. Audit your RBAC policies to limit HTTPProxy write access to trusted principals as a defense-in-depth measure.

  • breakingEnvoy 1.35.0 minimum — verify your Envoy version before upgrading Contour

    This release will not function correctly with Envoy versions older than 1.35.0 due to the new filterContext-based Lua approach. If you manage your own Envoy image or pin versions, upgrade Envoy first. The bundled Envoy in the official manifests is already at v1.35.10, so if you use the standard deployment you're covered — but custom or air-gapped environments need explicit attention here.

  • enhancementReview HTTPProxy RBAC regardless of upgrade timing

    Even after patching, the underlying attack surface is broad write access to HTTPProxy resources. Take this as a signal to tighten RBAC: restrict HTTPProxy creation/modification to platform operators rather than application developers where possible. In high-trust multi-tenant environments this kind of privilege separation is the right long-term control.

Key changes (4)
  • CVE-2026-41246 fixed: Lua code injection via malicious cookieRewritePolicies pathRewrite values could allow arbitrary code execution in Envoy
  • Cookie Rewriting feature redesigned: text/template generation dropped in favor of structured filterContext data passed to a static Lua script
  • Envoy 1.35.0 is now a hard minimum requirement for this release
  • Bundled Envoy bumped to v1.35.10
Source

Contour

Networking & MessagingApr 20, 2026

v1.32.5 is a security patch fixing a Lua code injection vulnerability (CVE-2026-41246) in Contour's Cookie Rewriting feature, plus an Envoy bump to v1.34.14. Upgrade immediately in multi-tenant environments.

  • securityPatch CVE-2026-41246 immediately in multi-tenant clusters

    Any cluster where untrusted users or teams have RBAC permissions to create or modify HTTPProxy resources is directly exposed. An attacker crafts a pathRewrite.value that breaks out of the Lua string context, gaining code execution in Envoy — which runs as shared infrastructure. That means credential theft (xDS client certs) or denial of service for every tenant on the same Envoy instance. Upgrade to v1.32.5 now. While you prepare the upgrade, audit who has create/update rights on HTTPProxy and tighten RBAC to the minimum necessary.

  • breakingReview existing cookieRewritePolicies after upgrade

    The fix adds escaping to pathRewrite.value inputs. Legitimate values with special characters (backslashes, quotes, etc.) will now be escaped before Lua interpolation, which changes runtime behavior. Test any HTTPProxy resources using cookieRewritePolicies[].pathRewrite.value in a staging environment post-upgrade to confirm cookie rewriting still behaves as expected.

  • enhancementEnvoy v1.34.14 is bundled — no separate action needed

    The Envoy bump is included in the Contour image. If you run a managed Envoy deployment alongside Contour, verify your Envoy image is also updated to v1.34.14 to stay consistent with Contour's tested configuration.

Key changes (5)
  • CVE-2026-41246 fixed: Lua code injection via malicious cookieRewritePolicies[].pathRewrite.value in HTTPProxy resources
  • Attackers with HTTPProxy RBAC write access could achieve arbitrary code execution inside the shared Envoy proxy
  • Injected code could exfiltrate Envoy's xDS client credentials or cause DoS for co-located tenants
  • Fix escapes user-provided cookie path rewrite values before Lua interpolation
  • Envoy updated to v1.34.14
Source
← NewerOlder →