RATATOSKRATATOSK
Sign in

Releases

AI-analyzed release notes for CNCF graduated and incubating projects.

Project: LitmusClear ×

Litmus

ObservabilityMay 18, 2026

Litmus 3.29.0 patches a gRPC CVE, fixes duplicate chaos triggers under concurrent reconciles, and adds Prometheus metrics support for experiment observability.

  • securityPatch CVE-2026-33186 by upgrading to 3.29.0 now

    The gRPC library was upgraded to v1.79.3 to fix CVE-2026-33186. If you're running any Litmus version prior to 3.29.0, your control plane is exposed. Upgrade immediately — this isn't a 'schedule it next sprint' situation.

  • breakingVerify event-tracker behavior after the duplicate-trigger fix

    The fix for duplicate chaos experiment triggers under concurrent reconciles changes how the event-tracker handles race conditions. If you rely on the event-tracker for automated chaos injection, test your pipelines post-upgrade to confirm expected trigger counts. Duplicate runs may have been masking gaps in your experiment coverage.

  • enhancementWire up Prometheus metrics to your existing dashboards

    Prometheus metrics are now natively exposed by ChaosCenter. The release includes a getting-started guide and unit tests, so integration is straightforward. Add Litmus as a scrape target and start tracking experiment pass/fail rates, run durations, and infra connectivity — this fills a long-standing observability gap for chaos workflows.

Key changes (5)
  • Security: gRPC bumped to v1.79.3 to address CVE-2026-33186
  • Bug fix: concurrent reconciliation no longer triggers duplicate chaos experiments via the event-tracker
  • New feature: Prometheus metrics added to ChaosCenter for experiment observability, with unit tests and a getting-started guide
  • Bug fix: experiments can now be stopped even when the connected infra is disconnected
  • Bug fix: CronWorkflow run history no longer shows a blank page in the UI
Source

Litmus

ObservabilityApr 15, 2026

Litmus 3.28.0 is a focused maintenance release fixing a probe config leak, a subscriber crash on workflow events, and a Python vulnerability in the frontend base image.

  • securityUpgrade frontend to resolve Python CVE in base image

    The frontend container was running on a ubi8 base image with a Python vulnerability. The fix upgrades it to ubi9. If you run Litmus in environments with strict image scanning policies (e.g., Trivy in CI, ACS, or Prisma), this upgrade will clear those alerts. Pull the 3.28.0 frontend image and redeploy — no config changes needed.

  • breakingProbe config leak fix may change behavior for shared-type probe setups

    If you run multiple probes of the same type in a single experiment, previous releases silently shared stale config between them. The fix now isolates config per probe. Audit any experiments where multiple probes of the same type are defined — if you were unknowingly relying on config bleed-over, results may differ after upgrading.

  • enhancementSubscriber crash fix improves reliability for GitOps and event-driven workflows

    Teams using Litmus in GitOps mode or triggering experiments via Argo Workflow ADD events with ChaosEngine nodes were hitting silent subscriber crashes. After upgrading to 3.28.0, those workflows should resume without manual subscriber restarts. No action required beyond the upgrade, but verify subscriber pod stability post-deploy if you've been seeing unexplained restarts.

Key changes (5)
  • Fixed stale config leak across multiple probes of the same type — this could cause probes to incorrectly inherit config from a previous probe run
  • Subscriber no longer crashes when Workflow ADD events contain ChaosEngine nodes, improving experiment reliability
  • Frontend base image upgraded from ubi8 to ubi9, resolving a known Python vulnerability
  • Fixed image registry bug when editing or cloning experiments in Litmus Checker
  • Canonical added as an official adopter
Source