Argo
v3.3.11CI/CD & App Delivery2026年5月28日
Argo CD v3.3.11 is a routine patch release on the 3.3 branch, bundling six bug fixes and one dependency security update (CVE-2026-41240).
securityPatch dompurify CVE in Argo CD UI
This patch bumps redoc/dompurify to v3.4.0 in the UI to fix CVE-2026-41240. If you run the Argo CD UI, upgrade to v3.3.11 to close this XSS-related dependency vulnerability.
enhancementFixes for controller startup race and nil pointer crash
A race condition could raise an InvalidSpecError during application controller startup, and a nil pointer dereference existed in removeWebookMutation() from gitops-engine. Both are fixed here; upgrade if you've seen spurious spec errors or controller crashes on startup.
主な変更 (5)
- Fixed a race condition causing InvalidSpecError during application controller startup
- Fixed a nil pointer dereference in gitops-engine's removeWebookMutation()
- Fixed label truncation for deletion hook resources
- Bumped redoc/dompurify to v3.4.0 in the UI, fixing CVE-2026-41240
- Removed resourceVersion from server-side diff (ssd) handling