Strimzi
1.0.1Networking & MessagingStrimzi 1.0.1 patches two CVEs and disables cross-namespace Entity Operator watching by default. The v1-only CRD API requirement from 1.0.0 remains enforced — no v1beta2/v1beta1/v1alpha1.
breakingEnable cross-namespace watching explicitly if you use watchedNamespace
If your Kafka CR's Entity Operator section has watchedNamespace set to a namespace different from the Kafka cluster's namespace, the Topic or User Operator will stop watching it after upgrading. Before or immediately after upgrading, set STRIMZI_ENTITY_OPERATOR_WATCHED_NAMESPACE_ENABLED=true in your Cluster Operator deployment. Check all Kafka CRs across namespaces — missing this will silently break topic/user reconciliation.
securityPatch two CVEs — upgrade promptly
CVE-2026-55225 and CVE-2026-55226 are fixed in 1.0.1. Details are in the Strimzi security advisories. Given both are fixed in the same patch release, treat this as a security-motivated upgrade and prioritize it over waiting for a convenient maintenance window.
breakingComplete CRD migration to v1 before upgrading
Strimzi 1.0.1 (like 1.0.0) only accepts v1 CRDs. If you skipped the migration step when moving to 1.0.0, or if you are upgrading from an older release directly, run the CRD conversion procedure documented in the Strimzi 1.0.1 deploying guide before applying the new operator manifests. Applying the operator without converted CRDs will cause reconciliation failures.
主な変更 (4)
- All older CRD API versions (v1beta2, v1beta1, v1alpha1) are dropped — only v1 is supported. CRD conversion must be completed before upgrading.
- Two CVEs patched: CVE-2026-55225 and CVE-2026-55226.
- Entity Operator cross-namespace watching is now disabled by default. A new env var controls it: STRIMZI_ENTITY_OPERATOR_WATCHED_NAMESPACE_ENABLED.
- Teams using watchedNamespace in the Entity Operator section of their Kafka CR (pointing to a different namespace) must explicitly re-enable the feature after upgrading.