RATATOSKRATATOSK
ログイン

リリース

CNCF graduated・incubatingプロジェクトのリリースノートのAI分析。

Backstage

CI/CD & App Delivery2026年4月29日

Backstage v1.50.4 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Microcks

CI/CD & App Delivery2026年4月29日

Microcks 1.14.0 adds Kafka request-reply for async mocking and expands Callback/Sync-to-Async support across REST, gRPC, and the UI. A bug fix prevents HTTP method mutation on mocked operations.

  • securityRebuild custom images on updated UBI9 base

    The base image bumps to UBI9 9.7-1776833838. If you build custom Microcks images on top of the official one, rebuild and re-test after upgrading to pick up the upstream OS patches included in this UBI update.

  • breakingVerify REST mock routing after operation method fix

    The fix for issue #2028 prevents the operation HTTP method from being overridden — a subtle bug that could cause mocks to respond incorrectly if the method was being mutated. Verify any existing REST mocks that rely on method-specific routing to confirm they behave as expected after upgrade.

  • enhancementAdopt Kafka request-reply for async testing

    Kafka async mocks now support request-reply semantics. If your team uses Microcks to mock event-driven services over Kafka, this unlocks proper two-way interaction testing without external tooling. Review the updated API for Callback and Sync-to-Async support alongside the new triggers UI before migrating existing Kafka mock setups.

主な変更 (5)
  • Kafka async mocks now support request-reply pattern (previously only fire-and-forget was possible)
  • Callback and Sync-to-Async API updated; triggers info now visible in UI and usable as a second artifact
  • gRPC mocks gain triggers support
  • Operation HTTP method is no longer overridable (bug fix, #2028)
  • UBI9 base image updated to 9.7-1776833838; Angular bumped to 19.2.20; context propagation added with X-Trace-Id header support
原文

Buildpacks

CI/CD & App Delivery2026年4月22日

Buildpacks v0.40.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年4月22日

Backstage v1.50.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Argo

CI/CD & App Delivery2026年4月21日

Argo CD v3.3.8 is a patch release with six bug fixes targeting core mode syncs, AppSet resource limits, CLI diff accuracy, and informer cache staleness.

  • breakingRefresh behavior changed again — validate your autosync pipelines

    The revert of the informer resync fix means refresh behavior is back to pre-3.3.7 state. If you tuned anything around reduced refresh frequency after upgrading to 3.3.7, re-examine those assumptions. Check autosync event logs to confirm expected behavior before promoting to production.

  • enhancementCore mode users: upgrade immediately to unblock syncs

    The missing server.secretkey bug caused silent sync failures in core mode deployments — a serious operational gap that's easy to miss in monitoring. If you run Argo CD in core mode, this patch is not optional. Upgrade, then verify sync status across all applications post-upgrade.

  • enhancementLarge ApplicationSets now default to 5,000 resource status entries

    If you manage ApplicationSets with hundreds of apps, you may have hit the old resource status count ceiling without realizing it. After upgrading, review any ApplicationSets that showed truncated or missing resource statuses and confirm they now report correctly.

主な変更 (6)
  • Reverted an earlier fix that prevented automatic refreshes from informer resync and status updates — the revert restores previous refresh behavior
  • App controller in core mode no longer fails to sync when server.secretkey is missing
  • AppSet resource status count ceiling raised to 5,000 by default (up from prior limit)
  • CLI app diff/manifests now correctly use DrySource revision when sourceHydrator is active
  • Stale informer cache in RevisionMetadata handler resolved, reducing phantom diff scenarios
  • Autosync event message format reverted to match pre-regression output
原文

Argo

CI/CD & App Delivery2026年4月21日

Argo CD v3.2.10 is a pure bug-fix patch that resolves five regressions, including a critical core-mode sync failure and a stale cache issue in RevisionMetadata.

  • breakingCore-mode deployments: upgrade immediately if apps are stuck out-of-sync

    If you run Argo CD in core mode (no API server) and recently saw apps failing to sync with secret-related errors, the missing server.secretkey bug was silently blocking all syncs. Upgrade to v3.2.10 and verify affected apps reconcile cleanly afterward.

  • breakingAutosync event message format reverted — re-check any alerting rules you updated

    A message format change introduced recently and then reverted means the autosync event messages are back to their original format. If you updated Prometheus alerting rules, Grafana queries, or log parsers to match the new format, roll those changes back before upgrading to avoid false positives or missed alerts.

  • enhancementsourceHydrator users: upgrade to get correct app diff behavior

    The CLI was using the wrong source revision for app diff and manifests commands when sourceHydrator was in use, meaning you could be reviewing diffs against the wrong state. After upgrading, re-run any diff checks you performed on v3.2.9 to confirm the output is accurate.

主な変更 (5)
  • Reverted an over-aggressive change that blocked automatic refreshes from informer resync and status updates — restoring expected GitOps sync behavior
  • Fixed app controller in core mode failing to sync when the server.secretkey is missing — a silent failure that could leave apps permanently out-of-sync
  • Fixed CLI app diff/manifests using the wrong revision when sourceHydrator is configured
  • Fixed stale informer cache reads in the RevisionMetadata handler, preventing outdated metadata from being served
  • Reverted an autosync event message format change that broke downstream log parsing or alerting rules
原文

Argo

CI/CD & App Delivery2026年4月21日

Patch release with two targeted bug fixes: a revert of a problematic refresh prevention change and a core mode sync failure when server.secretkey is absent.

  • breakingRevert of refresh-prevention fix may re-expose original behavior

    The cherry-picked fix for preventing automatic refreshes from informer resyncs and status updates was reverted because it caused problems in 3.1. If you upgraded to 3.1.x specifically expecting that behavior to be fixed, it's gone again. Watch the upstream issue for a corrected implementation before relying on it. No action needed otherwise, but be aware of potential extra refresh churn in large clusters.

  • enhancementUpgrade immediately if running Argo CD in core mode without server.secretkey

    A bug caused the application controller to fail syncing entirely when running in core mode and the server.secretkey was absent from the cluster secret. If your core-mode installations have ever had intermittent sync failures that were hard to diagnose, this is likely the culprit. Upgrade to 3.1.15 and verify syncs resume normally after rollout.

主な変更 (3)
  • Reverted the automatic refresh prevention fix (#25290) that was cherry-picked into 3.1 — the fix itself caused regressions
  • Fixed app controller core mode failing to sync when server.secretkey is missing from the cluster secret
  • All container images remain cosign-signed with SLSA Level 3 provenance
原文

Flux

CI/CD & App Delivery2026年4月21日

Flux v2.8.6 is a patch release fixing helm-controller post-renderer conflicts, a notification-controller regression for generic providers, and adding a MigrateAPIVersion feature gate in kustomize-controller.

  • breakingAdd 'audience' to GCR Receiver secrets before upgrading to v2.9

    The 'audience' field on GCR Receiver secrets is currently optional but will become mandatory in v2.9. Audit your Receiver resources now and add the audience field to any GCR-backed secrets. Doing this proactively prevents a hard failure on your next major upgrade.

  • breakingGeneric provider commit status events were broken — upgrade immediately if you rely on them

    A regression in notification-controller stopped generic providers from forwarding commit status events. If your CI/CD pipelines depend on those webhooks for pipeline gating or observability, they have been silently failing since the prior release. This patch restores that behavior — upgrade to v2.8.6 without delay.

  • enhancementUse MigrateAPIVersion feature gate when managing resources with deprecated API versions

    If kustomize-controller manages resources that use older API versions tracked in managed field entries, the new MigrateAPIVersion feature gate handles migration automatically. Enable it in environments where you're seeing API version drift or drift detection noise from deprecated APIs.

主な変更 (5)
  • helm-controller: Fixed post-renderer conflict when hooks and templates overlap, and force-replace is now ignored when server-side apply is enabled
  • notification-controller: Regression fix restoring commit status forwarding for generic providers — if you use generic webhooks, this one matters
  • notification-controller: GCR Receiver secrets now require the 'audience' field; not yet mandatory but will be enforced in v2.9
  • kustomize-controller: New MigrateAPIVersion feature gate to handle API version migration in managed field entries
  • source-controller and image-automation-controller updated to go-git v5.18.0 for faster Git operations
原文

Backstage

CI/CD & App Delivery2026年4月18日

Backstage v1.50.2 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年4月17日

Backstage v1.49.5 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年4月17日

Backstage v1.47.4 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年4月17日

Backstage v1.48.6 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年4月17日

Backstage v1.46.7 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年4月17日

Backstage v1.45.6 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Argo

CI/CD & App Delivery2026年4月16日

Argo CD v3.3.7 is a patch release fixing controller performance regressions, OIDC config handling, and several UI/security header issues.

  • securitySwagger UI endpoints now have clickjacking protection — upgrade if exposed

    X-Frame-Options and Content-Security-Policy headers were missing from Swagger UI endpoints. If your Argo CD API server is reachable from browsers (even internally), those endpoints were frameable. Upgrade to 3.3.7 to close this. No config change needed post-upgrade.

  • breakingOIDC auth may behave differently after upgrade if config was stale

    The fix ensures OIDC config reloads on server restart rather than using a cached/stale version. In practice this is a correctness fix, but if you've been working around stale OIDC behavior with manual pod restarts, verify SSO flows after upgrading to confirm expected behavior.

  • enhancementUpgrade if you're seeing excessive reconciliation or controller CPU spikes

    Two separate fixes address controller overhead: the parentUIDToChildren data structure change reduces memory churn on large clusters, and the informer resync fix stops unnecessary app refreshes that inflate API server load. If your controller is burning CPU or you're seeing constant reconcile loops, this patch is worth prioritizing.

主な変更 (5)
  • Controller performance improved: switched parentUIDToChildren to map-of-sets and reduced secret deep copies/deserialization overhead
  • OIDC config now properly refreshes on server restart — previously stale config could cause auth failures
  • X-Frame-Options and CSP headers added to Swagger UI endpoints, closing a clickjacking exposure
  • Prevented automatic refreshes triggered by informer resync and status updates, reducing unnecessary reconciliation churn
  • Fixed repo-server crashes caused by symlink handling in copyutil and missing repo.insecure flag propagation to helm dependency build
原文

Backstage

CI/CD & App Delivery2026年4月16日

Backstage v1.43.5 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年4月16日

Backstage v1.45.5 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年4月16日

Backstage v1.46.6 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年4月16日

Backstage v1.44.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Argo

CI/CD & App Delivery2026年4月16日

Argo CD v3.1.14 is a small patch fixing unnecessary app refreshes and a CI lockfile issue, plus a dependency bump for fast-xml-parser.

  • securityfast-xml-parser bump closes potential parsing vulnerabilities

    The fast-xml-parser library was bumped three minor versions. These kinds of XML parser updates often address denial-of-service or entity expansion issues. While Argo CD's exposure surface for this library is limited to the UI, staying current here is straightforward — just upgrade and verify UI functionality in your staging environment.

  • enhancementUpgrade if informer resync is flooding your refresh queue

    The fix for automatic refreshes triggered by informer resync and status updates is the real reason to pick up this patch. If you've been seeing excessive app refresh activity or high controller CPU load during resync windows, this addresses the root cause. Deploy this patch during your next maintenance window — it's low risk.

主な変更 (4)
  • Prevents automatic refreshes triggered by informer resync and status updates — a meaningful reduction in unnecessary reconciliation noise
  • Fixes yarn install running without --frozen-lockfile in CI, improving build reproducibility
  • Bumps fast-xml-parser from 4.5.3 to 4.5.6 in the UI dependency tree
  • All container images remain cosign-signed with SLSA Level 3 provenance
原文

Argo

CI/CD & App Delivery2026年4月16日

Argo CD v3.2.9 is a patch release fixing excessive refresh triggers, a UI rendering bug for OCI revisions, and a CI lockfile issue, plus a dependency bump for fast-xml-parser.

  • securityfast-xml-parser bump addresses potential XML parsing issues in the UI

    fast-xml-parser was bumped from 4.5.3 to 4.5.6. While no specific CVE is called out in the release notes, staying current on XML parsing libraries in web UIs is prudent given their attack surface. If your Argo CD UI is exposed to untrusted users or external traffic, this upgrade is worth prioritizing.

  • enhancementUpgrade if informer resync noise is causing excessive reconciliation

    The fix for unintended automatic refreshes from informer resync and status updates (#25290) is the most operationally impactful change here. If you've seen high reconciliation rates or unexplained sync activity in busy clusters, this patch directly addresses that. Upgrade to 3.2.9 and monitor your refresh/sync rate metrics post-upgrade.

  • enhancementOCI users: revision metadata now renders correctly

    If your team uses OCI-based Helm charts or manifests and noticed the revision metadata panel was always blank, that was a guard clause bug — not a config problem. This release fixes it. No action needed beyond upgrading; the UI should display OCI revision info correctly afterward.

主な変更 (5)
  • Fixed automatic refreshes being triggered unnecessarily by informer resync and status updates — a potential performance/noise issue in busy clusters
  • Fixed OCI revision metadata never rendering in the UI due to a conflicting guard clause
  • Bumped fast-xml-parser from 4.5.3 to 4.5.6 (dependency security/stability hygiene)
  • Updated notifications-engine dependency to v0.5.1-0.20260316232552
  • All container images remain cosign-signed with SLSA Level 3 provenance
原文

Backstage

CI/CD & App Delivery2026年4月15日

Backstage v1.50.1 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月15日

OpenFeature core/v0.15.4 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月15日

OpenFeature flagd/v0.15.4 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月14日

OpenFeature core/v0.15.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月14日

OpenFeature flagd/v0.15.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年4月14日

v1.50.0 is a wide-ranging release with several breaking changes across auth, frontend APIs, and catalog. Key practical upgrades: AWS RDS IAM auth, Auth0 federated logout, catalog deadlock fixes, and security patches for rollup/glob.

  • securityUpdate CLI and build tooling to pick up rollup path traversal fix

    rollup < v4.59 has a high severity path traversal vulnerability (GHSA-mw96-cpmx-2vgc). The @backstage/cli, repo-tools, and several CLI modules have been updated. Run the upgrade helper and update your lockfile. If you pin rollup versions anywhere in your workspace, update those pins to v4.59+. The glob dependency was also bumped to v13 to address vulnerabilities in v7/v8/v11.

  • breakingVerify token decoding code before upgrading — ent claim removed by default

    auth.omitIdentityTokenOwnershipClaim now defaults to true, so Backstage user tokens no longer include the ent ownership claim. Any code that manually decodes tokens and reads ent will silently get nothing. Audit your codebase for raw token decoding and replace it with the userInfo core service. If you need time, set auth.omitIdentityTokenOwnershipClaim: false in your config temporarily, but plan to remove it — the setting will be dropped in a future release.

  • breakingMigrate createSchemaFromZod to configSchema before upgrading frontend-plugin-api

    The deprecated createSchemaFromZod helper is gone in @backstage/[email protected]. Any extension or blueprint using it will fail at runtime. Check the 1.50 migration docs at backstage.io/docs/frontend-system/architecture/migrations#150 and switch to the configSchema option. Note that plain zod v3 schemas are not supported — use import { z } from 'zod/v4' from the zod v3 package or upgrade to zod v4.

主な変更 (7)
  • BREAKING: auth.omitIdentityTokenOwnershipClaim now defaults to true — tokens no longer carry the ent claim, which eliminates header size issues in large orgs but may affect code that explicitly decodes Backstage tokens
  • BREAKING: frontend-plugin-api removes deprecated createSchemaFromZod helper; migrate to the new configSchema option with zod v4
  • BREAKING: @backstage/ui drops React 17 support — minimum is now React 18
  • Catalog backend deadlock fix: SELECT ... FOR UPDATE SKIP LOCKED was missing transaction wrapping, causing PostgreSQL deadlocks (40P01) in multi-replica deployments
  • Security: rollup upgraded to v4.59+ (GHSA-mw96-cpmx-2vgc path traversal) and glob bumped to v13 across CLI and repo-tools packages
  • AWS RDS IAM authentication for PostgreSQL now supported in backend-defaults — use short-lived tokens instead of static passwords
  • Auth0 provider now performs federated logout, clearing the Auth0 session on sign-out; set federatedLogout: true to also clear upstream IdP sessions
原文

OpenFeature

CI/CD & App Delivery2026年4月9日

OpenFeature core/v0.15.2 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月9日

OpenFeature flagd-proxy/v0.9.4 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月9日

OpenFeature flagd/v0.15.2 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月7日

OpenFeature core/v0.15.1 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月7日

OpenFeature flagd-proxy/v0.9.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月7日

OpenFeature flagd/v0.15.1 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Flux

CI/CD & App Delivery2026年4月7日

Flux v2.8.5 patches a cache race condition that could freeze Kustomizations, fixes Azure Blob prefix handling, and adds GCR Receiver verification fields.

  • breakingStuck Kustomizations? This patch likely fixes you

    If you've seen Kustomizations get stuck after a reconciliation timeout or cancellation — often requiring a manual flux reconcile or pod restart to unblock — the race condition fix in kustomize-controller v1.8.3 directly addresses this. Upgrade to v2.8.5 and monitor your reconciliation loops post-upgrade. No config changes needed, but watch for Kustomizations that were previously stuck to automatically recover.

  • breakingVerify Azure Blob prefix filtering actually works after upgrade

    If you're using Bucket sources backed by Azure Blob Storage with a prefix configured, that prefix was not being applied — meaning your source-controller was fetching more objects than intended. After upgrading to v2.8.5, the prefix filter will now take effect. Validate that your expected subset of blobs is still being synced correctly and that no previously-ignored paths break your deployments.

  • enhancementTighten GCR webhook security with email and audience verification

    The GCR Receiver now accepts optional 'email' and 'audience' fields. If you're using GCR image push webhooks to trigger Flux reconciliation, add these fields to your Receiver spec to validate the service account identity and token audience — reducing the risk of forged webhook requests. This is opt-in, so existing setups won't break, but teams with strict security postures should configure it.

主な変更 (5)
  • Race condition fix in kustomize-controller: cancelled reconciliations no longer leave stale cache data that blocks Kustomization progress
  • Azure Blob Storage source fix: prefix option now correctly passed to the storage client (was silently ignored before)
  • Clearer error message when using encrypted SSH keys without a passphrase in source-controller
  • GCR Receiver gains optional 'email' and 'audience' fields for stricter webhook verification in notification-controller
  • New Azure Event Hub managed identity auth example added to notification-controller manifests
原文

Flux

CI/CD & App Delivery2026年4月7日

Flux v2.8.4 is a CLI-only patch fixing two bugs: Windows compatibility for 'flux build/diff ks' and source flag validation in 'create kustomization'.

  • breakingCheck your 'create kustomization' scripts for invalid --source values

    The '--source' flag now validates input properly. Scripts or pipelines passing malformed source references that previously slipped through will now fail explicitly. Test your automation before rolling out the updated CLI in CI/CD pipelines.

  • enhancementWindows users: upgrade to unblock 'flux build/diff ks'

    If your team uses Windows workstations or CI runners for Flux kustomization diffs, these commands were silently broken. Upgrade the CLI to v2.8.4 — the fix is CLI-side only, so no cluster-side changes are needed.

主な変更 (3)
  • Fixed 'flux build ks' and 'flux diff ks' commands on Windows — previously broken
  • Fixed '--source' flag validation in 'flux create kustomization' to catch invalid inputs early
  • Dependency updates to fluxcd/pkg packages
原文

Backstage

CI/CD & App Delivery2026年4月7日

Backstage v1.49.4 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月1日

OpenFeature core/v0.15.0 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

OpenFeature

CI/CD & App Delivery2026年4月1日

OpenFeature flagd/v0.15.0 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

KubeVela

CI/CD & App Delivery2026年3月31日

KubeVela v1.10.8 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Backstage

CI/CD & App Delivery2026年3月28日

Backstage v1.49.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文
← 新しい古い →