リリース
CNCF graduated・incubatingプロジェクトのリリースノートのAI分析。
Kubescape v4.0.10 is a feature and hardening release: it closes an SSRF gap in the scan-completion webhook, tightens config.json permissions and validation, and removes a dead CRD, alongside a large batch of bug fixes and new capabilities like `operator remediate` and encrypted report decryption. No CVE-tracked vulnerabilities are disclosed in this release.
securitySSRF hardening on scan-completion webhook
The scan-completion webhook callback now hardens against SSRF. Applies to users of the webhook callback feature; upgrade if you rely on it to avoid outbound requests being abused via crafted callback URLs.
breakingconfig.json permissions restricted to owner-only
config.json is now written with owner-only permissions instead of broader access. Applies unconditionally; review any tooling or automation that reads this file as a different user, since it may now fail to access it.
breakingRemoval of orphan SecurityException CRD
The orphan SecurityException CRD, which was never installable, has been removed. Applies only if you had references to this CRD in manifests or docs; it has no functional impact since it never worked.
enhancementStricter validation on --format and VAP controls
The --format flag now rejects invalid values before a scan starts, and VAP configurable controls now require params. Applies if you script scans with an unchecked --format value or run VAP controls without required params; these calls will now fail fast instead of proceeding silently.
主な変更 (8)
- SSRF-hardened scan-completion webhook callback closes a request-forgery gap in outbound notifications.
- config.json permissions tightened to owner-only, changing default file access for existing installs.
- Orphan, uninstallable SecurityException CRD removed along with its test.
- Validation tightened in two spots: --format now rejects invalid values pre-scan, and VAP configurable controls require params.
- New `operator remediate` CLI subcommand (annotate and dry-run modes), CEL env builder/evaluator for the VAP engine, and encrypted report decryption with DEK wrapping.
- New scan coverage score metric penalizing silent failed GVR pulls, plus per-control evaluation timeouts in the OPA processor (timed-out controls score 0 and discard partial results).
- Several panic fixes (nil ScanData, image names without an organization, scan execution goroutine) plus HTTP timeouts on the scan listener server.
- Plus roughly ten smaller fixes: resource deduplication, host-sensor infoMap merging, SARIF line resolution, output overwrite prevention, orphaned RoleBinding handling, and a Go 1.26 codebase update.
v1.18.1 is a routine patch that fixes CIDR matching behavior and serialization determinism while extending an experimental flag to BatchCheck. No breaking changes or CVEs are reported, though the in_cidr fix does change matching behavior for IPv4-mapped IPv6 addresses.
breakingin_cidr now matches IPv4-mapped IPv6 addresses against IPv4 CIDRs
Applies unconditionally: the in_cidr condition now normalizes IPv4-mapped IPv6 addresses (e.g. ::ffff:192.168.1.1) to their IPv4 form before matching, so they can now match IPv4 CIDRs like 192.168.1.0/24. Review any authorization models relying on in_cidr if you expect these addresses to be excluded from IPv4 ranges.
主な変更 (4)
- in_cidr condition now normalizes IPv4-mapped IPv6 addresses (RFC 4291 §2.5.5.2) to their IPv4 equivalent, so ::ffff:192.168.1.1 matches 192.168.1.0/24
- Adds diagnostic logging in weighted_graph_check, Expand, and ListUsers to flag models where a future v2 Check resolution might diverge from v1; no operator action required now
- Experimental weighted_graph_check flag now extends to BatchCheck, evaluating each item with the weighted graph algorithm and falling back per-item to the standard algorithm on non-terminal errors
- Authorization model serialization to serialized_protobuf now uses deterministic proto marshaling, fixing inconsistent stored bytes for models with map-keyed type definitions
Keycloak 26.6.4 is a security release fixing eight CVEs, including two critical issues (privilege escalation and JWT authentication bypass) and four high-severity authorization bypasses. Operators should upgrade promptly; the release also bumps Quarkus to 3.33.2.1.
securityTwo critical vulnerabilities: group-admin escalation and JWT auth bypass
CVE-2026-9099 lets a group admin escalate to realm-admin, and CVE-2026-11800 allows authentication bypass via JWT algorithm confusion. Both are rated critical. Upgrade to 26.6.4 as soon as possible.
securityFour high-severity authorization and access-control bypasses
CVE-2026-9705 (client takeover via registration access token), CVE-2026-9795 (privilege escalation via scope mapping), CVE-2026-9799 (UMA permission ticket bypass), and CVE-2026-9800 (policy enforcer authorization bypass via incorrect URI comparison) are all rated high. If you use UMA authorization, fine-grained scope mappings, or the Policy Enforcer, prioritize this upgrade.
securityTwo medium-severity issues: info disclosure and XSS
CVE-2026-9083 (filesystem path probing) and CVE-2026-9086 (XSS via case-insensitive URI validation bypass) are rated medium and round out the fix set.
主な変更 (5)
- Eight CVEs fixed in this release, two rated critical: CVE-2026-9099 (group-admin to realm-admin escalation) and CVE-2026-11800 (JWT algorithm confusion auth bypass)
- Four high-severity fixes: client takeover via registration access token (CVE-2026-9705), scope-mapping privilege escalation (CVE-2026-9795), UMA permission ticket bypass (CVE-2026-9799), and Policy Enforcer authorization bypass via URI comparison (CVE-2026-9800)
- Two medium-severity fixes: filesystem path probing information disclosure (CVE-2026-9083) and URI validation bypass XSS (CVE-2026-9086)
- Quarkus dependency bumped to 3.33.2.1
- Minor build and packaging fixes: Infinispan protoschema build on the 26.2 branch, CI fixes for JS and Admin Client test suites, keycloak-api-docs-dist packaging, plus a migration guide reference correction
v1.18.0 is a bugfix rollup with one operator-facing behavior change: the outbound User-Agent header is now hyphenated to conform to RFC 9110. The remaining changes are runtime improvements, formatter and coverage tool fixes, and a Go toolchain bump.
breakingUser-Agent header format changed (RFC 9110 conformance)
The outbound User-Agent header OPA sends on HTTP requests changed from 'Open Policy Agent/<version> (<os>, <arch>)' to 'Open-Policy-Agent/<version> (<os>, <arch>)' (hyphen added between 'Open' and 'Policy'). Any server-side log filters, WAF rules, or access policies that exact-match the old string must be updated after upgrading to v1.18.0.
主な変更 (7)
- User-Agent header now uses 'Open-Policy-Agent' (hyphenated) instead of 'Open Policy Agent'; exact-match log filters or WAF rules targeting the old string will break
- Container-aware resource limits restored and extended: automatic GOMAXPROCS support is back, and automatic GOMEMLIMIT is newly supported
- Multiple opa fmt correctness fixes: multiline single-entry iterables are preserved, and with-clauses dropped after comments are restored
- opa test --coverage improvements: ranges now included in the report, inline rule head tracking, and conjunction expression coverage added
- Fixed partial evaluation regression for future.keywords.not negation inside every blocks, and fixed variable namespacing in comprehensions nested inside every
- Performance: reduced allocations in object.get, removed a shortcut in topdown dst.Compare(src), and skipped strconv.ParseInt in the format_int base-10 fast path
- Go bumped from 1.26.3 to 1.26.4; various website and node dependencies also updated
v1.19.6 is a security patch fixing a HIGH severity RBAC privilege escalation in the cert-manager-edit ClusterRole that let users create ACME Challenge and Order resources directly, plus a Go toolchain update closing three CVEs. The RBAC fix includes a documented breaking permission change.
securityRBAC privilege escalation via ACME Challenge/Order creation
Applies to v1.19.6: the default cert-manager-edit aggregate ClusterRole previously let namespace users create ACME Challenge and Order resources directly, bypassing Issuer solver selectors. This is fixed by removing create for challenges.acme.cert-manager.io and create/patch/update for orders.acme.cert-manager.io from that role. Upgrade to v1.19.6 to close this HIGH severity RBAC gap (GHSA-8rvj-mm4h-c258).
securityGo toolchain updated to 1.25.11 for three CVEs
Applies unconditionally in v1.19.6: Go is updated to 1.25.11, fixing CVE-2026-27145, CVE-2026-42504, and CVE-2026-42507. No action needed beyond upgrading.
breakingcert-manager-edit ClusterRole loses Challenge/Order create permissions
If any tooling or workflow creates Challenge or Order resources directly, outside the normal Certificate to CertificateRequest to Order to Challenge flow, it will lose that access after upgrading and needs those permissions granted explicitly.
主な変更 (4)
- HIGH severity RBAC fix (GHSA-8rvj-mm4h-c258): cert-manager-edit ClusterRole allowed users to create ACME Challenge/Order resources directly, bypassing Issuer solver selectors
- Breaking: cert-manager-edit no longer grants create on challenges.acme.cert-manager.io or create/patch/update on orders.acme.cert-manager.io; direct Challenge/Order tooling needs explicit permissions now
- Go updated to 1.25.11, fixing CVE-2026-27145, CVE-2026-42504, and CVE-2026-42507
- Earlier Go bump to 1.25.10 plus other unspecified dependency updates
v1.20.3 is a security release primarily addressing a HIGH-severity RBAC over-permission (GHSA-8rvj-mm4h-c258) in the cert-manager-edit ClusterRole, and updating Go to v1.26.4 for three CVEs. Operators should audit any workflows that create Challenge or Order resources directly before upgrading, as those permissions are now removed.
securityRBAC over-permission in cert-manager-edit ClusterRole (GHSA-8rvj-mm4h-c258)
GHSA-8rvj-mm4h-c258 (HIGH): the cert-manager-edit aggregate ClusterRole previously allowed namespace users to create Challenge and Order resources directly, bypassing Issuer solver selectors. Fixed in v1.20.3. Upgrade immediately if untrusted namespace users exist in your cluster.
securityGo runtime updated to v1.26.4 (3 CVEs)
Go updated to v1.26.4, patching CVE-2026-27145, CVE-2026-42504, and CVE-2026-42507. No additional configuration is required; upgrading cert-manager picks up the fix.
breakingBreaking RBAC change: direct Challenge and Order creation removed from cert-manager-edit
cert-manager-edit no longer grants create on challenges.acme.cert-manager.io, or create/patch/update on orders.acme.cert-manager.io. If any tooling or CI workflow creates Challenge or Order objects directly (outside the normal Certificate → CertificateRequest → Order → Challenge flow), those calls will fail after upgrading. Review and update any such automation before rolling out v1.20.3.
主な変更 (4)
- HIGH-severity RBAC fix (GHSA-8rvj-mm4h-c258): cert-manager-edit ClusterRole no longer allows direct creation of Challenge or Order resources, closing a path that let namespace users bypass Issuer solver selectors.
- Breaking RBAC change: create removed for challenges.acme.cert-manager.io; create, patch, and update removed for orders.acme.cert-manager.io from the cert-manager-edit aggregate ClusterRole.
- Go updated to v1.26.4, fixing three CVEs (CVE-2026-27145, CVE-2026-42504, CVE-2026-42507).
- Bugfix: the issuer owner reference has been removed from Challenge resources, which was preventing Challenge garbage collection.
v1.18.0 patches two auth security bugs and fixes MySQL case-sensitivity. MySQL users must plan a maintenance window before upgrading — auto-migration will lock tuple/changelog tables.
securitySilent OIDC audience bypass — check your auth config before upgrading
If authn.oidc.audience was previously omitted, any validly-signed token from your trusted issuer was accepted regardless of intended audience. After upgrading, OpenFGA will refuse to start without both issuer and audience set. Verify your deployment config has authn.oidc.audience explicitly set, or the service will not come up.
securityPreshared key timing side-channel fixed — no action needed if you rotate keys
The prior map lookup for preshared key auth could reveal valid key bytes via timing differences. Now fixed with constant-time comparison. No immediate action required, but if this key has been exposed to untrusted network paths for a long time, rotating the preshared key is a reasonable precaution.
breakingMySQL users: do not auto-migrate on startup
Migration 008 acquires a shared lock on tuple and changelog tables. On large datasets this can block Write operations for an extended period. Read the operator runbook at the collation_migrations.md guide, schedule a maintenance window, and run the migration manually rather than letting OpenFGA auto-migrate on startup.
主な変更 (4)
- MySQL schema migration 008 changes collation to enforce case-sensitive identifier comparison; acquires a shared lock on tuple and changelog tables during migration
- Preshared key auth now uses constant-time comparison, closing a timing side-channel that could leak information about valid key bytes
- OIDC config validation tightened: OpenFGA now refuses to start if authn.oidc.issuer or authn.oidc.audience is missing, preventing silent JWT audience bypass
- MySQL identifier comparison now matches Postgres and SQLite behavior (case-sensitive)
Falco 0.44.1 adds BPF iterator control and fixes multiple BPF-related issues via a libs bump. Minimal release focused on stability for deployments using kernel-level tracing.
breakingUpdate libs and kernel driver together
This release bumps libs to 0.25.4 and driver to 10.2.0+driver. If you pin kernel driver versions separately from Falco, ensure you update both in the same maintenance window. Mismatched versions can cause syscall capture failures or silent data loss.
enhancementControl BPF iterator behavior if you hit performance or compatibility issues
Falco 0.44.1 introduces a config option to disable BPF iterators. If you run Falco on kernels with problematic BPF iterator implementations or see high CPU usage tied to iterator overhead, test disabling them. Check your Falco logs and metrics after upgrading to confirm the fix resolves any BPF-related instability you were seeing in 0.44.0.
主な変更 (3)
- Add disabling option for BPF iterators in userspace Falco configuration
- Bump libs to 0.25.4 and driver to 10.2.0+driver to resolve BPF iterator bugs
- Support for both x86_64 and aarch64 packages across rpm, deb, and tgz formats
Security patch release upgrading Go to 1.26.4, fixing two stdlib vulnerabilities affecting OPA's HTTP handler and crypto builtins. No code changes from v1.17.0.
securityUpgrade to v1.17.1 immediately if using OPA's HTTP server or crypto builtins
Two Go stdlib vulnerabilities (GO-2026-5039, GO-2026-5037) hit the HTTP handler and crypto builtins directly. If you run OPA as a server or use crypto-related Rego builtins, you're exposed on v1.17.0 and earlier. Drop-in replace with v1.17.1 — no config or policy changes needed. If you build your own OPA binaries, bump your Go toolchain to 1.26.4 yourself; this release doesn't change anything else.
主な変更 (4)
- Go runtime upgraded from 1.26.3 to 1.26.4
- Fixes GO-2026-5039: stdlib vulnerability in OPA's HTTP handler
- Fixes GO-2026-5037: stdlib vulnerability in OPA's crypto builtins
- Zero functional changes from v1.17.0 — pure security patch
v1.17.1 is a focused patch fixing two correctness bugs: stale cache reads and broken continuation tokens with pipe characters in type names.
securityStale cache reads could return incorrect authorization decisions — patch now
The iterator cache was using write time rather than query start time as the LastModified anchor, meaning cached entries could persist beyond the intended validity window and serve stale data. In an authorization system, a stale 'allow' decision is a real risk. This is fixed in v1.17.1; upgrade immediately if you run with caching enabled.
breakingAudit type names with '|' if pagination was silently breaking
If your FGA model uses type names containing the pipe character '|', continuation tokens were being deserialized incorrectly. This could cause ListObjects or similar paginated calls to return incomplete or wrong results without throwing obvious errors. Upgrade to v1.17.1 and re-test any pagination flows that touch those type names.
enhancementv2Check throttling fallback removed — verify your error handling
Previously, v2Check would fall back to v1 behavior under throttling or validation errors, masking the actual problem. Now it surfaces those errors directly. If your application swallows check errors silently or assumes fallback behavior, you may start seeing errors that were previously hidden. Test under load before rolling out to production.
主な変更 (5)
- Fixed stale-read bug in iterator cache: query start time now anchors the LastModified timestamp, preventing cached entries from surviving longer than intended
- Fixed continuation token deserializer failing when type names contain the '|' character, which would silently break pagination
- v2Check no longer falls back to v1 behavior when throttling or validation errors occur, enforcing stricter execution semantics
- Go toolchain bumped to 1.26.4 and grpc-health-probe updated to v0.4.52
- Caching documentation updated to reflect current behavior
Keycloak 26.6.3 is a critical security release fixing 16 CVEs spanning OIDC, SAML, LDAP, WebAuthn, and authorization services. Upgrade immediately.
securityUpgrade to 26.6.3 now — 16 CVEs, several high-severity
This release patches a dense cluster of vulnerabilities. The most dangerous include: CVE-2026-9704 (privilege escalation via silent subject_token removal in token exchange), CVE-2026-4874 (SSRF via OIDC token endpoint), CVE-2026-9802 (rotated refresh token reuse after server restart with revokeRefreshToken=true), and CVE-2026-8830 (missing WebAuthn server-side validation). If you're running any 26.x version, treat this as an emergency patch. Review the migration guide before upgrading, but don't delay the upgrade waiting for a maintenance window — schedule one immediately.
securityAudit redirect URI configs after wildcard matching fix
CVE fix for wildcard redirect URI matching (issue #48430) changes enforcement behavior — '*' placed directly after a hostname no longer matches arbitrary subdomains or paths. After upgrading, verify that legitimate client redirect URIs still work correctly in your environments. Any client relying on overly broad wildcard patterns should be tightened anyway; this is a good forcing function.
securityReview LDAP federation and token exchange configurations
Two targeted vectors: CVE-2026-9801 allows DoS via malformed PasswordPolicyControl in LDAP federation — if you expose LDAP federation to partially-trusted inputs or have external-facing auth flows backed by LDAP, this is high priority. CVE-2026-9704 affects any realm using token exchange with subject_token; the fix prevents silent removal of subject_token from escalating privileges. Confirm your token exchange policies are scoped correctly post-upgrade.
主な変更 (5)
- 16 CVEs patched: privilege escalation via token exchange, SSRF on OIDC endpoint, CORS header reflection from unverified JWT claims, WebAuthn registration bypass, and more
- Refresh token revocation bypass fixed: server restarts no longer reset startupTime, closing a window where rotated tokens could be reused when revokeRefreshToken=true
- Wildcard redirect URI matching now enforces host boundaries — previous behavior allowed subdomain/path bypass attacks
- ROPC grant client policy enforcement and token introspection notBefore handling both patched to close privilege escalation paths
- Startup check added for missing DB indexes; SQL Server case-sensitive collation upgrade failure fixed
v1.17.0 hardens cache key generation against hash-flooding attacks and adds configurable OpenTelemetry trace sampling, including parent-based propagation.
securityUpgrade to get hash-flooding protection in cache keys
The old string-concatenation cache key approach was vulnerable to hash-flooding attacks and key collisions. The new TLV encoding with per-process hash seeding closes both issues. There are no config changes required — just upgrade. If you run OpenFGA in a multi-tenant or public-facing setup, this is a meaningful security improvement that warrants prioritizing the upgrade.
enhancementConfigure parent-based trace sampling if OpenFGA runs behind an API gateway or service mesh
Previously, OpenFGA couldn't honor upstream sampling decisions, meaning traces could be captured inconsistently across your stack. Set `OPENFGA_TRACE_SAMPLER=parentbased_always_on` (or `parentbased_traceidratio`) so OpenFGA respects the sampling decision made by the calling service. This is especially useful when OpenFGA is a downstream dependency in a larger traced system — it reduces trace noise and aligns sampling with your existing observability strategy.
主な変更 (5)
- Cache key generation switched from string concatenation to TLV binary encoding, eliminating collision risk
- Per-process hash seeding added to cache keys to prevent hash-flooding attacks
- New configurable trace sampler via `trace.sampler` / `OPENFGA_TRACE_SAMPLER` / `OTEL_TRACES_SAMPLER`
- Supports all standard OTel sampling strategies including parent-based variants
- Default trace sampler is `traceidratio`, preserving previous behavior
Kubescape v4.0.9 is a large maintenance release fixing scan accuracy bugs (partial resource collection, coverage reporting, Prometheus output), hardening data exposure in scan reports, and changing the patch command's default push behavior.
securityReview secret exposure fixes and new anonymization flag
Multiple fixes landed for secret/data leakage in scan output: EnvFrom and Env[].ValueFrom are now cleared in removeContainersData (commits acc3280, 0c68cca), an IDOR in /v1/results was hardened (commit 0fe6a0f), and a new --hide/anonymization pipeline was added to scrub resource names, namespaces, labels, annotations, and container metadata from scan reports. If you share or export Kubescape reports outside your team, review the new --hide flag and confirm your CI artifacts aren't exposing secret references from container env vars.
breakingPatch command no longer pushes images by default
Kubescape's `kubescape fix` command now defaults to not pushing patched images (commit b10cbb1). If your CI pipelines relied on the old default push behavior, add an explicit `--push` flag or equivalent opt-in, or your patch pipeline will silently stop pushing images after upgrading.
enhancementAdopt new coverage-gate and diff commands in CI
New flags let you gate CI pipelines on scan coverage and control results: --fail-coverage-below sets a minimum coverage threshold (commit 4ae7b87), and scan coverage gaps/not-evaluated controls are now reported explicitly (commit 5876d2b). A new `kubescape diff` command compares two scan reports (commit 00682ee). Add --fail-coverage-below to CI gates where partial resource collection could previously pass silently, and use `kubescape diff` to track posture drift between scans.
主な変更 (6)
- Partial GVR (resource type) collection failures are now surfaced instead of silently suppressed, and ScanCoverage reflects failed/not-evaluated controls
- New --fail-coverage-below flag and kubescape diff command for CI coverage gating and report comparison
- New --hide flag and anonymization pipeline scrub resource names, namespaces, labels, annotations, and container metadata from output
- fix command now requires explicit opt-in to push images (previously pushed by default)
- Multiple Prometheus output fixes: missing HELP/TYPE headers added, score/metrics writes routed to correct writer, duplicate headers deduplicated
- K8s resource collection parallelized for performance, and a TOCTOU race in TimedCache was fixed
0.9.51.0 is a broad feature release adding new AWS AI/ML and agent resources, fixing a breaking iam-access-key schema change, and significantly expanding GCP label management coverage across ~15 resource types.
breakingRemove json-diff filter from iam-access-key policies before upgrading
The `json-diff` filter has been removed from `aws.iam-access-key`. Any policies using this filter will fail at runtime. Audit your policy files for `iam-access-key` resources before upgrading and remove or replace any `json-diff` filter references.
enhancementAdopt new cross-account org path support for IAM policy checks
AWS cross-account policy evaluation now supports `aws:PrincipalOrgPaths` and whitelisted accounts. If you run cross-account governance policies, review this new support — it may let you replace custom workarounds you've built for org-path-based principal checks.
enhancementExtend GCP label compliance policies to cover newly supported resource types
GCP label coverage has expanded significantly: Cloud Run services/jobs, Pub/Sub topics/subscriptions, Redis, Secrets Manager secrets, snapshots, DNS managed zones, interconnects, load balancer addresses and forwarding rules, and Cloud Functions all now support `set-labels` and `mark-for-op`. If you run GCP tagging compliance policies, this release lets you extend label enforcement to most of these resource types without workarounds. Update your GCP policies to cover the newly supported resources.
主な変更 (5)
- Breaking: `json-diff` filter removed from `aws.iam-access-key` — policies using it will error on upgrade
- New AWS resources: `bedrock-foundation-model`, `bedrock-guardrail`, and `devops-agent-space` added; Bedrock inference profiles gain a `metrics` filter
- AWS EKS gets `addon` and `metrics` (container insights) filters; RDS gains `recommendations` filter; unused RDS parameter group filter added for both `rds-param-group` and `rds-cluster-param-group`
- EC2 and Lambda now have `iam-role` and `iam-role-tag-mirror` filters, fixing a previous resource/role attribute mismatch
- GCP label actions (`set-labels`, `mark-for-op`) added to ~15 resource types including Cloud Run, Pub/Sub, Redis, Secrets, DNS, and interconnects; new resources added for Firestore, NCC spoke, Redis cluster, and Vertex AI Model Garden
SPIRE v1.15.1 fixes a node attestation forgery vulnerability in the azure_imds plugin; anyone using Azure IMDS attestation should patch now.
主な変更 (3)
- Fixed a security issue in the azure_imds server node attestor plugin
- Updated golang.org/x/net to v0.55.0
- Updated golang.org/x/crypto to v0.52.0
v1.14.7 patches a critical azure_imds node attestor vulnerability that allowed forged VM identity during node attestation. Mandatory upgrade for any Azure IMDS users.
securityUpgrade immediately if using azure_imds node attestor
The azure_imds node attestor had a certificate validation bug: it anchored the PKCS7 certificate bag's first cert to Azure roots, but verified the signature against a separate signer cert from SignerInfo. An attacker could slip a real Azure cert into the bag alongside content signed by an unrelated cert, getting a forged node attestation accepted. If you use Azure IMDS node attestation, treat this as a mandatory upgrade — an attacker with network access could impersonate arbitrary Azure VMs during node attestation.
enhancementDependency updates bundled in this release
golang.org/x/net, golang.org/x/crypto, and go-jose/v4 are all updated alongside Go 1.26.3 toolchain. These dependency updates are routine but include security fixes in the upstream packages. No action needed beyond upgrading SPIRE.
主な変更 (4)
- Critical fix in azure_imds server node attestor: PKCS7 certificate chain validation was decoupled from signature verification, enabling forged node attestation
- Go toolchain updated to 1.26.3
- golang.org/x/net bumped to v0.55.0, golang.org/x/crypto to v0.52.0
- go-jose/v4 updated to v4.1.4
OpenFGA v1.16.1 is a bug-fix and security patch release, mainly hardening the experimental weighted_graph_check algorithm and updating grpc-health-probe for Go std lib CVEs.{}}}}} ,
主な変更 (5)
- CI workflow runs now cancel-in-progress via concurrency.group for PR workflows, cutting wasted CI runner time
- Fixed weighted_graph_check incorrectly falling back to the standard algorithm on deadline/cancellation/throttle-timeout errors instead of returning them directly
- Fixed weighted_graph_check emitting metrics under the wrong method label when run as the primary algorithm
- Fixed a weight2 strategy bug in weighted_graph_check that could return false denies when contextual tuples were present, due to a broken sort assumption in the pruning optimization
- Bumped grpc-health-probe to v0.4.50 to pick up Go std lib CVE fixes
OPA v1.17.0 fixes a semantic bug in negation handling and improves decision log label reporting. Most changes are enhancements; one dependency removal requires manual GOMAXPROCS configuration in some environments.
breakingRemoved automaxprocs and x/net dependencies; configure GOMAXPROCS manually if needed
OPA v1.17.0 removes the automaxprocs and x/net dependencies, reducing the runtime footprint and eliminating potential conflicts with applications that also manage those libraries. No action is required unless your deployment explicitly depends on automaxprocs behavior (automatic CPU detection and GOMAXPROCS tuning). If you rely on that behavior, you may need to configure GOMAXPROCS explicitly in your environment or deployment. Most users will see no impact.
enhancementImport future.keywords.not to fix negation semantics in composite expressions
OPA v1.17.0 introduces a new `future.keywords.not` import that fixes a long-standing semantic bug where negation of composite expressions (`not f(g(input.x))`) would fail silently if any intermediate value was undefined, instead of correctly succeeding. With the import enabled, undefined intermediates no longer cause rule failure. If your policies rely on negation of complex expressions where inputs or function results might be undefined, import `future.keywords.not` to fix unintuitive failures. This is a behavioral change that may affect policy evaluation, but in the direction of correctness.
enhancementUpdate decision log parsing for new rule_labels array format
Decision logs now include a new top-level `rule_labels` array that collects labels from all successfully evaluated rules in a single entry, with inner-scope-wins precedence (rule > document > package > subpackages). This replaces the previous behavior of one log entry per label-contributing scope. If you parse or query decision logs by rule labels, update your log parsing logic to read from `rule_labels` as an array of merged label maps rather than individual scope-level entries. This change simplifies label aggregation and is now processed by default in both runtime and Go SDK.
主な変更 (5)
- New `future.keywords.not` import fixes unintuitive failures when negating composite expressions with undefined intermediates.
- Decision logs now include `rule_labels` array with merged labels from all successfully evaluated rules.
- Bundle manifest and IR plan JSON schemas are now published for validation and tooling integration.
- Removed automaxprocs and x/net dependencies to reduce runtime footprint.
- Pattern validation enabled in `json.verify_schema` and `json.match_schema` builtin functions.
Falco 0.44.0 drops three long-deprecated features (gRPC output, gVisor engine, legacy BPF probe) and adds expressive rule engine improvements. Deployments using any of these must migrate before upgrading.
securityfalco-webui restricted to local access — check external tooling
The falco-webui Docker service now restricts access to localhost only. If you had it exposed on a broader interface, that changes on upgrade. This is a net positive for most deployments, but verify any tooling or dashboards that reached the webui over the network still work after the upgrade.
breakingThree features dropped — check your config before upgrading
Three major removals land in this release: gRPC output/server, gVisor engine, and the legacy BPF probe. If you rely on gRPC-based output consumers, you need an alternative output path (e.g., JSON over HTTP, or a sidecar) before upgrading. gVisor users must switch to a supported engine. Legacy BPF users should move to the modern eBPF probe. Audit your current config for any of these before touching 0.44.0 in production.
enhancementRicher rule syntax — review custom rules for validation errors
The rule engine now supports oneof/allof/anyof string comparator modifiers, and rules can use list transformer exceptions. These let you write tighter, more expressive detection rules without duplicating conditions. If you maintain custom rules, review whether these can replace existing workarounds. Also, Falco now validates unknown keys in rules — so rule files with typos or unsupported fields will produce warnings or errors instead of silently being ignored.
主な変更 (7)
- gRPC output/server support removed — migrate output consumers before upgrading
- gVisor engine support removed — move to a supported engine if applicable
- Legacy BPF probe removed — switch to modern eBPF probe
- New string comparator modifiers (oneof/allof/anyof) in the rule engine
- Unknown-key validation in rules: malformed rules now surface errors
- falco-webui Docker service restricted to localhost access only
- capture_events and capture_filesize stop conditions added for capture files
v1.16.0 patches a critical OIDC token rejection bug after key rotation, fixes two correctness bugs in experimental weighted_graph_check, and updates Go to address stdlib CVEs.
securityUpdate immediately if using OIDC auth or any Go stdlib CVEs apply
Two separate security concerns here. First, the OIDC JWKS refresh fix means deployments that rotate issuer keys were silently rejecting valid tokens — if you've seen 401s after a key rotation, this is why. Second, the Go 1.24.3 update patches stdlib vulnerabilities; review the Go 1.24.3 release notes to assess exposure. Upgrade to v1.16.0 promptly in both cases.
breakingweighted_graph_check users: validate results after upgrading
Two correctness bugs were fixed in the experimental weighted_graph_check feature. Cache key collisions and false-negative caching from cancelled goroutines mean prior versions could return incorrect 'false' results. If you're running this in any meaningful capacity, run a validation pass against known-good authorization scenarios after upgrading to confirm behavior is now correct.
enhancementConfigure PingTimeout to catch datastore connectivity issues faster
The new PingTimeout and PingRetryMaxElapsedTime config options give you explicit control over how long OpenFGA waits to confirm datastore connectivity at startup and during health checks. Set these to values aligned with your SLOs — tighter timeouts surface infrastructure problems earlier instead of letting the server spin up against a degraded datastore.
主な変更 (5)
- OIDC authentication now refreshes JWKS on unknown 'kid', fixing valid token rejections after issuer key rotation (rate-limited to once per minute)
- Go toolchain updated to 1.24.3 to address Go standard library security vulnerabilities
- Fixed two bugs in experimental weighted_graph_check: cache key collisions in union resolution and false negatives from cancelled in-flight goroutines
- weighted_graph_check now falls back to the standard algorithm instead of erroring when v2Check fails
- New datastore ping timeout configs: PingTimeout and PingRetryMaxElapsedTime for better connection health control
SPIRE v1.15.0 adds HashiCorp Vault key management, rootless Podman support, and PROXY protocol rate limiting, while promoting sigstore attestation out of experimental. One CLI JSON output change requires attention before upgrading.
breakingAudit CLI JSON consumers before upgrading
The CLI no longer wraps objects in slices when printing JSON output. Any scripts, pipelines, or tools that parse SPIRE CLI JSON output will likely break — they expected arrays and will now get single objects. Audit all automation that calls spire-server or spire-agent CLI with JSON output flags before rolling this out. Test in a non-production environment first.
breakingUpdate metric dashboards for 'bootstrapped' label rename
The metric label 'bootstraped' (one 'p') was corrected to 'bootstrapped'. Any Prometheus queries, Grafana dashboards, or alerting rules referencing the old misspelled label will silently stop matching after upgrade. Find and update all references before deploying v1.15.0.
enhancementMigrate to HashiCorp Vault Key Manager if your org already runs Vault
If your team already operates HashiCorp Vault, the new Vault Key Manager plugin lets you consolidate key storage there instead of managing a separate AWS KMS or Azure Key Vault setup. This is particularly useful for on-prem or multi-cloud deployments where cloud-native KMS options are awkward. Review the plugin configuration docs and plan a key migration window — existing keys in other backends won't auto-migrate.
enhancementPromote sigstore attestation to production workloads
Sigstore-based attestation in both the k8s and docker attestors is now stable. If you've been holding off due to the experimental flag, this is the release to enable it for production. Verify your signing workflows are compatible and enable the feature in staging first to confirm selector behavior matches expectations.
主な変更 (6)
- HashiCorp Vault Key Manager plugin added — new option for key storage alongside existing AWS KMS and Azure Key Vault backends
- CLI JSON output breaking change: objects are no longer wrapped in slices, which will break any tooling parsing the current format
- sigstore support in k8s and docker attestors is now stable (out of experimental) — safe to use in production
- Docker workload attestor now handles rootless Podman, expanding coverage for non-root container runtimes
- GCP IIT node attestor no longer requires 'use_instance_metadata: true' to get service account email — simplifies GCP configs
- Metric label typo fixed: 'bootstraped' renamed to 'bootstrapped' — update any dashboards or alerts using this label
Keycloak 26.6.2 is a security-heavy patch release addressing 16 CVEs spanning session fixation, XSS, access control bypass, redirect URI validation, and cryptographic weaknesses. Upgrade immediately.
securityUpgrade immediately — multiple account takeover and data leakage CVEs
This release patches session fixation (CVE-2026-7507) enabling account takeover, redirect URI bypass (CVE-2026-7504), access token disclosure (CVE-2026-7571), stored XSS in org templates (CVE-2026-37980), and PII enumeration via account resource lookup (CVE-2026-37981). These are not theoretical — they affect standard OIDC flows and admin APIs. Any Keycloak 26.x deployment should be upgraded to 26.6.2 without delay. Check your change management process, but treat this as an emergency patch.
securityFreeMarker RCE risk — audit custom login themes before upgrading
CVE tracked under #47915 allowed FreeMarker templates to instantiate arbitrary Java objects and execute OS commands. If you have custom login themes that accept any user-influenced input in FTL files, audit them now. The fix adds proper expression escaping in JS blocks within FTL pages. After upgrading, test your custom themes to ensure the new escaping doesn't break existing behavior — especially in frontchannel-logout.ftl.
securityWebAuthn AAGUID policy bypass — re-verify authenticator enrollment policies
CVE-2026-6856 allowed packed self-attestation to bypass AAGUID allowlist policies during WebAuthn registration. If you rely on AAGUID restrictions to enforce specific authenticator hardware (e.g., FIDO2 security keys in regulated environments), credentials may have been enrolled that violate your policy. After upgrading, review recently enrolled WebAuthn credentials and consider requiring re-enrollment if strict hardware attestation is a compliance requirement.
主な変更 (5)
- 16 CVEs patched including critical issues: session fixation in OIDC flow (account takeover), redirect URI validation bypass, access token disclosure via forged client data, and stored XSS in organization template
- WebAuthn AAGUID policy bypass via packed self-attestation fixed — attestation enforcement was not reliable before this patch
- OIDC introspection endpoint now enforces audience restrictions, preventing claim leakage from lightweight access tokens
- FreeMarker templates hardened against object instantiation and OS command execution — a serious RCE-class vulnerability in login UI
- JDBC_PING cluster discovery updated to not break under 26.7 schema changes, easing rolling upgrades
Kyverno v1.18.1 is a targeted patch fixing two regressions in generate and mutate-existing policies introduced in v1.18.0.
breakingUpgrade immediately if you use generate policies on cluster-scoped resources
If you upgraded to v1.18.0 and have GeneratingPolicy rules targeting cluster-scoped resources (ClusterRoles, Namespaces, CRDs, etc.), generation was silently broken. v1.18.1 restores correct behavior. Validate that expected resources were actually generated after upgrading — anything that should have been generated during the v1.18.0 window may need manual remediation or a policy re-trigger.
breakingMutate-existing policies on v1.18.0 may have produced incorrect results
The AdmissionRequest context was not being forwarded to UpdateRequests in mutate-existing policies. This means any rule relying on request context (user info, object, oldObject) for conditional logic or patches would have behaved incorrectly. Audit mutations applied while running v1.18.0 and verify affected resources are in the expected state after upgrading to v1.18.1.
enhancementTreat v1.18.0 as effectively broken for generate and mutate-existing users
Both fixes were cherry-picked from main, meaning v1.18.0 should be skipped entirely if you rely on either feature. Skip straight to v1.18.1. If you are still on v1.17.x and evaluating the v1.18 line, start your testing against v1.18.1 instead.
主な変更 (3)
- Fixed cluster-scoped resource generation in GeneratingPolicy, which was broken in v1.18.0
- Fixed AdmissionRequest not being passed to UpdateRequests for mutate-existing policies, causing incorrect or missing mutations
- No new features or API changes — pure bug fixes only
v7.0.0 fixes a Windows-specific security vulnerability in delegation path matching and tightens the ngclient API with one breaking constructor change.
securityPatch Windows deployments immediately for GHSA-qp9x-wp8f-qgjj
Delegation path matching was broken on Windows, meaning a malicious or misconfigured repository could match targets it shouldn't. If any of your TUF clients run on Windows, upgrade to v7.0.0 now. Linux/macOS deployments are unaffected, but upgrading is still the right move before paths diverge further.
breakingUpdate all Updater() call sites to use the named bootstrap argument
The Updater() constructor signature changed: 'bootstrap' is now a required keyword argument. Any code calling Updater() without explicitly passing 'bootstrap' will break. Audit your code for Updater instantiations — if you weren't passing a bootstrap value before, add bootstrap=None to restore the previous behavior. This is a one-line fix per call site, but it will cause an immediate TypeError if missed.
enhancementWatch for securesystemslib.hash removal in upcoming releases
This release starts phasing out the securesystemslib.hash dependency. If your codebase or any custom TUF extensions directly import or rely on securesystemslib.hash, start planning a migration now rather than scrambling when a future release drops it entirely.
主な変更 (5)
- Security fix for GHSA-qp9x-wp8f-qgjj: incorrect delegation path matching on Windows could allow unauthorized targets to be trusted
- Updater() constructor now requires 'bootstrap' as a named argument — previously it had a default, now you must be explicit
- To preserve old behavior with no bootstrap, pass bootstrap=None explicitly
- Preparatory work to drop securesystemslib.hash dependency in a future release
- Several documentation corrections
Kubescape v4.0.8 is a focused patch release that fixes several VAP (Validating Admission Policy) bugs and adds a --timeout flag to the deploy-library command.
breakingVAP label selector parsing was silently wrong — verify your policies
The old code split label selectors on '=' directly instead of using Kubernetes' label parser. DoubleEquals (==) selectors were also incorrectly accepted. If you've generated VAP policies with Kubescape and used complex label selectors, re-generate and re-validate those policies with v4.0.8. Don't assume previously generated output was correct.
enhancementUse --timeout with VAP deploy-library in slow clusters
The new --timeout flag on the deploy-library command lets you tune how long Kubescape waits during VAP library deployment. If your cluster has slow API server response times or you're running in CI with strict time limits, set this explicitly rather than relying on the default. Test in staging first to find a safe value before enforcing it in pipelines.
enhancementConnector URL back-propagation fix matters for cloud API setups
A bug where connector URLs weren't back-propagated to the config object during cloud API initialization is now fixed. If you use Kubescape's cloud integration and noticed inconsistent scan result submissions, this patch addresses the root cause. Upgrade and re-run a scan to confirm results are reaching your backend correctly.
主な変更 (5)
- Added --timeout flag to the VAP deploy-library command for controlling deployment timeouts
- Fixed label selector validation to use Kubernetes upstream label parsing instead of raw string splitting — prevents silent breakage with complex selectors
- Fixed K8s name and namespace validation to use proper DNS label validation helpers
- Fixed writeOutput to auto-create parent directories, preventing file write failures
- Suppressed spurious interrupt signal log messages on graceful exit — cleaner operator experience
Kubescape v4.0.7 is a broad bug-fix and usability release: better input validation, safer concurrency in the HTTP handler, a new ControlInput CRD, and service discovery without a sidecar.
breakingThreshold flags now fail fast — check your CI pipelines
Severity-threshold, compliance-threshold, and fail-threshold flags are now validated before the scan starts. Scripts or CI jobs that pass invalid threshold values will now exit immediately with an error rather than completing the scan and ignoring the flag. Review your scan invocations to confirm all threshold flags are valid before upgrading.
enhancementDrop the sidecar for service discovery
Service discovery now queries the Kubernetes API directly. If you've been running a sidecar specifically to support Kubescape's service discovery, you can remove it. Audit your deployments before upgrading to avoid unexpected behavior from redundant sidecars.
enhancementDeploy the ControlInput CRD for in-cluster tuning
The new ControlInput CRD lets you configure control inputs directly in the cluster rather than through external files. This only activates during live cluster scans, so file-scan workflows are unaffected. Apply the CRD after upgrading if you want to centralize scan policy configuration in-cluster.
主な変更 (5)
- New ControlInput CRD enables in-cluster control configuration — gated to live cluster scans only, not file-based scans
- Service discovery now pulls services directly from the API, dropping the sidecar requirement entirely
- TLS key configuration for the HTTP handler can now be set via environment variables, with a hard error on partial TLS config
- Severity, compliance, and fail threshold flags are now validated early — before the scan runs — across all relevant subcommands
- YAML parsing switched from byte-split to a line scanner with raised buffer limits; parse errors now surface instead of silently dropping documents
v1.15.1 is a stability patch fixing two serious runtime bugs — a potential deadlock in Check and a semaphore leak under context cancellation — plus a cache collision in the experimental weighted graph check.
securityCache key collision in `weighted_graph_check` could return incorrect authorization results
If you're running the experimental `weighted_graph_check` feature, the cache collision bug means Check could return stale or wrong results for relationships in unions with direct types, wildcards, TTU paths, or intersections. This is an authorization correctness issue — wrong answers on permission checks. Upgrade before relying on this feature in any environment where correctness matters. If you can't upgrade immediately, disable the experimental feature flag.
breakingUpgrade immediately — deadlock and semaphore leak bugs affect production stability
Two bugs here can quietly degrade running services. The deadlock in Check (message streams held open on error) can starve request processing over time. The semaphore leak in the bounded tuple reader under context cancellation means goroutine/resource exhaustion under load or timeout-heavy workloads. Neither requires config changes — just upgrade. If you've seen unexplained Check hangs or increasing resource pressure after cancellations, these are the culprits.
enhancementListObjects now handles short-circuit errors correctly
A subtle bug was causing expected errors (non-fatal path short-circuits) to bubble up incorrectly in ListObjects responses. If you've seen unexpected errors returned from ListObjects queries that should have silently short-circuited, this fix resolves that. No action needed beyond upgrading — but worth re-validating ListObjects behavior in your test suite after the upgrade.
主な変更 (5)
- Fixed potential panic in command error handling
- Fixed deadlock risk in Check by ensuring message streams close on error instead of hanging indefinitely
- Fixed semaphore token leaks in the bounded tuple reader during context cancellation
- Fixed cache key collisions in experimental `weighted_graph_check` affecting unions with multiple branches
- Fixed incorrect error propagation in ListObjects when a path short-circuits
in-toto v3.1.0 migrates away from sslib's hash functions, switches to ruff for code style, and refreshes Debian packaging — mostly maintenance, but the sslib change has dependency implications.
breakingAudit your sslib dependency if you use it alongside in-toto
in-toto has internalized sslib's hash functions because sslib is being deprecated. If your project independently depends on sslib for other functionality, start planning a migration now — don't assume sslib will remain maintained. Check your dependency tree for anything that transitively pulls in sslib and evaluate whether those paths need updating.
enhancementUse the new `in-toto-run` return code passthrough in CI pipelines
Previously, `in-toto-run` would swallow the wrapped command's exit code, which could mask failures in CI. With passthrough now enabled, the return code of the wrapped command propagates correctly. If you have shell scripts or CI steps that check exit codes after `in-toto-run`, verify your error handling still works as intended — behavior has changed and some pipelines may now surface previously hidden failures.
enhancementIf you contribute to or package in-toto, update your dev tooling to ruff
The codebase now enforces ruff-based style rules. If you maintain a fork, downstream package, or contribute PRs, your existing flake8/pylint setup will likely flag false conflicts. Align your local dev environment with ruff before opening PRs against this version or later.
主な変更 (5)
- sslib hash functions ported directly into in-toto due to sslib deprecation — reduces external dependency
- Code style tooling switched from existing linter to ruff (PEP 8 enforcement updated across codebase)
- Debian dependencies and build rules refreshed for current packaging compatibility
- CLI: `in-toto-run` now passes through the wrapped command's return code
- Documentation updates covering pipeline configuration and general content improvements
v4.0.6 tackles a wave of false negatives, silent errors, and correctness bugs in scanning — namespace filters, exception matching, and OPA eval failures all get fixes that change scan results.
securityAudit vulnerability exception lists for case inconsistencies
Exception matching for image scan CVE IDs was case-sensitive before this fix, meaning 'ghsa-xxxx' and 'GHSA-xxxx' were treated as different identifiers. Any exceptions defined with lowercase CVE/GHSA IDs were silently not applied. After upgrading, check that your exception lists use consistent casing and re-verify which vulnerabilities are actually being excepted.
securityRaw request bodies are no longer logged — review your log retention
Kubescape's HTTP handler was logging full scan request bodies, which could include sensitive resource manifests or configuration data. That logging is now removed. If you've been collecting these logs, review and rotate any stored log data that may contain manifest content.
breakingExpect scan result changes after upgrading — false negatives are now real failures
Two distinct bugs caused resources to silently disappear from scan results: OPA eval errors were swallowed, and partial GVR collection failures were suppressed. Both are fixed. If your baseline compliance scores looked suspiciously clean, re-run scans after upgrading and treat new failures as real findings that were always there, not regressions introduced by the upgrade.
主な変更 (5)
- OPA eval errors no longer silently drop resources — failures now surface instead of producing false negatives
- Namespace filter now correctly preserves cluster-scoped resource results when --include-namespaces is set
- CVE exception matching is now case-insensitive, fixing missed exceptions on lowercase CVE IDs
- Helm value overrides can now be passed through kubescape scan, and Kustomize directories with Helm dependencies render correctly
- Raw scan request bodies are no longer logged, and concurrent exception file writes get unique temp files per request
v1.16.0 brings new URI builtins, Data API metadata support, OTLP metrics export, and critical fixes for log dropping and log buffer eviction bugs introduced in v1.15.x.
securityunits.parse_bytes exponent cap prevents timeout bypass
Extremely large exponent values in units.parse_bytes could be used to cause evaluation timeouts, potentially bypassing policy enforcement. This is fixed in v1.16.0 by capping the exponent size. If your policies accept user-controlled input that gets passed to units.parse_bytes, this fix is directly relevant — upgrade and review any policies that parse byte strings from untrusted sources.
breakingUpgrade from v1.15.x immediately — logs are silently dropped
A BufferedLogger bug in v1.15.x caused bundle download logs, print() debug output, and plugin logs to be dropped after the first flush. This is silent data loss in your observability stack. If you're running v1.15.x in any environment where decision logs or debug output matter, upgrade to v1.16.0 now. Check your log pipeline for gaps if you've been running v1.15.x in production.
enhancementUse new uri.parse / uri.is_valid builtins to replace fragile regex-based URL validation
Many OPA policies today use regex or string manipulation to validate or decompose URLs — a brittle approach. The new uri.parse builtin returns structured RFC 3986 components (scheme, host, path, query, etc.), and uri.is_valid does a clean true/false structural check. If you have policies handling redirect URIs, webhook URLs, or any URL-bearing input, replace your custom parsing logic with these builtins. The structured output makes it easier to write precise, readable rules.
主な変更 (5)
- New uri.parse and uri.is_valid builtins for RFC 3986-compliant URI handling in policy
- Data API now supports request/response metadata for wrapping projects — custom fields logged under decision log Custom['request_metadata']
- Prometheus metrics can now be exported via OTLP, unifying observability pipelines
- Critical fix: v1.15.x dropped logs for bundle downloads, print() calls, and plugin-originated logs — upgrade immediately if on v1.15.x
- units.parse_bytes exponent size now capped to prevent potential timeout bypass (security hardening)
Kyverno 1.18 hardens HTTP context security with blocklist enforcement and scoped tokens, fixes multiple image verification bugs including a silent bypass, and expands CLI policy testing coverage.
securityAudit HTTP context policies before upgrading — blocklist is now enforced
Any policy using HTTP context loading will now be subject to a configurable blocklist. Calls that previously succeeded might be blocked after upgrade. Before rolling out 1.18, inventory all policies with HTTP context entries, verify their target URLs are not on the default blocklist, and configure FLAG_HTTP_BLOCKLIST overrides where needed. Also check that scoped token authorization doesn't break policies relying on broader token access. Test in a non-production cluster first.
securityImage verification silent bypass is patched — verify your policies are actually enforcing
A bug in processResourceWithPatches caused it to return nil on patch failure, which silently skipped image verification. If you've been running image verification policies and assumed they were enforcing, run a retroactive compliance scan after upgrading to confirm enforcement was working as expected. Also check the CVE fixes: CVE-2026-32280 (intermediate cert limiting) and CVE-2026-32283 (Go toolchain upgrade) are included in this release and warrant upgrading promptly.
enhancementUse successEventActions to reduce event spam in large clusters
High-traffic clusters with broad Kyverno policies generate enormous volumes of success events, which can overwhelm etcd and make event streams useless. The new successEventActions ConfigMap parameter lets you filter exactly which success events get emitted. Add this to your Kyverno ConfigMap after upgrading and tune it based on which policy actions actually need visibility. Pairs well with the existing omitEvents setting — watch out for the new warning if you configure conflicting values.
主な変更 (5)
- HTTP context calls now enforce a configurable blocklist and use scoped tokens — policies making external HTTP calls need review against new security constraints
- imageRegistryCredentials can now reference namespaced secrets and pod-level imagePullSecrets, removing a long-standing limitation for multi-tenant image verification setups
- Silent image verification bypass fixed: processResourceWithPatches was returning nil on patch failure, allowing images to slip through unverified
- successEventActions ConfigMap parameter lets you filter which success events Kyverno emits, useful for high-volume clusters drowning in event noise
- CLI now supports cleanup policies, HTTP/Envoy authz policies, and mutateExisting in kyverno apply and kyverno test — CI pipelines can finally test these policy types offline
SPIRE v1.14.6 patches two critical security vulnerabilities in node attestation: an EC2 instance impersonation flaw and a race condition in join token validation.
securityUpgrade immediately if using aws_iid node attestation
The aws_iid bug is severe: any EC2 instance under attacker control could forge the identity of any other EC2 instance during attestation, bypassing all downstream SPIFFE ID assignment and workload authorization. If you use aws_iid attestation in any environment, treat this as a critical breach risk and upgrade to v1.14.6 now. After upgrading, audit your node attestation logs for anomalous registrations — specifically instances claiming identities inconsistent with their actual AWS metadata.
securityJoin token race condition allows double-registration — patch now
The TOCTOU flaw means two concurrent requests with the same join token could both complete attestation successfully, resulting in two agents registered under one token. If join tokens are distributed in automated pipelines or ephemeral environments, an attacker who intercepts a token could race a legitimate agent to claim it. Upgrade to v1.14.6, then review your join token issuance and revocation policies. Consider switching to shorter-lived tokens or alternative attestation methods like x509pop for sensitive workloads.
主な変更 (3)
- Fixed aws_iid attestor: PKCS7 signature was verified against embedded content, but identity was parsed from an attacker-controlled field — allowing any EC2 instance to impersonate any other.
- Fixed join token TOCTOU race: concurrent attestations with the same token could both succeed due to silent no-op deletes. Now uses row-locked read-modify-write transactions.
- Both vulnerabilities reported by Tianshuo Han.
v1.13.6 patches two serious security vulnerabilities in SPIRE: an EC2 instance impersonation flaw in the AWS IID attestor and a race condition in join token handling. Upgrade immediately.
securityUpgrade now if you use AWS IID node attestation
The AWS IID attestor vulnerability is severe: any attacker controlling an EC2 instance could forge the identity of any other EC2 instance in your environment during node attestation. All downstream RBAC, SVID issuance, and workload identity decisions would operate on the forged identity. If you run SPIRE with the aws_iid server plugin, treat this as a critical incident — patch to v1.13.6 before doing anything else. Review your SPIRE server logs for unexpected node attestation events from EC2 instances, especially cross-account or cross-region patterns.
securityAudit join token usage if you allow concurrent agent bootstrapping
The TOCTOU bug in join token handling means two agents racing to attest with the same token could both succeed — violating the one-time-use guarantee. In practice this could allow unauthorized agents to join your trust domain. After upgrading, rotate any join tokens that may have been used during periods of concurrent agent bootstrapping. If you use join tokens in automation (e.g., init containers, CI pipelines), review whether parallel execution could have triggered this race.
主な変更 (3)
- Fixed AWS IID attestor bug where PKCS7 signature was verified against embedded content but identity was parsed from an attacker-controlled field — enabling full EC2 impersonation during node attestation
- Fixed TOCTOU race in join token attestation: concurrent requests with the same token could both succeed; now enforced via read-modify-write transaction with row locking
- Both vulnerabilities reported by Tianshuo Han; no new features or other changes in this release
v1.15.0 brings latency improvements for complex authorization models via edge pruning, fixes a cache bug in the experimental weighted graph checker, and patches Go stdlib CVEs by upgrading to Go 1.26.2.
securityUpdate immediately to patch Go stdlib vulnerabilities
This release ships Go 1.26.2, which addresses vulnerabilities in the Go standard library. If you run OpenFGA as a managed binary or container, pull the new image now. If you build from source, ensure your toolchain matches. Don't wait on this — stdlib vulns can affect TLS, HTTP parsing, and crypto paths that OpenFGA relies on.
enhancementRe-benchmark list objects performance on complex models
Edge pruning in the list objects pipeline cuts unnecessary graph traversal. If your authorization model has deep or wide relationship graphs, you should see reduced p99 latency on ListObjects calls. Run your existing load tests against v1.15.0 and compare — this is a free win that requires no config changes.
enhancementRe-evaluate weighted_graph_check cache behavior if you hit cold-start issues
The experimental weighted_graph_check feature was silently skipping its cache on cold start or when the cache controller was disabled, which could explain unexpected latency spikes early in pod lifecycle. The fix aligns behavior with the documented contract: zero invalidation time means use the cache. If you're using this experimental feature, test it again — behavior will differ from what you may have measured before.
主な変更 (3)
- Edge pruning added to list objects pipeline — measurable latency reduction for large, complex authorization models
- Fixed weighted_graph_check cache being incorrectly bypassed when cache controller returns zero invalidation time (cold start or disabled state)
- Go toolchain bumped to 1.26.2 to address Go standard library security vulnerabilities
v1.16.4 is a security-focused patch release addressing 15+ CVEs across Kyverno's dependency chain, plus a critical behavioral change that disables HTTP in namespaced policies by default.
securityUpgrade immediately — 15+ CVEs patched, including supply chain components
This release patches CVEs across sigstore/rekor, go-tuf, docker/cli, Go stdlib, and Kyverno's own code. Several of these touch the image verification and policy fetch paths. If you're running any image signing workflows with Kyverno, the rekor and go-tuf bumps are directly relevant. Plan an upgrade in your next maintenance window — do not wait for the next major cycle.
breakingHTTP disabled by default in namespaced policies (CVE-2026-4789) — test before upgrading
Namespaced policies that fetch external data over plain HTTP will silently stop working after this upgrade. If you use URL context sources or external data fetches in namespaced ClusterPolicy or Policy resources, audit them for HTTP (non-HTTPS) endpoints before upgrading. This is a security hardening change, but it will break existing policies that relied on insecure endpoints. Switch those endpoints to HTTPS or migrate to HTTPS-capable data sources first.
breakingRestricted ConfigMap access for namespaced policies — RBAC may need review
Namespaced policies now have reduced ConfigMap access scope. If your policies rely on reading ConfigMaps outside their namespace for context or configuration, those reads will fail post-upgrade. Review your policy definitions for cross-namespace ConfigMap references and adjust either the policy logic or the access grants accordingly before rolling out this version.
主な変更 (5)
- CVE-2026-4789: HTTP disabled by default in namespaced policies — this is a behavioral change, not just a dep bump
- Namespaced policies now have restricted ConfigMap access, tightening the blast radius of compromised policy controllers
- Scoped token used for request authorization, replacing broader token usage in policy evaluation
- forEach mutation panic fixed — previously could crash the engine on certain mutate rule configurations
- Dependency CVEs resolved: docker/cli, sigstore/rekor, go-tuf/v2, stdlib, and others updated
v1.17.2 is a security-heavy patch release addressing multiple CVEs and fixing critical bugs in MutatingPolicy, ValidatingPolicy, webhook reconciliation, and namespaced policy handling.
securityUpgrade immediately — 6+ CVEs fixed in this release
This release patches at least six CVEs across dependencies and Go stdlib, plus CVE-2026-4789 which disables HTTP in namespaced policies by default. If you run namespaced policies that rely on HTTP-based external data sources or webhooks, audit those configurations before upgrading — they will stop working silently. Upgrade path: update your Helm chart or manifests to v1.17.2 and validate policy behavior in a staging environment first.
breakingNamespaced policies: HTTP disabled and ConfigMap access restricted
Two separate hardening changes affect namespaced policies. HTTP is now disabled by default (CVE-2026-4789), and ConfigMap access has been scoped down. If your namespaced policies fetch context from HTTP endpoints or read ConfigMaps outside their namespace, those policies will fail silently or error post-upgrade. Run a dry-run or audit scan against your namespaced policies before deploying to production.
enhancementWebhook reconciliation loop fix — reduces controller churn in large clusters
Inconsistent webhook rule ordering was causing repeated reconciliation loops, which generates excess API server load and noisy controller logs. This is fixed. If you've been seeing constant webhook object churn in your audit logs or elevated kyverno-controller CPU, this release resolves it. No action needed post-upgrade, but worth monitoring controller metrics after rollout to confirm stabilization.
主な変更 (5)
- Multiple CVEs patched: CVE-2026-24051, CVE-2026-15558, CVE-2026-1229, CVE-2026-33186, CVE-2026-34986, CVE-2026-4789 — plus Go stdlib CVE bumps
- HTTP disabled by default in namespaced policies (CVE-2026-4789) — behavioral change for existing namespaced policy configurations
- ConfigMap access restricted for namespaced policies — scope reduction to limit blast radius
- Webhook reconciliation loop fixed: webhooks and webhook rules now maintain consistent ordering to prevent endless reconciliation cycles
- forEach mutation engine panic prevented, wrong lister for NamespacedGeneratingPolicy on UPDATE fixed, and user info handling added to MutatingPolicy/ValidatingPolicy