RATATOSKRATATOSK
ログイン

リリース

CNCF graduated・incubatingプロジェクトのリリースノートのAI分析。

Kubeflow

AI & ML2025年7月18日

日本語 準備中Kubeflow 1.10.2 is a maintenance release whose most operator-relevant change is a default switch to Istio CNI paired with a migration to Istio 1.26.1 and merged istio/istio-cni manifests, which can break existing Istio customizations. It also removes static PSS files in favor of dynamic label application, adds KServe path-based routing and Model Registry Helm support, and bundles assorted dependency updates and bug fixes.

  • securityIstio upgraded to 1.26.1 with merged istio/istio-cni configuration

    Istio has been bumped to 1.26.1 and the previously separate istio and istio-cni manifests are merged. Verify that any customized Istio overlays or kustomizations remain compatible with the new combined structure.

  • breakingIstio CNI is now the default; review manifests before upgrading

    Istio CNI is now the default networking mode. Existing deployments that relied on the previous default should review their Istio manifests before upgrading, as the istio and istio-cni configurations have been merged into a single combined setup under Istio 1.26.1.

  • breakingStatic PSS files removed; labels now applied via enable scripts

    Static PSS (Pod Security Standards) files have been removed. Security labels are now applied dynamically via the enable PSS scripts. Any automation or tooling that referenced the static files directly will need to be updated.

主な変更 (7)
  • Istio CNI is now the default networking mode; existing manifest customizations may need adjustment
  • Istio bumped to 1.26.1 with the istio and istio-cni manifests merged into a unified configuration
  • Static PSS files removed; Pod Security Standards labels are now applied dynamically by the enable PSS scripts
  • KServe path-based routing implemented and Helm Charts support added for Model Registry
  • kubeflow/model-registry manifests updated to v0.2.19 and spark-operator manifests to 2.2.0
  • Namespace isolation added to V1 pipeline workflows with SeaweedFS, including a new CI security test
  • Plus several smaller fixes: seaweedfs PSS warnings, Dex issuer in README, pipeline application command, and busybox image references migrated to ghcr
原文

Kubeflow

AI & ML2025年5月14日

日本語 準備中Kubeflow v1.10.1 is a patch release focused on component manifest synchronization (KServe, model-registry, spark-operator, Pipelines, Training Operator) and CI/test hardening, with two operator-visible changes: Spark Operator is now enabled by default and Istio sidecar injection moved from annotations to labels. No security fixes are included.

  • breakingSpark Operator is now enabled by default

    Spark Operator now ships enabled by default rather than disabled, so clusters upgrading to v1.10.1 will get Spark Operator running unless it is explicitly turned off first. Review your kustomization overlays if you don't want it active.

  • breakingIstio sidecar injection now configured via labels, not annotations

    Istio sidecar injection configuration moved from annotations to labels. Manifests or overlays that toggle injection via annotations need updating to use labels instead, or sidecar injection may silently stop applying as expected.

主な変更 (6)
  • Spark Operator is enabled by default, an operator-visible default change from previous releases
  • Istio sidecar injection switched from annotations to labels
  • Fixed a service account token error ("Jwt issuer is not configured")
  • Manifest syncs across the stack: KServe v0.15.0 (web app v0.14.0), model-registry v0.2.17, spark-operator 2.1.1, Pipelines 2.5.0, Training Operator v1.9.2
  • Several smaller bugfixes: Knative Serving 404 via example.com patch, KServe cert-manager readiness checks, PSS warnings for cluster-local-gateway and knative-serving plus stricter PSS baseline enforcement in CI
  • Profiles now integrate with SeaweedFS, plus CI/CD workflow improvements and PodDisruptionBudget documentation
原文

Notary Project

Security2025年4月27日

日本語 準備中Notation v1.3.2 is a targeted security patch backported to the 1.3 branch, addressing CVE-2025-30204 in the golang-jwt dependency.

  • securityPatch CVE-2025-30204 by upgrading to v1.3.2 now

    CVE-2025-30204 is a vulnerability in golang-jwt that can allow attackers to bypass JWT validation. If you're running any 1.3.x release of Notation, upgrade to v1.3.2 immediately — this is the sole reason this patch release exists. If you're on v1.4+, verify your version already includes the fix before assuming you're safe.

  • enhancementUse this release as a low-risk upgrade path if you're pinned to 1.3

    Teams that can't yet move to the latest major line can take v1.3.2 without worrying about behavioral changes — the diff is narrow and confined to the JWT dependency bump plus minor cleanups. It's a safe, no-surprises drop-in for any 1.3.x deployment.

主な変更 (3)
  • CVE-2025-30204 patched via golang-jwt dependency update
  • Backport from main branch to release-1.3 for users not yet on v1.4+
  • Minor code and documentation cleanups alongside the security fix
原文
← 新しい