Skip to content

actions-runner-controller

vgha-runner-scale-set-0.14.2 scope: gha-runner-scale-set Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 12d Containers & Orchestration
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

kubernetes operator

Affected surfaces

deps

ReleasePort's take

Light signal
editorial:auto 12d

The release upgrades the runtime environment by bumping Go to version 1.26.3, addressing critical security vulnerabilities.

Why it matters: Critical security fixes require upgrading to Go 1.26.3; deployments using earlier Go versions must patch immediately.

Summary

AI summary

Bump Go to 1.26.3 to fix critical security vulnerabilities.

Changes in this release

Security Medium

Bump Go to 1.26.2 to fix critical security vulnerabilities

Bump Go to 1.26.2 to fix critical security vulnerabilities

Source: llm_adapter@2026-05-22

Confidence: low
Feature Medium

Add option to disable workqueue bucket rate limiter

Add option to disable workqueue bucket rate limiter

Source: llm_adapter@2026-05-22

Confidence: high
Feature Medium

Add flag for enabling pprof on the controller manager

Add flag for enabling pprof on the controller manager

Source: llm_adapter@2026-05-22

Confidence: high
Feature Medium

Add health and readiness probes to controller manager

Add health and readiness probes to controller manager

Source: llm_adapter@2026-05-22

Confidence: high
Feature Medium

Port rate limiter to experimental charts

Port rate limiter to experimental charts

Source: llm_adapter@2026-05-22

Confidence: low
Dependency Medium

Updates runner to v2.334.0

Updates runner to v2.334.0

Source: llm_adapter@2026-05-22

Confidence: high
Dependency Medium

Bump the actions group with 3 updates

Bump the actions group with 3 updates

Source: llm_adapter@2026-05-22

Confidence: high
Dependency Medium

Bump Go to 1.26.3

Bump Go to 1.26.3

Source: llm_adapter@2026-05-22

Confidence: high
Bugfix Medium

Fix orphan no-permission ServiceAccount in kubernetes-novolume mode

Fix orphan no-permission ServiceAccount in kubernetes-novolume mode

Source: llm_adapter@2026-05-22

Confidence: high
Bugfix Medium

Fix empty GVK in OwnerReferences for modern controllers

Fix empty GVK in OwnerReferences for modern controllers

Source: llm_adapter@2026-05-22

Confidence: high
Bugfix Medium

Detect init container failure in EphemeralRunner controller

Detect init container failure in EphemeralRunner controller

Source: llm_adapter@2026-05-22

Confidence: high
Bugfix Medium

Render empty arrays for kubernetes-novolume volumes fields

Render empty arrays for kubernetes-novolume volumes fields

Source: llm_adapter@2026-05-22

Confidence: high
Bugfix Medium

Fix secret reconciliation updates for the listener pod

Fix secret reconciliation updates for the listener pod

Source: llm_adapter@2026-05-22

Confidence: high
Bugfix Medium

Fix job execution duration when runner assign time is not set

Fix job execution duration when runner assign time is not set

Source: llm_adapter@2026-05-22

Confidence: high
Bugfix Medium

Fix typo and rename status to phase

Fix typo and rename status to phase

Source: llm_adapter@2026-05-22

Confidence: high
Bugfix Medium

Fix helm chart validation workflow

Fix helm chart validation workflow

Source: llm_adapter@2026-05-22

Confidence: high
Refactor Medium

Update CODEOWNERS file

Update CODEOWNERS file

Source: llm_adapter@2026-05-22

Confidence: low
Refactor Medium

Revert "Fix typo and rename status to phase"

Revert "Fix typo and rename status to phase"

Source: llm_adapter@2026-05-22

Confidence: low
Refactor Medium

Prepare 0.14.2 release

Prepare 0.14.2 release

Source: llm_adapter@2026-05-22

Confidence: low
Full changelog

Experimental charts:
:warning: Experimental charts are not supported for production workloads and may be modified or republished without notice. They are made available solely for evaluation and feedback purposes. :warning:

What's Changed

  • Fix orphan no-permission ServiceAccount in kubernetes-novolume mode by @khaykingleb in https://github.com/actions/actions-runner-controller/pull/4455
  • Updates: runner to v2.334.0 by @github-actions[bot] in https://github.com/actions/actions-runner-controller/pull/4467
  • Add option to disable workqueue bucket rate limiter by @Okabe-Junya in https://github.com/actions/actions-runner-controller/pull/4451
  • Add a flag for enabling pprof on the controller manager by @Okabe-Junya in https://github.com/actions/actions-runner-controller/pull/4449
  • Add health and readiness probes to controller manager by @Okabe-Junya in https://github.com/actions/actions-runner-controller/pull/4459
  • Fix empty GVK in OwnerReferences for modern controllers by @Okabe-Junya in https://github.com/actions/actions-runner-controller/pull/4475
  • Fix: Detect init container failure in EphemeralRunner controller by @Okabe-Junya in https://github.com/actions/actions-runner-controller/pull/4457
  • Bump the actions group with 3 updates by @dependabot[bot] in https://github.com/actions/actions-runner-controller/pull/4483
  • Render empty arrays for kubernetes-novolume volumes fields by @nikola-jokic in https://github.com/actions/actions-runner-controller/pull/4461
  • Fix secret reconciliation updates for the listener pod by @nikola-jokic in https://github.com/actions/actions-runner-controller/pull/4492
  • Fix job execution duration when runner assign time is not set by @nikola-jokic in https://github.com/actions/actions-runner-controller/pull/4472
  • Fix typo and rename status to phase by @nikola-jokic in https://github.com/actions/actions-runner-controller/pull/4466
  • Update CODEOWNERS by @nikola-jokic in https://github.com/actions/actions-runner-controller/pull/4495
  • Bump Go to 1.26.2 to fix critical security vulnerabilities by @dhawalseth in https://github.com/actions/actions-runner-controller/pull/4491
  • Fix helm chart validation workflow by @nikola-jokic in https://github.com/actions/actions-runner-controller/pull/4479
  • Port rate limiter to experimental charts by @nikola-jokic in https://github.com/actions/actions-runner-controller/pull/4478
  • Revert "Fix typo and rename status to phase" by @nikola-jokic in https://github.com/actions/actions-runner-controller/pull/4505
  • Bump Go to 1.26.3 by @nikola-jokic in https://github.com/actions/actions-runner-controller/pull/4504
  • Prepare 0.14.2 release by @rentziass in https://github.com/actions/actions-runner-controller/pull/4503

New Contributors

  • @khaykingleb made their first contribution in https://github.com/actions/actions-runner-controller/pull/4455
  • @Okabe-Junya made their first contribution in https://github.com/actions/actions-runner-controller/pull/4451

Full Changelog: https://github.com/actions/actions-runner-controller/compare/gha-runner-scale-set-0.14.1...gha-runner-scale-set-0.14.2

Security Fixes

  • Bump Go to 1.26.3 to fix critical security vulnerabilities
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track actions-runner-controller

Get notified when new releases ship.

Sign up free

About actions-runner-controller

Kubernetes controller for GitHub Actions self-hosted runners

All releases →

Related context

Beta — feedback welcome: [email protected]