ArgoCD

v3.3.10 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 22d GitOps

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

argo argo-cd ci-cd devops docker gitops

+5 more

helm jsonnet kubernetes kustomize pipeline

Affected surfaces

breaking_upgrade deps

ReleasePort's take

Moderate signal

editorial:auto 13d

ArgoCD v3.3.10 fixes a panic in the permission validator when encountering nil APIResources and resolves log-line overflow issues in the UI. The release updates Go to 1.25.9 to address CVE vulnerabilities and adds secret data masking in server-side diff results.

Why it matters: Permission validator panics could interrupt API operations; this patch stabilizes it. Go 1.25.9 closes CVEs affecting release-3.3 deployments. Plan upgrade after testing in dev; secret masking in diffs benefits security posture.

Summary

AI summary

Fixed permission validator panic on nil APIResource and log‑line overflow issue.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Update Go to 1.25.9 on release-3.3 to resolve CVE vulnerabilities. Update Go to 1.25.9 on release-3.3 to resolve CVE vulnerabilities. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Apply HideSecretData to server-side diff results in gitops-engine. Apply HideSecretData to server-side diff results in gitops-engine. Source: llm_adapter@2026-05-21 Confidence: low	—
Dependency	Medium	Align Go versions across Dockerfiles and downgrade to 1.25.9 in go.mod. Align Go versions across Dockerfiles and downgrade to 1.25.9 in go.mod. Source: llm_adapter@2026-05-21 Confidence: low	—
Dependency	Medium	Bump otel/sdk to version 1.43.0. Bump otel/sdk to version 1.43.0. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Prevent panic on nil APIResource in permission validator. Prevent panic on nil APIResource in permission validator. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Wrap lines toggle now prevents log lines from overflowing container. Wrap lines toggle now prevents log lines from overflowing container. Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd --server-side --force-conflicts -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.3.10/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd --server-side --force-conflicts -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.3.10/manifests/ha/install.yaml

Release Signatures and Provenance

All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.

Release Notes Blog Post

For a detailed breakdown of the key changes and improvements in this release, check out the official blog post

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Changelog

Bug fixes

eb947bfea26df18294600efa65235df44e68ff47: fix: prevent panic on nil APIResource in permission validator (cherry-pick #26610 for 3.3) (#27753) (@argo-cd-cherry-pick-bot[bot])
7b8c7be98657082396e1726ff9b1d97c1c4f5166: fix: wrap lines toggle causes log lines to overflow container - Fixes [Issue #27586] (cherry-pick #27627 for 3.3) (#27671) (@argo-cd-cherry-pick-bot[bot])

Other work

7879e6322465080a82d152bf00f2b92e0f36c658: Merge commit from fork (@pjiang-dev)
00f83c41dcfd879f34f8e0248c860d704b41cf0f: Merge commit from fork (@blakepettersson)
d7f8ba1b6c62634faf9894161dbdd632e3e39528: chore: align Go versions across Dockerfiles and downgrade Go version in go.mod (#27808) (@reggie-k)
5c7eb8f083342e48867e8857e52408c114a4baf3: chore: bump otel/sdk to 1.43.0 (release-3.3) (#27807) (@nitishfy)
7830a129c9c87267e1b74dc453c199d4fa327dfb: chore: update Go to 1.25.9 on release-3.3 to resolve CVEs (#27639) (#27656) (@ihmdika)
ac11bec9986807adc8886ef1181eced7347ef5c6: fix(gitops-engine): apply HideSecretData to server-side diff results … (#27762) (@pjiang-dev)

Full Changelog: https://github.com/argoproj/argo-cd/compare/v3.3.9...v3.3.10

Security Fixes

Updated Go to 1.25.9 on release-3.3 to resolve CVEs

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ArgoCD

Get notified when new releases ship.

About ArgoCD

Declarative Continuous Deployment for Kubernetes

All releases →