Skip to content

forkline/ingress-nginx

v2026.5.18 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 16d Reverse Proxies & Load Balancers
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Summary

AI summary

Removed obsolete CVE-2025-23419 patch from nginx image.

Changes in this release

Feature Medium

Added yamllint configuration with 120 character line length limit.

Added yamllint configuration with 120 character line length limit.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Passed TAG to kube-webhook-certgen publish step.

Passed TAG to kube-webhook-certgen publish step.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Released container images for controller, nginx, and kube-webhook-certgen with version 2026.5.18.

Released container images for controller, nginx, and kube-webhook-certgen with version 2026.5.18.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Updated Helm Chart appVersion to 2026.5.18.

Updated Helm Chart appVersion to 2026.5.18.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Kubectl plugin binaries available on GitHub Release page for version 2026.5.18.

Kubectl plugin binaries available on GitHub Release page for version 2026.5.18.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Dependency Medium

Updated module github.com/google/go-github/v85 to v86.

Updated module github.com/google/go-github/v85 to v86.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Dependency Medium

Updated google.golang.org/grpc to version 1.81.1.

Updated google.golang.org/grpc to version 1.81.1.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Dependency Medium

Performed general update of go modules.

Performed general update of go modules.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Dependency Medium

Updated google.golang.org/grpc examples digest to 6602080.

Updated google.golang.org/grpc examples digest to 6602080.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Performance Medium

Increased timeout to 360 minutes in release images workflow.

Increased timeout to 360 minutes in release images workflow.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Performance Medium

Increased nginx build timeout to 360 minutes for arm64 QEMU.

Increased nginx build timeout to 360 minutes for arm64 QEMU.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Bugfix Medium

Removed obsolete CVE-2025-23419 patch from nginx in version 1.30.1.

Removed obsolete CVE-2025-23419 patch from nginx in version 1.30.1.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Refactor Medium

Quoted make variables to prevent target parsing errors.

Quoted make variables to prevent target parsing errors.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Refactor Medium

Stripped 'v' prefix from image TAG files.

Stripped 'v' prefix from image TAG files.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

Ensured end-to-end tests run on pushes to the main branch.

Ensured end-to-end tests run on pushes to the main branch.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Full changelog

What's Changed

Fixed

  • Remove obsolete CVE-2025-23419 patch included in 1.30.1 (nginx)(362c07d)

  • Nginx image caching by NGINX version and multi-platform builds (ci)(1f8b3b8)

  • Add yamllint config with 120 char line length (lint)(ffee14f)

  • Ensure E2E runs on push to main (ci)(86871aa)

  • Increase timeout to 360m in release images workflow (ci)(4a75adc)

  • Quote make variables to prevent target parsing errors (ci)(3018ef5)

  • Increase nginx build timeout to 360min for arm64 QEMU (ci)(db3de00)

  • Pass TAG to kube-webhook-certgen publish step (#59) (release)(0df4c3d)

  • Strip v prefix from image TAG files(506fdd7)

Build

  • Update module github.com/google/go-github/v85 to v86 (#56) (deps)(18d8634)

  • Update module google.golang.org/grpc to v1.81.1 (#60) (deps)(6eff2ca)

  • Update google.golang.org/grpc/examples digest to 6602080 (#62) (deps)(671840a)

  • Update go modules (#63) (deps)(729178d)

Container Images

  • ghcr.io/forkline/ingress-nginx/controller:v2026.5.18
  • ghcr.io/forkline/ingress-nginx/nginx:2026.5.18
  • ghcr.io/forkline/ingress-nginx/kube-webhook-certgen:2026.5.18

Helm Chart

  • appVersion: 2026.5.18

kubectl plugin

Binaries available on the GitHub Release page.

Full Changelog: https://github.com/forkline/ingress-nginx/compare/v2026.5.14...v2026.5.18

Breaking Changes

  • Removed obsolete CVE-2025-23419 patch from nginx image

Security Fixes

  • CVE-2025-23419
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track forkline/ingress-nginx

Get notified when new releases ship.

Sign up free

About forkline/ingress-nginx

All releases →

Related context

Beta — feedback welcome: [email protected]