This release includes breaking changes for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+12 more
Summary
AI summaryKubernetes manifests now satisfy runAsNonRoot by setting runAsUser to 65534 and reference the latest image tag.
Full changelog
Date: 2026-03-30
Base: v1.2.0
Improvements
Configurable log level
The log level can now be set via the MAINTENANT_LOG_LEVEL environment variable. Accepted values: debug, info, warn, error (case-insensitive). Defaults to info.
environment:
MAINTENANT_LOG_LEVEL: debug
Kubernetes — runAsNonRoot no longer rejects the pod
The manifests previously specified runAsNonRoot: true without a runAsUser, causing Kubernetes to reject the pod since the image has no USER instruction. The pod securityContext now sets runAsUser: 65534 (nobody), which satisfies the constraint. Fixes #17.
The USER directive has been removed from the Dockerfile — in Docker mode the container needs access to /var/run/docker.sock; non-root is enforced at the pod level in Kubernetes.
Kubernetes manifests — image tag and pull policy
The raw manifests referenced v0.1.0 (which was never published). They now point to latest with imagePullPolicy: Always.
Upgrading from v1.2.0
docker compose pull && docker compose up -d --force-recreate
No database migrations, no configuration changes required.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]