This release keeps dependencies and maintenance posture current for teams operating this tool.
✓ No known CVEs patched in this version
Summary
AI summaryMinor fixes and improvements.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Low |
Adds variable substitution for licenses. Adds variable substitution for licenses. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Feature | Low |
Creates and uploads source tarballs of GitLab repositories in config. Creates and uploads source tarballs of GitLab repositories in config. Source: llm_adapter@2026-06-01 Confidence: low |
— |
| Dependency | Low |
Allows production.cloudfront.docker.com in harden-runner egress rules. Allows production.cloudfront.docker.com in harden-runner egress rules. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Refactor | Low |
Updates go/build pipeline implementation. Updates go/build pipeline implementation. Source: llm_adapter@2026-06-01 Confidence: high |
— |
Full changelog
What's Changed
- go/build/v2: updated go/build pipeline by @xnox in https://github.com/chainguard-dev/melange/pull/2538
- chore(config): also create and upload source tarballs of gitlab repositories by @sil2100 in https://github.com/chainguard-dev/melange/pull/2511
- feat: Add variable substitution for licenses by @EyeCantCU in https://github.com/chainguard-dev/melange/pull/2530
- ci: allow production.cloudfront.docker.com in harden-runner egress by @astrojerms in https://github.com/chainguard-dev/melange/pull/2552
Full Changelog: https://github.com/chainguard-dev/melange/compare/v0.50.8...v0.51.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Beta — feedback welcome: [email protected]