txn2/kubefwd

v1.24.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 5mo Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

api-rest developer-tools devops devops-tools devtools kubernetes

+8 more

kubefwd kubernetes-clusters kubernetes-namespace mcp-server networking port-forward port-forwarding proxy

Affected surfaces

auth deps

Summary

AI summary

Fixed missing Cosign signature bundle, prevented reconnection loops on pod deletion, and added PodRemoved LocalPort field.

Full changelog

Bug Fixes

fix: add Cosign signature bundle to releases (#327) - Fixes #325: The v1.24.0 release was missing the .pem certificate file needed for checksum verification. Migrated to Cosign v3 bundle format (.sigstore.json) which is the modern approach combining signature + certificate into a single file.
fix: prevent rapid reconnection loop during pod deletion (#326) - Prevents excessive reconnection attempts when pods are being deleted, using exponential backoff.
fix: PodRemoved events missing LocalPort field (#322) - Ensures TUI receives complete port information when pods are removed.

Build

Upgrade to Go 1.25 and k8s.io v0.35.0 (#324) - Updated to the latest Go version and Kubernetes client libraries.

Security & Supply Chain

Pin all GitHub Actions to SHA hashes for reproducible builds
Add SLSA provenance generation for release artifacts
Add CodeQL static analysis workflow
Pin Docker base images to SHA256 hashes
Add Dependabot for automated dependency updates

Dependencies

github.com/spf13/cobra 1.9.1 → 1.10.2
golang.org/x/sys 0.38.0 → 0.39.0
k8s.io/api 0.31.0 → 0.35.0
k8s.io/client-go → 0.35.0
Docker base images updated (Alpine, Ubuntu)

Tests

Added unit tests for TUI components, store, and event handling
Added EventCollector test helper for TUI event assertions
Fixed flaky tests and race conditions in test suite
Improved test isolation for PodRemoved event filtering

Documentation

Added verification instructions to README for Cosign-signed releases
Added CHANGELOG.md and mkdocs documentation site

Verifying This Release

# Download checksum file and signature bundle
curl -LO https://github.com/txn2/kubefwd/releases/download/v1.24.1/kubefwd_checksums.txt
curl -LO https://github.com/txn2/kubefwd/releases/download/v1.24.1/kubefwd_checksums.txt.sigstore.json

# Verify signature
cosign verify-blob \
  --bundle kubefwd_checksums.txt.sigstore.json \
  --certificate-identity-regexp="https://github.com/txn2/kubefwd/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  kubefwd_checksums.txt

Docker Image Verification

cosign verify txn2/kubefwd:v1.24.1 \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  --certificate-identity-regexp="https://github.com/txn2/kubefwd/.*"

Changelog

0f00bfe83013b3b299472f0d92106c0272084e02 Add CHANGELOG.md and mkdocs documentation site
b34cf128ff4780fc9865354d5b6b03919c48277d Add CODEOWNERS file to define ownership for repo paths and configurations
72298ac154710465baee9163f18322ae9d449b9c Add CodeQL workflow for static code analysis
e4dcfeb12f209803811419bf587e720447d2a5d7 Add Dependabot configuration for automated dependency updates
bca938768c46e32ed7cd21384c15c9c25c0a56d4 Add GitHub Action SHA validation to CI
9e55b349950e34fc22c270852aa320036649f8ac Add GitHub project improvements: CI workflow, templates, and badges
8b1024e10c0571e9303eb562471e34327df8737f Add TUI event emission tests for AddServicePod and StopAllPortForwards
8af53ee2434d02c1796c3a2129d0b223dca0e26d Add EventCollector for TUI testing with event assertions and test mode initialization
2327e0c1bc55809036550f9aa3e970444538dc48 Add comprehensive unit tests for store and RateHistory components
b0b7b2572751146f53f3140d53716a5b0e9b822d Add tests for EventCollector test helpers
79ac102f794b6415cb43051216c2c7fe85f58ea5 Add tests for kubefwd IP handling and stale entry cleanup
83f54a3be9e2f9a7b7d67a3efba7400735d56b6b Add unit tests for MockInterfaceManager functionality and manager behaviors
db0ed7998c70a5e07c9e997b248b682ad0aceb74 Add unit tests for AddServicePod behavior under normal and concurrent conditions
b9a70a18d8d12cb3a5c08846e1a8b4e675199751 Add unit tests for services package and adjust .gitignore
1c2fb2907ca74479ffca3f828d8eccefb847f0cd Add unit tests for tui package components and concurrency handling
d2c6b8deacfa43d367f6ddd7fdf35854bc7d2072 Add unit tests for hostname registration, reset, and matching functionality
cd061df972584412b79c2c410145922e5f24c30e Emit PodRemoved events for TUI updates during port forward lifecycle management and prevent duplicate forward registrations.
9d496cb75bdf30214cd40dba271bf391ee6b0a5d Enhance kubefwd examples: Add --tui flag to showcase interactive mode usage
6e8b90f61aee3e3c30b68efc9c0bcd2bdd8892f5 Filter PodRemoved events by valid pod names to improve test isolation
c4a05ed50c80208dc2c8f1269dfdaa90f10cc2fc Fix PodRemoved events missing LocalPort field
ce67e88a39da3440d2d6e15f14a1aaf91a27dd64 Fix flaky TUI event emission tests
7c490c3b62299624c8a4f58fb106fb5f93fbed58 Fix invalid codecov-action SHA
eddacd6b76c22e13e41d71be99fc7ecdc3f73fe6 Fix race conditions in fwdservice tests
7328e3673d540b636c65260ad45a860c702ac7a7 Fix remaining race condition in TestSyncPodForwards_RemovesStoppedPods
653e68be46518a13d42c9545438c1d946195285d Fix: Add token for Homebrew tap updates
20410e5106fd71ceef20ea61c4c222c2eca9086a Fix: Standardize "canceled" spelling in portforward tests
dbd039955bc6becabd895af04be90a9f60cd9e5c Pin Docker base images to SHA256 hashes
2ac7415a9223248694879502a1b1c77c3b71f891 Pin GitHub Actions to SHA hashes and add SLSA provenance
965c0f7c39f3e512f326903024ac3b352f941d47 Remove CodeQL workflow (conflicts with default setup)
044123b0bd6289a678d9bf2482507fc2b15be7c9 Test GetRegisteredHostnames immutability by discarding append result
5400ab9860ed66726f376e6e4aa73d2666cab8c7 Update .gitignore to exclude coverage reports (coverage.out)
fef0b3dff56b3b11f79902ffd37330187ab9d99c Update .gitignore to include NOTES_* files
f4c4f57db5a55d265d29f84b47555684c5fb93d9 build: upgrade to Go 1.25 and k8s.io v0.35.0
21db6d0412f4d0eeb8a6ad26c3b1c19e9a1ba763 ci: bump actions/upload-pages-artifact from 3.0.1 to 4.0.0
3d7b4f25ad251b1a9e5e9070db42ec0820b1ae15 ci: bump docker/login-action from 3.3.0 to 3.6.0
b4f7893cec8f34663f2d4ad52167564af0cab0de ci: bump docker/setup-qemu-action from 3.2.0 to 3.7.0
ebeceb116981b2609fd91f62f4a176c6d44b2554 ci: bump goreleaser/goreleaser-action from 6.1.0 to 6.4.0
af9f298077b276dbdafe2eb4904028f73089d463 ci: bump slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml
ebe0006a0e903bb09974fd243ba8112c77bbd033 deps: bump github.com/spf13/cobra from 1.9.1 to 1.10.2
baf055807e5d00548154266f306296f7ecca4185 deps: bump golang.org/x/sys from 0.38.0 to 0.39.0
58d787708a0922982d48d6c552d77c37155a6f85 deps: bump k8s.io/api from 0.31.0 to 0.35.0
2c76ac70001477139b4dad4bfefb707a2b410589 deps: bump k8s.io/client-go to v0.35.0 to match k8s.io/api
5d3613ae143bae599ebb8fe668c423137c3f32b1 docker: bump alpine from a8560b3 to 865b95f
162cf1bd47bd126ba1dffd816a7619fca52a0ed6 docker: bump ubuntu from b59d215 to c35e29c
41d34a22e29975dc23323ea7c364696269d092cd fix: add Cosign signature bundle to releases
92e385709e97b4ae4e7b8079ebaf66cb0814142a fix: downgrade k8s.io packages to v0.34.3 for Go 1.24 compatibility
d50079cd4078977a007903c95607b84bee14e758 fix: prevent rapid reconnection loop during pod deletion

Security Fixes

Add Cosign signature bundle (`.sigstore.json`) for release checksum verification

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track txn2/kubefwd

Get notified when new releases ship.

About txn2/kubefwd

Kubernetes bulk port forwarding with service discovery, /etc/hosts management, traffic monitoring, and pod log streaming

All releases →