Skip to content

Kubernetes Ecosystem

Releases from the Kubernetes ecosystem — orchestration, Helm charts, operators, and cluster tooling.

Subscribe
All Breaking Security Features
Important Recent
← Releases
Upgrade now
authentik version/2026.5.2 Security relevant
Auth Breaking upgrade

Security patches + bugfixes

Open
version/2026.2.4 (6d) Security fixes + core updates
Upgrade now
Concourse v8.2.3 Security relevant
Auth

Open‑redirect CVE fix

Open
Upgrade now
authelia v4.39.20 Security relevant
Auth RBAC

Security fixes + contributors + Docker update

Open
Upgrade now
bunkerweb v1.6.11 Security relevant
RCE / SSRF Breaking upgrade

nginx security fix

Open
Upgrade now
Concourse v8.2.2 Security relevant
Breaking upgrade Dependencies

CVE fix + bug fixes

Open
Review required
flux2 v2.8.8 Security relevant
Dependencies

CVE fixes, controller reliability, Helm update

Open
Review required
zot v2.1.17 Security relevant
Auth RBAC

OIDC logout + CEL access control

patches CVE-2026-33634
Open
Upgrade now
caprover v1.14.2 Security relevant
RCE / SSRF

nginx vulnerability hotfix

Open
No immediate action
yugabyte-db v2025.2.3.0 Security

Routine maintenance and dependency updates.

patches CVE-2025-31125
Open
Config change
mcp-context-forge v1.0.1 Security relevant
Auth Breaking upgrade

Production secret enforcement

patches CVE-2023-4863
Open
Review required
arcane v1.19.1 Security relevant
Auth Breaking upgrade

Non‑HMAC JWT denial

Open
Upgrade now
authentik version/2025.12.5 Security relevant
Auth Breaking upgrade

Security patches

Open
Upgrade now
woodpecker v3.14.1 Security relevant
Auth

agent_id spoof prevention

Open
traefik v3.7.1 Security relevant
Security fixes
  • CVE-2026-44774 — fixed (GHSA-96qj-4jj5-wcjc)
v3.6.17 (23d) CVE-2026-44774 fix
v2.11.46 (23d) CVE-2026-44774 fix
VictoriaMetrics v1.136.9 Security relevant
Security fixes
  • Upgrade Go builder to version 1.26.3, addressing security issues listed in the Go 1.26.3 changelog.
v1.143.0 (23d) Go builder upgrade
apko v1.2.12 Security relevant
Security fixes
  • Harden against template injection and credential exposure in CI pipelines
dokku v0.38.2 Security relevant
Security fixes
  • #8590: Restrict app names to prevent command injection
  • #8591: Harden archive extraction against symlink traversal
  • #8589: Enforce 0600 permissions on .netrc credentials file
CloudStack 4.22.0.1 Security relevant patches CVE-2017-12615 patches CVE-2017-12617 patches CVE-2020-1938 +6 more
Security fixes
  • CVE-2025-66170 — Low severity: any user can list backups they should not access.
  • CVE-2025-66171 — Important severity: any user can create a VM from unauthorized backups.
  • CVE-2025-66172 — Important severity: any user can attach volumes from unauthorized backups.
kubetail cli/v0.17.0 Security relevant
⚠ Upgrade required
  • Remove invalid --upload flag from cosign sign in release workflow
Security fixes
  • Prevent client‑supplied X-Forwarded-Authorization from shadowing service‑account-token
  • Harden CSRF token handling
  • Stop trusting X-Forwarded-* headers in same-origin check
Notable features
  • Support forwarded host in same-origin check
  • Relax hex requirement for session key-pairs
  • Trigger publish workflows only on stable releases
kite v0.11.0 Security relevant
Security fixes
  • Fixed security vulnerability in API key authentication affecting versions v0.7.0 through v0.10.0
Notable features
  • New resource overview dashboard
  • User‑controlled display scale setting
OpenSandbox docker/egress/v1.0.10 Security relevant
Security fixes
  • Bump OpenTelemetry Go dependencies to v1.43.0 to resolve Dependabot security alerts
  • Address CodeQL static analysis findings: integer conversion safety, clear-text logging fixes, and hardening
Notable features
  • Log rotation via lumberjack with configurable retention (100 MB default max size, 30-day retention, 10 backups)
  • Fixes mitmproxy OOM by streaming large responses to disk, adds automatic mitmdump restart on unexpected exit
warpgate v0.23.3 Security relevant
Security fixes
  • GHSA-rj86-hm3r-c275: SSO state parameter validation prevents session hijacking through shared return links
VictoriaMetrics v1.122.21 Security relevant
Security fixes
  • Go builder upgraded from 1.25.9 to 1.26.2
  • Alpine base image upgraded from 3.23.3 to 3.23.4

Beta — feedback welcome: [email protected]