Platform Engineering

Upgrade now

doco-cd v0.90.1 Security relevant · 13h

Auth RBAC

OCI security fix

Open

Upgrade now

coder v2.32.5 Security relevant · 4d

Dependencies

CVE patches for crypto & net

Open

Upgrade now

Concourse v8.2.3 Security relevant · 7d

Auth

Open‑redirect CVE fix

Open

Review required

flux2 v2.8.8 Security relevant · 14d

Dependencies

CVE fixes, controller reliability, Helm update

Open

Review required

zot v2.1.17 Security relevant · 16d

Auth RBAC

OIDC logout + CEL access control

patches CVE-2026-33634

Open

Upgrade now

liquibase v5.0.3 Security relevant · 19d

Auth

generate-changelog sanitization fix

Open

Upgrade now

coder v2.30.8 Security relevant · 21d

Dependencies RCE / SSRF

CVE security fixes + Azure hardening

patches GHSA-686c-7vgv-v3fx patches GHSA-6x44-w3xg-hqqf

Open

Upgrade now

woodpecker v3.14.1 Security relevant · 22d

Auth

agent_id spoof prevention

Open

Splunk Security Content v5.27.0 Security relevant · 28d

⚠ Upgrade required

• Final release for ESCU v5.x; starting with ESCU v6.0, content will be validated, packaged, and published using new internal tooling instead of contentctl.

Security fixes

• CVE-2026-31431 – Linux Auditd Copy Fail Privilege Escalation detection added to identify unprivileged users writing controlled data to page cache and escalating to root.

Notable features

• Cisco Secure Access Analytics analytic story using firewall telemetry
• Expanded Windows threat detection analytics covering PowerShell abuse, process injection, privilege escalation, cloud/Azure activity, RMM tools, and C2 frameworks

kestra v1.3.14 Security relevant · 1mo

Security fixes

• Patched vulnerable frontend dependencies (#15661)

pocket-id v2.6.0 Security relevant · 1mo

Security fixes

• Fixed access token renewal bypassing important checks
• Blocked callback URLs with javascript: and data: protocols

Notable features

• Admins can now revoke user passkeys
• Added auth method claim (amr) to OIDC tokens
• Added TLS support for HTTP/2 server

kurtosis 1.18.0 Security relevant · 1mo

Security fixes

• CVE-2026-33186 — grpc-go authz bypass patch in CLI and enclave-manager

Notable features

• shm size ulimits adjustments for GPU environments

semaphore v2.17.36 Security relevant · 1mo

Security fixes

• LDAP filter injection vulnerability

Upgrade now

Daghis/teamcity-mcp teamcity-mcp-v2.6.2 Security relevant · 1mo

Dependencies

Dependabot security alerts

Open

Websoft9 2.2.16 Security relevant · 1mo

Security fixes

• CVE-2026-33186 — security vulnerability fixed in upgrade
• CVE-2026-1229 — security vulnerability fixed in upgrades
• CVE-2026-33747 — security vulnerability fixed in deployment upgrade

Notable features

• Upgrade Moodle to version 5.1.3
• Upgrade apphub to 0.2.7 and fix FastAPI compatibility issue
• Upgrade deployment to 2.40.0

helm v3.20.2 Security relevant · 1mo

Security fixes

• GHSA-hr2v-4r36-88hr: Chart extraction path traversal via dot-segment in Chart.yaml

coder v2.31.9 Security relevant · 1mo

Security fixes

• dep: High and critical security vulnerabilities in dependencies

Notable features

• Performance optimization: cap count queries and use native UUID operations for audit and connection logs

Sealed Secrets v0.36.2 Security relevant · 1mo

⚠ Upgrade required

• Release notes reference RELEASE-NOTES.md for important upgrade information from previous releases

Security fixes

• Bumped golang.org/x/crypto from 0.48.0 to 0.49.0 (cryptographic library update with potential security implications)

helm v4.1.4 Security relevant · 1mo

Security fixes

• GHSA-hr2v-4r36-88hr: Chart extraction path traversal
• GHSA-q5jf-9vfq-h4h7: Plugin verification fails open when .prov missing
• GHSA-vmx8-mqv2-9gmg: Plugin metadata path traversal

kestra v1.0.35 Security relevant · 2mo

Security fixes

• Fixed SQL injection vulnerabilities in label search

dagu v2.3.9 Security relevant · 2mo

Security fixes

• Dependency vulnerabilities fixed

ArgoCD v3.2.8 Security relevant · 2mo

Security fixes

• CVE-2026-33186 grpc-go mitigation