Skip to content

Release history

melange releases

build APKs from source code

Back to tool Latest release

All releases

47 shown

No immediate action
v0.52.0 New feature

include-functions option

Open
No immediate action
v0.51.0 Maintenance

Routine maintenance and dependency updates.

Open
No immediate action
v0.50.8 Mixed

Maven mirror + deps bump + Docker tag

Open
No immediate action
v0.50.7 Maintenance

Routine maintenance and dependency updates.

Open
v0.50.6 Security relevant
Security fixes
  • CI hardened against template injection and credential exposure
  • cfg.Package.Version validation added in linter to prevent path traversal
Notable features
  • Linter added to detect shipping of libtool linker files
Full changelog

What's Changed

  • fix(ci): harden against template injection and credential exposure by @stevebeattie in https://github.com/chainguard-dev/melange/pull/2514
  • linter: validate cfg.Package.Version against path traversal in saveLintResults by @antitree in https://github.com/chainguard-dev/melange/pull/2515
  • build(deps): bump github.com/chainguard-dev/yam from 0.2.57 to 0.2.58 in the gomod group across 1 directory by @dependabot[bot] in https://github.com/chainguard-dev/melange/pull/2516
  • Add linter to complain about shipping libtool linker files. by @smoser in https://github.com/chainguard-dev/melange/pull/2520

Full Changelog: https://github.com/chainguard-dev/melange/compare/v0.50.5...v0.50.6

View release on GitHub
v0.50.5 Maintenance

Minor fixes and improvements.

Full changelog

What's Changed

  • chore(workflows): add tcp.dl.google.com allowed endpoint by @stevebeattie in https://github.com/chainguard-dev/melange/pull/2509
  • build(deps): bump the gomod group with 3 updates by @dependabot[bot] in https://github.com/chainguard-dev/melange/pull/2510

Full Changelog: https://github.com/chainguard-dev/melange/compare/v0.50.4...v0.50.5

View release on GitHub
v0.50.4 Maintenance

Minor fixes and improvements.

Full changelog

What's Changed

  • Bump apko to v1.2.9 by @codysoyland in https://github.com/chainguard-dev/melange/pull/2506
  • build(deps): bump the gomod group across 1 directory with 4 updates by @dependabot[bot] in https://github.com/chainguard-dev/melange/pull/2507
  • build(deps): bump the actions group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/chainguard-dev/melange/pull/2505

Full Changelog: https://github.com/chainguard-dev/melange/compare/v0.50.3...v0.50.4

View release on GitHub
v0.50.3 Maintenance

Minor fixes and improvements.

Full changelog

What's Changed

  • Update apko to 1.2.7 to pick up bug fixes by @codysoyland in https://github.com/chainguard-dev/melange/pull/2499

New Contributors

  • @codysoyland made their first contribution in https://github.com/chainguard-dev/melange/pull/2499

Full Changelog: https://github.com/chainguard-dev/melange/compare/v0.50.2...v0.50.3

View release on GitHub
v0.50.2 Maintenance

Minor fixes and improvements.

Full changelog

What's Changed

  • build(deps): bump github.com/go-git/go-git/v5 from 5.17.2 to 5.18.0 by @dependabot[bot] in https://github.com/chainguard-dev/melange/pull/2490
  • build(deps): bump the actions group with 2 updates by @dependabot[bot] in https://github.com/chainguard-dev/melange/pull/2493
  • Bump apko to v1.2.6 by @markusthoemmes in https://github.com/chainguard-dev/melange/pull/2495

Full Changelog: https://github.com/chainguard-dev/melange/compare/v0.50.1...v0.50.2

View release on GitHub
v0.50.1 Bug fix

Minor fixes and improvements.

Full changelog

What's Changed

  • fix(qemu): fix CPU/Memory resource precedence by @egibs in https://github.com/chainguard-dev/melange/pull/2489

Full Changelog: https://github.com/chainguard-dev/melange/compare/v0.50.0...v0.50.1

View release on GitHub
v0.50.0 Mixed

Improves QEMU VM shutdown reliability with graceful timeouts and PID safety checks.

View release on GitHub
v0.46.1 Maintenance
Notable features
  • Add virtual env support for Python pipelines
  • Source fetch from melange
  • Add OCI update monitor config
View release on GitHub
v0.46.0 Maintenance
Notable features
  • clang support for package metadata ELF notes
  • qemu: allow selection of alternate source for microvm initramfs
  • sbom: Emit CPE when available
View release on GitHub
v0.45.4 Maintenance
Notable features
  • Support var substitutions for update monitors
  • always attach serial console for boot diagnostics
  • log VM resources before boot
View release on GitHub
v0.45.3 Bug fix

Prevents qemu hangs in nested environments and improves SSH reliability.

View release on GitHub
v0.45.0 New feature
Notable features
  • add commit_source and use_release fields to VersionDataSource
View release on GitHub
v0.43.6 Maintenance

## What's Changed * chore(dependabot): allow for minor gomod updates

View release on GitHub
v0.43.4 New feature
Notable features
  • Add shallow-submodules and submodule-jobs options for git-checkout
View release on GitHub
v0.42.0 New feature
Notable features
  • optimize QEMU microVM startup time and resource usage
View release on GitHub
v0.41.1 Maintenance

## What's Changed * sca: skip soname runtime deps for host provided libraries

View release on GitHub
v0.40.2 Maintenance

## What's Changed * chore: run make generate to update schema JSON and testdata

View release on GitHub
v0.40.0 New feature

Enhanced caching for Python, Maven, PHP Composer, and NPM with QEMU virtiofs support.

View release on GitHub
v0.38.0 New feature

Adds QEMU_ADDITIONAL_PACKAGES environment variable and updates dependencies.

View release on GitHub
v0.37.4 Maintenance

## What's Changed * Create LicenseRefs for any non-standard SPDX identifier.

View release on GitHub

Beta — feedback welcome: [email protected]