chore(deps): update helm release cert-manager to v1.18.1 #88
Loading…
x
Reference in New Issue
Block a user
No description provided.
Delete Branch "renovate/kubezero-cert-manager-kubezero-cert-manager-dependencies"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
v1.17.1
->v1.18.1
Release Notes
cert-manager/cert-manager (cert-manager)
v1.18.1
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
We have added a new feature gate
ACMEHTTP01IngressPathTypeExact
, to allowingress-nginx
users to turn off the new default IngressPathType: Exact
behavior, in ACME HTTP01 Ingress challenge solvers.This change fixes the following issue: #7791
We have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (
error waiting for authorization
), which has been reported by multiple users, since the release of cert-managerv1.16.0
.This change should fix the following issues: #7337, #7444, and #7685.
Changes since
v1.18.0
:Feature
ACMEHTTP01IngressPathTypeExact
, to allowingress-nginx
users to turn off the new default IngressPathType: Exact
behavior, in ACME HTTP01 Ingress challenge solvers. (#7810
, @sspreitzer)Bug or Regression
error waiting for authorization
. (#7801
, @hjoshi123)Other (Cleanup or Flake)
#7807
, @wallrj)v1.18.0
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager 1.18 introduces several new features and breaking changes. Highlights include support for ACME certificate profiles, a new default for
Certificate.Spec.PrivateKey.RotationPolicy
now set toAlways
(breaking change), and the defaultCertificate.Spec.RevisionHistoryLimit
now set to1
(potentially breaking).Known Issues
Changes since
v1.17.2
:Feature
app.kubernetes.io/managed-by: cert-manager
label to the created Let's Encrypt account keys (#7577, @terinjokes)certmanager_certificate_not_before_timestamp_seconds
,certmanager_certificate_not_after_timestamp_seconds
). (#7612, @solidDoWant)--extra-certificate-annotations
, which sets a list of annotation keys to be copied from Ingress-like to resulting Certificate object (#7083, @k0da)iss
short name for the cert-managerIssuer
resource. (#7373, @SgtCoDFish)ciss
short name for the cert-managerClusterIssuer
resource (#7373, @SgtCoDFish)global.rbac.disableHTTPChallengesRole
helm value to disable HTTP-01 ACME challenges. This allows cert-manager to drop its permission to create pods, improving security when HTTP-01 challenges are not required. (#7666, @ali-hamza-noor)FindZoneByFqdn
(#7596, @ThatsIvan)UseDomainQualifiedFinalizer
feature to GA. (#7735, @jsoref)Certificate.Spec.PrivateKey.RotationPolicy
changed fromNever
toAlways
. (#7723, @wallrj)Documentation
Bug or Regression
go-jose
dependency to addressCVE-2025-27144
. (#7606, @SgtCoDFish)golang.org/x/oauth2
to patchCVE-2025-22868
. (#7638, @NicholasBlaskey)golang.org/x/crypto
to patchGHSA-hcg3-q754-cr77
. (#7638, @NicholasBlaskey)github.com/golang-jwt/jwt
to patchGHSA-mh63-6h87-95cp
. (#7638, @NicholasBlaskey)ImplementationSpecific
toExact
for a reliable handling of ingress controllers and enhanced security. (#7767, @sspreitzer)--namespace=<namespace>
: limit the scope of cert-manager to a single namespace and disable cluster-scoped controllers. (#7678, @tsaarni)commonName
field; IP addresses are no longer added to the DNSsubjectAlternativeName
list and are instead added to theipAddresses
field as expected. (#7081, @johnjcool)certmanager_certificate_renewal_timestamp_seconds
metric help text indicating that the metric is relative to expiration time, rather than Unix epoch time. (#7609, @solidDoWant)Passthrough
mode. (#6986, @vehagn)golang.org/x/net
fixingCVE-2025-22870
. (#7619, @dependabot[bot])Other (Cleanup or Flake)
third_party/forked/acme
package with support for the ACME profiles extension. (#7776, @wallrj)AdditionalCertificateOutputFormats
feature to GA, making additional formats always enabled. (#7744, @erikgb)ValidateCAA
. Setting this feature gate is now a no-op which does nothing but print a warning log line (#7553, @SgtCoDFish)v1.24.4
(#7785, @wallrj)v1.17.3
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release addresses several vulnerabilities reported by the Trivy security scanner. It is built with the latest version of Go 1.23.
We have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (
error waiting for authorization
), which has been reported by multiple users, in: #7337, #7444, and #7685.Changes since
v1.17.2
:Bug or Regression
waiting for authorization
(#7798, @hjoshi123)Other (Cleanup or Flake)
v1.17.2
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release addresses several vulnerabilities reported by the Trivy security scanner. It is built with the latest version of Go 1.23 and includes various dependency updates.
Changes since
v1.17.1
Bug or Regression
v1.23.8
to fixCVE-2025-22871
(#7701,@wallrj
)go-jose
dependency to addressCVE-2025-27144
(#7603,@SgtCoDFish
)golang.org/x/net
to addressCVE-2025-22870
reported by Trivy (#7622,@SgtCoDFish
)golang.org/x/net
to fixCVE-2025-22872
(#7703,@wallrj
)golang.org/x/oauth2
to patchCVE-2025-22868
(#7692,@lentzi90
)golang.org/x/crypto
to patchGHSA-hcg3-q754-cr77
(#7692,@lentzi90
)github.com/golang-jwt/jwt
to patchGHSA-mh63-6h87-95cp
(#7692,@lentzi90
)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
d0e1691a6b
to9eb90a652c
chore(deps): update helm release cert-manager to v1.17.2to chore(deps): update helm release cert-manager to v1.18.09eb90a652c
toc9a1d1e0af
chore(deps): update helm release cert-manager to v1.18.0to chore(deps): update helm release cert-manager to v1.18.1Checkout
From your project repository, check out a new branch and test the changes.