Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update helm release cert-manager to v1.13.6 #302

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update helm release cert-manager to v1.13.6 #302

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 22, 2023
edited
Loading

This PR contains the following updates:

Package Update Change
cert-manager (source) patch v1.13.1 -> v1.13.6

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

cert-manager/cert-manager (cert-manager)

v1.13.6

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.13.6 fixes a bug in the DigitalOcean DNS-01 provider which could cause incorrect DNS records to be deleted when using a domain with a CNAME. Special thanks to @​BobyMCbobs for reporting this issue and testing the fix!

It also patches CVE-2023-45288.

Known Issues

  • ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see 1.14 release notes for more information.

Changes

Bug or Regression

v1.13.5

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ Known Issues
  • ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see release docs for more info and mitigations
ℹ️ Documentation

Release notes
Upgrade notes
Installation instructions

🔧 Breaking changes

See Breaking changes in v1.13.0 release notes

📜 Changes since v1.13.4
Bug or Regression
  • Allow cert-manager.io/allow-direct-injection in annotations (#​6810, @​jetstack-bot)
  • BUGFIX: JKS and PKCS12 stores now contain the full set of CAs specified by an issuer (#​6814, @​inteon)
  • BUGFIX: fix race condition due to registering and using global runtime.Scheme variables (#​6832, @​inteon)
Other (Cleanup or Flake)

v1.13.4

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ Known Issues
  • ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see release docs for more info and mitigations
ℹ️ Documentation

Release notes
Upgrade notes
Installation instructions

🔧 Breaking changes

See Breaking changes in v1.13.0 release notes

📜 Changes since v1.13.3
Bug or Regression
  • BUGFIX: LiteralSubjects with a #= value can result in memory issues due to faulty BER parser (github.com/go-asn1-ber/asn1-ber). (#​6772, @​jetstack-bot)
Other (Cleanup or Flake)

v1.13.3

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ Read about the breaking changes in cert-manager 1.13 before you upgrade from a < v1.13 version!

This patch release contains fixes for the following security vulnerabilities in the cert-manager-controller:

  • GO-2023-2334: Decryption of malicious PBES2 JWE objects can consume unbounded system resources.

If you use ArtifactHub Security report or trivy, this patch will also silence the following warning about a vulnerability in code which is imported but not used by the cert-manager-controller:

  • CVE-2023-47108: DoS vulnerability in otelgrpc due to unbound cardinality metrics.

An ongoing security audit of cert-manager suggested some changes to the webhook code to mitigate DoS attacks, and these are included in this patch release.

Changes
Bug or Regression
  • The webhook server now returns HTTP error 413 (Content Too Large) for requests with body size >= 3MiB. This is to mitigate DoS attacks that attempt to crash the webhook process by sending large requests that exceed the available memory. (#​6507, @​inteon)
  • The webhook server now returns HTTP error 400 (Bad Request) if the request contains an empty body. (#​6507, @​inteon)
  • The webhook server now returns HTTP error 500 (Internal Server Error) rather than crashing, if the code panics while handling a request. (#​6507, @​inteon)
  • Mitigate potential "Slowloris" attacks by setting ReadHeaderTimeout in all http.Server instances. (#​6538, @​wallrj)
  • Upgrade Go modules: otel, docker, and jose to fix CVE alerts. See GHSA-8pgv-569h-w5rw, GHSA-jq35-85cj-fj4p, and GHSA-2c7c-3mj9-8fqh. (#​6514, @​inteon)
Dependencies
Added

Nothing has changed.

Changed
  • cloud.google.com/go/firestore: v1.11.0 → v1.12.0
  • cloud.google.com/go: v0.110.6 → v0.110.7
  • github.com/felixge/httpsnoop: v1.0.3 → v1.0.4
  • github.com/go-jose/go-jose/v3: v3.0.0 → v3.0.1
  • github.com/go-logr/logr: v1.2.4 → v1.3.0
  • github.com/golang/glog: v1.1.0 → v1.1.2
  • github.com/google/go-cmp: v0.5.9 → v0.6.0
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.45.0 → v0.46.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.44.0 → v0.46.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.19.0 → v1.20.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.19.0 → v1.20.0
  • go.opentelemetry.io/otel/metric: v1.19.0 → v1.20.0
  • go.opentelemetry.io/otel/sdk: v1.19.0 → v1.20.0
  • go.opentelemetry.io/otel/trace: v1.19.0 → v1.20.0
  • go.opentelemetry.io/otel: v1.19.0 → v1.20.0
  • go.uber.org/goleak: v1.2.1 → v1.3.0
  • golang.org/x/sys: v0.13.0 → v0.14.0
  • google.golang.org/genproto/googleapis/api: f966b18 → b8732ec
  • google.golang.org/genproto: f966b18 → b8732ec
  • google.golang.org/grpc: v1.58.3 → v1.59.0
Removed

Nothing has changed.

v1.13.2

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.13.2 fixes some CVE alerts and contains fixes for:

  1. a CertificateRequest runaway situation in case two Certificate resources point to the same Secret target resource
  2. a small bug in the Helm chart (feature gate options)
  3. a Venafi issuer bug
⚠️ READ https://github.com/cert-manager/cert-manager/releases/tag/v1.13.0 before you upgrade from a < v1.13 version!

Changes since v1.13.1

Bug or Regression
  • Bump golang.org/x/net v0.15.0 => v0.17.0 as part of addressing CVE-2023-44487 / CVE-2023-39325 (#​6432, @​SgtCoDFish)
  • BUGFIX[helm]: Fix issue where webhook feature gates were only set if controller feature gates are set. (#​6381, @​asapekia)
  • Fix runaway bug caused by multiple Certificate resources that point to the same Secret resource. (#​6425, @​inteon)
  • The Venafi issuer now properly resets the certificate and should no longer get stuck with WebSDK CertRequest Module Requested Certificate or This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry.. (#​6402, @​maelvls)
Other (Cleanup or Flake)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/cert-manager-1.13.x branch from 01b4545 to a4e0c7a Compare December 7, 2023 15:30
@WolfeCub WolfeCub force-pushed the master branch 12 times, most recently from 06d6ec2 to ec6acf0 Compare December 8, 2023 04:26
@renovate renovate bot changed the title chore(deps): update helm release cert-manager to v1.13.2 chore(deps): update helm release cert-manager to v1.13.3 Dec 11, 2023
@renovate renovate bot force-pushed the renovate/cert-manager-1.13.x branch from a4e0c7a to 3e4fc81 Compare December 11, 2023 15:24
@renovate renovate bot changed the title chore(deps): update helm release cert-manager to v1.13.3 chore(deps): update helm release cert-manager to v1.13.4 Feb 23, 2024
@renovate renovate bot force-pushed the renovate/cert-manager-1.13.x branch from 3e4fc81 to 325cc60 Compare February 23, 2024 12:40
@renovate renovate bot changed the title chore(deps): update helm release cert-manager to v1.13.4 chore(deps): update helm release cert-manager to v1.13.5 Mar 8, 2024
@renovate renovate bot force-pushed the renovate/cert-manager-1.13.x branch from 325cc60 to e56f3bc Compare March 8, 2024 13:12
@WolfeCub WolfeCub force-pushed the master branch 8 times, most recently from 8cfacb4 to d33251c Compare April 8, 2024 20:48
@renovate renovate bot force-pushed the renovate/cert-manager-1.13.x branch from e56f3bc to 30bcd5f Compare April 25, 2024 11:42
@renovate renovate bot changed the title chore(deps): update helm release cert-manager to v1.13.5 chore(deps): update helm release cert-manager to v1.13.6 Apr 25, 2024
@renovate renovate bot force-pushed the renovate/cert-manager-1.13.x branch from 30bcd5f to 6cf3849 Compare May 7, 2024 22:58
@WolfeCub WolfeCub force-pushed the master branch 16 times, most recently from cc24683 to 8c81a75 Compare May 22, 2024 20:10
@WolfeCub WolfeCub force-pushed the master branch 6 times, most recently from 21a8bf3 to 655b501 Compare May 28, 2024 19:58
@renovate renovate bot force-pushed the renovate/cert-manager-1.13.x branch from 6cf3849 to 18c1566 Compare August 1, 2024 17:52
@renovate renovate bot force-pushed the renovate/cert-manager-1.13.x branch from 18c1566 to d6ce75f Compare August 12, 2024 03:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dep/patch renovate/helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants