From fa054cd54345c1fe6668ef0f2dd11953a187b31b Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Thu, 16 Jan 2025 16:53:18 +0000 Subject: [PATCH] add release notes for v1.12.15, v1.15.5, v1.16.3 Signed-off-by: Ashley Davis --- content/docs/contributing/release-process.md | 2 +- .../release-notes/release-notes-1.12.md | 16 ++++++++++--- .../release-notes/release-notes-1.15.md | 14 +++++++++++ .../release-notes/release-notes-1.16.md | 24 +++++++++++++++++-- content/docs/variables.json | 2 +- content/v1.12-docs/variables.json | 2 +- content/v1.15-docs/variables.json | 2 +- 7 files changed, 53 insertions(+), 9 deletions(-) diff --git a/content/docs/contributing/release-process.md b/content/docs/contributing/release-process.md index 4f5f1d122f..87825f01bc 100644 --- a/content/docs/contributing/release-process.md +++ b/content/docs/contributing/release-process.md @@ -249,7 +249,7 @@ page if a step is missing or if it is outdated. ``` 4. (**final + patch release of the latest minor version**) Bump the latest - cert-manager version variable in the `variables.json` file. + cert-manager version variable in the `content/docs/variables.json` file. ```diff -"cert_manager_latest_version": "v1.14.2", diff --git a/content/docs/releases/release-notes/release-notes-1.12.md b/content/docs/releases/release-notes/release-notes-1.12.md index cfdd25f38e..f85fda0fc4 100644 --- a/content/docs/releases/release-notes/release-notes-1.12.md +++ b/content/docs/releases/release-notes/release-notes-1.12.md @@ -217,6 +217,16 @@ time and resources towards the continued maintenance of cert-manager projects. V cert-manager 1.12 as a long term support release, meaning it will be maintained for much longer than other releases to provide a stable platform for enterprises to build upon. +## `v1.12.15` + +cert-manager `v1.12.15` contains simple dependency bumps to address reported CVEs (`CVE-2024-45337` and `CVE-2024-45338`). + +We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners. + +### Bug Fixes + +- Bump `golang.org/x/net` and `golang.org/x/crypto` to address `CVE-2024-45337` and `CVE-2024-45338` ([#7497](https://github.com/cert-manager/cert-manager/pull/7497), [@wallrj](https://github.com/wallrj)) + ## `v1.12.14` This patch release makes [several changes](https://github.com/cert-manager/cert-manager/pull/7403) to how PEM input is validated in @@ -234,7 +244,7 @@ Further details are in the [security advisory](https://github.com/cert-manager/c This patch release also fixes [an issue](https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r) reported by Trivy, although that issue is low severity and is not expected to be relevant to cert-manager. -## Bug Fixes +### Bug Fixes - Set a maximum size for PEM inputs which cert-manager will accept to remove possibility of taking a long time to process an input ([#7403](https://github.com/cert-manager/cert-manager/pull/7403), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Fix `CVE-2024-5174` in `github.com/golang-jwt/jwt/v4` ([#7407](https://github.com/cert-manager/cert-manager/pull/7407), [@SgtCoDFish](https://github.com/SgtCoDFish)) @@ -259,7 +269,7 @@ This patch release fixes the following vulnerabilities: > Those newer minor versions of the Kubernetes modules pulled in new transitive dependencies, > and incremented the minimum Go version from `1.20` to `1.21`. -### Bugfixes +### Bug Fixes - Bump the `go-retryablehttp` dependency to fix `CVE-2024-6104` ([#7128](https://github.com/cert-manager/cert-manager/pull/7128), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Updated Helm dependency to resolve `CVE-2024-25620` and `CVE-2024-26147` and Docker dependency to resolve `CVE-2024-41110` ([#7214](https://github.com/cert-manager/cert-manager/pull/7214), [@ThatsMrTalbot](https://github.com/ThatsMrTalbot)) @@ -343,7 +353,7 @@ This patch release fixes the following vulnerabilities: ## `v1.12.12` -### Bugfixes +### Bug Fixes - BUGFIX: fix issue that caused Vault issuer to not retry signing when an error was encountered. ([#7113](https://github.com/cert-manager/cert-manager/pull/7113), [@cert-manager-bot](https://github.com/cert-manager-bot)) diff --git a/content/docs/releases/release-notes/release-notes-1.15.md b/content/docs/releases/release-notes/release-notes-1.15.md index 348e258758..436279a438 100644 --- a/content/docs/releases/release-notes/release-notes-1.15.md +++ b/content/docs/releases/release-notes/release-notes-1.15.md @@ -33,6 +33,20 @@ Thanks also to the CNCF, which provides resources and support, and to the AWS op In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects. +## `v1.15.5` + +cert-manager `v1.15.5` is a simple dependency bump update, addressing reported CVEs (`CVE-2024-45337` and `CVE-2024-45338`). + +We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners. + +### Bug Fixes + +- Bump `golang.org/x/net` and `golang.org/x/crypto` to address `CVE-2024-45337` and `CVE-2024-45338` ([#7496](https://github.com/cert-manager/cert-manager/pull/7496), [@wallrj](https://github.com/wallrj)) + +### Other + +- Bump to go 1.22.10 ([#7507](https://github.com/cert-manager/cert-manager/pull/7507), [@SgtCoDFish](https://github.com/SgtCoDFish)) + ## `v1.15.4` This patch release makes [several changes](https://github.com/cert-manager/cert-manager/pull/7402) to how PEM input is validated in diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md index fd435825fd..7c6f0061f7 100644 --- a/content/docs/releases/release-notes/release-notes-1.16.md +++ b/content/docs/releases/release-notes/release-notes-1.16.md @@ -195,6 +195,7 @@ Read [cert-manager issue 6753](https://github.com/cert-manager/cert-manager/issu ## Community Thanks to all our open-source contributors with commits in this release, including: + [`@Guitarkalle`](https://github.com/Guitarkalle), [`@Jasper-Ben`](https://github.com/Jasper-Ben), [`@aidy`](https://github.com/aidy), @@ -210,6 +211,7 @@ Thanks to all our open-source contributors with commits in this release, includi [`@sankalp-at-gh`](https://github.com/sankalp-at-gh). Thanks also to the following cert-manager maintainers for their contributions during this release: + [`@SgtCoDFish`](https://github.com/SgtCoDFish), [`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot), [`@inteon`](https://github.com/inteon), @@ -221,6 +223,24 @@ Thanks also to the CNCF, which provides resources and support, and to the AWS op In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects. +## `v1.16.3` + +cert-manager `v1.16.3` is a patch release mainly focused around bumping dependencies to address reported CVEs: `CVE-2024-45337` and `CVE-2024-45338`. + +We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners. + +It also includes a bug fix to the new `renewBeforePercentage` field. If you were using `renewBeforePercentage`, see [PR #7421](https://github.com/cert-manager/cert-manager/pull/7421) for more information. + +### Bug Fixes + +- Bump `golang.org/x/net` and `golang.org/x/crypto` to address `CVE-2024-45337` and `CVE-2024-45338` ([#7485](https://github.com/cert-manager/cert-manager/pull/7485), [@erikgb](https://github.com/erikgb)) +- Fix the behavior of `renewBeforePercentage` to comply with its spec ([#7441](https://github.com/cert-manager/cert-manager/pull/7441), [@cert-manager-bot](https://github.com/cert-manager-bot)) + +### Other + +- Bump go to 1.23.4 ([#7489](https://github.com/cert-manager/cert-manager/pull/7489), [@erikgb](https://github.com/erikgb)) +- Bump base images to latest available ([#7508](https://github.com/cert-manager/cert-manager/pull/7508), [@SgtCoDFish](https://github.com/SgtCoDFish)) + ## `v1.16.2` This patch release makes [several changes](https://github.com/cert-manager/cert-manager/pull/7401) to how PEM input is validated in @@ -241,7 +261,7 @@ In addition, the version of Go used to build cert-manager 1.16 was updated along - Set a maximum size for PEM inputs which cert-manager will accept to remove possibility of taking a long time to process an input ([#7401](https://github.com/cert-manager/cert-manager/pull/7401), @SgtCoDFish) -#### Other (Cleanup or Flake) +### Other (Cleanup or Flake) - Bump go to 1.23.3 and bump base images to latest available ([#7431](https://github.com/cert-manager/cert-manager/pull/7431), @SgtCoDFish) @@ -251,7 +271,7 @@ cert-manager `v1.16.1` contains some fixes to Helm value schema validation, as w Changes since `v1.16.0`. -### Bug or Regression +### Bug Fixes - BUGFIX: Helm schema validation: the new schema validation was too strict for the "global" section. Since the global section is shared across all charts and sub-charts, we must also allow unknown fields. ([#7348](https://github.com/cert-manager/cert-manager/pull/7348), [`@inteon`](https://github.com/inteon)) - BUGFIX: Helm will now accept percentages for the `podDisruptionBudget.minAvailable` and `podDisruptionBudget.maxAvailable` values. ([#7345](https://github.com/cert-manager/cert-manager/pull/7345), [`@inteon`](https://github.com/inteon)) diff --git a/content/docs/variables.json b/content/docs/variables.json index 5e393189db..d69254b73f 100644 --- a/content/docs/variables.json +++ b/content/docs/variables.json @@ -1,3 +1,3 @@ { - "cert_manager_latest_version": "v1.16.2" + "cert_manager_latest_version": "v1.16.3" } diff --git a/content/v1.12-docs/variables.json b/content/v1.12-docs/variables.json index f31f8998d8..3d337d1706 100644 --- a/content/v1.12-docs/variables.json +++ b/content/v1.12-docs/variables.json @@ -1,3 +1,3 @@ { - "cert_manager_latest_version": "v1.12.13" + "cert_manager_latest_version": "v1.12.15" } diff --git a/content/v1.15-docs/variables.json b/content/v1.15-docs/variables.json index d62331f269..5399d6ea94 100644 --- a/content/v1.15-docs/variables.json +++ b/content/v1.15-docs/variables.json @@ -1,3 +1,3 @@ { - "cert_manager_latest_version": "v1.15.3" + "cert_manager_latest_version": "v1.15.5" }