Update Helm release cert-manager to v1.19.1 (main)
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| cert-manager (source) | patch |
v1.19.0 -> v1.19.1
|
⚠️ WarningSome dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
cert-manager/cert-manager (cert-manager)
v1.19.1
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
We reverted the CRD-based API defaults for Certificate.Spec.IssuerRef and CertificateRequest.Spec.IssuerRef after they were found to cause unexpected certificate renewals after upgrading to 1.19.0. We will try re-introducing these API defaults in cert-manager 1.20.
We fixed a bug that caused certificates to be re-issued unexpectedly if the issuerRef kind or group was changed to one of the "runtime" default values.
We upgraded Go to 1.25.3 to address the following security vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, and CVE-2025-61725.
📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.
Changes since v1.19.0:
Bug or Regression
- BUGFIX: in case kind or group in the
issuerRefof a Certificate was omitted, upgrading to1.19.xincorrectly caused the certificate to be renewed (#8175, @cert-manager-bot) - Bump Go to 1.25.3 to fix a backwards incompatible change to the validation of DNS names in X.509 SAN fields which prevented the use of DNS names with a trailing dot (#8177, @wallrj-cyberark)
- Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8178, @cert-manager-bot)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot Sylva instance.
CI configuration couldn't be handle by MR description. A dedicated comment has been posted to control it.
If no checkbox is checked, a default pipeline will be enabled (capm3, or capo if capo label is set)