Update Helm release cert-manager to v1.19.3 (main)
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| cert-manager (source) | patch |
v1.19.2 -> v1.19.3
|
⚠️ WarningSome dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
cert-manager/cert-manager (cert-manager)
v1.19.3
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This release is contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release.
Changes by Kind
Bug or Regression
- Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (#8415, @cert-manager-bot)
- Fixed an issue where HTTP-01 challenges failed when the Host header containing an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (#8436, @cert-manager-bot)
- Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (#8468, @SgtCoDFish)
Other (Cleanup or Flake)
- Bump go to 1.25.6 (#8459, @SgtCoDFish)
Configuration
- If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot Sylva instance.
CI configuration couldn't be handle by MR description. A dedicated comment has been posted to control it.
If no checkbox is checked, a default pipeline will be enabled (capm3, or capo if capo label is set)