From 9d525bda580ba3ef9724771432b4d2390e7b2953 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Fri, 14 Feb 2025 14:46:44 +0000 Subject: [PATCH] add release notes for new versions Signed-off-by: Ashley Davis --- .spelling | 2 ++ .../release-notes/release-notes-1.12.md | 25 +++++++++++++++++-- .../release-notes/release-notes-1.16.md | 10 ++++++++ .../release-notes/release-notes-1.17.md | 10 ++++++++ 4 files changed, 45 insertions(+), 2 deletions(-) diff --git a/.spelling b/.spelling index fa2387aa34..7d43cefcdd 100644 --- a/.spelling +++ b/.spelling @@ -27,6 +27,8 @@ lauraseidler ABWassim ThatsMrTalbot Pionerd +tareksha +LukeCarrier SHA-256 SHA-384 SHA-512 diff --git a/content/docs/releases/release-notes/release-notes-1.12.md b/content/docs/releases/release-notes/release-notes-1.12.md index f85fda0fc4..1950cc3b2c 100644 --- a/content/docs/releases/release-notes/release-notes-1.12.md +++ b/content/docs/releases/release-notes/release-notes-1.12.md @@ -42,8 +42,7 @@ helm upgrade --install cert-manager jetstack/cert-manager --namespace cert-manag ### Lower memory footprint -In 1.12 we continued the work started in 1.11 to reduce cert-manager component's -memory consumption. +In 1.12 we continued the work started in 1.11 to reduce cert-manager's memory consumption. #### Controller @@ -217,6 +216,28 @@ time and resources towards the continued maintenance of cert-manager projects. V cert-manager 1.12 as a long term support release, meaning it will be maintained for much longer than other releases to provide a stable platform for enterprises to build upon. +## `v1.12.16` + +This patch release is primarily intended to address a [breaking change](https://github.com/cert-manager/cert-manager/issues/7540) in Cloudflare's API which impacted ACME DNS-01 challenges using Cloudflare. + +It also bumps Go from `1.21.x` to `1.23.x` to address a range of reported CVEs. This in turn requires bumping the `controller-gen` tool which changes the format of descriptions in generated CRD YAML. The following CVEs are fixed: + +- `CVE-2024-34156` +- `CVE-2024-34155` +- `CVE-2024-34158` +- `CVE-2024-45336` +- `CVE-2024-45341` +- `CVE-2025-22866` + +We don't expect that bumping Go will produce many noticeable changes, but there are some `GODEBUG` changes that could be applicable - specifically `x509negativeserial` may be of interest to users dealing with legacy certificates. + +There's more information [on `go.dev`](https://go.dev/doc/godebug#go-123) which may help if you suspect any changes in this version bump may have caused issues in your environment. + +### Bug Fixes + +- Bump go to 1.23.6 which also requires bumping controller-gen to address a panic in that tool. That change in turn changes the formatting (but not the content) of CRD YAML for release-1.12 ([#7570](https://github.com/cert-manager/cert-manager/pull/7570), [@SgtCoDFish](https://github.com/SgtCoDFish)) +- Fix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API ([#7568](https://github.com/cert-manager/cert-manager/pull/7568), [@SgtCoDFish](https://github.com/SgtCoDFish) + [@LukeCarrier](https://github.com/LukeCarrier)) + ## `v1.12.15` cert-manager `v1.12.15` contains simple dependency bumps to address reported CVEs (`CVE-2024-45337` and `CVE-2024-45338`). diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md index 7c6f0061f7..2097ff90f4 100644 --- a/content/docs/releases/release-notes/release-notes-1.16.md +++ b/content/docs/releases/release-notes/release-notes-1.16.md @@ -223,6 +223,16 @@ Thanks also to the CNCF, which provides resources and support, and to the AWS op In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects. +## `v1.16.4` + +This patch release is primarily intended to address a [breaking change](https://github.com/cert-manager/cert-manager/issues/7540) in Cloudflare's API which impacted ACME DNS-01 challenges using Cloudflare. + +### Bug or Regression + +- Fix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API ([#7566](https://github.com/cert-manager/cert-manager/pull/7566), [@LukeCarrier](https://github.com/LukeCarrier)) +- Bump go to 1.23.6 to address [`CVE-2025-22866`](https://github.com/advisories/GHSA-3whm-j4xm-rv8x) reported by Trivy ([#7562](https://github.com/cert-manager/cert-manager/pull/7562), [@SgtCoDFish](https://github.com/SgtCoDFish)) +- Update go to 1.23.5 ([#7533](https://github.com/cert-manager/cert-manager/pull/7533), [@tareksha](https://github.com/tareksha)) + ## `v1.16.3` cert-manager `v1.16.3` is a patch release mainly focused around bumping dependencies to address reported CVEs: `CVE-2024-45337` and `CVE-2024-45338`. diff --git a/content/docs/releases/release-notes/release-notes-1.17.md b/content/docs/releases/release-notes/release-notes-1.17.md index da3b3eef08..781c65bd7a 100644 --- a/content/docs/releases/release-notes/release-notes-1.17.md +++ b/content/docs/releases/release-notes/release-notes-1.17.md @@ -108,6 +108,16 @@ And finally, thanks to the cert-manager steering committee for their feedback in - [@ianarsenault](https://github.com/ianarsenault) - [@TrilokGeer](https://github.com/TrilokGeer) +## `v1.17.1` + +This patch release is primarily intended to address a [breaking change](https://github.com/cert-manager/cert-manager/issues/7540) in Cloudflare's API which impacted ACME DNS-01 challenges using Cloudflare. + +### Bug or Regression + +- Fix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API ([#7565](https://github.com/cert-manager/cert-manager/pull/7565), [@LukeCarrier](https://github.com/LukeCarrier)) +- Bump go to 1.23.6 to address [`CVE-2025-22866`](https://github.com/advisories/GHSA-3whm-j4xm-rv8x) reported by Trivy ([#7563](https://github.com/cert-manager/cert-manager/pull/7563), [@SgtCoDFish](https://github.com/sgtcodfish)) + + ## `v1.17.0` ### Feature