[!WARNING]
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
cert-manager/cert-manager (cert-manager)
### [`v1.16.2`](https://redirect.github.com/cert-manager/cert-manager/compare/v1.16.1...v1.16.2)
[Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.16.1...v1.16.2)
### [`v1.16.1`](https://redirect.github.com/cert-manager/cert-manager/releases/tag/v1.16.1)
[Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.16.0...v1.16.1)
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
The cert-manager 1.16 release includes: new Helm chart features, more Prometheus metrics, memory optimizations, and various improvements and bug fixes for the ACME issuer and Venafi Issuer.
📖 Read the [complete 1.16 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.16) before upgrading.
#### 📜Changes since `v1.16.0`
##### Bug or Regression
- BUGFIX: Helm schema validation: the new schema validation was too strict for the "global" section. Since the global section is shared across all charts and sub-charts, we must also allow unknown fields. ([#7348](https://redirect.github.com/cert-manager/cert-manager/pull/7348), [`@inteon`](https://redirect.github.com/inteon))
- BUGFIX: Helm will now accept percentages for the `podDisruptionBudget.minAvailable` and `podDisruptionBudget.maxAvailable` values. ([#7345](https://redirect.github.com/cert-manager/cert-manager/pull/7345), [`@inteon`](https://redirect.github.com/inteon))
- Helm: allow `enabled` to be set as a value to toggle cert-manager as a dependency. ([#7356](https://redirect.github.com/cert-manager/cert-manager/pull/7356), [`@inteon`](https://redirect.github.com/inteon))
- BUGFIX: A change in `v1.16.0` caused cert-manager's ACME ClusterIssuer to look in the wrong namespace for resources required for the issuance (e.g. credential Secrets). This is now fixed in `v1.16.1`. ([#7342](https://redirect.github.com/cert-manager/cert-manager/pull/7342), [`@inteon`](https://redirect.github.com/inteon))
### [`v1.16.0`](https://redirect.github.com/cert-manager/cert-manager/compare/v1.15.3...v1.16.0)
[Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.15.4...v1.16.0)
### [`v1.15.4`](https://redirect.github.com/cert-manager/cert-manager/releases/tag/v1.15.4)
[Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.15.3...v1.15.4)
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release of cert-manager 1.15 makes [several changes](https://redirect.github.com/cert-manager/cert-manager/pull/7403) to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed.
This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project.
The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods.
In addition, since most PEM data parsed by cert-manager comes from `ConfigMap` or `Secret` resources which have
a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data.
Further information will be published in a security advisory when all supported cert-manager releases have been patched.
In addition, the version of Go used to build cert-manager 1.15 was updated along with the base images, and a Route53 bug fix was backported.
#### Changes by Kind
##### Bug or Regression
- Bugfix: Prevent aggressive Route53 retries caused by STS authentication failures by removing the Amazon Request ID from STS errors. ([#7261](https://redirect.github.com/cert-manager/cert-manager/pull/7261), [@cert-manager-bot](https://redirect.github.com/cert-manager-bot))
- Set a maximum size for PEM inputs which cert-manager will accept to remove possibility of taking a long time to process an input ([#7402](https://redirect.github.com/cert-manager/cert-manager/pull/7402), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish))
##### Other (Cleanup or Flake)
- Bump go to 1.22.9 ([#7424](https://redirect.github.com/cert-manager/cert-manager/pull/7424), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish))
- Upgrade Go to 1.22.8, the latest available patch release ([#7406](https://redirect.github.com/cert-manager/cert-manager/pull/7406), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish))
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
1.15.3->v1.16.2Release Notes
cert-manager/cert-manager (cert-manager)
### [`v1.16.2`](https://redirect.github.com/cert-manager/cert-manager/compare/v1.16.1...v1.16.2) [Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.16.1...v1.16.2) ### [`v1.16.1`](https://redirect.github.com/cert-manager/cert-manager/releases/tag/v1.16.1) [Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.16.0...v1.16.1) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. The cert-manager 1.16 release includes: new Helm chart features, more Prometheus metrics, memory optimizations, and various improvements and bug fixes for the ACME issuer and Venafi Issuer. 📖 Read the [complete 1.16 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.16) before upgrading. #### 📜Changes since `v1.16.0` ##### Bug or Regression - BUGFIX: Helm schema validation: the new schema validation was too strict for the "global" section. Since the global section is shared across all charts and sub-charts, we must also allow unknown fields. ([#7348](https://redirect.github.com/cert-manager/cert-manager/pull/7348), [`@inteon`](https://redirect.github.com/inteon)) - BUGFIX: Helm will now accept percentages for the `podDisruptionBudget.minAvailable` and `podDisruptionBudget.maxAvailable` values. ([#7345](https://redirect.github.com/cert-manager/cert-manager/pull/7345), [`@inteon`](https://redirect.github.com/inteon)) - Helm: allow `enabled` to be set as a value to toggle cert-manager as a dependency. ([#7356](https://redirect.github.com/cert-manager/cert-manager/pull/7356), [`@inteon`](https://redirect.github.com/inteon)) - BUGFIX: A change in `v1.16.0` caused cert-manager's ACME ClusterIssuer to look in the wrong namespace for resources required for the issuance (e.g. credential Secrets). This is now fixed in `v1.16.1`. ([#7342](https://redirect.github.com/cert-manager/cert-manager/pull/7342), [`@inteon`](https://redirect.github.com/inteon)) ### [`v1.16.0`](https://redirect.github.com/cert-manager/cert-manager/compare/v1.15.3...v1.16.0) [Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.15.4...v1.16.0) ### [`v1.15.4`](https://redirect.github.com/cert-manager/cert-manager/releases/tag/v1.15.4) [Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.15.3...v1.15.4) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This patch release of cert-manager 1.15 makes [several changes](https://redirect.github.com/cert-manager/cert-manager/pull/7403) to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed. This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project. The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods. In addition, since most PEM data parsed by cert-manager comes from `ConfigMap` or `Secret` resources which have a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data. Further information will be published in a security advisory when all supported cert-manager releases have been patched. In addition, the version of Go used to build cert-manager 1.15 was updated along with the base images, and a Route53 bug fix was backported. #### Changes by Kind ##### Bug or Regression - Bugfix: Prevent aggressive Route53 retries caused by STS authentication failures by removing the Amazon Request ID from STS errors. ([#7261](https://redirect.github.com/cert-manager/cert-manager/pull/7261), [@cert-manager-bot](https://redirect.github.com/cert-manager-bot)) - Set a maximum size for PEM inputs which cert-manager will accept to remove possibility of taking a long time to process an input ([#7402](https://redirect.github.com/cert-manager/cert-manager/pull/7402), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump go to 1.22.9 ([#7424](https://redirect.github.com/cert-manager/cert-manager/pull/7424), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish)) - Upgrade Go to 1.22.8, the latest available patch release ([#7406](https://redirect.github.com/cert-manager/cert-manager/pull/7406), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish))Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.