dev-sec/ansible-collection-hardening (devsec.hardening)
### [`v10.0.0`](https://redirect.github.com/dev-sec/ansible-collection-hardening/releases/tag/10.0.0)
[Compare Source](https://redirect.github.com/dev-sec/ansible-collection-hardening/compare/9.0.1...10.0.0)
### Changelog
#### [10.0.0](https://redirect.github.com/dev-sec/ansible-collection-hardening/tree/10.0.0) (2024-08-06)
[Full Changelog](https://redirect.github.com/dev-sec/ansible-collection-hardening/compare/9.0.1...10.0.0)
**Implemented enhancements:**
- option to disable regeneration of ssh private key [#772](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/772)
- Ubuntu 24.04 support [#764](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/764)
- Support systemd socket activation for sshd [#763](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/763) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)]
- Release 9.0.2 [#758](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/758)
- Make Publickey authentication configurable [#750](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/750)
- Ansible Linting [#747](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/747)
- Make value of kernel.unprivileged_userns_clone depending on kernel version [#727](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/727)
- Ensure that ssh is installed (cf [#771](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/771)) [#774](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/774) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([Byh0ki](https://redirect.github.com/Byh0ki))
- ssh: explicitly enable or disable the service at boot [#771](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/771) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([Byh0ki](https://redirect.github.com/Byh0ki))
- disable systemd socket activation [#769](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/769) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro))
- Add ssh_pubkey_authentication variable to ssh hardening [#749](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/749) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([debbabi](https://redirect.github.com/debbabi))
**Fixed bugs:**
- ssh hardening role fails when `ssh_permit_root_login` var is set on ubuntu 24.04 [#768](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/768)
- os_hardening fails when setting vm.mmap_rnd_bits [#757](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/757)
- `ssh_gateway_ports` is documented to accept 'clientspecified' string, but only accepts bools [#755](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/755)
- Error: Missing privilege separation directory: /run/sshd [#752](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/752)
- harden permissions for directory mount /var/log fails for minimized Ubuntu 22.04 [#741](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/741)
- Update Debian compatibility [#784](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/784) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([schurzi](https://redirect.github.com/schurzi))
- do not force type of ssh_gateway_ports [#765](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/765) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro))
**Merged pull requests:**
- Update to current Fedora releases [#783](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/783) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://redirect.github.com/schurzi))
- Remove deprecated rebuild of initrd [#782](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/782) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([schurzi](https://redirect.github.com/schurzi))
- chore(deps): update patrickjahns/version-drafter-action digest to [`2076fa4`](https://redirect.github.com/dev-sec/ansible-collection-hardening/commit/2076fa4) [#781](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/781) ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
- chore(deps): update ansible/ansible-lint digest to [`95382d3`](https://redirect.github.com/dev-sec/ansible-collection-hardening/commit/95382d3) [#779](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/779) ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
- chore(deps): update actions/setup-python digest to [`39cd149`](https://redirect.github.com/dev-sec/ansible-collection-hardening/commit/39cd149) [#778](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/778) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
- remove tests for FreeBSD12 since it's out of support [#777](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/777) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://redirect.github.com/schurzi))
- chore(deps): pin dependencies [#776](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/776) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
- Use best-practice preset for renovate [#775](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/775) ([schurzi](https://redirect.github.com/schurzi))
- Deprecate Centos Stream 8 [#770](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/770) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro))
- centos7 is eol, remove it [#767](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/767) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro))
- fix spelling [#766](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/766) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro))
- ci: define permissions for enforce-labels workflow [#760](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/760) ([fgreinacher](https://redirect.github.com/fgreinacher))
- Update dependency ansible-core to v2.16.5 [#754](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/754) ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
- Update dependency ansible-core to v2.16.4 [#751](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/751) ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
- Update ansible/ansible-lint action to v24 [#745](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/745) ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
- Always update Vagrant Boxes before using [#744](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/744) ([schurzi](https://redirect.github.com/schurzi))
- Remove Docker containers on self-hosted runner after tests [#743](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/743) ([schurzi](https://redirect.github.com/schurzi))
- Update dependency ansible-core to v2.16.3 [#742](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/742) ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
### [`v9.0.1`](https://redirect.github.com/dev-sec/ansible-collection-hardening/blob/HEAD/CHANGELOG.md#901-2024-01-15)
[Compare Source](https://redirect.github.com/dev-sec/ansible-collection-hardening/compare/9.0.0...9.0.1)
[Full Changelog](https://redirect.github.com/dev-sec/ansible-collection-hardening/compare/9.0.0...9.0.1)
**Implemented enhancements:**
- Extend ansible-lint testing to cover our test cases [#731](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/731)
- Complete tests for OS hardening [#660](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/660)
- support restarts of audit service on Arch linux [#722](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/722) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([schurzi](https://redirect.github.com/schurzi))
**Fixed bugs:**
- Fails to install [#735](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/735)
- Amazon Linux gpg check fails [#734](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/734)
- ssh_hardening ipv6 [#719](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/719)
- boolean variable inconsistency? [#330](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/330)
- Restore idempotency for disabling unused filesystems with Ansible 2.16.0 [#718](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/718) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([akikanellis](https://redirect.github.com/akikanellis))
**Closed issues:**
- 9.0.0 version number in galaxy.yml file is wrong [#740](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/740)
**Merged pull requests:**
- restructure readme to move known limitations up top [#739](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/739) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro))
- release only on releases, not pre-releases [#738](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/738) ([rndmh3ro](https://redirect.github.com/rndmh3ro))
- Update dependency ansible-core to v2.16.2 [#737](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/737) ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
- fix linting for github config [#736](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/736) ([rndmh3ro](https://redirect.github.com/rndmh3ro))
- Update actions/setup-python action to v5 [#733](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/733) ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
- Update ansible-lint action and revise configuration to scan all Ansible code [#732](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/732) ([schurzi](https://redirect.github.com/schurzi))
- update labeler to new config format [#730](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/730) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://redirect.github.com/schurzi))
- Update dependency ansible-core to v2.16.1 [#728](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/728) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([renovate\[bot\]](https://redirect.github.com/apps/renovate))
- pin Ansible to always let Renovate update to the most current version in our tests [#721](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/721) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([schurzi](https://redirect.github.com/schurzi))
traefik/traefik-helm-chart (traefik)
### [`v32.0.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v32.0.0)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v31.1.1...v32.0.0)
β BREAKING CHANGES
- Traefik Hub. See [release notes](https://doc.traefik.io/traefik-hub/introduction/release-notes#september-2024) for more details.
- CRD has to be updated before upgrading the Chart
- There is a breaking change on how Redis is configured
##### Fixes
- Replace `CLF` with `common` in `values.yaml` by [@WillDaSilva](https://redirect.github.com/WillDaSilva) in [https://github.com/traefik/traefik-helm-chart/pull/1199](https://redirect.github.com/traefik/traefik-helm-chart/pull/1199)
- Change apiVersion to updated group in EXAMPLES.md by [@NeuronButter](https://redirect.github.com/NeuronButter) in [https://github.com/traefik/traefik-helm-chart/pull/1200](https://redirect.github.com/traefik/traefik-helm-chart/pull/1200)
##### Features
- **Traefik Hub:** add APIPlans and APIBundles CRDs ([87d206e](https://redirect.github.com/traefik/traefik-helm-chart/commit/87d206e5e30c1df5e9ec68bad45df53f056414f9))
#### New Contributors
- [@WillDaSilva](https://redirect.github.com/WillDaSilva) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1199](https://redirect.github.com/traefik/traefik-helm-chart/pull/1199)
- [@NeuronButter](https://redirect.github.com/NeuronButter) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1200](https://redirect.github.com/traefik/traefik-helm-chart/pull/1200)
**Full Changelog**: https://github.com/traefik/traefik-helm-chart/compare/v31.1.1...v32.0.0
### [`v31.1.1`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v31.1.1)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v31.1.0...v31.1.1)
##### [31.1.1](https://redirect.github.com/traefik/traefik-helm-chart/compare/v31.1.0...v31.1.1) (2024-09-20)
##### Features
- **deps:** update traefik docker tag to v3.1.4 ([51b46ba](https://redirect.github.com/traefik/traefik-helm-chart/commit/51b46bab664ff1188b305b830dec90fa510940bc))
##### Bug Fixes
- π updateStrategy behavior ([6c1c8c3](https://redirect.github.com/traefik/traefik-helm-chart/commit/6c1c8c3c4e04a830e4bd18c93988407033c10034))
### [`v31.1.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v31.1.0)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v31.0.0...v31.1.0)
##### Features
- β¨ input validation using schema ([cf703c7](https://redirect.github.com/traefik/traefik-helm-chart/commit/cf703c7ddae652288144d70fd88a530667b53aa6))
- β¨ add AllowACMEByPass and improve schema/doc on ports values ([458cab9](https://redirect.github.com/traefik/traefik-helm-chart/commit/458cab997cadf1712abc86ab5c8ff4a333b34f1e))
- **Traefik Hub:** add new webhooks and removes unnecessary ones ([d7c3622](https://redirect.github.com/traefik/traefik-helm-chart/commit/d7c36229bccea62865d2bb74894a59374370523a))
- **deps:** update traefik docker tag to v3.1.3 ([1ecf803](https://redirect.github.com/traefik/traefik-helm-chart/commit/1ecf803aa78312a5b00846106efcf28ac9c9c562))
##### Bug Fixes
- π update CRD to v3.1 ([2dc2253](https://redirect.github.com/traefik/traefik-helm-chart/commit/2dc2253c2e360d2ce2f3fd0ed8407e89b4a0c273))
### [`v31.0.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v31.0.0)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.1.0...v31.0.0)
##### β BREAKING CHANGES
- π set allowEmptyServices to true by default
- CRDs needs to be upgraded for Traefik Hub users
- `kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/`
##### Features
- **Traefik Hub:** update CRDs to v1.7.0 ([aa18d47](https://redirect.github.com/traefik/traefik-helm-chart/commit/aa18d47c1545b6ca8f66210a23f2769ab59ca844))
##### Bug Fixes
- **HTTP3:** split udp and tcp Service when service.single is false ([24acadf](https://redirect.github.com/traefik/traefik-helm-chart/commit/24acadf35fb11927bbb857c3b63fcef01064abc9))
- π set allowEmptyServices to true by default ([2324766](https://redirect.github.com/traefik/traefik-helm-chart/commit/23247669edf5dae5c028e7c6b4a688004e4acec6))
- **Traefik Hub:** update CRDs to v1.5.0 ([ee3537a](https://redirect.github.com/traefik/traefik-helm-chart/commit/ee3537a3238e3fc1ba234c4bc1ecf10dfab3048c))
### [`v30.1.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v30.1.0)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.0.2...v30.1.0)
##### Features
- β¨ rework namespaced RBAC with `disableClusterScopeResources` ([5b54cf7](https://redirect.github.com/traefik/traefik-helm-chart/commit/5b54cf76256c435107f9afb13899e32245892744))
- **deps**: update traefik docker tag to v3.1.2
- **deps**: update traefik docker tag to v3.1.1
##### Bug Fixes
- disable default HTTPS listener for gateway ([f90f16e](https://redirect.github.com/traefik/traefik-helm-chart/commit/f90f16e0dbff26b927efe48eac47d320b99f39ba))
- **Gateway API:** use Standard channel by default ([ccdb66b](https://redirect.github.com/traefik/traefik-helm-chart/commit/ccdb66b74d7120dd8e0dcd7300d3d3b051cea8ed))
- **Gateway API:** wildcard support in hostname ([93d1717](https://redirect.github.com/traefik/traefik-helm-chart/commit/93d1717c1c40768aa0a016a785193ea514709ca4))
### [`v30.0.2`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v30.0.2)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.0.1...v30.0.2)
##### [30.0.2](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.0.1...v30.0.2) (2024-07-30)
##### Features
- **Traefik Hub:** :beers: add E2E tests on RBACs change ([dd3bee0](https://redirect.github.com/traefik/traefik-helm-chart/commit/dd3bee0043f6ab8b34261806375a3624b6e42501))
##### Bug Fixes
- **Traefik Hub:** missing RBACs for Traefik Hub ([ed80c4c](https://redirect.github.com/traefik/traefik-helm-chart/commit/ed80c4c8889af96673abe4776ed1c08080627871))
### [`v30.0.1`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v30.0.1)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.0.0...v30.0.1)
##### [30.0.1](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.0.0...v30.0.1) (2024-07-29)
##### Features
- :release: v30.0.1 ([ab2db23](https://redirect.github.com/traefik/traefik-helm-chart/commit/ab2db23c4cfb7101cb70b3819b6d9d28ca620b4a))
##### Bug Fixes
- **Traefik Hub:** RBACs missing with API Gateway ([747f833](https://redirect.github.com/traefik/traefik-helm-chart/commit/747f8339a57a26bee8d075bbeec2b7b1a5758263))
- **Traefik Hub:** support new RBACs for upcoming traefik hub release ([0e81ea2](https://redirect.github.com/traefik/traefik-helm-chart/commit/0e81ea2c1504837d892a09df3fe91cfd86562ff0))
### [`v30.0.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v30.0.0)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v29.0.1...v30.0.0)
##### Upgrade notes
This release comes with a breaking change :warning: on how to configure Gateway with *values* ([#1133](https://redirect.github.com/traefik/traefik-helm-chart/issues/1133)).
This release supports Traefik Proxy v3.0, v3.1 **and** Traefik Hub v3.3
##### Features
- β¨ display release name and image full path in installation notes ([b77d53d](https://redirect.github.com/traefik/traefik-helm-chart/commit/b77d53dfa1fb60eb618d852cd20305cac7c85509))
- handle log filePath and noColor ([51fc564](https://redirect.github.com/traefik/traefik-helm-chart/commit/51fc5647f06c757c671f1a283d531799b5fd4316))
- use single ingressRoute template ([9240475](https://redirect.github.com/traefik/traefik-helm-chart/commit/9240475d5dd6e0db07aa809100a5152946618256))
##### Bug Fixes
- π ingressroute default name ([a494617](https://redirect.github.com/traefik/traefik-helm-chart/commit/a49461743fe10999856a21ad276a23bb403a8fdf))
- can't set gateway name ([13d302d](https://redirect.github.com/traefik/traefik-helm-chart/commit/13d302d6ef0c926d2fdb27556393c117bfecc4aa))
- namespaced RBACs hub api gateway ([50c24e5](https://redirect.github.com/traefik/traefik-helm-chart/commit/50c24e52162c292d9a8e026ed111af0906562cfe))
- remove version in OCI documentation ([d613258](https://redirect.github.com/traefik/traefik-helm-chart/commit/d6132586e76334d42ace4365b05112a1eabd7ad7))
- **Gateway API:** provide expected roles when using namespaced RBAC ([abc6310](https://redirect.github.com/traefik/traefik-helm-chart/commit/abc631085e06207f84dd2d0b472e1f63f6dd96ea))
- **Gateway API:** revamp Gateway implementation ([5f2705d](https://redirect.github.com/traefik/traefik-helm-chart/commit/5f2705dca27e88941506589a100e8f3d3d50be1c))
##### Documentation
- **EXAMPLES:** ποΈ improve wording on dashboard access without exposing it ([2b03ee8](https://redirect.github.com/traefik/traefik-helm-chart/commit/2b03ee84d433bbd1971a86581592489393f5fa96))
### [`v29.0.1`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v29.0.1)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v29.0.0...v29.0.1)
##### [29.0.1](https://redirect.github.com/traefik/traefik-helm-chart/compare/v29.0.0...v29.0.1) (2024-07-09)
##### Features
- β¨ publish chart on OCI registry ([deaddf5](https://redirect.github.com/traefik/traefik-helm-chart/commit/deaddf57e26ec19fe1a4d54f47047a94f44715b1))
##### Bug Fixes
- RBACs for hub and disabled namespaced RBACs ([0827106](https://redirect.github.com/traefik/traefik-helm-chart/commit/082710650cee6a008a2df092df3d744892c95f89))
- semverCompare failing on some legitimate tags ([143b96f](https://redirect.github.com/traefik/traefik-helm-chart/commit/143b96fc7c24062098c8c69be855c73a62ca122d))
### [`v29.0.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v29.0.0)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v28.3.0...v29.0.0)
##### Upgrade Notes
This is a major breaking upgrade. [Migration guide](https://doc.traefik.io/traefik/v3.1/migration/v3/#v30-to-v31) from v3.0 to v3.1rc has been applied on this chart.
This release supports both Traefik Proxy v3.0.x and v3.1rc.
It comes with those :warning: breaking changes :warning: :
- Far better support on Gateway API v1.1: Gateway, GatewayClass, CRDs & RBAC ([#1107](https://redirect.github.com/traefik/traefik-helm-chart/issues/1107))
- Many changes on CRDs & RBAC ([#1072](https://redirect.github.com/traefik/traefik-helm-chart/issues/1072) & [#1108](https://redirect.github.com/traefik/traefik-helm-chart/issues/1108))
- Refactor on Prometheus Operator support. Values has changed ([#1114](https://redirect.github.com/traefik/traefik-helm-chart/issues/1114))
- Dashboard `IngressRoute` is now disabled by default ([#1111](https://redirect.github.com/traefik/traefik-helm-chart/issues/1111))
CRDs needs to be upgraded: `kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/`
##### Features
- β¨ migrate to endpointslices rbac ([0449b0b](https://redirect.github.com/traefik/traefik-helm-chart/commit/0449b0b7cdbb1d984a621d1c4112f6b5964e3930))
- β¨ update CRDs & RBAC for Traefik Proxy ([228c4e4](https://redirect.github.com/traefik/traefik-helm-chart/commit/228c4e477f2e2355161b506b291fdd3191491acd))
- allow to set hostAliases for traefik pod ([42e5745](https://redirect.github.com/traefik/traefik-helm-chart/commit/42e574516560492db94f7ada7c2a61c391603df3))
- **dashboard:** dashboard `IngressRoute` should be disabled by default ([d9b856a](https://redirect.github.com/traefik/traefik-helm-chart/commit/d9b856a9fd7f216a9ef3f866961d9a0345259f55))
- **providers:** add nativeLBByDefault support ([e75a85c](https://redirect.github.com/traefik/traefik-helm-chart/commit/e75a85c319431586d408697c2408f88ab9b991af))
- **providers:** improve kubernetesGateway and Gateway API support ([2eb640a](https://redirect.github.com/traefik/traefik-helm-chart/commit/2eb640a4aa011f02f52585bd4c8dee5a8d7ebced))
- **workflow:** add oci push ([aa3022a](https://redirect.github.com/traefik/traefik-helm-chart/commit/aa3022acf39041b8df1b3fe56e2cd1e062eba15f))
##### Bug Fixes
- **dashboard:** Only set ingressClass annotation when kubernetesCRD provider is listening for it ([f142f6c](https://redirect.github.com/traefik/traefik-helm-chart/commit/f142f6c671f1230bd90b07021c8227773e1d0225))
- **rbac:** nodes API permissions for Traefik v3.1+ ([647439d](https://redirect.github.com/traefik/traefik-helm-chart/commit/647439d061fc4421fb423b171c510594a78738a8))
- allow multiples values in the `secretResourceNames` slice ([24978e8](https://redirect.github.com/traefik/traefik-helm-chart/commit/24978e85be3af72bb86b380534715ff039358487))
- π improve error message on additional service without ports ([d4cab24](https://redirect.github.com/traefik/traefik-helm-chart/commit/d4cab24a3dc13730c55cea4617987c20462126f9))
- prometheus operator settings ([7d3a90d](https://redirect.github.com/traefik/traefik-helm-chart/commit/7d3a90d1eb1ecd0450aaa2697bc77aa7e7da05f2))
##### Documentation
- fix typos and broken link ([e43afd4](https://redirect.github.com/traefik/traefik-helm-chart/commit/e43afd46654359d580668d539db1ed8f760b80f2))
#### New Contributors
- [@justinrush](https://redirect.github.com/justinrush) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1093](https://redirect.github.com/traefik/traefik-helm-chart/pull/1093)
- [@x0ddf](https://redirect.github.com/x0ddf) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1094](https://redirect.github.com/traefik/traefik-helm-chart/pull/1094)
- [@traefiker](https://redirect.github.com/traefiker) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1101](https://redirect.github.com/traefik/traefik-helm-chart/pull/1101)
- [@mmetc](https://redirect.github.com/mmetc) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1102](https://redirect.github.com/traefik/traefik-helm-chart/pull/1102)
### [`v28.3.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v28.3.0)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v28.2.0...v28.3.0)
##### Features
- allow setting permanent on redirectTo ([1b454e9](https://redirect.github.com/traefik/traefik-helm-chart/commit/1b454e9e071d90f18f9eb43840c57d709eb8eb86))
##### Bug Fixes
- **Security:** π ποΈ mount service account token on pod level (\[[`db4f43f`](https://redirect.github.com/traefik/traefik-helm-chart/commit/db4f43f)]\(https://github.com/traefik/traefik-helm-chart/commit/
- **Traefik Hub:** remove namespace in mutating webhook ([f8f2da2](https://redirect.github.com/traefik/traefik-helm-chart/commit/f8f2da2905f8c97a9e891461d6203612d22c333c))
- **Traefik Hub:** remove obsolete CRD ([4fcec62](https://redirect.github.com/traefik/traefik-helm-chart/commit/4fcec6296bdd5b4bd18776d88fe3c82497c8b800))
- π namespaced rbac when kubernetesIngress provider is disabled ([3bb41f7](https://redirect.github.com/traefik/traefik-helm-chart/commit/3bb41f7acc77463d518c26f38371df9f6a0d9b9e))
[`db4f43f`](https://redirect.github.com/traefik/traefik-helm-chart/commit/db4f43f2cbdaad77b95c838d12f0b398bc149863)))
- π add divisor: '1' to GOMAXPROCS and GOMEMLIMIT ([9ccbee2](https://redirect.github.com/traefik/traefik-helm-chart/commit/9ccbee20ec22392eeca541514a534d357a2e499b))
#### New Contributors
- [@hawkesn](https://redirect.github.com/hawkesn) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1085](https://redirect.github.com/traefik/traefik-helm-chart/pull/1085)
- [@berlincount](https://redirect.github.com/berlincount) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1082](https://redirect.github.com/traefik/traefik-helm-chart/pull/1082)
**Full Changelog**: https://github.com/traefik/traefik-helm-chart/compare/v28.2.0...v28.3.0
### [`v28.2.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v28.2.0)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v28.1.0...v28.2.0)
:warning: This release align to Kubernetes default (*Always*) for `podSecurityContext.fsGroupChangePolicy`. It was *OnRootMismatch* in previous release of this chart. It can easily be set (back) to *OnRootMismatch* if needed, see [EXAMPLES](https://redirect.github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md#use-traefik-native-lets-encrypt-integration-without-cert-manager).
##### Features
- β¨ simplify values and provide more examples ([4eb71eb](https://redirect.github.com/traefik/traefik-helm-chart/commit/4eb71eb43bde454ce16e8633215551e67eff4568))
- add deletecollection right on secrets ([fb69807](https://redirect.github.com/traefik/traefik-helm-chart/commit/fb69807b609a991643a45d982a716441980955e6))
- update traefik docker tag to v3.0.1 by [@renovate](https://redirect.github.com/renovate) in [https://github.com/traefik/traefik-helm-chart/pull/1075](https://redirect.github.com/traefik/traefik-helm-chart/pull/1075)
##### Bug Fixes
- **IngressClass:** provides annotation on IngressRoutes when it's enabled ([f5de0c3](https://redirect.github.com/traefik/traefik-helm-chart/commit/f5de0c3725e7ab46d22744ba8510875a2ca5fbf9))
##### New Contributors
- [@jspdown](https://redirect.github.com/jspdown) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1077](https://redirect.github.com/traefik/traefik-helm-chart/pull/1077)
**Full Changelog**: https://github.com/traefik/traefik-helm-chart/compare/v28.1.0...v28.2.0
### [`v28.1.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v28.1.0)
[Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v28.0.0...v28.1.0)
##### Features
- **Traefik Hub:** add initial support for API Gateway ([dc5c68d](https://redirect.github.com/traefik/traefik-helm-chart/commit/dc5c68d584198b52cd0ac64fb17d3df1d2ccb018))
- **Traefik Hub:** use Traefik Proxy otlp config ([a910db4](https://redirect.github.com/traefik/traefik-helm-chart/commit/a910db40fc9f3889a221003ca674242a2458744c))
##### Bug Fixes
- **Traefik Hub:** refine support ([60d210d](https://redirect.github.com/traefik/traefik-helm-chart/commit/60d210de336614ff16161d3cf13d555575ace12c))
- **Traefik Hub:** do not deploy mutating webhook when enabling only API Gateway ([cb2a98d](https://redirect.github.com/traefik/traefik-helm-chart/commit/cb2a98dfc8e412ea78d317954e245148915109a7))
##### Documentation
- **example:** Update Digital Ocean PROXY Protocol ([9850319](https://redirect.github.com/traefik/traefik-helm-chart/commit/9850319029826fcb31d037fd51a6242261d400e1))
- ποΈ improve UPGRADING section ([54ec665](https://redirect.github.com/traefik/traefik-helm-chart/commit/54ec66537c2338b82d7c81f36367d17b9bc86b81))
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π» Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
9.0.0
->10.0.0
14.1.0
->15.3.0
28.0.0
->32.0.0
Release Notes
dev-sec/ansible-collection-hardening (devsec.hardening)
### [`v10.0.0`](https://redirect.github.com/dev-sec/ansible-collection-hardening/releases/tag/10.0.0) [Compare Source](https://redirect.github.com/dev-sec/ansible-collection-hardening/compare/9.0.1...10.0.0) ### Changelog #### [10.0.0](https://redirect.github.com/dev-sec/ansible-collection-hardening/tree/10.0.0) (2024-08-06) [Full Changelog](https://redirect.github.com/dev-sec/ansible-collection-hardening/compare/9.0.1...10.0.0) **Implemented enhancements:** - option to disable regeneration of ssh private key [#772](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/772) - Ubuntu 24.04 support [#764](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/764) - Support systemd socket activation for sshd [#763](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/763) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] - Release 9.0.2 [#758](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/758) - Make Publickey authentication configurable [#750](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/750) - Ansible Linting [#747](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/747) - Make value of kernel.unprivileged_userns_clone depending on kernel version [#727](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/727) - Ensure that ssh is installed (cf [#771](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/771)) [#774](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/774) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([Byh0ki](https://redirect.github.com/Byh0ki)) - ssh: explicitly enable or disable the service at boot [#771](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/771) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([Byh0ki](https://redirect.github.com/Byh0ki)) - disable systemd socket activation [#769](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/769) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro)) - Add ssh_pubkey_authentication variable to ssh hardening [#749](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/749) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([debbabi](https://redirect.github.com/debbabi)) **Fixed bugs:** - ssh hardening role fails when `ssh_permit_root_login` var is set on ubuntu 24.04 [#768](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/768) - os_hardening fails when setting vm.mmap_rnd_bits [#757](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/757) - `ssh_gateway_ports` is documented to accept 'clientspecified' string, but only accepts bools [#755](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/755) - Error: Missing privilege separation directory: /run/sshd [#752](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/752) - harden permissions for directory mount /var/log fails for minimized Ubuntu 22.04 [#741](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/741) - Update Debian compatibility [#784](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/784) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([schurzi](https://redirect.github.com/schurzi)) - do not force type of ssh_gateway_ports [#765](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/765) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro)) **Merged pull requests:** - Update to current Fedora releases [#783](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/783) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://redirect.github.com/schurzi)) - Remove deprecated rebuild of initrd [#782](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/782) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([schurzi](https://redirect.github.com/schurzi)) - chore(deps): update patrickjahns/version-drafter-action digest to [`2076fa4`](https://redirect.github.com/dev-sec/ansible-collection-hardening/commit/2076fa4) [#781](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/781) ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) - chore(deps): update ansible/ansible-lint digest to [`95382d3`](https://redirect.github.com/dev-sec/ansible-collection-hardening/commit/95382d3) [#779](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/779) ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) - chore(deps): update actions/setup-python digest to [`39cd149`](https://redirect.github.com/dev-sec/ansible-collection-hardening/commit/39cd149) [#778](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/778) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) - remove tests for FreeBSD12 since it's out of support [#777](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/777) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://redirect.github.com/schurzi)) - chore(deps): pin dependencies [#776](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/776) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) - Use best-practice preset for renovate [#775](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/775) ([schurzi](https://redirect.github.com/schurzi)) - Deprecate Centos Stream 8 [#770](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/770) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro)) - centos7 is eol, remove it [#767](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/767) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro)) - fix spelling [#766](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/766) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro)) - ci: define permissions for enforce-labels workflow [#760](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/760) ([fgreinacher](https://redirect.github.com/fgreinacher)) - Update dependency ansible-core to v2.16.5 [#754](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/754) ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) - Update dependency ansible-core to v2.16.4 [#751](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/751) ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) - Update ansible/ansible-lint action to v24 [#745](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/745) ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) - Always update Vagrant Boxes before using [#744](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/744) ([schurzi](https://redirect.github.com/schurzi)) - Remove Docker containers on self-hosted runner after tests [#743](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/743) ([schurzi](https://redirect.github.com/schurzi)) - Update dependency ansible-core to v2.16.3 [#742](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/742) ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) ### [`v9.0.1`](https://redirect.github.com/dev-sec/ansible-collection-hardening/blob/HEAD/CHANGELOG.md#901-2024-01-15) [Compare Source](https://redirect.github.com/dev-sec/ansible-collection-hardening/compare/9.0.0...9.0.1) [Full Changelog](https://redirect.github.com/dev-sec/ansible-collection-hardening/compare/9.0.0...9.0.1) **Implemented enhancements:** - Extend ansible-lint testing to cover our test cases [#731](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/731) - Complete tests for OS hardening [#660](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/660) - support restarts of audit service on Arch linux [#722](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/722) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([schurzi](https://redirect.github.com/schurzi)) **Fixed bugs:** - Fails to install [#735](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/735) - Amazon Linux gpg check fails [#734](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/734) - ssh_hardening ipv6 [#719](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/719) - boolean variable inconsistency? [#330](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/330) - Restore idempotency for disabling unused filesystems with Ansible 2.16.0 [#718](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/718) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([akikanellis](https://redirect.github.com/akikanellis)) **Closed issues:** - 9.0.0 version number in galaxy.yml file is wrong [#740](https://redirect.github.com/dev-sec/ansible-collection-hardening/issues/740) **Merged pull requests:** - restructure readme to move known limitations up top [#739](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/739) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://redirect.github.com/rndmh3ro)) - release only on releases, not pre-releases [#738](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/738) ([rndmh3ro](https://redirect.github.com/rndmh3ro)) - Update dependency ansible-core to v2.16.2 [#737](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/737) ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) - fix linting for github config [#736](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/736) ([rndmh3ro](https://redirect.github.com/rndmh3ro)) - Update actions/setup-python action to v5 [#733](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/733) ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) - Update ansible-lint action and revise configuration to scan all Ansible code [#732](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/732) ([schurzi](https://redirect.github.com/schurzi)) - update labeler to new config format [#730](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/730) \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://redirect.github.com/schurzi)) - Update dependency ansible-core to v2.16.1 [#728](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/728) \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([renovate\[bot\]](https://redirect.github.com/apps/renovate)) - pin Ansible to always let Renovate update to the most current version in our tests [#721](https://redirect.github.com/dev-sec/ansible-collection-hardening/pull/721) \[[mysql_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] \[[os_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] \[[ssh_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] \[[nginx_hardening](https://redirect.github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([schurzi](https://redirect.github.com/schurzi))traefik/traefik-helm-chart (traefik)
### [`v32.0.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v32.0.0) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v31.1.1...v32.0.0) β BREAKING CHANGES - Traefik Hub. See [release notes](https://doc.traefik.io/traefik-hub/introduction/release-notes#september-2024) for more details. - CRD has to be updated before upgrading the Chart - There is a breaking change on how Redis is configured ##### Fixes - Replace `CLF` with `common` in `values.yaml` by [@WillDaSilva](https://redirect.github.com/WillDaSilva) in [https://github.com/traefik/traefik-helm-chart/pull/1199](https://redirect.github.com/traefik/traefik-helm-chart/pull/1199) - Change apiVersion to updated group in EXAMPLES.md by [@NeuronButter](https://redirect.github.com/NeuronButter) in [https://github.com/traefik/traefik-helm-chart/pull/1200](https://redirect.github.com/traefik/traefik-helm-chart/pull/1200) ##### Features - **Traefik Hub:** add APIPlans and APIBundles CRDs ([87d206e](https://redirect.github.com/traefik/traefik-helm-chart/commit/87d206e5e30c1df5e9ec68bad45df53f056414f9)) #### New Contributors - [@WillDaSilva](https://redirect.github.com/WillDaSilva) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1199](https://redirect.github.com/traefik/traefik-helm-chart/pull/1199) - [@NeuronButter](https://redirect.github.com/NeuronButter) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1200](https://redirect.github.com/traefik/traefik-helm-chart/pull/1200) **Full Changelog**: https://github.com/traefik/traefik-helm-chart/compare/v31.1.1...v32.0.0 ### [`v31.1.1`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v31.1.1) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v31.1.0...v31.1.1) ##### [31.1.1](https://redirect.github.com/traefik/traefik-helm-chart/compare/v31.1.0...v31.1.1) (2024-09-20) ##### Features - **deps:** update traefik docker tag to v3.1.4 ([51b46ba](https://redirect.github.com/traefik/traefik-helm-chart/commit/51b46bab664ff1188b305b830dec90fa510940bc)) ##### Bug Fixes - π updateStrategy behavior ([6c1c8c3](https://redirect.github.com/traefik/traefik-helm-chart/commit/6c1c8c3c4e04a830e4bd18c93988407033c10034)) ### [`v31.1.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v31.1.0) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v31.0.0...v31.1.0) ##### Features - β¨ input validation using schema ([cf703c7](https://redirect.github.com/traefik/traefik-helm-chart/commit/cf703c7ddae652288144d70fd88a530667b53aa6)) - β¨ add AllowACMEByPass and improve schema/doc on ports values ([458cab9](https://redirect.github.com/traefik/traefik-helm-chart/commit/458cab997cadf1712abc86ab5c8ff4a333b34f1e)) - **Traefik Hub:** add new webhooks and removes unnecessary ones ([d7c3622](https://redirect.github.com/traefik/traefik-helm-chart/commit/d7c36229bccea62865d2bb74894a59374370523a)) - **deps:** update traefik docker tag to v3.1.3 ([1ecf803](https://redirect.github.com/traefik/traefik-helm-chart/commit/1ecf803aa78312a5b00846106efcf28ac9c9c562)) ##### Bug Fixes - π update CRD to v3.1 ([2dc2253](https://redirect.github.com/traefik/traefik-helm-chart/commit/2dc2253c2e360d2ce2f3fd0ed8407e89b4a0c273)) ### [`v31.0.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v31.0.0) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.1.0...v31.0.0) ##### β BREAKING CHANGES - π set allowEmptyServices to true by default - CRDs needs to be upgraded for Traefik Hub users - `kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/` ##### Features - **Traefik Hub:** update CRDs to v1.7.0 ([aa18d47](https://redirect.github.com/traefik/traefik-helm-chart/commit/aa18d47c1545b6ca8f66210a23f2769ab59ca844)) ##### Bug Fixes - **HTTP3:** split udp and tcp Service when service.single is false ([24acadf](https://redirect.github.com/traefik/traefik-helm-chart/commit/24acadf35fb11927bbb857c3b63fcef01064abc9)) - π set allowEmptyServices to true by default ([2324766](https://redirect.github.com/traefik/traefik-helm-chart/commit/23247669edf5dae5c028e7c6b4a688004e4acec6)) - **Traefik Hub:** update CRDs to v1.5.0 ([ee3537a](https://redirect.github.com/traefik/traefik-helm-chart/commit/ee3537a3238e3fc1ba234c4bc1ecf10dfab3048c)) ### [`v30.1.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v30.1.0) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.0.2...v30.1.0) ##### Features - β¨ rework namespaced RBAC with `disableClusterScopeResources` ([5b54cf7](https://redirect.github.com/traefik/traefik-helm-chart/commit/5b54cf76256c435107f9afb13899e32245892744)) - **deps**: update traefik docker tag to v3.1.2 - **deps**: update traefik docker tag to v3.1.1 ##### Bug Fixes - disable default HTTPS listener for gateway ([f90f16e](https://redirect.github.com/traefik/traefik-helm-chart/commit/f90f16e0dbff26b927efe48eac47d320b99f39ba)) - **Gateway API:** use Standard channel by default ([ccdb66b](https://redirect.github.com/traefik/traefik-helm-chart/commit/ccdb66b74d7120dd8e0dcd7300d3d3b051cea8ed)) - **Gateway API:** wildcard support in hostname ([93d1717](https://redirect.github.com/traefik/traefik-helm-chart/commit/93d1717c1c40768aa0a016a785193ea514709ca4)) ### [`v30.0.2`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v30.0.2) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.0.1...v30.0.2) ##### [30.0.2](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.0.1...v30.0.2) (2024-07-30) ##### Features - **Traefik Hub:** :beers: add E2E tests on RBACs change ([dd3bee0](https://redirect.github.com/traefik/traefik-helm-chart/commit/dd3bee0043f6ab8b34261806375a3624b6e42501)) ##### Bug Fixes - **Traefik Hub:** missing RBACs for Traefik Hub ([ed80c4c](https://redirect.github.com/traefik/traefik-helm-chart/commit/ed80c4c8889af96673abe4776ed1c08080627871)) ### [`v30.0.1`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v30.0.1) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.0.0...v30.0.1) ##### [30.0.1](https://redirect.github.com/traefik/traefik-helm-chart/compare/v30.0.0...v30.0.1) (2024-07-29) ##### Features - :release: v30.0.1 ([ab2db23](https://redirect.github.com/traefik/traefik-helm-chart/commit/ab2db23c4cfb7101cb70b3819b6d9d28ca620b4a)) ##### Bug Fixes - **Traefik Hub:** RBACs missing with API Gateway ([747f833](https://redirect.github.com/traefik/traefik-helm-chart/commit/747f8339a57a26bee8d075bbeec2b7b1a5758263)) - **Traefik Hub:** support new RBACs for upcoming traefik hub release ([0e81ea2](https://redirect.github.com/traefik/traefik-helm-chart/commit/0e81ea2c1504837d892a09df3fe91cfd86562ff0)) ### [`v30.0.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v30.0.0) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v29.0.1...v30.0.0) ##### Upgrade notes This release comes with a breaking change :warning: on how to configure Gateway with *values* ([#1133](https://redirect.github.com/traefik/traefik-helm-chart/issues/1133)). This release supports Traefik Proxy v3.0, v3.1 **and** Traefik Hub v3.3 ##### Features - β¨ display release name and image full path in installation notes ([b77d53d](https://redirect.github.com/traefik/traefik-helm-chart/commit/b77d53dfa1fb60eb618d852cd20305cac7c85509)) - handle log filePath and noColor ([51fc564](https://redirect.github.com/traefik/traefik-helm-chart/commit/51fc5647f06c757c671f1a283d531799b5fd4316)) - use single ingressRoute template ([9240475](https://redirect.github.com/traefik/traefik-helm-chart/commit/9240475d5dd6e0db07aa809100a5152946618256)) ##### Bug Fixes - π ingressroute default name ([a494617](https://redirect.github.com/traefik/traefik-helm-chart/commit/a49461743fe10999856a21ad276a23bb403a8fdf)) - can't set gateway name ([13d302d](https://redirect.github.com/traefik/traefik-helm-chart/commit/13d302d6ef0c926d2fdb27556393c117bfecc4aa)) - namespaced RBACs hub api gateway ([50c24e5](https://redirect.github.com/traefik/traefik-helm-chart/commit/50c24e52162c292d9a8e026ed111af0906562cfe)) - remove version in OCI documentation ([d613258](https://redirect.github.com/traefik/traefik-helm-chart/commit/d6132586e76334d42ace4365b05112a1eabd7ad7)) - **Gateway API:** provide expected roles when using namespaced RBAC ([abc6310](https://redirect.github.com/traefik/traefik-helm-chart/commit/abc631085e06207f84dd2d0b472e1f63f6dd96ea)) - **Gateway API:** revamp Gateway implementation ([5f2705d](https://redirect.github.com/traefik/traefik-helm-chart/commit/5f2705dca27e88941506589a100e8f3d3d50be1c)) ##### Documentation - **EXAMPLES:** ποΈ improve wording on dashboard access without exposing it ([2b03ee8](https://redirect.github.com/traefik/traefik-helm-chart/commit/2b03ee84d433bbd1971a86581592489393f5fa96)) ### [`v29.0.1`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v29.0.1) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v29.0.0...v29.0.1) ##### [29.0.1](https://redirect.github.com/traefik/traefik-helm-chart/compare/v29.0.0...v29.0.1) (2024-07-09) ##### Features - β¨ publish chart on OCI registry ([deaddf5](https://redirect.github.com/traefik/traefik-helm-chart/commit/deaddf57e26ec19fe1a4d54f47047a94f44715b1)) ##### Bug Fixes - RBACs for hub and disabled namespaced RBACs ([0827106](https://redirect.github.com/traefik/traefik-helm-chart/commit/082710650cee6a008a2df092df3d744892c95f89)) - semverCompare failing on some legitimate tags ([143b96f](https://redirect.github.com/traefik/traefik-helm-chart/commit/143b96fc7c24062098c8c69be855c73a62ca122d)) ### [`v29.0.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v29.0.0) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v28.3.0...v29.0.0) ##### Upgrade Notes This is a major breaking upgrade. [Migration guide](https://doc.traefik.io/traefik/v3.1/migration/v3/#v30-to-v31) from v3.0 to v3.1rc has been applied on this chart. This release supports both Traefik Proxy v3.0.x and v3.1rc. It comes with those :warning: breaking changes :warning: : - Far better support on Gateway API v1.1: Gateway, GatewayClass, CRDs & RBAC ([#1107](https://redirect.github.com/traefik/traefik-helm-chart/issues/1107)) - Many changes on CRDs & RBAC ([#1072](https://redirect.github.com/traefik/traefik-helm-chart/issues/1072) & [#1108](https://redirect.github.com/traefik/traefik-helm-chart/issues/1108)) - Refactor on Prometheus Operator support. Values has changed ([#1114](https://redirect.github.com/traefik/traefik-helm-chart/issues/1114)) - Dashboard `IngressRoute` is now disabled by default ([#1111](https://redirect.github.com/traefik/traefik-helm-chart/issues/1111)) CRDs needs to be upgraded: `kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/` ##### Features - β¨ migrate to endpointslices rbac ([0449b0b](https://redirect.github.com/traefik/traefik-helm-chart/commit/0449b0b7cdbb1d984a621d1c4112f6b5964e3930)) - β¨ update CRDs & RBAC for Traefik Proxy ([228c4e4](https://redirect.github.com/traefik/traefik-helm-chart/commit/228c4e477f2e2355161b506b291fdd3191491acd)) - allow to set hostAliases for traefik pod ([42e5745](https://redirect.github.com/traefik/traefik-helm-chart/commit/42e574516560492db94f7ada7c2a61c391603df3)) - **dashboard:** dashboard `IngressRoute` should be disabled by default ([d9b856a](https://redirect.github.com/traefik/traefik-helm-chart/commit/d9b856a9fd7f216a9ef3f866961d9a0345259f55)) - **providers:** add nativeLBByDefault support ([e75a85c](https://redirect.github.com/traefik/traefik-helm-chart/commit/e75a85c319431586d408697c2408f88ab9b991af)) - **providers:** improve kubernetesGateway and Gateway API support ([2eb640a](https://redirect.github.com/traefik/traefik-helm-chart/commit/2eb640a4aa011f02f52585bd4c8dee5a8d7ebced)) - **workflow:** add oci push ([aa3022a](https://redirect.github.com/traefik/traefik-helm-chart/commit/aa3022acf39041b8df1b3fe56e2cd1e062eba15f)) ##### Bug Fixes - **dashboard:** Only set ingressClass annotation when kubernetesCRD provider is listening for it ([f142f6c](https://redirect.github.com/traefik/traefik-helm-chart/commit/f142f6c671f1230bd90b07021c8227773e1d0225)) - **rbac:** nodes API permissions for Traefik v3.1+ ([647439d](https://redirect.github.com/traefik/traefik-helm-chart/commit/647439d061fc4421fb423b171c510594a78738a8)) - allow multiples values in the `secretResourceNames` slice ([24978e8](https://redirect.github.com/traefik/traefik-helm-chart/commit/24978e85be3af72bb86b380534715ff039358487)) - π improve error message on additional service without ports ([d4cab24](https://redirect.github.com/traefik/traefik-helm-chart/commit/d4cab24a3dc13730c55cea4617987c20462126f9)) - prometheus operator settings ([7d3a90d](https://redirect.github.com/traefik/traefik-helm-chart/commit/7d3a90d1eb1ecd0450aaa2697bc77aa7e7da05f2)) ##### Documentation - fix typos and broken link ([e43afd4](https://redirect.github.com/traefik/traefik-helm-chart/commit/e43afd46654359d580668d539db1ed8f760b80f2)) #### New Contributors - [@justinrush](https://redirect.github.com/justinrush) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1093](https://redirect.github.com/traefik/traefik-helm-chart/pull/1093) - [@x0ddf](https://redirect.github.com/x0ddf) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1094](https://redirect.github.com/traefik/traefik-helm-chart/pull/1094) - [@traefiker](https://redirect.github.com/traefiker) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1101](https://redirect.github.com/traefik/traefik-helm-chart/pull/1101) - [@mmetc](https://redirect.github.com/mmetc) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1102](https://redirect.github.com/traefik/traefik-helm-chart/pull/1102) ### [`v28.3.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v28.3.0) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v28.2.0...v28.3.0) ##### Features - allow setting permanent on redirectTo ([1b454e9](https://redirect.github.com/traefik/traefik-helm-chart/commit/1b454e9e071d90f18f9eb43840c57d709eb8eb86)) ##### Bug Fixes - **Security:** π ποΈ mount service account token on pod level (\[[`db4f43f`](https://redirect.github.com/traefik/traefik-helm-chart/commit/db4f43f)]\(https://github.com/traefik/traefik-helm-chart/commit/ - **Traefik Hub:** remove namespace in mutating webhook ([f8f2da2](https://redirect.github.com/traefik/traefik-helm-chart/commit/f8f2da2905f8c97a9e891461d6203612d22c333c)) - **Traefik Hub:** remove obsolete CRD ([4fcec62](https://redirect.github.com/traefik/traefik-helm-chart/commit/4fcec6296bdd5b4bd18776d88fe3c82497c8b800)) - π namespaced rbac when kubernetesIngress provider is disabled ([3bb41f7](https://redirect.github.com/traefik/traefik-helm-chart/commit/3bb41f7acc77463d518c26f38371df9f6a0d9b9e)) [`db4f43f`](https://redirect.github.com/traefik/traefik-helm-chart/commit/db4f43f2cbdaad77b95c838d12f0b398bc149863))) - π add divisor: '1' to GOMAXPROCS and GOMEMLIMIT ([9ccbee2](https://redirect.github.com/traefik/traefik-helm-chart/commit/9ccbee20ec22392eeca541514a534d357a2e499b)) #### New Contributors - [@hawkesn](https://redirect.github.com/hawkesn) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1085](https://redirect.github.com/traefik/traefik-helm-chart/pull/1085) - [@berlincount](https://redirect.github.com/berlincount) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1082](https://redirect.github.com/traefik/traefik-helm-chart/pull/1082) **Full Changelog**: https://github.com/traefik/traefik-helm-chart/compare/v28.2.0...v28.3.0 ### [`v28.2.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v28.2.0) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v28.1.0...v28.2.0) :warning: This release align to Kubernetes default (*Always*) for `podSecurityContext.fsGroupChangePolicy`. It was *OnRootMismatch* in previous release of this chart. It can easily be set (back) to *OnRootMismatch* if needed, see [EXAMPLES](https://redirect.github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md#use-traefik-native-lets-encrypt-integration-without-cert-manager). ##### Features - β¨ simplify values and provide more examples ([4eb71eb](https://redirect.github.com/traefik/traefik-helm-chart/commit/4eb71eb43bde454ce16e8633215551e67eff4568)) - add deletecollection right on secrets ([fb69807](https://redirect.github.com/traefik/traefik-helm-chart/commit/fb69807b609a991643a45d982a716441980955e6)) - update traefik docker tag to v3.0.1 by [@renovate](https://redirect.github.com/renovate) in [https://github.com/traefik/traefik-helm-chart/pull/1075](https://redirect.github.com/traefik/traefik-helm-chart/pull/1075) ##### Bug Fixes - **IngressClass:** provides annotation on IngressRoutes when it's enabled ([f5de0c3](https://redirect.github.com/traefik/traefik-helm-chart/commit/f5de0c3725e7ab46d22744ba8510875a2ca5fbf9)) ##### New Contributors - [@jspdown](https://redirect.github.com/jspdown) made their first contribution in [https://github.com/traefik/traefik-helm-chart/pull/1077](https://redirect.github.com/traefik/traefik-helm-chart/pull/1077) **Full Changelog**: https://github.com/traefik/traefik-helm-chart/compare/v28.1.0...v28.2.0 ### [`v28.1.0`](https://redirect.github.com/traefik/traefik-helm-chart/releases/tag/v28.1.0) [Compare Source](https://redirect.github.com/traefik/traefik-helm-chart/compare/v28.0.0...v28.1.0) ##### Features - **Traefik Hub:** add initial support for API Gateway ([dc5c68d](https://redirect.github.com/traefik/traefik-helm-chart/commit/dc5c68d584198b52cd0ac64fb17d3df1d2ccb018)) - **Traefik Hub:** use Traefik Proxy otlp config ([a910db4](https://redirect.github.com/traefik/traefik-helm-chart/commit/a910db40fc9f3889a221003ca674242a2458744c)) ##### Bug Fixes - **Traefik Hub:** refine support ([60d210d](https://redirect.github.com/traefik/traefik-helm-chart/commit/60d210de336614ff16161d3cf13d555575ace12c)) - **Traefik Hub:** do not deploy mutating webhook when enabling only API Gateway ([cb2a98d](https://redirect.github.com/traefik/traefik-helm-chart/commit/cb2a98dfc8e412ea78d317954e245148915109a7)) ##### Documentation - **example:** Update Digital Ocean PROXY Protocol ([9850319](https://redirect.github.com/traefik/traefik-helm-chart/commit/9850319029826fcb31d037fd51a6242261d400e1)) - ποΈ improve UPGRADING section ([54ec665](https://redirect.github.com/traefik/traefik-helm-chart/commit/54ec66537c2338b82d7c81f36367d17b9bc86b81))Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π» Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.