IPv6

📋 Recommended Actions ⚠️ Action Required Immediate upgrade is recommended to address a high-severity DNS-01 solver stability issue (GHSA-gx3x-vq4p-mhhv) and ensure robust certificate issuance validation. 📝 Summary Cert-manager v1.18.5 delivers critical updates. It fixes a high-severity DNS-01 solver panic (GHSA-gx3x-vq4p-mhhv), preventing service disruptions. It also adds robust validation for issued certificates, ensuring public keys match CSRs, and improves HTTP-01 IPv6 handling. Upgrade now for enhanced stability and security! 🔒 High-Severity Fix: ACME DNS-01 Solver Panic (GHSA-gx3x-vq4p-mhhv) A critical vulnerability identified as GHSA-gx3x-vq4p-mhhv has been addressed in this release, preventing potential denial-of-service scenarios for the ACME DNS-01 solver. Previously, the solver would incorrectly assume that DNS SOA records would always be the first entry in a DNS query response. If a DNS provider returned the SOA record at a different position, cert-manager’s DNS-01 solver could panic and crash, making it unable to process new challenges and disrupting certificate issuance. ...

📋 Recommended Actions ⚠️ Action Required Immediate action is not universally required but highly recommended to review the default changes for promoted feature gates (like NameConstraints and UseDomainQualifiedFinalizer now defaulting to true) and the deprecation of ValidateCAA (now defaulting to false). Adjust your configurations as necessary to maintain desired behavior, especially if you rely on the previous implicit defaults. Consider leveraging the new literal keystore password option for simplified management. ...