Kind

📋 Recommended Actions ⚠️ Action Required Immediate patching is highly recommended to address CVE-2024-29018, a high-severity vulnerability in the gRPC dependency. Review updated E2E testing procedures if you maintain custom CI workflows. 📝 Summary cert-manager v1.19.5 delivers essential security and maintenance updates, crucial for maintaining a robust certificate management infrastructure. This release directly addresses CVE-2024-29018, a high-severity vulnerability in the gRPC dependency that could lead to CPU exhaustion. Upgrading promptly is vital to protect your systems. Beyond security, we’ve bumped the core Go runtime to version 1.25.9 and updated numerous transitive dependencies like golang.org/x/crypto and cel.dev/expr to ensure improved stability and performance. Internal CI/CD workflows also see significant enhancements, including support for Kubernetes 1.35 and a migration of upgrade E2E tests to leverage Helm OCI registries. Minor textual cleanups in CRD descriptions also enhance clarity. These updates balance critical security fixes with ongoing platform compatibility and foundational improvements. Upgrade to secure your deployments and benefit from these stability enhancements. ...

📋 Recommended Actions ⚠️ Action Required Immediate review recommended for all users. Upgrade promptly to benefit from critical security hardening, fix potential denial-of-service vectors, and enhance certificate issuance reliability. 📝 Summary cert-manager v1.19.3 delivers crucial security enhancements and improved issuance robustness. This release directly addresses GHSA-gx3x-vq4p-mhhv, preventing a potential panic in the ACME DNS solver that could lead to denial-of-service. This high-severity fix solidifies the reliability of your ACME challenges. We’ve also introduced a vital new check: certificate issuance will now fail if the public key in the signed certificate doesn’t match the original Certificate Signing Request (CSR). This prevents infinite re-issuance loops with misconfigured external issuers, ensuring cryptographic integrity. Furthermore, the HTTP-01 solver gained more robust handling of IPv6 address literals, improving compliance and reliability for diverse network configurations. Essential tooling updates, including Go 1.25.6 and Kind 0.31.0, round out this focused release. Upgrade to boost the security and stability of your certificate management. ...