cert-manager(v1.19.3): Security Hardening, Robustness, and ACME Solver Refinements
📋 Recommended Actions ⚠️ Action Required Immediate review recommended for all users. Upgrade promptly to benefit from critical security hardening, fix potential denial-of-service vectors, and enhance certificate issuance reliability. 📝 Summary cert-manager v1.19.3 delivers crucial security enhancements and improved issuance robustness. This release directly addresses GHSA-gx3x-vq4p-mhhv, preventing a potential panic in the ACME DNS solver that could lead to denial-of-service. This high-severity fix solidifies the reliability of your ACME challenges. We’ve also introduced a vital new check: certificate issuance will now fail if the public key in the signed certificate doesn’t match the original Certificate Signing Request (CSR). This prevents infinite re-issuance loops with misconfigured external issuers, ensuring cryptographic integrity. Furthermore, the HTTP-01 solver gained more robust handling of IPv6 address literals, improving compliance and reliability for diverse network configurations. Essential tooling updates, including Go 1.25.6 and Kind 0.31.0, round out this focused release. Upgrade to boost the security and stability of your certificate management. ...