TLS-ALPN-01

📋 Recommended Actions ⚠️ Action Required Immediate upgrade is strongly recommended to address multiple high-severity security vulnerabilities. Review updates to the vendored ACME client, particularly the deprecation of TLS-SNI-01 and TLS-SNI-02 challenge types, which may impact custom ACME integrations. 📝 Summary cert-manager v1.18.4 lands with vital security fixes and significant ACME protocol updates. This release addresses multiple high-severity CVEs in the underlying Go toolchain and various golang.org/x dependencies, demanding your prompt attention to safeguard your Kubernetes clusters. Beyond security, we’ve refined ACME challenge handling, notably deprecating the insecure TLS-SNI-01 and TLS-SNI-02 challenge types. On the bright side, TLS-ALPN-01 now gracefully supports IP address identifiers, expanding its utility for diverse network configurations. Core components also see a Go version bump and updated distroless base images, boosting overall stability. Upgrade now to secure your certificate management and benefit from improved ACME capabilities. ...

📋 Recommended Actions ⚠️ Action Required Immediate patching is highly recommended to address critical security vulnerabilities. Operations engineers must also review their Helm chart configurations for nodeSelector behavior changes to avoid deployment disruptions. 📝 Summary cert-manager v1.19.2 is here, bringing crucial security updates and significant internal modernization. This release patches several identified vulnerabilities, including CVE-2025-61727, CVE-2025-61729, CVE-2025-47914, and CVE-2025-58181 through updates to the Go runtime and core golang.org/x dependencies. This enhances overall security. A key change for Helm users is how nodeSelector values merge; component-specific selectors now merge with global ones, overriding specific keys, which requires a review of existing deployments. This release also removes the outdated autocert package, signaling a move towards modern, secure ACME challenge handling by deprecating insecure TLS-SNI-01/TLS-SNI-02 challenges and improving TLS-ALPN-01 for IP addresses. Upgrade promptly to secure your clusters and review Helm configurations. ...