Skip to content

v1.19.1

Latest
Latest

Choose a tag to compare

View all tags
@jetstack-release-bot jetstack-release-bot released this 15 Oct 15:33
v1.19.1
This tag was signed with the committer’s verified signature.
wallrj-cyberark Richard Wall
SSH Key Fingerprint: V4lthgsNR76QkCRhK3PFIvWKLTVfh0t/Bz/UumyB+V8
Verified
Learn about vigilant mode.
a22e21e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We reverted the CRD-based API defaults for Certificate.Spec.IssuerRef and CertificateRequest.Spec.IssuerRef after they were found to cause unexpected certificate renewals after upgrading to 1.19.0. We will try re-introducing these API defaults in cert-manager 1.20.
We fixed a bug that caused certificates to be re-issued unexpectedly if the issuerRef kind or group was changed to one of the "runtime" default values.
We upgraded Go to 1.25.3 to address the following security vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, and CVE-2025-61725.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since v1.19.0:

Bug or Regression

  • BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8175, @cert-manager-bot)
  • Bump Go to 1.25.3 to fix a backwards incompatible change to the validation of DNS names in X.509 SAN fields which prevented the use of DNS names with a trailing dot (#8177, @wallrj-cyberark)
  • Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8178, @cert-manager-bot)

Contributors

cert-manager-bot and wallrj-cyberark
Assets 4
Loading