1. Docs
  2. Changes and releases
  3. Security

Security

  • Security dex-app v2.2.1

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed annotations to Chart.yaml to make the app visible to customers in Backstage.

    Fixed

    • Update dex to v2.43.1-gs3. Fixes redundant group name prefixing on token refresh that caused intermittent permission denied errors for users authenticating via Azure AD and certain other Dex connectors.
  • Security auth-bundle v0.6.0

    Added

    • Add io.giantswarm.application.managed chart annotation for Backstage visibility.

    Changed

    • Migrate chart metadata annotations to OCI-compatible format.
    • Update athena to v1.15.2.
    • Update ingress-nginx-app to version v4.2.4.
    • Update rbac-bootstrap-app to v0.2.3.
  • Security rbac-operator v0.43.0

    Added

    • Create AWS cluster role identity roles and bindings when the operator runs in capa.
  • Security trivy-app v0.14.2

    Changed

    • Build with up-to-date pipelines.
    • Migrate chart annotations to OCI-compatible format (change application.giantswarm.io/team to io.giantswarm.application.team, remove config.giantswarm.io/version).

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.
    • Push to the default catalog.
  • Security teleport-tbot v0.4.1

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.

    Changed

    • Fix kubernetes version label syntax when using Flux deployments.
    • Migrate chart metadata annotations to OCI-compatible format.
  • Security falco-app v0.11.2

    Added

    • Push to the default catalog.

    Changed

    • Escape + characters in .Chart.Version value when used as value for app.kubernetes.io/version label.
  • Security kyverno-app v0.24.1

    Added

    • Add io.giantswarm.application.managed chart annotations for Backstage visibility.
    • Push to the default catalog.

    Changed

    • Migrate Chart.yaml metadata annotations to new io.giantswarm.application.* format.
    • Sanitize Chart.Version when used in labels due to flux appending the artifact digest to the version.
  • Security teleport-kube-agent-app v0.10.8

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.

    Changed

    • Migrate chart metadata annotations to OCI-compatible format.
  • Security cert-manager-app v3.11.0

    Added

    • Add Vertical Pod Autoscaler (VPA) support for webhook pods.

    Removed

    • Remove PodSecurityPolicy (PSP) and related resources.
    • Remove Giant Swarm PSP to PSS migration logic.
  • Security cert-manager-app v3.10.0

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.
    • Add PodLogs for log collection.

    Fixed

    • Fix controller Vertical Pod Autoscaler (VPA) resource syntax.