Security

• Oct 21, 2025 Security organization-operator v2.1.2

  Changed

  • Updated RBAC rules to include organizations/finalizers for managing .metadata.ownerReferences.blockOwnerDeletion.
  • Disable PodSecurityPolicies by deafult.
• Oct 20, 2025 Security cert-manager-app v3.9.4

  Changed

  • Upgrade cert-manager to v1.18.2.

  Added

  • Add E2E tests using apptest-framework for automated PR testing across multiple providers (CAPA, CAPV, CAPZ, CAPVCD).
    • Basic test suite: Validates fresh installations
    • Upgrade test suite: Tests upgrade scenarios and certificate reconciliation
  • Add certificate issuance integration test to cluster-test-suites.
• Oct 10, 2025 Security auth-bundle v0.2.5
  • Update dependency giantswarm/ingress-nginx-app to v4.1.3
  • Update dependency giantswarm/athena to v1.14.1
• Oct 9, 2025 Security athena v1.14.1

  Removed

  • Removed the configuration values letsencrypt, crtPemB64 and keyPemB64. These are not used and private certificates are configured from cert-manager.
• Oct 7, 2025 Security auth-bundle v0.2.4

  Changed

  • Update dex-app to v2.1.2.
• Oct 7, 2025 Security dex-app v2.1.2

  Changed

  • Change base image registry to gsoci.azurecr.io
• Oct 7, 2025 Security cert-manager-app v3.9.3

  Changed

  • Fix missing targetPort in cainjector-service
• Oct 3, 2025 Security external-secrets v0.18.3

  Changed

  • Only support Kyverno PolicyException version v2 and remove v2beta1 support.
• Sep 24, 2025 Security rbac-operator v0.42.3

  Fixed

  • Fix missing cluster-wide write permissions for customer admin groups by adding the missing write-all-customer-group ClusterRoleBinding.
• Sep 17, 2025 Security rbac-operator v0.42.2

  Added

  • Extended crossplane-edit ClusterRoleBinding to include automation ServiceAccounts from all organization namespaces.
  • Added dynamic namespace watching to automatically add/remove org automation ServiceAccounts from the crossplane-edit ClusterRoleBinding when org namespaces are created or deleted.

• Older entries