v3.14.2

Bug Fixes

• CVE-2023-44487, CVE-2023-48795, GO-2024-2687, GHSA-7ww5-4wqc-m92c, CVE-2024-24557, GHSA-jq35-85cj-fj4p for release 3.14 (#3314) #3314 (Jaydipkumar Arvindbhai Gabani)

Chores

• Prepare v3.14.2 release (#3362) #3362 (github-actions[bot])

v3.16.0-beta.2

Features

• enable vap in helm (#3329) #3329 (Rita Zhang)
• Enable toggling of deferring to VAP (#3335) #3335 (Max Smythe)
• helm: matchConditions added in Validating & MutatingWebhookConfiguration (#3343) #3343 (leewoobin789)

Bug Fixes

• store constraint status audit results in sorted order (#3293) #3293 (Prachi Pendse)
• over-restrictive validation of wildcard match patterns (#3310) #3310 (Ben Couture)

Documentation

• fix go install gator (#3325) #3325 (Sertaç Özercan)
• update opa version in readme (#3330) #3330 (Rita Zhang)

Chores

• bump github.com/docker/docker from 25.0.1+incompatible to 25.0.2+incompatible (#3324) #3324 (dependabot[bot])
• bump cloud.google.com/go/trace from 1.10.5 to 1.10.6 (#3319) #3319 (dependabot[bot])
• bump frameworks to 359cf1b (#3326) #3326 (Sertaç Özercan)
• bump github.com/docker/docker from 25.0.2+incompatible to 25.0.5+incompatible (#3327) #3327 (dependabot[bot])
• bump webpack-dev-middleware from 5.3.1 to 5.3.4 in /website (#3332) #3332 (dependabot[bot])
• bump express from 4.18.1 to 4.19.2 in /website (#3334) #3334 (dependabot[bot])
• bump to go 1.22 bookworm (#3323) #3323 (Sertaç Özercan)
• update lint (#3338) #3338 (Sertaç Özercan)
• Prepare v3.16.0-beta.2 release (#3344) #3344 (github-actions[bot])

v3.16.0-beta.1

Features

• add disableAudit helm option (#3270) #3270 (Dor Bareket)
• vap generation (#3266) #3266 (Rita Zhang)

Bug Fixes

• Remove validation of constraint template rego (#3262) #3262 (Mohammad Zuber Khan)
• update unit test for vap generation; add custom assets for envtest (#3289) #3289 (Rita Zhang)
• fixing metrics views (#3307) #3307 (Jaydipkumar Arvindbhai Gabani)

Documentation

• document constraint match.source (#3291) #3291 (Sertaç Özercan)

Continuous Integration

• bump k8s matrix (#3267) #3267 (Sertaç Özercan)
• fix license lint (#3279) #3279 (Sertaç Özercan)
• pointing to correct versioned yaml on website creation (#3258) #3258 (Jaydipkumar Arvindbhai Gabani)

Chores

• bump kubectl from v1.29.1 to v1.29.2 (#3273) #3273 (dependabot[bot])
• Upgrade controller-runtime to 0.17.2, remove fork (#3278) #3278 (Max Smythe)
• bump the k8s group with 4 updates (#3280) #3280 (dependabot[bot])
• bump oras.land/oras-go from 1.2.4 to 1.2.5 (#3239) #3239 (dependabot[bot])
• bump the all group with 10 updates (#3281) #3281 (dependabot[bot])
• bump cloud.google.com/go/trace from 1.10.4 to 1.10.5 (#3254) #3254 (dependabot[bot])
• bump the all group with 4 updates (#3292) #3292 (dependabot[bot])
• bump github.com/golang/protobuf from 1.5.3 to 1.5.4 (#3301) #3301 (dependabot[bot])
• bump kubectl from v1.29.2 to v1.29.3 (#3317) #3317 (dependabot[bot])
• bump the k8s group with 4 updates (#3318) #3318 (dependabot[bot])
• bump the all group with 4 updates (#3313) #3313 (dependabot[bot])
• bump follow-redirects from 1.15.4 to 1.15.6 in /website (#3316) #3316 (dependabot[bot])
• bump google.golang.org/grpc from 1.61.0 to 1.61.1 (#3285) #3285 (dependabot[bot])
• Prepare v3.16.0-beta.1 release (#3306) #3306 (github-actions[bot])

Commits

• fed8e15: fix #3261 Sort constraint status audit results (#3277) (Prachi Pendse) #3277

v3.15.1

Features

• Update audit and controller manager with pod labels (#3240) (cherry pick) (#3294) #3294 (James Bruce)

Chores

• Prepare v3.15.1 release (#3304) #3304 (github-actions[bot])

v3.14.1

Features

• Update audit and controller manager with pod labels (#3240) (cherry pick) (#3284) #3284 (James Bruce)

Bug Fixes

• log panic in am (#3174) cherry-pick for 3.14 (#3180) #3180 (alex)

Chores

• Prepare v3.14.1 release (#3305) #3305 (github-actions[bot])

v3.16.0-beta.0

Features

• Update audit and controller manager with pod labels (#3240) #3240 (James Bruce)

Bug Fixes

• fixing panic in debug log (#3244) #3244 (Jaydipkumar Arvindbhai Gabani)
• fixing panic in error log (#3246) #3246 (Jaydipkumar Arvindbhai Gabani)

Documentation

• add docs on how to contribute templates (#3242) #3242 (Xander Grzywinski)
• add request input struct (#3234) #3234 (Xander Grzywinski)

Continuous Integration

• removing auto tagging workflow (#3257) #3257 (Jaydipkumar Arvindbhai Gabani)
• running ci with gatekeeper debug logs (#3260) #3260 (Jaydipkumar Arvindbhai Gabani)

Chores

• bump kubectl from v1.29.0 to v1.29.1 (#3232) #3232 (dependabot[bot])
• bump golang from 6ac4c35 to adf7ccb in /build/tooling (#3233) #3233 (dependabot[bot])
• bump golang from 6ac4c35 to adf7ccb in /test/image (#3231) #3231 (dependabot[bot])
• bump golang from adf7ccb to 47fa179 in /build/tooling (#3238) #3238 (dependabot[bot])
• bump golang from adf7ccb to 47fa179 in /test/image (#3236) #3236 (dependabot[bot])
• Setting pubsub annotations using --set in makefile (#3160) #3160 (Jaydipkumar Arvindbhai Gabani)
• Prepare v3.16.0-beta.0 release (#3256) #3256 (github-actions[bot])

v3.15.0

Notable Changes

• 📐 Introducing support for replicating data with SyncSets. This is an alpha feature, feedback is welcome!

Features

• add syncset controller, feat: syncset readiness (#3030) by @alex

Bug Fixes

• fixing panic in debug log (#3244) cherry-pick (#3245) by @JaydipGabani
• disable psp as default (#3179) by @ritazh
• log panic in am (#3174) by @alex
• Ident podLabels on deployments (#3153) by @joaosilva15
• only validate gk res (#3158) by @alex
• check name length for all gk resources (#3094) by @alex
• ns exclusion audit from cache (#3129) by @alex
• fixes disable cache flow (#3132) by @nilekhc
• auto signing PR for dco (#3120) by @JaydipGabani
• support DELETE configs validation (#3089) by @alex
• limit length of ExpansionTemplate names to <64 (#3078) by @davis-haba
• add nindent in objectSelector (#3071) by @leewoobin789

Documentation

• syncset docs (#3202) by @alex
• update repo env var (#3203) by @ritazh
• Update install.md (#3191) by @Asya-kawai
• automate installation docs to point to tag (#3178) by @sozercan
• clarify rc release (#3139) by @sozercan
• examples, fix:improve gator err msg (#3079) by @alex
• update vap demo readme (#3096) by @sozercan

Tests

• bump dapr to 1.12 (#3108) by @sozercan

Refactoring

• remove finalizer removal code (#3085) by @alex

Continuous Integration

• set up go version for govulncheck (#3159) by @sozercan
• add govulncheck (#3114) by @sozercan
• drop arm/v7 builds for crd image (#3074) by @sozercan

Chores

• Prepare v3.15.0 release (#3248) by @github-actions[bot]
• Prepare v3.15.0-rc.0 release (#3230) by @github-actions[bot]
• bump the k8s group with 2 updates (#3226) by @dependabot[bot]
• bump golang from 1e3c713 to 6ac4c35 in /test/image (#3220) by @dependabot[bot]
• bump golang from 1e3c713 to 6ac4c35 in /build/tooling (#3221) by @dependabot[bot]
• moving to otel from opencensus (#3011) by @JaydipGabani
• bump framework to 18fa1fc7dc06 (#3211) by @ritazh
• bump the k8s group with 3 updates (#3209) by @dependabot[bot]
• bump clsx from 1.2.1 to 2.1.0 in /website (#3204) by @dependabot[bot]
• bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible (#3127) by @dependabot[bot]
• bump cloud.google.com/go/trace from 1.10.2 to 1.10.4 (#3149) by @dependabot[bot]
• bump follow-redirects from 1.14.9 to 1.15.4 in /website (#3208) by @dependabot[bot]
• bump kubectl from v1.28.3 to v1.29.0 (#3193) by @dependabot[bot]
• bump github.com/containerd/containerd from 1.7.6 to 1.7.11 (#3198) by @dependabot[bot]
• bump golang from fe69f48 to ca78a56 in /build/tooling (#3194) by @dependabot[bot]
• bump golang from fe69f48 to ca78a56 in /test/image (#3196) by @dependabot[bot]
• bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#3197) by @dependabot[bot]
• bump the all group with 5 updates (#3207) by @dependabot[bot]
• fix golanglint, checkout prior to setup-go (#3206) by @apeabody
• bump golang from 26c7537 to fe69f48 in /test/image (#3150) by @dependabot[bot]
• bump golang from 26c7537 to fe69f48 in /build/tooling (#3148) by @dependabot[bot]
• bump the all group with 5 updates (#3182) by @dependabot[bot]
• auto tagging after release pr is merged (#3135) by @JaydipGabani
• Prepare v3.15.0-beta.0 release (#3142) by @github-actions[bot]
• adding default helm values for pubsub audit connection and channel (#3097) by @JaydipGabani
• bump kubectl from 1.28.2 to v1.28.3 (#3101) by @dependabot[bot]
• add codeowners (#3110) by @sozercan
• bump @docusaurus/preset-classic from 2.4.0 to 2.4.3 in /website (#3022) by @dependabot[bot]
• bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#3087) by @dependabot[bot]
• bump @docusaurus/core from 2.4.0 to 2.4.3 in /website (#3021) by @dependabot[bot]
• bump the all group with 1 update (#3104) by @dependabot[bot]
• bump cloud.google.com/go/trace from 1.10.1 to 1.10.2 (#3095) by @dependabot[bot]
• bump github.com/onsi/gomega from 1.27.7 to 1.27.10 (#2900) by @dependabot[bot]
• bump the all group with 3 updates (#3088) by @dependabot[bot]
• bump @babel/traverse from 7.18.8 to 7.23.2 in /website (#3075) by @dependabot[bot]
• bump frameworks for 3.14 (#3083) by @sozercan

Full Changelog: v3.14.0...v3.15.0

v3.15.0-rc.0

Features

• add syncset controller, feat: syncset readiness (#3030) #3030 (alex)

Bug Fixes

• Ident podLabels on deployments (#3153) #3153 (João Silva)
• log panic in am (#3174) #3174 (alex)
• disable psp as default (#3179) #3179 (Rita Zhang)

Documentation

• automate installation docs to point to tag (#3178) #3178 (Sertaç Özercan)
• Update install.md (#3191) #3191 (Asya-kawai)
• update repo env var (#3203) #3203 (Rita Zhang)
• syncset docs (#3202) #3202 (alex)

Tests

• bump dapr to 1.12 (#3108) #3108 (Sertaç Özercan)

Continuous Integration

• set up go version for govulncheck (#3159) #3159 (Sertaç Özercan)

Chores

• auto tagging after release pr is merged (#3135) #3135 (Jaydipkumar Arvindbhai Gabani)
• bump the all group with 5 updates (#3182) #3182 (dependabot[bot])
• bump golang from 26c7537 to fe69f48 in /build/tooling (#3148) #3148 (dependabot[bot])
• bump golang from 26c7537 to fe69f48 in /test/image (#3150) #3150 (dependabot[bot])
• fix golanglint, checkout prior to setup-go (#3206) #3206 (Andrew Peabody)
• bump the all group with 5 updates (#3207) #3207 (dependabot[bot])
• bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#3197) #3197 (dependabot[bot])
• bump golang from fe69f48 to ca78a56 in /test/image (#3196) #3196 (dependabot[bot])
• bump golang from fe69f48 to ca78a56 in /build/tooling (#3194) #3194 (dependabot[bot])
• bump github.com/containerd/containerd from 1.7.6 to 1.7.11 (#3198) #3198 (dependabot[bot])
• bump kubectl from v1.28.3 to v1.29.0 (#3193) #3193 (dependabot[bot])
• bump follow-redirects from 1.14.9 to 1.15.4 in /website (#3208) #3208 (dependabot[bot])
• bump cloud.google.com/go/trace from 1.10.2 to 1.10.4 (#3149) #3149 (dependabot[bot])
• bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible (#3127) #3127 (dependabot[bot])
• bump clsx from 1.2.1 to 2.1.0 in /website (#3204) #3204 (dependabot[bot])
• bump the k8s group with 3 updates (#3209) #3209 (dependabot[bot])
• bump framework to 18fa1fc7dc06 (#3211) #3211 (Rita Zhang)
• moving to otel from opencensus (#3011) #3011 (Jaydipkumar Arvindbhai Gabani)
• bump golang from 1e3c713 to 6ac4c35 in /build/tooling (#3221) #3221 (dependabot[bot])
• bump golang from 1e3c713 to 6ac4c35 in /test/image (#3220) #3220 (dependabot[bot])
• bump the k8s group with 2 updates (#3226) #3226 (dependabot[bot])
• Prepare v3.15.0-rc.0 release (#3230) #3230 (github-actions[bot])

v3.15.0-beta.0

Bug Fixes

• helm: add nindent in objectSelector (#3071) #3071 (leewoobin789)
• limit length of ExpansionTemplate names to <64 (#3078) #3078 (Davis Haba)
• support DELETE configs validation (#3089) #3089 (alex)
• auto signing PR for dco (#3120) #3120 (Jaydipkumar Arvindbhai Gabani)
• fixes disable cache flow (#3132) #3132 (Nilekh Chaudhari)
• ns exclusion audit from cache (#3129) #3129 (alex)
• check name length for all gk resources (#3094) #3094 (alex)
• only validate gk res (#3158) #3158 (alex)

Documentation

• update vap demo readme (#3096) #3096 (Sertaç Özercan)
• examples, fix:improve gator err msg (#3079) #3079 (alex)
• clarify rc release (#3139) #3139 (Sertaç Özercan)

Code Refactoring

• remove finalizer removal code (#3085) #3085 (alex)

Continuous Integration

• drop arm/v7 builds for crd image (#3074) #3074 (Sertaç Özercan)
• add govulncheck (#3114) #3114 (Sertaç Özercan)

Chores

• bump frameworks for 3.14 (#3083) #3083 (Sertaç Özercan)
• bump @babel/traverse from 7.18.8 to 7.23.2 in /website (#3075) #3075 (dependabot[bot])
• bump the all group with 3 updates (#3088) #3088 (dependabot[bot])
• bump github.com/onsi/gomega from 1.27.7 to 1.27.10 (#2900) #2900 (dependabot[bot])
• bump cloud.google.com/go/trace from 1.10.1 to 1.10.2 (#3095) #3095 (dependabot[bot])
• bump the all group with 1 update (#3104) #3104 (dependabot[bot])
• bump @docusaurus/core from 2.4.0 to 2.4.3 in /website (#3021) #3021 (dependabot[bot])
• bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#3087) #3087 (dependabot[bot])
• bump @docusaurus/preset-classic from 2.4.0 to 2.4.3 in /website (#3022) #3022 (dependabot[bot])
• add codeowners (#3110) #3110 (Sertaç Özercan)
• bump kubectl from 1.28.2 to v1.28.3 (#3101) #3101 (dependabot[bot])
• adding default helm values for pubsub audit connection and channel (#3097) #3097 (Jaydipkumar Arvindbhai Gabani)
• Prepare v3.15.0-beta.0 release (#3142) #3142 (github-actions[bot])

v3.13.4

Bug Fixes

• CVE-2023-45142 for release 3.13 (#3113) #3113 (Sertaç Özercan)
• ns exclusion audit from cache (#3129) cherry-pick for 3.13 (#3140) #3140 (alex)

Chores

• bump kubectl for release 3.13 (#3118) #3118 (Sertaç Özercan)
• Prepare v3.13.4 release (#3144) #3144 (github-actions[bot])