Merge pull request #1648 from SgtCoDFish/cm-releases

Add release notes for new versions
cert-manager · Feb 16, 2025 · 1c5200e · 1c5200e
2 parents 9a40402 + 9d525bd
commit 1c5200e
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 2 deletions.
diff --git a/.spelling b/.spelling
@@ -27,6 +27,8 @@ lauraseidler
 ABWassim
 ThatsMrTalbot
 Pionerd
+tareksha
+LukeCarrier
 SHA-256
 SHA-384
 SHA-512

diff --git a/content/docs/releases/release-notes/release-notes-1.12.md b/content/docs/releases/release-notes/release-notes-1.12.md
@@ -42,8 +42,7 @@ helm upgrade --install cert-manager jetstack/cert-manager --namespace cert-manag
 
 ### Lower memory footprint
 
-In 1.12 we continued the work started in 1.11 to reduce cert-manager component's
-memory consumption.
+In 1.12 we continued the work started in 1.11 to reduce cert-manager's memory consumption.
 
 #### Controller
 
@@ -217,6 +216,28 @@ time and resources towards the continued maintenance of cert-manager projects. V
 cert-manager 1.12 as a long term support release, meaning it will be maintained for much longer
 than other releases to provide a stable platform for enterprises to build upon.
 
+## `v1.12.16`
+
+This patch release is primarily intended to address a [breaking change](https://github.com/cert-manager/cert-manager/issues/7540) in Cloudflare's API which impacted ACME DNS-01 challenges using Cloudflare.
+
+It also bumps Go from `1.21.x` to `1.23.x` to address a range of reported CVEs. This in turn requires bumping the `controller-gen` tool which changes the format of descriptions in generated CRD YAML. The following CVEs are fixed:
+
+- `CVE-2024-34156`
+- `CVE-2024-34155`
+- `CVE-2024-34158`
+- `CVE-2024-45336`
+- `CVE-2024-45341`
+- `CVE-2025-22866`
+
+We don't expect that bumping Go will produce many noticeable changes, but there are some `GODEBUG` changes that could be applicable - specifically `x509negativeserial` may be of interest to users dealing with legacy certificates.
+
+There's more information [on `go.dev`](https://go.dev/doc/godebug#go-123) which may help if you suspect any changes in this version bump may have caused issues in your environment.
+
+### Bug Fixes
+
+- Bump go to 1.23.6 which also requires bumping controller-gen to address a panic in that tool. That change in turn changes the formatting (but not the content) of CRD YAML for release-1.12 ([#7570](https://github.com/cert-manager/cert-manager/pull/7570), [@SgtCoDFish](https://github.com/SgtCoDFish))
+- Fix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API ([#7568](https://github.com/cert-manager/cert-manager/pull/7568), [@SgtCoDFish](https://github.com/SgtCoDFish) + [@LukeCarrier](https://github.com/LukeCarrier))
+
 ## `v1.12.15`
 
 cert-manager `v1.12.15` contains simple dependency bumps to address reported CVEs (`CVE-2024-45337` and `CVE-2024-45338`).

diff --git a/content/docs/releases/release-notes/release-notes-1.16.md b/content/docs/releases/release-notes/release-notes-1.16.md
@@ -223,6 +223,16 @@ Thanks also to the CNCF, which provides resources and support, and to the AWS op
 
 In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects.
 
+## `v1.16.4`
+
+This patch release is primarily intended to address a [breaking change](https://github.com/cert-manager/cert-manager/issues/7540) in Cloudflare's API which impacted ACME DNS-01 challenges using Cloudflare.
+
+### Bug or Regression
+
+- Fix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API ([#7566](https://github.com/cert-manager/cert-manager/pull/7566), [@LukeCarrier](https://github.com/LukeCarrier))
+- Bump go to 1.23.6 to address [`CVE-2025-22866`](https://github.com/advisories/GHSA-3whm-j4xm-rv8x) reported by Trivy ([#7562](https://github.com/cert-manager/cert-manager/pull/7562), [@SgtCoDFish](https://github.com/SgtCoDFish))
+- Update go to 1.23.5 ([#7533](https://github.com/cert-manager/cert-manager/pull/7533), [@tareksha](https://github.com/tareksha))
+
 ## `v1.16.3`
 
 cert-manager `v1.16.3` is a patch release mainly focused around bumping dependencies to address reported CVEs: `CVE-2024-45337` and `CVE-2024-45338`.

diff --git a/content/docs/releases/release-notes/release-notes-1.17.md b/content/docs/releases/release-notes/release-notes-1.17.md
@@ -108,6 +108,16 @@ And finally, thanks to the cert-manager steering committee for their feedback in
 - [@ianarsenault](https://github.com/ianarsenault)
 - [@TrilokGeer](https://github.com/TrilokGeer)
 
+## `v1.17.1`
+
+This patch release is primarily intended to address a [breaking change](https://github.com/cert-manager/cert-manager/issues/7540) in Cloudflare's API which impacted ACME DNS-01 challenges using Cloudflare.
+
+### Bug or Regression
+
+- Fix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API ([#7565](https://github.com/cert-manager/cert-manager/pull/7565), [@LukeCarrier](https://github.com/LukeCarrier))
+- Bump go to 1.23.6 to address [`CVE-2025-22866`](https://github.com/advisories/GHSA-3whm-j4xm-rv8x) reported by Trivy ([#7563](https://github.com/cert-manager/cert-manager/pull/7563), [@SgtCoDFish](https://github.com/sgtcodfish))
+
+
 ## `v1.17.0`
 
 ### Feature