{"id":40803,"name":"jetstack/cert-manager-cainjector","ecosystem":"docker","repository_url":null,"issues_count":4,"created_at":"2025-06-11T10:05:30.856Z","updated_at":"2025-06-11T10:05:30.856Z","purl":"pkg:docker/jetstack/cert-manager-cainjector","unique_repositories_count":2,"unique_repositories_count_past_30_days":1,"recent_issues":[{"uuid":"3493647971","node_id":"PR_kwDOF3eXvs6sm4it","number":10206,"state":"open","title":"Bump jetstack/cert-manager-cainjector from v1.18.2 to v1.19.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-10-08T03:02:17.000Z","updated_at":"2025-10-08T08:04:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-cainjector","old_version":"v1.18.2","new_version":"v1.19.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-cainjector](https://github.com/cert-manager/cert-manager) from v1.18.2 to v1.19.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-cainjector's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eThis release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e📖  Read the full release notes at cert-manager.io: \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.19\"\u003ehttps://cert-manager.io/docs/releases/release-notes/release-notes-1.19\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch2\u003eFeature\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd IPv6 rules to the default network policy (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7726\"\u003e#7726\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eglobal.nodeSelector\u003c/code\u003e to helm chart to allow for a single \u003ccode\u003enodeSelector\u003c/code\u003e to be set across all services. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7818\"\u003e#7818\u003c/a\u003e, \u003ca href=\"https://github.com/StingRayZA\"\u003e\u003ccode\u003e@​StingRayZA\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a feature gate to default to Ingress \u003ccode\u003epathType\u003c/code\u003e \u003ccode\u003eExact\u003c/code\u003e in ACME HTTP01 Ingress challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7795\"\u003e#7795\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generated \u003ccode\u003eapplyconfigurations\u003c/code\u003e allowing clients to make type-safe server-side apply requests for cert-manager resources. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7866\"\u003e#7866\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded API defaults to issuer references group (cert-manager.io) and kind (Issuer). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7414\"\u003e#7414\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecertmanager_certificate_challenge_status\u003c/code\u003e Prometheus metric. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7736\"\u003e#7736\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprotocol\u003c/code\u003e field for \u003ccode\u003erfc2136\u003c/code\u003e DNS01 provider (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7881\"\u003e#7881\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded experimental field \u003ccode\u003ehostUsers\u003c/code\u003e flag to all pods. Not set by default. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7973\"\u003e#7973\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global \u003ccode\u003e--acme-http01-solver-resource-*\u003c/code\u003e settings. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7972\"\u003e#7972\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eCAInjectorMerging\u003c/code\u003e feature has been promoted to BETA and is now enabled by default (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8017\"\u003e#8017\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@​ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8072\"\u003e#8072\u003c/a\u003e, \u003ca href=\"https://github.com/prasad89\"\u003e\u003ccode\u003e@​prasad89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003ecertificate\u003c/code\u003e metrics to the collector approach. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7856\"\u003e#7856\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug or Regression\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eACME: Increased challenge authorization timeout to 2 minutes to fix \u003ccode\u003eerror waiting for authorization\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7796\"\u003e#7796\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7816\"\u003e#7816\u003c/a\u003e, \u003ca href=\"https://github.com/kinolaev\"\u003e\u003ccode\u003e@​kinolaev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (\u003ccode\u003eclass\u003c/code\u003e, \u003ccode\u003eingressClassName\u003c/code\u003e, \u003ccode\u003ename\u003c/code\u003e) are specified simultaneously (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8021\"\u003e#8021\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIncrease maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7961\"\u003e#7961\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7836\"\u003e#7836\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@​inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThis change removes the \u003ccode\u003epath\u003c/code\u003e label of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8109\"\u003e#8109\u003c/a\u003e, \u003ca href=\"https://github.com/mladen-rusev-cyberark\"\u003e\u003ccode\u003e@​mladen-rusev-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse the latest version of \u003ccode\u003eingress-nginx\u003c/code\u003e in E2E tests to ensure compatibility (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7792\"\u003e#7792\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther (Cleanup or Flake)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHelm: Fix naming template of \u003ccode\u003etokenrequest\u003c/code\u003e RoleBinding resource to improve consistency (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7761\"\u003e#7761\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7928\"\u003e#7928\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMajor upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8003\"\u003e#8003\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate kind images to include the Kubernetes 1.33 node image (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7786\"\u003e#7786\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003emaps.Copy\u003c/code\u003e for cleaner map handling (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8092\"\u003e#8092\u003c/a\u003e, \u003ca href=\"https://github.com/quantpoet\"\u003e\u003ccode\u003e@​quantpoet\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVault: Migrate Vault E2E add-on tests from deprecated \u003ccode\u003evault-client-go\u003c/code\u003e to the new \u003ccode\u003evault/api\u003c/code\u003e client. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8059\"\u003e#8059\u003c/a\u003e, \u003ca href=\"https://github.com/armagankaratosun\"\u003e\u003ccode\u003e@​armagankaratosun\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/12a3ef97916bf5c1bea55740caab49e93e2b6d54\"\u003e\u003ccode\u003e12a3ef9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8142\"\u003e#8142\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/50f41426821e0e40dc4d63722952447d2e3a8342\"\u003e\u003ccode\u003e50f4142\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/55c8b13edef335844126e7fafd231a3a39771953\"\u003e\u003ccode\u003e55c8b13\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8140\"\u003e#8140\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/b532b0d874adf56aad1b9b7c8a7a6f416b8fafc7\"\u003e\u003ccode\u003eb532b0d\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/gateway-api to v1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/2b1e348c2db65c6fab1cb57cdb174749797dfc80\"\u003e\u003ccode\u003e2b1e348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8138\"\u003e#8138\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/24e1c7a7336b0257a3fec3ccf687194757db94ce\"\u003e\u003ccode\u003e24e1c7a\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/290d577b0627dc5388dac7e3c6e152ba8eeb5a1a\"\u003e\u003ccode\u003e290d577\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8137\"\u003e#8137\u003c/a\u003e from cert-manager/renovate/misc-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/8b1650cffbb5251fa9ddef7c2b93c788ebea2d48\"\u003e\u003ccode\u003e8b1650c\u003c/code\u003e\u003c/a\u003e fix(deps): update misc go deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0343fae1f3db779406d4ccff42a724c3886c979a\"\u003e\u003ccode\u003e0343fae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8136\"\u003e#8136\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/dbb59b7ba3706297fc399f764c287c7363f5417e\"\u003e\u003ccode\u003edbb59b7\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.18.2...v1.19.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-cainjector\u0026package-manager=docker\u0026previous-version=v1.18.2\u0026new-version=v1.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/10206","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/10206","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10206/packages"},{"uuid":"3236299094","node_id":"PR_kwDOJ2U4086fNIyU","number":396,"state":"open","title":"Bump jetstack/cert-manager-cainjector from v1.17.2 to v1.18.2 in /charts/cert-manager","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-16T14:55:07.000Z","updated_at":"2025-08-21T19:32:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-cainjector","old_version":"v1.17.2","new_version":"v1.18.2","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":"/charts/cert-manager","ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-cainjector](https://github.com/cert-manager/cert-manager) from v1.17.2 to v1.18.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-cainjector's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.2\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe fixed a bug in the CSR's name constraints construction (only applies if you have enabled the \u003ccode\u003eNameConstraints\u003c/code\u003e feature gate).\nWe dropped the new \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option due to a bug we found, this feature will be released in \u003ccode\u003ev1.19\u003c/code\u003e instead.\u003c/p\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.1\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.1\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe have added a new feature gate \u003ccode\u003eACMEHTTP01IngressPathTypeExact\u003c/code\u003e, to allow \u003ccode\u003eingress-nginx\u003c/code\u003e users to turn off the new default Ingress \u003ccode\u003ePathType: Exact\u003c/code\u003e behavior, in ACME HTTP01 Ingress challenge solvers.\nThis change fixes the following issue: \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7791\"\u003e#7791\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (\u003ccode\u003eerror waiting for authorization\u003c/code\u003e), which has been reported by multiple users, since the release of cert-manager \u003ccode\u003ev1.16.0\u003c/code\u003e.\nThis change should fix the following issues: \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7337\"\u003e#7337\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7444\"\u003e#7444\u003c/a\u003e, and \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7685\"\u003e#7685\u003c/a\u003e.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eℹ️ Be sure to review all new features and changes below, and read the \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.18\"\u003efull release notes\u003c/a\u003e carefully before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new feature gate \u003ccode\u003eACMEHTTP01IngressPathTypeExact\u003c/code\u003e, to allow \u003ccode\u003eingress-nginx\u003c/code\u003e users to turn off the new default Ingress \u003ccode\u003ePathType: Exact\u003c/code\u003e behavior, in ACME HTTP01 Ingress challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7810\"\u003e\u003ccode\u003e[#7810](https://github.com/cert-manager/cert-manager/issues/7810)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eACME: Increased challenge authorization timeout to 2 minutes to fix \u003ccode\u003eerror waiting for authorization\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7801\"\u003e\u003ccode\u003e[#7801](https://github.com/cert-manager/cert-manager/issues/7801)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther (Cleanup or Flake)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse the latest version of ingress-nginx in E2E tests to ensure compatibility (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7807\"\u003e\u003ccode\u003e[#7807](https://github.com/cert-manager/cert-manager/issues/7807)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.0-alpha.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e⚠️ This is a pre-release.  Please help the project by testing this release!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.17.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd config to the Vault issuer to allow the server-name to be specified when validating the certificates the Vault server presents. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7663\"\u003e\u003ccode\u003e[#7663](https://github.com/cert-manager/cert-manager/issues/7663)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eapp.kubernetes.io/managed-by: cert-manager\u003c/code\u003e label to the created Let's Encrypt account keys (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7577\"\u003e\u003ccode\u003e[#7577](https://github.com/cert-manager/cert-manager/issues/7577)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/terinjokes\"\u003e\u003ccode\u003e@terinjokes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded certificate issuance and expiration time metrics (\u003ccode\u003ecertmanager_certificate_not_before_timestamp_seconds\u003c/code\u003e, \u003ccode\u003ecertmanager_certificate_not_after_timestamp_seconds\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7612\"\u003e\u003ccode\u003e[#7612](https://github.com/cert-manager/cert-manager/issues/7612)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/686afa62160249022a0205d3a9bf5f059476c684\"\u003e\u003ccode\u003e686afa6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e from cert-manager-bot/cherry-pick-7836-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c38e37ed27f6b0b7169b0cf5393fd3d9a0225556\"\u003e\u003ccode\u003ec38e37e\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;More fine-grained control over powerful RBAC permission granted via H...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/e77920306540000a9dbe463b5a8d59b6b382ae85\"\u003e\u003ccode\u003ee779203\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e from cert-manager-bot/cherry-pick-7816-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/6d59891c6af64add40183fc8f5fca42e6e872417\"\u003e\u003ccode\u003e6d59891\u003c/code\u003e\u003c/a\u003e fix: permit permitted URI domains in name constraints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/d5382c8e024d418866d317ab1d7537d837b612a2\"\u003e\u003ccode\u003ed5382c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7814\"\u003e#7814\u003c/a\u003e from cert-manager-bot/cherry-pick-7813-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c4e9ecf77d5410bea30539dacc53802d4a0a78a8\"\u003e\u003ccode\u003ec4e9ecf\u003c/code\u003e\u003c/a\u003e Change ACMEHTTP01IngressPathTypeExact feature to beta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/379f43e3de2237b5c15c74307cf39699e5447db0\"\u003e\u003ccode\u003e379f43e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7811\"\u003e#7811\u003c/a\u003e from cert-manager-bot/cherry-pick-7809-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/9542d75b0ca4250ee099176d550424be9a7046f0\"\u003e\u003ccode\u003e9542d75\u003c/code\u003e\u003c/a\u003e make generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/aa0aedf47aa83341778e4133080ca5422ccd65d4\"\u003e\u003ccode\u003eaa0aedf\u003c/code\u003e\u003c/a\u003e Update feature gate documentation in the Helm chart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/f05762bcaf8b20f8e5166b8cef1990a500911fd5\"\u003e\u003ccode\u003ef05762b\u003c/code\u003e\u003c/a\u003e Explain why we disable strict-validate-path in ingress-nginx\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.17.2...v1.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-cainjector\u0026package-manager=docker\u0026previous-version=v1.17.2\u0026new-version=v1.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/onehinny/homelab/pull/396","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onehinny%2Fhomelab/issues/396","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/396/packages"},{"uuid":"2637215458","node_id":"PR_kwDOF3eXvs6dMLbi","number":9651,"state":"closed","title":"Bump jetstack/cert-manager-cainjector from v1.18.1 to v1.18.2","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-07-12T12:32:06.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-03T03:42:43.000Z","updated_at":"2025-07-12T12:32:06.000Z","time_to_close":809363,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-cainjector","old_version":"v1.18.1","new_version":"v1.18.2","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-cainjector](https://github.com/cert-manager/cert-manager) from v1.18.1 to v1.18.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-cainjector's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.2\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe fixed a bug in the CSR's name constraints construction (only applies if you have enabled the \u003ccode\u003eNameConstraints\u003c/code\u003e feature gate).\nWe dropped the new \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option due to a bug we found, this feature will be released in \u003ccode\u003ev1.19\u003c/code\u003e instead.\u003c/p\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.1\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/686afa62160249022a0205d3a9bf5f059476c684\"\u003e\u003ccode\u003e686afa6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e from cert-manager-bot/cherry-pick-7836-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c38e37ed27f6b0b7169b0cf5393fd3d9a0225556\"\u003e\u003ccode\u003ec38e37e\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;More fine-grained control over powerful RBAC permission granted via H...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/e77920306540000a9dbe463b5a8d59b6b382ae85\"\u003e\u003ccode\u003ee779203\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e from cert-manager-bot/cherry-pick-7816-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/6d59891c6af64add40183fc8f5fca42e6e872417\"\u003e\u003ccode\u003e6d59891\u003c/code\u003e\u003c/a\u003e fix: permit permitted URI domains in name constraints\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.18.1...v1.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-cainjector\u0026package-manager=docker\u0026previous-version=v1.18.1\u0026new-version=v1.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9651","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9651","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9651/packages"},{"uuid":"2582933306","node_id":"PR_kwDOF3eXvs6Z9G86","number":9513,"state":"closed","title":"Bump jetstack/cert-manager-cainjector from v1.17.2 to v1.18.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-06-11T08:22:53.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-11T03:18:26.000Z","updated_at":"2025-06-11T08:22:53.000Z","time_to_close":18267,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-cainjector","old_version":"v1.17.2","new_version":"v1.18.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-cainjector](https://github.com/cert-manager/cert-manager) from v1.17.2 to v1.18.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-cainjector's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003ecert-manager 1.18 introduces several new features and breaking changes. Highlights include support for ACME certificate profiles, a new default for \u003ccode\u003eCertificate.Spec.PrivateKey.RotationPolicy\u003c/code\u003e now set to \u003ccode\u003eAlways\u003c/code\u003e (breaking change), and the default \u003ccode\u003eCertificate.Spec.RevisionHistoryLimit\u003c/code\u003e now set to \u003ccode\u003e1\u003c/code\u003e (potentially breaking).\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eℹ️ Be sure to review all new features and changes below, and read the \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.18\"\u003efull release notes\u003c/a\u003e carefully before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eKnown Issues\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eACME + HTTP01 + Ingress-Nginx: \u003ccode\u003eError presenting challenge: admission webhook \u0026quot;validate.nginx.ingress.kubernetes.io\u0026quot; denied the request: ingress contains invalid paths: path /.well-known/acme-challenge/\u0026lt;REDACTED\u0026gt; cannot be used with pathType Exact\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7791\"\u003e#7791\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.17.2\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd config to the Vault issuer to allow the server-name to be specified when validating the certificates the Vault server presents. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7663\"\u003e#7663\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@​ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eapp.kubernetes.io/managed-by: cert-manager\u003c/code\u003e label to the created Let's Encrypt account keys (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7577\"\u003e#7577\u003c/a\u003e, \u003ca href=\"https://github.com/terinjokes\"\u003e\u003ccode\u003e@​terinjokes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded certificate issuance and expiration time metrics (\u003ccode\u003ecertmanager_certificate_not_before_timestamp_seconds\u003c/code\u003e, \u003ccode\u003ecertmanager_certificate_not_after_timestamp_seconds\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7612\"\u003e#7612\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@​solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded ingress-shim option: \u003ccode\u003e--extra-certificate-annotations\u003c/code\u003e,  which sets a list of annotation keys to be copied from Ingress-like to resulting Certificate object (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7083\"\u003e#7083\u003c/a\u003e, \u003ca href=\"https://github.com/k0da\"\u003e\u003ccode\u003e@​k0da\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eiss\u003c/code\u003e short name for the cert-manager \u003ccode\u003eIssuer\u003c/code\u003e resource. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7373\"\u003e#7373\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eciss\u003c/code\u003e short name for the cert-manager \u003ccode\u003eClusterIssuer\u003c/code\u003e resource (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7373\"\u003e#7373\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdds the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e helm value to disable HTTP-01 ACME challenges. This allows cert-manager to drop its permission to create pods, improving security when HTTP-01 challenges are not required. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7666\"\u003e#7666\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow customizing signature algorithm (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7591\"\u003e#7591\u003c/a\u003e, \u003ca href=\"https://github.com/tareksha\"\u003e\u003ccode\u003e@​tareksha\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache the full DNS response and handle TTL expiration in \u003ccode\u003eFindZoneByFqdn\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7596\"\u003e#7596\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsIvan\"\u003e\u003ccode\u003e@​ThatsIvan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCert-manager now uses a local fork of the golang.org/x/crypto/acme package (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7752\"\u003e#7752\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ca href=\"https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/\"\u003eACME profiles extension\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7777\"\u003e#7777\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePromote the \u003ccode\u003eUseDomainQualifiedFinalizer\u003c/code\u003e feature to GA. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7735\"\u003e#7735\u003c/a\u003e, \u003ca href=\"https://github.com/jsoref\"\u003e\u003ccode\u003e@​jsoref\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSwitched service/servicemon definitions to use port names instead of numbers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7727\"\u003e#7727\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default value of \u003ccode\u003eCertificate.Spec.PrivateKey.RotationPolicy\u003c/code\u003e changed from \u003ccode\u003eNever\u003c/code\u003e to \u003ccode\u003eAlways\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7723\"\u003e#7723\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePotentially breaking: Set the default revisionHistoryLimit to 1 for the CertificateRequest revisions (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7758\"\u003e#7758\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some comments (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7620\"\u003e#7620\u003c/a\u003e, \u003ca href=\"https://github.com/teslaedison\"\u003e\u003ccode\u003e@​teslaedison\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ego-jose\u003c/code\u003e dependency to address \u003ccode\u003eCVE-2025-27144\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7606\"\u003e#7606\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egolang.org/x/oauth2\u003c/code\u003e to patch \u003ccode\u003eCVE-2025-22868\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egolang.org/x/crypto\u003c/code\u003e to patch \u003ccode\u003eGHSA-hcg3-q754-cr77\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egithub.com/golang-jwt/jwt\u003c/code\u003e to patch \u003ccode\u003eGHSA-mh63-6h87-95cp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChange of the Kubernetes Ingress pathType from \u003ccode\u003eImplementationSpecific\u003c/code\u003e to \u003ccode\u003eExact\u003c/code\u003e for a reliable handling of ingress controllers and enhanced security. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7767\"\u003e#7767\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix AWS Route53 error detection for not-found errors during deletion of DNS records. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7690\"\u003e#7690\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix behavior when running with \u003ccode\u003e--namespace=\u0026lt;namespace\u0026gt;\u003c/code\u003e: limit the scope of cert-manager to a single namespace and disable cluster-scoped controllers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7678\"\u003e#7678\u003c/a\u003e, \u003ca href=\"https://github.com/tsaarni\"\u003e\u003ccode\u003e@​tsaarni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix handling of certificates with IP addresses in the \u003ccode\u003ecommonName\u003c/code\u003e field; IP addresses are no longer added to the DNS \u003ccode\u003esubjectAlternativeName\u003c/code\u003e list and are instead added to the \u003ccode\u003eipAddresses\u003c/code\u003e field as expected. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7081\"\u003e#7081\u003c/a\u003e, \u003ca href=\"https://github.com/johnjcool\"\u003e\u003ccode\u003e@​johnjcool\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7549\"\u003e#7549\u003c/a\u003e, \u003ca href=\"https://github.com/LukeCarrier\"\u003e\u003ccode\u003e@​LukeCarrier\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003ecertmanager_certificate_renewal_timestamp_seconds\u003c/code\u003e metric help text indicating that the metric is relative to expiration time, rather than Unix epoch time. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7609\"\u003e#7609\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@​solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixing the service account template to incorporate boolean values for the annotations. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7698\"\u003e#7698\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eQuote nodeSelector values in Helm Chart (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7579\"\u003e#7579\u003c/a\u003e, \u003ca href=\"https://github.com/tobiasbp\"\u003e\u003ccode\u003e@​tobiasbp\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip Gateway TLS listeners in \u003ccode\u003ePassthrough\u003c/code\u003e mode. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/6986\"\u003e#6986\u003c/a\u003e, \u003ca href=\"https://github.com/vehagn\"\u003e\u003ccode\u003e@​vehagn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003egolang.org/x/net\u003c/code\u003e fixing \u003ccode\u003eCVE-2025-22870\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7619\"\u003e#7619\u003c/a\u003e, \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/83dae3ef37f50973c0f3b3a818fc7d1b35fff341\"\u003e\u003ccode\u003e83dae3e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7790\"\u003e#7790\u003c/a\u003e from cert-manager-bot/cherry-pick-7789-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/64b5da275111004278a6b55ac05d2a85115757ea\"\u003e\u003ccode\u003e64b5da2\u003c/code\u003e\u003c/a\u003e make generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/bdd1320d54c976f5b2980175e8689d1894db24de\"\u003e\u003ccode\u003ebdd1320\u003c/code\u003e\u003c/a\u003e Fix typo in Certificate API documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/3ab737e8deb5d662aa2f7064fde023fd7883d4a6\"\u003e\u003ccode\u003e3ab737e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7787\"\u003e#7787\u003c/a\u003e from cert-manager-bot/cherry-pick-7786-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/4d0193e6557f7df90e1ffb06d819718775ec4d25\"\u003e\u003ccode\u003e4d0193e\u003c/code\u003e\u003c/a\u003e Add 1.33 option to cluster.sh\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/89473974338da4946b208df72a01a22d39222368\"\u003e\u003ccode\u003e8947397\u003c/code\u003e\u003c/a\u003e ./hack/latest-kind-images.sh v0.27.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/4eb6df2ec5e65b8c0b6ee4b16132c5deeb71c341\"\u003e\u003ccode\u003e4eb6df2\u003c/code\u003e\u003c/a\u003e Fix a typo in the make help text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/331f9e6638afa4833db7105b49bf43c3980cf502\"\u003e\u003ccode\u003e331f9e6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7785\"\u003e#7785\u003c/a\u003e from wallrj/go-1.24.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/df9f43b3c6ac1cab5658842094dd682b71ab7f76\"\u003e\u003ccode\u003edf9f43b\u003c/code\u003e\u003c/a\u003e Upgrade Go to v1.24.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/99aded1d141f6c5fd11399f2a1054c50b6f09fcd\"\u003e\u003ccode\u003e99aded1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7777\"\u003e#7777\u003c/a\u003e from wallrj/acme-profiles\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.17.2...v1.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-cainjector\u0026package-manager=docker\u0026previous-version=v1.17.2\u0026new-version=v1.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9513","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9513","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9513/packages"}],"issue_packages":[{"old_version":"v1.18.2","new_version":"v1.19.0","update_type":"minor","path":null,"pr_created_at":"2025-10-08T03:02:17.000Z","version_change":"v1.18.2 → v1.19.0","issue":{"uuid":"3493647971","node_id":"PR_kwDOF3eXvs6sm4it","number":10206,"state":"open","title":"Bump jetstack/cert-manager-cainjector from v1.18.2 to v1.19.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-10-08T03:02:17.000Z","updated_at":"2025-10-08T08:04:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-cainjector","old_version":"v1.18.2","new_version":"v1.19.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-cainjector](https://github.com/cert-manager/cert-manager) from v1.18.2 to v1.19.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-cainjector's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eThis release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e📖  Read the full release notes at cert-manager.io: \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.19\"\u003ehttps://cert-manager.io/docs/releases/release-notes/release-notes-1.19\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch2\u003eFeature\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd IPv6 rules to the default network policy (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7726\"\u003e#7726\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eglobal.nodeSelector\u003c/code\u003e to helm chart to allow for a single \u003ccode\u003enodeSelector\u003c/code\u003e to be set across all services. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7818\"\u003e#7818\u003c/a\u003e, \u003ca href=\"https://github.com/StingRayZA\"\u003e\u003ccode\u003e@​StingRayZA\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a feature gate to default to Ingress \u003ccode\u003epathType\u003c/code\u003e \u003ccode\u003eExact\u003c/code\u003e in ACME HTTP01 Ingress challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7795\"\u003e#7795\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generated \u003ccode\u003eapplyconfigurations\u003c/code\u003e allowing clients to make type-safe server-side apply requests for cert-manager resources. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7866\"\u003e#7866\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded API defaults to issuer references group (cert-manager.io) and kind (Issuer). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7414\"\u003e#7414\u003c/a\u003e, \u003ca href=\"https://github.com/erikgb\"\u003e\u003ccode\u003e@​erikgb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecertmanager_certificate_challenge_status\u003c/code\u003e Prometheus metric. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7736\"\u003e#7736\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprotocol\u003c/code\u003e field for \u003ccode\u003erfc2136\u003c/code\u003e DNS01 provider (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7881\"\u003e#7881\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded experimental field \u003ccode\u003ehostUsers\u003c/code\u003e flag to all pods. Not set by default. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7973\"\u003e#7973\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global \u003ccode\u003e--acme-http01-solver-resource-*\u003c/code\u003e settings. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7972\"\u003e#7972\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eCAInjectorMerging\u003c/code\u003e feature has been promoted to BETA and is now enabled by default (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8017\"\u003e#8017\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@​ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8072\"\u003e#8072\u003c/a\u003e, \u003ca href=\"https://github.com/prasad89\"\u003e\u003ccode\u003e@​prasad89\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003ecertificate\u003c/code\u003e metrics to the collector approach. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7856\"\u003e#7856\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug or Regression\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eACME: Increased challenge authorization timeout to 2 minutes to fix \u003ccode\u003eerror waiting for authorization\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7796\"\u003e#7796\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7816\"\u003e#7816\u003c/a\u003e, \u003ca href=\"https://github.com/kinolaev\"\u003e\u003ccode\u003e@​kinolaev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (\u003ccode\u003eclass\u003c/code\u003e, \u003ccode\u003eingressClassName\u003c/code\u003e, \u003ccode\u003ename\u003c/code\u003e) are specified simultaneously (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8021\"\u003e#8021\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIncrease maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7961\"\u003e#7961\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7836\"\u003e#7836\u003c/a\u003e, \u003ca href=\"https://github.com/inteon\"\u003e\u003ccode\u003e@​inteon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThis change removes the \u003ccode\u003epath\u003c/code\u003e label of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8109\"\u003e#8109\u003c/a\u003e, \u003ca href=\"https://github.com/mladen-rusev-cyberark\"\u003e\u003ccode\u003e@​mladen-rusev-cyberark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse the latest version of \u003ccode\u003eingress-nginx\u003c/code\u003e in E2E tests to ensure compatibility (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7792\"\u003e#7792\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther (Cleanup or Flake)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHelm: Fix naming template of \u003ccode\u003etokenrequest\u003c/code\u003e RoleBinding resource to improve consistency (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7761\"\u003e#7761\u003c/a\u003e, \u003ca href=\"https://github.com/lunarwhite\"\u003e\u003ccode\u003e@​lunarwhite\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7928\"\u003e#7928\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMajor upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8003\"\u003e#8003\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate kind images to include the Kubernetes 1.33 node image (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7786\"\u003e#7786\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003emaps.Copy\u003c/code\u003e for cleaner map handling (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8092\"\u003e#8092\u003c/a\u003e, \u003ca href=\"https://github.com/quantpoet\"\u003e\u003ccode\u003e@​quantpoet\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVault: Migrate Vault E2E add-on tests from deprecated \u003ccode\u003evault-client-go\u003c/code\u003e to the new \u003ccode\u003evault/api\u003c/code\u003e client. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8059\"\u003e#8059\u003c/a\u003e, \u003ca href=\"https://github.com/armagankaratosun\"\u003e\u003ccode\u003e@​armagankaratosun\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/12a3ef97916bf5c1bea55740caab49e93e2b6d54\"\u003e\u003ccode\u003e12a3ef9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8142\"\u003e#8142\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/50f41426821e0e40dc4d63722952447d2e3a8342\"\u003e\u003ccode\u003e50f4142\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/55c8b13edef335844126e7fafd231a3a39771953\"\u003e\u003ccode\u003e55c8b13\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8140\"\u003e#8140\u003c/a\u003e from cert-manager/renovate/kubernetes-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/b532b0d874adf56aad1b9b7c8a7a6f416b8fafc7\"\u003e\u003ccode\u003eb532b0d\u003c/code\u003e\u003c/a\u003e fix(deps): update module sigs.k8s.io/gateway-api to v1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/2b1e348c2db65c6fab1cb57cdb174749797dfc80\"\u003e\u003ccode\u003e2b1e348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8138\"\u003e#8138\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/24e1c7a7336b0257a3fec3ccf687194757db94ce\"\u003e\u003ccode\u003e24e1c7a\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/290d577b0627dc5388dac7e3c6e152ba8eeb5a1a\"\u003e\u003ccode\u003e290d577\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8137\"\u003e#8137\u003c/a\u003e from cert-manager/renovate/misc-go-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/8b1650cffbb5251fa9ddef7c2b93c788ebea2d48\"\u003e\u003ccode\u003e8b1650c\u003c/code\u003e\u003c/a\u003e fix(deps): update misc go deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/0343fae1f3db779406d4ccff42a724c3886c979a\"\u003e\u003ccode\u003e0343fae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/8136\"\u003e#8136\u003c/a\u003e from cert-manager/self-upgrade-master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/dbb59b7ba3706297fc399f764c287c7363f5417e\"\u003e\u003ccode\u003edbb59b7\u003c/code\u003e\u003c/a\u003e BOT: run 'make upgrade-klone' and 'make generate'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.18.2...v1.19.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-cainjector\u0026package-manager=docker\u0026previous-version=v1.18.2\u0026new-version=v1.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/10206","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/10206","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10206/packages"}},{"old_version":"v1.17.2","new_version":"v1.18.2","update_type":"minor","path":"/charts/cert-manager","pr_created_at":"2025-07-16T14:55:07.000Z","version_change":"v1.17.2 → v1.18.2","issue":{"uuid":"3236299094","node_id":"PR_kwDOJ2U4086fNIyU","number":396,"state":"open","title":"Bump jetstack/cert-manager-cainjector from v1.17.2 to v1.18.2 in /charts/cert-manager","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-16T14:55:07.000Z","updated_at":"2025-08-21T19:32:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-cainjector","old_version":"v1.17.2","new_version":"v1.18.2","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":"/charts/cert-manager","ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-cainjector](https://github.com/cert-manager/cert-manager) from v1.17.2 to v1.18.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-cainjector's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.2\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe fixed a bug in the CSR's name constraints construction (only applies if you have enabled the \u003ccode\u003eNameConstraints\u003c/code\u003e feature gate).\nWe dropped the new \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option due to a bug we found, this feature will be released in \u003ccode\u003ev1.19\u003c/code\u003e instead.\u003c/p\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.1\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.1\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe have added a new feature gate \u003ccode\u003eACMEHTTP01IngressPathTypeExact\u003c/code\u003e, to allow \u003ccode\u003eingress-nginx\u003c/code\u003e users to turn off the new default Ingress \u003ccode\u003ePathType: Exact\u003c/code\u003e behavior, in ACME HTTP01 Ingress challenge solvers.\nThis change fixes the following issue: \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7791\"\u003e#7791\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (\u003ccode\u003eerror waiting for authorization\u003c/code\u003e), which has been reported by multiple users, since the release of cert-manager \u003ccode\u003ev1.16.0\u003c/code\u003e.\nThis change should fix the following issues: \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7337\"\u003e#7337\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7444\"\u003e#7444\u003c/a\u003e, and \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7685\"\u003e#7685\u003c/a\u003e.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eℹ️ Be sure to review all new features and changes below, and read the \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.18\"\u003efull release notes\u003c/a\u003e carefully before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new feature gate \u003ccode\u003eACMEHTTP01IngressPathTypeExact\u003c/code\u003e, to allow \u003ccode\u003eingress-nginx\u003c/code\u003e users to turn off the new default Ingress \u003ccode\u003ePathType: Exact\u003c/code\u003e behavior, in ACME HTTP01 Ingress challenge solvers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7810\"\u003e\u003ccode\u003e[#7810](https://github.com/cert-manager/cert-manager/issues/7810)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eACME: Increased challenge authorization timeout to 2 minutes to fix \u003ccode\u003eerror waiting for authorization\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7801\"\u003e\u003ccode\u003e[#7801](https://github.com/cert-manager/cert-manager/issues/7801)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hjoshi123\"\u003e\u003ccode\u003e@​hjoshi123\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther (Cleanup or Flake)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse the latest version of ingress-nginx in E2E tests to ensure compatibility (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7807\"\u003e\u003ccode\u003e[#7807](https://github.com/cert-manager/cert-manager/issues/7807)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.0-alpha.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e⚠️ This is a pre-release.  Please help the project by testing this release!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.17.0\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd config to the Vault issuer to allow the server-name to be specified when validating the certificates the Vault server presents. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7663\"\u003e\u003ccode\u003e[#7663](https://github.com/cert-manager/cert-manager/issues/7663)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eapp.kubernetes.io/managed-by: cert-manager\u003c/code\u003e label to the created Let's Encrypt account keys (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7577\"\u003e\u003ccode\u003e[#7577](https://github.com/cert-manager/cert-manager/issues/7577)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/terinjokes\"\u003e\u003ccode\u003e@terinjokes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded certificate issuance and expiration time metrics (\u003ccode\u003ecertmanager_certificate_not_before_timestamp_seconds\u003c/code\u003e, \u003ccode\u003ecertmanager_certificate_not_after_timestamp_seconds\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/pull/7612\"\u003e\u003ccode\u003e[#7612](https://github.com/cert-manager/cert-manager/issues/7612)\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/686afa62160249022a0205d3a9bf5f059476c684\"\u003e\u003ccode\u003e686afa6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e from cert-manager-bot/cherry-pick-7836-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c38e37ed27f6b0b7169b0cf5393fd3d9a0225556\"\u003e\u003ccode\u003ec38e37e\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;More fine-grained control over powerful RBAC permission granted via H...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/e77920306540000a9dbe463b5a8d59b6b382ae85\"\u003e\u003ccode\u003ee779203\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e from cert-manager-bot/cherry-pick-7816-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/6d59891c6af64add40183fc8f5fca42e6e872417\"\u003e\u003ccode\u003e6d59891\u003c/code\u003e\u003c/a\u003e fix: permit permitted URI domains in name constraints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/d5382c8e024d418866d317ab1d7537d837b612a2\"\u003e\u003ccode\u003ed5382c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7814\"\u003e#7814\u003c/a\u003e from cert-manager-bot/cherry-pick-7813-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c4e9ecf77d5410bea30539dacc53802d4a0a78a8\"\u003e\u003ccode\u003ec4e9ecf\u003c/code\u003e\u003c/a\u003e Change ACMEHTTP01IngressPathTypeExact feature to beta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/379f43e3de2237b5c15c74307cf39699e5447db0\"\u003e\u003ccode\u003e379f43e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7811\"\u003e#7811\u003c/a\u003e from cert-manager-bot/cherry-pick-7809-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/9542d75b0ca4250ee099176d550424be9a7046f0\"\u003e\u003ccode\u003e9542d75\u003c/code\u003e\u003c/a\u003e make generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/aa0aedf47aa83341778e4133080ca5422ccd65d4\"\u003e\u003ccode\u003eaa0aedf\u003c/code\u003e\u003c/a\u003e Update feature gate documentation in the Helm chart\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/f05762bcaf8b20f8e5166b8cef1990a500911fd5\"\u003e\u003ccode\u003ef05762b\u003c/code\u003e\u003c/a\u003e Explain why we disable strict-validate-path in ingress-nginx\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.17.2...v1.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-cainjector\u0026package-manager=docker\u0026previous-version=v1.17.2\u0026new-version=v1.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/onehinny/homelab/pull/396","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onehinny%2Fhomelab/issues/396","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/396/packages"}},{"old_version":"v1.18.1","new_version":"v1.18.2","update_type":"patch","path":null,"pr_created_at":"2025-07-03T03:42:43.000Z","version_change":"v1.18.1 → v1.18.2","issue":{"uuid":"2637215458","node_id":"PR_kwDOF3eXvs6dMLbi","number":9651,"state":"closed","title":"Bump jetstack/cert-manager-cainjector from v1.18.1 to v1.18.2","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-07-12T12:32:06.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-03T03:42:43.000Z","updated_at":"2025-07-12T12:32:06.000Z","time_to_close":809363,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-cainjector","old_version":"v1.18.1","new_version":"v1.18.2","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-cainjector](https://github.com/cert-manager/cert-manager) from v1.18.1 to v1.18.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-cainjector's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.2\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003eWe fixed a bug in the CSR's name constraints construction (only applies if you have enabled the \u003ccode\u003eNameConstraints\u003c/code\u003e feature gate).\nWe dropped the new \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option due to a bug we found, this feature will be released in \u003ccode\u003ev1.19\u003c/code\u003e instead.\u003c/p\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.18.1\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReverted adding the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e Helm option. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e, \u003ca href=\"https://github.com/cert-manager-bot\"\u003e\u003ccode\u003e@​cert-manager-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/686afa62160249022a0205d3a9bf5f059476c684\"\u003e\u003ccode\u003e686afa6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7837\"\u003e#7837\u003c/a\u003e from cert-manager-bot/cherry-pick-7836-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/c38e37ed27f6b0b7169b0cf5393fd3d9a0225556\"\u003e\u003ccode\u003ec38e37e\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;More fine-grained control over powerful RBAC permission granted via H...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/e77920306540000a9dbe463b5a8d59b6b382ae85\"\u003e\u003ccode\u003ee779203\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7833\"\u003e#7833\u003c/a\u003e from cert-manager-bot/cherry-pick-7816-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/6d59891c6af64add40183fc8f5fca42e6e872417\"\u003e\u003ccode\u003e6d59891\u003c/code\u003e\u003c/a\u003e fix: permit permitted URI domains in name constraints\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.18.1...v1.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-cainjector\u0026package-manager=docker\u0026previous-version=v1.18.1\u0026new-version=v1.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9651","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9651","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9651/packages"}},{"old_version":"v1.17.2","new_version":"v1.18.0","update_type":"minor","path":null,"pr_created_at":"2025-06-11T03:18:26.000Z","version_change":"v1.17.2 → v1.18.0","issue":{"uuid":"2582933306","node_id":"PR_kwDOF3eXvs6Z9G86","number":9513,"state":"closed","title":"Bump jetstack/cert-manager-cainjector from v1.17.2 to v1.18.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-06-11T08:22:53.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-11T03:18:26.000Z","updated_at":"2025-06-11T08:22:53.000Z","time_to_close":18267,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jetstack/cert-manager-cainjector","old_version":"v1.17.2","new_version":"v1.18.0","repository_url":"https://github.com/cert-manager/cert-manager"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jetstack/cert-manager-cainjector](https://github.com/cert-manager/cert-manager) from v1.17.2 to v1.18.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cert-manager/cert-manager/releases\"\u003ejetstack/cert-manager-cainjector's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.18.0\u003c/h2\u003e\n\u003cp\u003ecert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.\u003c/p\u003e\n\u003cp\u003ecert-manager 1.18 introduces several new features and breaking changes. Highlights include support for ACME certificate profiles, a new default for \u003ccode\u003eCertificate.Spec.PrivateKey.RotationPolicy\u003c/code\u003e now set to \u003ccode\u003eAlways\u003c/code\u003e (breaking change), and the default \u003ccode\u003eCertificate.Spec.RevisionHistoryLimit\u003c/code\u003e now set to \u003ccode\u003e1\u003c/code\u003e (potentially breaking).\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eℹ️ Be sure to review all new features and changes below, and read the \u003ca href=\"https://cert-manager.io/docs/releases/release-notes/release-notes-1.18\"\u003efull release notes\u003c/a\u003e carefully before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eKnown Issues\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eACME + HTTP01 + Ingress-Nginx: \u003ccode\u003eError presenting challenge: admission webhook \u0026quot;validate.nginx.ingress.kubernetes.io\u0026quot; denied the request: ingress contains invalid paths: path /.well-known/acme-challenge/\u0026lt;REDACTED\u0026gt; cannot be used with pathType Exact\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7791\"\u003e#7791\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanges since \u003ccode\u003ev1.17.2\u003c/code\u003e:\u003c/p\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd config to the Vault issuer to allow the server-name to be specified when validating the certificates the Vault server presents. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7663\"\u003e#7663\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsMrTalbot\"\u003e\u003ccode\u003e@​ThatsMrTalbot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eapp.kubernetes.io/managed-by: cert-manager\u003c/code\u003e label to the created Let's Encrypt account keys (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7577\"\u003e#7577\u003c/a\u003e, \u003ca href=\"https://github.com/terinjokes\"\u003e\u003ccode\u003e@​terinjokes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded certificate issuance and expiration time metrics (\u003ccode\u003ecertmanager_certificate_not_before_timestamp_seconds\u003c/code\u003e, \u003ccode\u003ecertmanager_certificate_not_after_timestamp_seconds\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7612\"\u003e#7612\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@​solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded ingress-shim option: \u003ccode\u003e--extra-certificate-annotations\u003c/code\u003e,  which sets a list of annotation keys to be copied from Ingress-like to resulting Certificate object (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7083\"\u003e#7083\u003c/a\u003e, \u003ca href=\"https://github.com/k0da\"\u003e\u003ccode\u003e@​k0da\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eiss\u003c/code\u003e short name for the cert-manager \u003ccode\u003eIssuer\u003c/code\u003e resource. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7373\"\u003e#7373\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eciss\u003c/code\u003e short name for the cert-manager \u003ccode\u003eClusterIssuer\u003c/code\u003e resource (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7373\"\u003e#7373\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdds the \u003ccode\u003eglobal.rbac.disableHTTPChallengesRole\u003c/code\u003e helm value to disable HTTP-01 ACME challenges. This allows cert-manager to drop its permission to create pods, improving security when HTTP-01 challenges are not required. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7666\"\u003e#7666\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow customizing signature algorithm (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7591\"\u003e#7591\u003c/a\u003e, \u003ca href=\"https://github.com/tareksha\"\u003e\u003ccode\u003e@​tareksha\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache the full DNS response and handle TTL expiration in \u003ccode\u003eFindZoneByFqdn\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7596\"\u003e#7596\u003c/a\u003e, \u003ca href=\"https://github.com/ThatsIvan\"\u003e\u003ccode\u003e@​ThatsIvan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCert-manager now uses a local fork of the golang.org/x/crypto/acme package (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7752\"\u003e#7752\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ca href=\"https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/\"\u003eACME profiles extension\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7777\"\u003e#7777\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePromote the \u003ccode\u003eUseDomainQualifiedFinalizer\u003c/code\u003e feature to GA. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7735\"\u003e#7735\u003c/a\u003e, \u003ca href=\"https://github.com/jsoref\"\u003e\u003ccode\u003e@​jsoref\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSwitched service/servicemon definitions to use port names instead of numbers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7727\"\u003e#7727\u003c/a\u003e, \u003ca href=\"https://github.com/jcpunk\"\u003e\u003ccode\u003e@​jcpunk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default value of \u003ccode\u003eCertificate.Spec.PrivateKey.RotationPolicy\u003c/code\u003e changed from \u003ccode\u003eNever\u003c/code\u003e to \u003ccode\u003eAlways\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7723\"\u003e#7723\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePotentially breaking: Set the default revisionHistoryLimit to 1 for the CertificateRequest revisions (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7758\"\u003e#7758\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some comments (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7620\"\u003e#7620\u003c/a\u003e, \u003ca href=\"https://github.com/teslaedison\"\u003e\u003ccode\u003e@​teslaedison\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug or Regression\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ego-jose\u003c/code\u003e dependency to address \u003ccode\u003eCVE-2025-27144\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7606\"\u003e#7606\u003c/a\u003e, \u003ca href=\"https://github.com/SgtCoDFish\"\u003e\u003ccode\u003e@​SgtCoDFish\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egolang.org/x/oauth2\u003c/code\u003e to patch \u003ccode\u003eCVE-2025-22868\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egolang.org/x/crypto\u003c/code\u003e to patch \u003ccode\u003eGHSA-hcg3-q754-cr77\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egithub.com/golang-jwt/jwt\u003c/code\u003e to patch \u003ccode\u003eGHSA-mh63-6h87-95cp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7638\"\u003e#7638\u003c/a\u003e, \u003ca href=\"https://github.com/NicholasBlaskey\"\u003e\u003ccode\u003e@​NicholasBlaskey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChange of the Kubernetes Ingress pathType from \u003ccode\u003eImplementationSpecific\u003c/code\u003e to \u003ccode\u003eExact\u003c/code\u003e for a reliable handling of ingress controllers and enhanced security. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7767\"\u003e#7767\u003c/a\u003e, \u003ca href=\"https://github.com/sspreitzer\"\u003e\u003ccode\u003e@​sspreitzer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix AWS Route53 error detection for not-found errors during deletion of DNS records. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7690\"\u003e#7690\u003c/a\u003e, \u003ca href=\"https://github.com/wallrj\"\u003e\u003ccode\u003e@​wallrj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix behavior when running with \u003ccode\u003e--namespace=\u0026lt;namespace\u0026gt;\u003c/code\u003e: limit the scope of cert-manager to a single namespace and disable cluster-scoped controllers. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7678\"\u003e#7678\u003c/a\u003e, \u003ca href=\"https://github.com/tsaarni\"\u003e\u003ccode\u003e@​tsaarni\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix handling of certificates with IP addresses in the \u003ccode\u003ecommonName\u003c/code\u003e field; IP addresses are no longer added to the DNS \u003ccode\u003esubjectAlternativeName\u003c/code\u003e list and are instead added to the \u003ccode\u003eipAddresses\u003c/code\u003e field as expected. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7081\"\u003e#7081\u003c/a\u003e, \u003ca href=\"https://github.com/johnjcool\"\u003e\u003ccode\u003e@​johnjcool\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7549\"\u003e#7549\u003c/a\u003e, \u003ca href=\"https://github.com/LukeCarrier\"\u003e\u003ccode\u003e@​LukeCarrier\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003ecertmanager_certificate_renewal_timestamp_seconds\u003c/code\u003e metric help text indicating that the metric is relative to expiration time, rather than Unix epoch time. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7609\"\u003e#7609\u003c/a\u003e, \u003ca href=\"https://github.com/solidDoWant\"\u003e\u003ccode\u003e@​solidDoWant\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixing the service account template to incorporate boolean values for the annotations. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7698\"\u003e#7698\u003c/a\u003e, \u003ca href=\"https://github.com/ali-hamza-noor\"\u003e\u003ccode\u003e@​ali-hamza-noor\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eQuote nodeSelector values in Helm Chart (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7579\"\u003e#7579\u003c/a\u003e, \u003ca href=\"https://github.com/tobiasbp\"\u003e\u003ccode\u003e@​tobiasbp\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip Gateway TLS listeners in \u003ccode\u003ePassthrough\u003c/code\u003e mode. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/6986\"\u003e#6986\u003c/a\u003e, \u003ca href=\"https://github.com/vehagn\"\u003e\u003ccode\u003e@​vehagn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003egolang.org/x/net\u003c/code\u003e fixing \u003ccode\u003eCVE-2025-22870\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7619\"\u003e#7619\u003c/a\u003e, \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/83dae3ef37f50973c0f3b3a818fc7d1b35fff341\"\u003e\u003ccode\u003e83dae3e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7790\"\u003e#7790\u003c/a\u003e from cert-manager-bot/cherry-pick-7789-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/64b5da275111004278a6b55ac05d2a85115757ea\"\u003e\u003ccode\u003e64b5da2\u003c/code\u003e\u003c/a\u003e make generate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/bdd1320d54c976f5b2980175e8689d1894db24de\"\u003e\u003ccode\u003ebdd1320\u003c/code\u003e\u003c/a\u003e Fix typo in Certificate API documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/3ab737e8deb5d662aa2f7064fde023fd7883d4a6\"\u003e\u003ccode\u003e3ab737e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7787\"\u003e#7787\u003c/a\u003e from cert-manager-bot/cherry-pick-7786-to-release-1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/4d0193e6557f7df90e1ffb06d819718775ec4d25\"\u003e\u003ccode\u003e4d0193e\u003c/code\u003e\u003c/a\u003e Add 1.33 option to cluster.sh\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/89473974338da4946b208df72a01a22d39222368\"\u003e\u003ccode\u003e8947397\u003c/code\u003e\u003c/a\u003e ./hack/latest-kind-images.sh v0.27.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/4eb6df2ec5e65b8c0b6ee4b16132c5deeb71c341\"\u003e\u003ccode\u003e4eb6df2\u003c/code\u003e\u003c/a\u003e Fix a typo in the make help text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/331f9e6638afa4833db7105b49bf43c3980cf502\"\u003e\u003ccode\u003e331f9e6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7785\"\u003e#7785\u003c/a\u003e from wallrj/go-1.24.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/df9f43b3c6ac1cab5658842094dd682b71ab7f76\"\u003e\u003ccode\u003edf9f43b\u003c/code\u003e\u003c/a\u003e Upgrade Go to v1.24.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cert-manager/cert-manager/commit/99aded1d141f6c5fd11399f2a1054c50b6f09fcd\"\u003e\u003ccode\u003e99aded1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/cert-manager/cert-manager/issues/7777\"\u003e#7777\u003c/a\u003e from wallrj/acme-profiles\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cert-manager/cert-manager/compare/v1.17.2...v1.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jetstack/cert-manager-cainjector\u0026package-manager=docker\u0026previous-version=v1.17.2\u0026new-version=v1.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9513","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9513","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9513/packages"}}]}