Sourced from github.com/cert-manager/cert-manager's releases.

v1.18.2

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We fixed a bug in the CSR's name constraints construction (only applies if you have enabled the NameConstraints feature gate). We dropped the new global.rbac.disableHTTPChallengesRole Helm option due to a bug we found, this feature will be released in v1.19 instead.

Changes since v1.18.1:

Bug or Regression

• BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#7833, @​cert-manager-bot)
• Reverted adding the global.rbac.disableHTTPChallengesRole Helm option. (#7837, @​cert-manager-bot)

v1.18.1

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We have added a new feature gate ACMEHTTP01IngressPathTypeExact, to allow ingress-nginx users to turn off the new default Ingress PathType: Exact behavior, in ACME HTTP01 Ingress challenge solvers. This change fixes the following issue: #7791

We have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (error waiting for authorization), which has been reported by multiple users, since the release of cert-manager v1.16.0. This change should fix the following issues: #7337, #7444, and #7685.

ℹ️ Be sure to review all new features and changes below, and read the full release notes carefully before upgrading.

Changes since v1.18.0:

Feature

• Added a new feature gate ACMEHTTP01IngressPathTypeExact, to allow ingress-nginx users to turn off the new default Ingress PathType: Exact behavior, in ACME HTTP01 Ingress challenge solvers. ([#7810](https://github.com/cert-manager/cert-manager/issues/7810), @​sspreitzer)

Bug or Regression

• ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization. ([#7801](https://github.com/cert-manager/cert-manager/issues/7801), @​hjoshi123)

Other (Cleanup or Flake)

• Use the latest version of ingress-nginx in E2E tests to ensure compatibility ([#7807](https://github.com/cert-manager/cert-manager/issues/7807), @​wallrj)

v1.18.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

cert-manager 1.18 introduces several new features and breaking changes. Highlights include support for ACME certificate profiles, a new default for Certificate.Spec.PrivateKey.RotationPolicy now set to Always (breaking change), and the default Certificate.Spec.RevisionHistoryLimit now set to 1 (potentially breaking).

ℹ️ Be sure to review all new features and changes below, and read the full release notes carefully before upgrading.

Known Issues

• ACME HTTP01 challenge paths are rejected by the ingress-nginx validating webhook (#7791)

Changes since v1.17.2:

... (truncated)

• 686afa6 Merge pull request #7837 from cert-manager-bot/cherry-pick-7836-to-release-1.18
• c38e37e Revert "More fine-grained control over powerful RBAC permission granted via H...
• e779203 Merge pull request #7833 from cert-manager-bot/cherry-pick-7816-to-release-1.18
• 6d59891 fix: permit permitted URI domains in name constraints
• d5382c8 Merge pull request #7814 from cert-manager-bot/cherry-pick-7813-to-release-1.18
• c4e9ecf Change ACMEHTTP01IngressPathTypeExact feature to beta
• 379f43e Merge pull request #7811 from cert-manager-bot/cherry-pick-7809-to-release-1.18
• 9542d75 make generate
• aa0aedf Update feature gate documentation in the Helm chart
• f05762b Explain why we disable strict-validate-path in ingress-nginx
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)