Image: ghcr.io/external-secrets/external-secrets:v2.5.0
Image: ghcr.io/external-secrets/external-secrets:v2.5.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v2.5.0-ubi-boringssl
What's Changed
General
- chore: release chart for v2.4.1 by @Skarlso in #6293
- fix(doc): Adds missing doc reference for VaultDynamicSecret example using GET by @bharath-b-rh in #6296
- feat(charts): make serviceaccounts/token create RBAC rule conditional by @kriszkern in #6295
- ref: delete duplication of applyOwnership logic by @jaruwat-panturat in #6301
- feat: add Pulumi OIDC-based authentication by @johnstonmatt in #5893
- fix: datarace in fake runtime test and push secret test by @Skarlso in #6300
- docs(release): Update docs to build for arm for bitwarden-cli by @Senk02 in #6312
- feat: add healthz check for liveness probe to cert and webhook by @Skarlso in #6319
- chore: bump go version 1.26.3 by @Skarlso in #6339
- fix(charts): gate externalsecrets write RBAC on processClusterExternalSecret by @kriszkern in #6332
- feat(gcp): issue-5790: optional GCP service account email for WIF impersonation by @bharath-b-rh in #6273
- ref(beyondtrust): BIPS-32651 add API v3.2 support for create Secrets by @btfhernandez in #6309
- fix(onepassword): return fresh provider instance from NewClient to avoid wrong-vault race by @duizabojul in #6334
- docs: add Rootline to ADOPTERS.md by @daanschipper in #6342
- feat(charts): default scopedNamespace to .Release.Namespace when scopedRBAC is true by @kriszkern in #6343
- docs: add blank lines before lists by @chlab in #6336
- chore(doc): fix Azure role name typo by @hobti01 in #6335
- feat(security): Enable Authentication and Authorization for Metrics Endpoint using FilterProvider by @Zacky3181V in #5574
- feat: inject kube context as STS session tags by @robertchildresscfa in #6311
- fix(charts): remove stale args guard in controller deployment by @kriszkern in #6347
- fix: provider/infisical provider sub-folder references in remoteRef.key by @varonix0 in #6338
Dependencies
- chore(deps): bump golang from
4f4ab2cto47ce563in /e2e by @dependabot[bot] in #6286 - chore(deps): bump click from 8.3.2 to 8.3.3 in /hack/api-docs by @dependabot[bot] in #6287
- chore(deps): bump certifi from 2026.2.25 to 2026.4.22 in /hack/api-docs by @dependabot[bot] in #6288
- chore(deps): bump pathspec from 1.0.4 to 1.1.1 in /hack/api-docs by @dependabot[bot] in #6291
- chore(deps): bump idna from 3.11 to 3.13 in /hack/api-docs by @dependabot[bot] in #6290
- chore(deps): bump packaging from 26.1 to 26.2 in /hack/api-docs by @dependabot[bot] in #6289
- chore(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 by @dependabot[bot] in #6304
- chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 by @dependabot[bot] in #6305
- chore(deps): bump golang from 1.26.2 to 1.26.3 by @dependabot[bot] in #6320
- chore(deps): bump golang from 1.26.2-bookworm to 1.26.3-bookworm in /e2e by @dependabot[bot] in #6327
- chore(deps): bump ubi9/ubi from
fd3612eto2323fcfby @dependabot[bot] in #6321 - chore(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 by @dependabot[bot] in #6322
- chore(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 by @dependabot[bot] in #6323
- chore(deps): bump sigstore/cosign-installer from 4.1.1 to 4.1.2 by @dependabot[bot] in #6325
- chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4 by @dependabot[bot] in #6324
- chore(deps): bump actions/labeler from 6.0.1 to 6.1.0 by @dependabot[bot] in #6326
- chore(deps): bump idna from 3.13 to 3.14 in /hack/api-docs by @dependabot[bot] in #6328
- chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /hack/api-docs by @dependabot[bot] in #6329
- chore(deps): bump regex from 2026.4.4 to 2026.5.9 in /hack/api-docs by @dependabot[bot] in #6330
New Contributors
- @kriszkern made their first contribution in #6295
- @johnstonmatt made their first contribution in #5893
- @Senk02 made their first contribution in #6312
- @duizabojul made their first contribution in #6334
- @daanschipper made their first contribution in #6342
- @chlab made their first contribution in #6336
- @hobti01 made their first contribution in #6335
- @Zacky3181V made their first contribution in #5574
- @robertchildresscfa made their first contribution in #6311
Full Changelog: v2.4.1...v2.5.0