Changelog
- chore(deps): bump
goto1.25.3#14824 @bartsmykla - chore(deps): bump ci-tools/release-tool from 1.1.5 to 1.3.1 #14633 #14892 #14998 #15013 #15036 #15105 #15106 @renovate
- chore(deps): bump coredns from v1.12.2 to v1.13.1 #14678 @Automaat
- chore(deps): bump debian from 13.0 to 13.2 #14443 #15144 @renovate
- chore(deps): bump debian:13.1 from 833c135 to 01a723b #14605 #14756 #14858 #14866 @renovate
- chore(deps): bump envoy from v1.35.1 to 1.36.4 #14429 #14445 #14703 #14741 #15209 #15246 @renovate
- chore(deps): bump gcr.io/distroless/base-nossl-debian12:debug from 7557eb8 to 1321f45 #14438 #14773 #15176 @renovate
- chore(deps): bump gcr.io/distroless/base-nossl-debian12:debug-nonroot from ccb2092 to ef70836 #14439 #14774 #15177 @renovate
- chore(deps): bump gcr.io/distroless/static-debian12:debug-nonroot from a855ba8 to 53ced32 #14440 #14775 #15178 @renovate
- chore(deps): bump gcr.io/k8s-staging-build-image/distroless-iptables from v0.8.1 to 0.8.6 #14504 #14655 #14687 #15134 #15184 @renovate
- chore(deps): bump gcr.io/k8s-staging-build-image/distroless-iptables:v0.8.2 from 89d2f2f to c8ebd0d #14519 @renovate
- chore(deps): bump ghcr.io/kumahq/ubuntu-netools:main from 3b55046 to 5413786 #14396 #14520 #14606 #14647 #14714 #14815 #14938 #15019 #15115 @renovate
- chore(deps): bump ginkgo from 2.25.3 to 2.27.2 #14691 #14860 #14939 @renovate
- chore(deps): bump github.com/bakito/go-log-logr-adapter:v0.0.3-0.20240527124623-de85860b7d21 from de85860 to a7f0409 #14521 @renovate
- chore(deps): bump github.com/bakito/go-log-logr-adapter:v0.0.3-0.20250908134551-a7f0409399c9 from a7f0409 to a79f5cb #15130 @renovate
- chore(deps): bump github.com/cilium/ebpf from 0.19.0 to 0.20.0 #14943 @renovate
- chore(deps): bump github.com/cncf/xds/go from 2ac532f to 8bfbf64 #15088 @renovate
- chore(deps): bump github.com/containernetworking/plugins from v1.7.1 to 1.9.0 #14406 #15224 @renovate
- chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.2.1 to 1.3.0 #15193 @renovate
- chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.19.0 to 4.19.1 #15135 @renovate
- chore(deps): bump github.com/gruntwork-io/terratest from v0.50.0 to 0.54.0 #14552 #14944 #15145 #15194 @renovate
- chore(deps): bump github.com/jackc/pgx/v5 from v5.7.5 to v5.7.6 #14430 @renovate
- chore(deps): bump github.com/onsi/ginkgo/v2 from v2.25.2 to v2.25.3 #14399 @renovate
- chore(deps): bump github.com/prometheus/client_golang from v1.23.0 to v1.23.2 #14400 @renovate
- chore(deps): bump github.com/prometheus/common from v0.65.0 to 0.67.4 #14407 #14651 #14942 #15136 #15185 @renovate
- chore(deps): bump github.com/prometheus/otlptranslator from v0.0.2 to v1.0.0 #14482 @renovate
- chore(deps): bump github.com/spf13/cobra from v1.9.1 to 1.10.2 #14408 #15186 @renovate
- chore(deps): bump github.com/spf13/pflag from v1.0.9 to v1.0.10 #14401 @renovate
- chore(deps): bump github.com/testcontainers/testcontainers-go from v0.38.0 to 0.40.0 #14527 #15054 @renovate
- chore(deps): bump go to 1.25.2 #14667 @bartsmykla
- chore(deps): bump go.opentelemetry.io/proto/otlp from v1.7.1 to 1.9.0 #14410 #15027 @renovate
- chore(deps): bump go.uber.org/zap from 1.27.0 to 1.27.1 #15138 @renovate
- chore(deps): bump golang.org/x/crypto from v0.41.0 to 0.45.0 #14444 #15048 @renovate
- chore(deps): bump golang.org/x/exp from df92998 to 8475f28 #14941 #15131 #15247 @renovate
- chore(deps): bump golang.org/x/net from v0.43.0 to 0.46.0 #14460 #14732 #14742 @renovate
- chore(deps): bump golang.org/x/sync from v0.16.0 to 0.18.0 #14411 #14945 @renovate
- chore(deps): bump golang.org/x/sys from v0.35.0 to 0.38.0 #14412 #14692 #15028 @renovate
- chore(deps): bump golang.org/x/text from v0.28.0 to v0.29.0 #14432 @renovate
- chore(deps): bump golang.org/x/tools from v0.36.0 to 0.39.0 #14479 #14758 #15146 @renovate
- chore(deps): bump golangci-lint #14608 #14953 #15025 #15118 #15195 @renovate
- chore(deps): bump google.golang.org/genproto/googleapis/* from 9702482 to ff82c1b #15092 #15132 #15179 @renovate
- chore(deps): bump google.golang.org/grpc from v1.75.0 to 1.77.0 #14474 #14733 #15147 @renovate
- chore(deps): bump google.golang.org/protobuf from v1.36.8 to v1.36.9 #14454 @renovate
- chore(deps): bump helm from 4.0.0 to 4.0.2 #15139 #15248 @renovate
- chore(deps): bump helm.sh/helm/v3 from v3.18.6 to 4.0.0 #14480 #15029 @renovate
- chore(deps): bump k8s.io/apimachinery from 0.34.1 to 0.34.2 #15021 @renovate
- chore(deps): bump k8s.io/kube-openapi from 589584f to 4e65d59 #15133 @renovate
- chore(deps): bump k8s.io/utils from 0af2bda to bc988d5 #14686 @renovate
- chore(deps): bump kubectl from 1.34.1 to 1.34.3 #14952 #15249 @renovate
- chore(deps): bump kubernetes packages from 0.34.1 to 0.34.2 #15120 @renovate
- chore(deps): bump kubernetes packages from 0.34.2 to 0.34.3 #15250 @renovate
- chore(deps): bump kubernetes packages from v0.33.4 to v0.34.0 #14413 @renovate
- chore(deps): bump kubernetes packages from v0.34.0 to v0.34.1 #14475 @renovate
- chore(deps): bump kumactl install demo|observability container images #14402 @renovate
- chore(deps): bump kumactl install demo|observability container images from 3.5.4 to 3.5.5 #14476 @renovate
- chore(deps): bump kumahq/openapi-tool from 1.1.7 to 1.3.1 #14634 #14712 #14893 #14997 #15014 #15096 #15107 @renovate
- chore(deps): bump metallb from 0.15.2 to 0.15.3 #15188 @renovate
- chore(deps): bump opentelemetry-go monorepo #14414 @renovate
- chore(deps): bump opentelemetry-go-contrib monorepo from 0.63.0 to 0.64.0 #15258 @renovate
- chore(deps): bump opentelemetry-go-contrib monorepo from v0.62.0 to v0.63.0 #14415 @renovate
- chore(deps): bump postgres:latest from 29e0bb0 to 38d5c9d #14398 #14441 #14453 #14470 #14648 @renovate
- chore(deps): bump projectcalico/tigera-operator from 3.30.3 to 3.31.2 #14818 #14861 #15140 @renovate
- chore(deps): bump redis from cc2dfb8 to acb90ce #14442 @renovate
- chore(deps): bump registry.k8s.io/kubectl from v1.33.4 to v1.34.1 #14416 #14455 @renovate
- chore(deps): bump sigs.k8s.io/controller-runtime from v0.21.0 to 0.22.4 #14417 #14731 #14767 #15026 @renovate
- chore(deps): bump sigs.k8s.io/controller-tools from v0.18.0 to v0.19.0 #14418 @renovate
- chore(deps): bump sigs.k8s.io/gateway-api from 1.3.0 to 1.4.1 #14734 #15191 @renovate
- chore(deps): move golang dependency to mise #14884 @Automaat
- chore(deps): move proto deps from makefile to buf #15056 @Automaat
- chore(deps): security update #15166 @kumahq
- chore(deps): upgrade go-control-plane from v0.13.4-kong-2 to 0.14.0-k… #14980 @lukidzi
- chore(deps): upgrade max k8s version from 1.33.4 to 1.34.1 #14763 @lukidzi
- chore(deps): use latest kumahq/kuma-gui #14389 #14394 #14425 #14427 #14435 #14436 #14461 #14465 #14466 #14467 #14468 #14483 #14485 #14496 #14499 #14502 #14505 #14514 #14531 #14534 #14539 #14541 #14542 #14547 #14564 #14567 #14579 #14583 #14623 #14625 #14644 #14653 #14663 #14702 #14738 #14740 #14748 #14754 #14761 #14769 #14777 #14787 #14791 #14802 #14831 #14844 #14872 #14905 #14946 #14947 #14966 #14972 #15001 #15008 #15031 #15041 #15095 #15156 #15158 #15162 #15245 #15263 #15311 #15312 @kumahq
- feat(MeshFaultInjection): implement rules API #14533 #14570 @Automaat
- feat(MeshMetric): add
kuma.workloadattribute to metrics #14873 @Automaat - feat(MeshMetric): add kuma.workload attribute to metrics #14874 #14958 @Automaat
- feat(api): introduce extension of api validators #15045 @lukidzi
- feat(api-server): add shortName field to /_resources endpoint response #14506 @copilot-swe-agent
- feat(config): disable virtual probes by default #15113 @Automaat
- feat(deps): migrate module path to github.com/kumahq/kuma/v2 #14886 @bartsmykla
- feat(helm): enable RuntimeDefault seccomp for control plane pods #14666 @bartsmykla
- feat(helm): support cert-manager CA injection for webhook configurations #15035 @slonka
- feat(kuma-cp): add disallowMultipleMeshesPerNamespace to block multi-mesh namespaces #15102 @slonka
- feat(kuma-cp): implement Workload resource #14906 #14908 #14928 #14963 #15043 #15046 #15051 #15058 #15097 #15111 @Automaat
- feat(kuma-cp): implementation of get by KRI endpoint #14656 #14675 @slonka
- feat(meshidentity): support SPIRE on universal #15109 @lukidzi
- feat(meshidentity): support Universal environment #15063 @lukidzi
- feat(meshidentity): support migration from one trustDomain to another #14726 @lukidzi
- feat(meshmultizoneservice): add status condition for empty selector #15172 @Automaat
- feat(meshtrust): add status field and deprecate origin in spec #15241 @slonka
- feat(oapi): add secret to openapi schema #14745 @slonka
- feat(oapi): better descriptions of policies and resources #15293 @slonka
- feat(oapi): expose KRI in REST resource meta and OpenAPI schema #14674 @bartsmykla
- fix(MeshCircuitBreaker): properly configure inbounds with servicePort set #14875 @Automaat
- fix(api-server): add standard inspect endpoint for MeshService #15170 @Automaat
- fix(api-server): deduplicate zones in _hostnames endpoint #15167 @Automaat
- fix(api-server): preserve field order in HTTP responses #15168 @Automaat
- fix(cni): find and use cni conflist if confName is not set #14498 @AyushSenapati
- fix(dns): allow DNS traffic over TCP to bypass the mesh DNS #14557 @jijiechen
- fix(envoy-naming): rename inbound Envoy resource names and stats to use
sectionNameinstead of port value when using unified naming #14581 @Automaat - fix(hds): preserve Dataplane labels on update #15108 @lukidzi
- fix(helm): error when
namespaceAllowListis unset in values.yaml #15232 @lobkovilya - fix(insights): don't compare cert time once managed externally #14463 @lukidzi
- fix(kds): server Send blocks when client doesn't call Recv for some time #15042 @lobkovilya
- fix(kuma-cp): configure Envoy internal addresses based on dp IPv6 support #14652 @Automaat
- fix(kumactl): use AtomicLevel for logger init #15125 @bartsmykla
- fix(meshidentity): nil pointer check #15265 @lukidzi
- fix(meshidentity): use unique cache key per identity and improve tests #14974 @lukidzi
- fix(meshpassthrough): sort IP address to provide predictable order #14857 @lukidzi
- fix(meshservice): cleanup headless gateway MeshServices when mode disabled #15169 @Automaat
- fix(meshservice): skip MeshService for delegated gateway Services #15171 @Automaat
- fix(meshtrust): add trust independently of WorkloadIdentity #14387 @lukidzi
- fix(meshtrust): implement deprecation and remove unnecessary validation #15300 @lukidzi
- fix(oapi): correctly handle oneOf in proto resources #14639 @lobkovilya
- fix(oapi): fix OpenAPI definitions having both properties and content #15157 @slonka
- fix(policy): add invalid kind to the error msg #14395 @lukidzi
- fix(workload): handle AlreadyExists error gracefully #15308 @Automaat
- fix(workload): skip registering pod validator webhook on global #14960 @Automaat
- fix(xds): restrict inbound traffic to only inbound ports #15163 @lukidzi
- fix(xds): set keepalive configuration for dpp to cpp connection #14912 @lukidzi
- perf(kubernetes): do not trigger on MeshGatewayRoute #14095 @slonka
- perf(rules): optimize SubsetIter to enumerate only correct subsets #14862 @lobkovilya