Changes since v1.12.0

🚨 Migration guide for v1beta1 to v1beta2 doc

⚠️  v1beta1 is deprecated: the v1beta1 API version will be unserved in v1.17 and removed in v1.20. Users should plan migration to v1beta2 before then. Ref

⚠️ Deprecation notice: ProviderID legacy format deprecation notice. It will be removed in next minor release v1.14.0 PR

⚠️ Vulnerability Fixes

• GHSA-rf84-wr5g-m3rp

⚠️ Breaking Changes

• Restore TLS default to no configuration (#3187)
• Switch API optional fields to and from pointer based on if it has valid 0/empty value (#3233)
• Add +required markers and validation to v1beta2 API types (#3219)
• Rename unhealthy annotation for v1beta2 (#3269)
• Remove corev1 ObjectReference and use local struct (#3231)
• Rename enableBMHNameBasedPreallocation CLI-flag (#3265)
• Remove TypedLocalObjectReference and use local structs (#3220)
• Convert api type maps to arrays in Metal3DataTemplate (#3209)
• Make node-reuse more deterministic (#3168)
• Convert api type timeout (*metav1.Duration) to timeoutSeconds (*int32) in Metal3Remediation (#3206)
• Rename conditions and reasons constants (#3215)
• Convert api type int to int32 (#3204)
• CAPI v1beta2 contract (#3177)
• Enable commentstart for Kube-api-linter (#3201)
• Allow disable_power_off together with autoclean (#3106)
• Remove NoCloudProvider from v1beta2 (#3170)
• remove TemplateReference from v1beta2 (#3182)
• Remove DefaulterRemoveUnknownOrOmitableFields mutating webhook option (#3139)

✨ New Features

• Add FromBootMAC field to MetaDataHostInterface (#3124)
• Deprecate v1beta1 API (#3138)
• Promote v1beta2 conditions (#3133)
• Add v1beta2 API type (#3110)
• Add comprehensive trace/debug logging across controllers and managers (#2971)
• Add 'name' field to network links and make MAC address optional (#3083)

🐛 Bug Fixes

• Restrict namespace secret references in Metal3Machine (#3327)
• Revert default providerid (#3329)
• Fix typo causing Metal3Cluster to reconcile on every status update (#3328)
• Restrict Metal3DataClaim templates to same namespace (#3322)
• Fix logical operator in ConsumerRef validation (#3317)
• Set default providerid (#3284)
• Enforce same-namespace BareMetalHost lookups (#3288)
• fix nil pointer dereference in remediation controller (#3235)
• Do not set BMC Secret label until BMH claimed (#3178)
• Fix Metal3Cluster webhook blocking cloudProvider toggle updates (#3081)
• add capipamv1 to myscheme instead of scheme.Scheme (#3060)
• remove limits from client.List calls (#3032)

📖 Documentation

• Update triggers, build badges, support matrix (#3362)
• Consolidate Metal3 Contributing guide in community repo (#3057)
• add OpenSSF OSPS baseline level 1 badge (#3263)
• Update providerID documentation and add legacy format deprecation notice (#3188)

🌱 Others

• Fix missmatch of CAPI version in test (#3375)
• Bump IPAM v1.13.0 and BMO new minor v0.13.0 (#3372)
• Patch overlay image (#3364)
• Bump Go version to 1.25.10 (#3370)
• Bump k8s version to v1.36.0 (#3367)
• Bump CAPI to v1.13.1 (#3356)
• Bump IPAM and BMO to new rc releases (#3345)
• Use existing CAPM3_VERSION variable and remove new CAPM3_API_VERSION (#3320)
• Bump github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.2 (#3333)
• Bump github.com/metal3-io/cluster-api-provider-metal3/api from 1.12.3 to 1.12.4 in /hack/fake-apiserver (#3335)
• Bump github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.2 in /test (#3337)
• Bump go.uber.org/zap from 1.27.1 to 1.28.0 in /hack/fake-apiserver (#3336)
• Bump github.com/metal3-io/baremetal-operator/apis from 0.12.3 to 0.12.4 in /hack/fake-apiserver (#3334)
• Enable kube api sub linters: conditions, maxlength, ssatags and statusoptional (#3305)
• Switch from docker to moby dependencies (#3318)
• Remove legacy provider id from clustectl tests (#3321)
• Fix ownerRef chain for IPAddress in e2e tests (#3312)
• Bump k8s.io/utils version to fix the mismatch (#3307)
• Bumps k8s group to v0.35.4 in hack/fake-apiserver and hack/tools (#3304)
• Uplift CAPI to v1.13.0-rc.1 and taints to KCP for CAPI MD test (#3298)
• Uplift k8s group to v0.35.4 (#3295)
• Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /hack/fake-apiserver (#3292)
• Bump helm.sh/helm/v3 from 3.19.4 to 3.20.2 in /test (#3281)
• Bump golang.org/x/crypto from 0.49.0 to 0.50.0 in /test (#3282)
• Bump golang.org/x/mod from 0.34.0 to 0.35.0 in /test (#3280)
• Remove features label from in-place test (#3278)
• Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#3273)
• Add k8s in-place upgrade test (#3053)
• Update e2e tests to use v1beta2 (#3216)
• Bump github.com/metal3-io/ironic-standalone-operator/api from 0.8.0 to 0.8.1 in /test (#3267)
• Bump the kubernetes group from 0.34.5 to 0.34.6 (#3249)
• Bump google.golang.org/grpc from 1.72.1 to 1.79.3 (#3239)
• Do not run go commands if GO is not set (#3232)
• remove docker push stuff from Makefile (#3230)
• bump x/net to v0.49.0 (#3222)
• Bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in /hack/tools (#3213)
• Rename KUBERNETES_VERSION_FROM to KUBERNETES_VERSION_UPGRADE_FROM (#3211)
• add zizmor scanner (#3210)
• Fix make generate-go-conversions (#3207)
• Document CAPM3 pod placement and add optional affinity example (#3078)
• fix fkas build permissions for image signing (#3203)
• Enable Kube-API-linter (#3196)
• harden github actions workflows (#3197)
• Add KUBERNETES_VERSION_UPGRADE_FROM in scalability test (#3195)
• move security-insights.yml to .github/ and use upstream validator (#3194)
• Bump the github-actions group with 2 updates (#3192)
• add SECURITY_INSIGHTS.yml (#3179)
• Fix k8s version for pivoting(node-reuse) test (#3180)
• Remove deprecated FROM_K8S_VERSION backward compatibility (#3181)
• Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 in /test (#3186)
• Bump opentelemetry.io/otel/sdk to v1.40.0 (#3183)
• Unify Kubernetes version variables in e2e tests (#3153)
• Refactor E2E tests: improve input handling and machine filtering logic (#3107)
• fix reapprover workflow (#3169)
• Fix link for machine deployment rolling upgrades (#3154)
• enforce ol-prefix 'one' style for ordered lists (#3148)
• Bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 in /hack/tools (#3141)
• Bump sigs.k8s.io/kustomize/api from 0.21.0 to 0.21.1 in /test (#3143)
• Bump sigs.k8s.io/kustomize/kustomize/v5 from 5.8.0 to 5.8.1 in /hack/tools (#3142)
• metrics: enable auto-discovery of metrics endpoint (#3140)
• Bump github.com/onsi/gomega from 1.39.0 to 1.39.1 (#3130)
• bump github actions to new major versions (#3134)
• E2E: Fix scalability test by reducing cluster size (#3123)
• Migrate from deprecated golang/mock to go.uber.org/mock (#3109)
• Use IRSO in e2e tests (#2776)
• Bump sigs.k8s.io/controller-runtime from 0.22.4 to 0.22.5 in /hack/fake-apiserver (#3094)
• Bump sigs.k8s.io/controller-runtime from 0.22.4 to 0.22.5 (#3093)
• Bump golangci-lint to v2.8.0 for Go 1.25.x support (#3079)
• Update k8s versoins for N+3 test (#3080)
• replace pkg/errors with stdlib Errorf (#3059)
• Add clusterctl upgrade tests from v1.12 to latest (#3066)
• Hide generated files in GH diffs (#3077)
• make lint-full -> lint (#3058)
• Prepare main branch for relase-1.13 dev (#3051)
• E2E: Fix centos image prefix (#3039)
• update dependabot config for release-1.12 (#3011)
• Add Kubernetes N+3 upgrade test in e2e (#2915)

♻️ Superseded

• (#3012), (#3013), (#3014), (#3015), (#3016), (#3017), (#3022), (#3029), (#3037), (#3043), (#3044), (#3052),
  (#3065), (#3069), (#3070), (#3071), (#3072), (#3074), (#3084), (#3092), (#3095), (#3097), (#3112), (#3113),
  (#3115), (#3128), (#3132), (#3135), (#3155), (#3156), (#3157), (#3158), (#3159), (#3171), (#3173), (#3174),
  (#3191), (#3198), (#3214), (#3228), (#3229), (#3250), (#3251), (#3252), (#3253), (#3254), (#3266), (#3270),
  (#3279), (#3306), (#3332).

The image for this release is: v1.13.0
Mariadb image tag is: capm3-v1.13.0

Thanks to all our contributors! 😊