What's Changed
๐ Features
- add WAF policy support to Ingress object by @vepatel in #9450
- add egress mtls policy to Ingress object by @vepatel in #9635
- Add External Auth Policy to Ingress by @AlexFenlon in #9521
- Add External Auth Policy to VS/VSR by @pdabelf5 in #9519
- improve pod startup times by @vepatel in #9711
- Add support for multiple regex paths in a single VSR by @javorszky in #9671
- add support for add_header in configmap and ingress by @vepatel in #9743
- Attach IngressMTLS policy to Ingress by @spencerugbo in #9628
- Support add_header_inherit directive by @sean-breen in #9547
- Support WAF IP Intelligence by @sean-breen in #9622
- Support empty host ingress by @haywoodsh in #9728
- Add support for proxy_redirect in Ingress by @vepatel in #9862
- Add NGINX Agent 3.x WAF support by @AlexFenlon in #9740
- Add path normalisation by @javorszky in #9778
๐ Bug Fixes
- Fix Authentication Issue in External PR Workflow by @spencerugbo in #9332
- Fix External PR Branch Creation by @spencerugbo in #9406
- Missing Policies on Ingress will return 500 by @AlexFenlon in #9452
- fix dereference panic by @vepatel in #9486
- fix oidc policy leaking into non-referenced locations by @vepatel in #9613
- Implement policy support checks for Ingress resources by @pdabelf5 in #9791
- Improve TransportServer and nginx.org/limit-req-key annotation by @javorszky in #9877
- fix overly restrictive validation in CORS policy fields by @vepatel in #9955
๐งช Tests
- Remove duplicate snapshot entries from template_test.snap by @haywoodsh in #9533
- Clean up successful test output by @pdabelf5 in #9738
๐จ Maintenance
59 changes
- Update renovate.json with 5.4 by @vepatel in #9373
- Add make secrets step to version bump by @javorszky in #9393
- Version Bump for 5.5.0 by @nginx-bot in #9407
- Update IC version in bug report template by @haywoodsh in #9435
- Update NGINX OSS to 1.29.7, NGINX Plus to R36 P3, Update WAF to 5.12 (#9456) by @haywoodsh in #9458
- Create ParseResourceReference function for future use by @AlexFenlon in #9454
- Get quick feedback when running testing in docker by @pdabelf5 in #9455
- Release 5.4.1 (#9464) by @haywoodsh in #9472
- Add 5.4.1 to the BUG template by @haywoodsh in #9473
- Add ProxyPass to Ingress location config by @AlexFenlon in #9469
- Simplify logic in policy validation by @pdabelf5 in #9457
- Refactor proxy-set-headers on Ingress by @pdabelf5 in #9470
- Remove detect-private-key exclude for tests, examples, and secrets by @haywoodsh in #9502
- Longest prefix match in VS and VSR by @javorszky in #9498
- Update go proxy usage by @pdabelf5 in #9518
- Remove notifications that used action-slack by @javorszky in #9550
- Update paths to gh actions by @jjngx in #9548
- Batch renovate docker PRs on 10th April 2026 by @javorszky in #9599
- Bundled go dependency updates 10 april 2026 by @javorszky in #9601
- Enhance linting workflow and renovate configuration for golangci-lint by @pdabelf5 in #9624
- Update automated issue message by @vepatel in #9623
- Add automergeType configuration to renovate.json by @pdabelf5 in #9627
- Change Ingress Template spacing into tabs by @AlexFenlon in #9598
- Add docker login to setup smoke if authenticated by @javorszky in #9522
- Only build the go binary if the source files have changed by @pdabelf5 in #9266
- Add new package groupings in renovate.json by @pdabelf5 in #9625
- Github actions workflow improvements by @pdabelf5 in #9634
- Update CI workflow to use '!=' for binary cache hit checks by @pdabelf5 in #9677
- Tighten path validation by @pdabelf5 in #9673
- Fix container package check by replacing auto_remove with remove flag by @pdabelf5 in #9693
- Remove unneeded error return from BalanceProxyValues by @javorszky in #9716
- Update tests that randomly fail by @pdabelf5 in #9733
- Add telemetry support for ExternalAuth policies by @pdabelf5 in #9739
- Update how we authorize users for the cherry-pick workflow by @pdabelf5 in #9742
- Update secret generation for routeSelector example by @pdabelf5 in #9750
- Provide AI tool hints to collaborators by @pdabelf5 in #9758
- Resolve unchecked error returns and remove lint suppressions by @pdabelf5 in #9013
- Update gofumpt and also fix formatting issues by @javorszky in #9788
- return 500 on using nginx.org/policies with waf policy by @vepatel in #9838
- Loosen nginx-plus version to 36 in data.json by @pdabelf5 in #9853
- Update go version to 1.26.3 by @javorszky in #9850
- Add UBI dependency images (c-ares + Perl/Boost RPMs) by @pdabelf5 in #9839
- Add cjson to UBI deps & add UBI10 image by @pdabelf5 in #9872
- Use rhel packages from ubi dependencies image by @pdabelf5 in #9871
- Reduce GH cache churn by docker builds by @pdabelf5 in #9890
- Pull c-ares from subscribed repos by @pdabelf5 in #9879
- Add NIC architecture guide and update Skills by @pdabelf5 in #9837
- Publish LTS images by @pdabelf5 in #9734
- Ensure runners version of yq is used by @pdabelf5 in #9903
- Refactor cherry-pick workflow to use git commands by @pdabelf5 in #9892
- Remove yq from chart build by @pdabelf5 in #9905
- Allow docker-scout to continue on error by @pdabelf5 in #9894
- Add release branches to baseBranchPatterns in renovate.json by @pdabelf5 in #9906
- Add condition to trigger Docker build if stable image does not exist by @pdabelf5 in #9856
- Update UBI10 dependency image by @sean-breen in #9907
- Update Dockerfile to UBI 10 by @sean-breen in #9908
- Update NIC to 5.4.3, helm chart to 2.5.3, operator to 3.5.4, WAF to 5.13.1 by @haywoodsh in #10008
- Cherry-pick dependencies for 5.5 by @sean-breen in #10037
- Remove unused
-agentimages from UBI and Debian with Dos only by @AlexFenlon in #10055
๐ Documentation
- Automate Release Docs Update by @spencerugbo in #9504
- Release 5.5.0 by @nginx-bot in #10036
โฌ๏ธ Dependencies
73 changes
- Update nginx:1.29.6 Docker digest to dec7a90 (main) by @renovate[bot] in #9378
- Bump google.golang.org/grpc from 1.79.2 to 1.79.3 in the go_modules group across 1 directory by @dependabot[bot] in #9403
- Update golangci/golangci-lint Docker tag to v2.11.4 (main) by @renovate[bot] in #9430
- Update Docker base image dependencies by @AlexFenlon in #9444
- Update Go dependencies to latest versions by @AlexFenlon in #9446
- Update GitHub Actions and Python dependencies by @AlexFenlon in #9445
- Update github actions (main) (major) by @renovate[bot] in #9466
- Update dependency preflight to v1.18.0 (main) by @renovate[bot] in #9465, #9616, #9684, #9840
- Update pre-commit hook python-jsonschema/check-jsonschema to v0.37.2 (main) by @renovate[bot] in #9477, #9767
- Update quay.io/jetstack/cert-manager-webhook Docker tag to v1.20.2 (main) by @renovate[bot] in #9490, #9608
- Update quay.io/jetstack/cert-manager-controller Docker tag to v1.20.2 (main) by @renovate[bot] in #9489, #9607
- Update quay.io/jetstack/cert-manager-cainjector Docker tag to v1.20.2 (main) by @renovate[bot] in #9488, #9606
- Update pre-commit hook rhysd/actionlint to v1.7.12 (main) by @renovate[bot] in #9507
- Update aws-sdk-go-v2 monorepo (main) by @renovate[bot] in #9476
- Update ghcr.io/nginx/dependencies/nginx-ubi:ubi9 Docker digest to 981065e (main) by @renovate[bot] in #9475, #9523, #9938, #9964
- Update docker/dockerfile Docker tag to v1.24 (main) by @renovate[bot] in #9513, #9865, #9881
- Update python:3.14-trixie Docker digest to 7095074 (main) by @renovate[bot] in #9244, #9554, #9700, #9822, #9939, #10012
- Update ghcr.io/nginx/dependencies/nginx-ubi:ubi8 Docker digest to 9defd80 (main) by @renovate[bot] in #9474
- Update redhat/ubi9 Docker tag to v9.7-1774415752 (main) by @renovate[bot] in #9417, #9558
- Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in the go_modules group across 1 directory by @dependabot[bot] in #9530
- Update Go to v1.26.2 by @AlexFenlon in #9567
- Update NGINX to 1.29.8 by @AlexFenlon in #9568
- Update WAF to 5.12.1 by @AlexFenlon in #9569
- Update dependency more-itertools to v11 (main) by @renovate[bot] in #9526
- Update nginx:1.29.8-alpine3.23 Docker digest to 5616878 (main) by @renovate[bot] in #9602, #9643
- Update redhat/ubi9-minimal Docker tag to v9.7-1776104705 (main) by @renovate[bot] in #9577
- Update NGINX Agent to v3.9 by @AlexFenlon in #9637
- Update golang:1.26-alpine Docker digest to f853308 (main) by @renovate[bot] in #9642
- Update quay.io/skopeo/stable Docker tag to v1.22.2 (main) by @renovate[bot] in #9663
- Update Red Hat UBI images (main) by @renovate[bot] in #9659
- Update AWS SDK v2 (main) by @renovate[bot] in #9660
- Update alpine:3.22 Docker digest to 310c62b (main) by @renovate[bot] in #9658
- Update Kubernetes ecosystem (main) by @renovate[bot] in #9661
- Update module github.com/dlclark/regexp2 to v1.12.0 (main) by @renovate[bot] in #9669
- Update Red Hat UBI images (main) by @renovate[bot] in #9680
- Update debian:12-slim Docker digest to 67b30a6 (main) by @renovate[bot] in #9698, #9802
- Update quay.io/oauth2-proxy/oauth2-proxy Docker tag to v7.15.2 (main) by @renovate[bot] in #9685
- Update Red Hat UBI images (main) by @renovate[bot] in #9683
- Bump github.com/jackc/pgx/v5 from 5.7.1 to 5.9.2 in the go_modules group across 1 directory by @dependabot[bot] in #9697
- Bump github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1 in the go_modules group across 1 directory by @dependabot[bot] in #9726
- Update coredns/coredns Docker tag to v1.14.3 (main) by @renovate[bot] in #9701
- Update nginx:1.29.8 Docker digest to 6e23479 (main) by @renovate[bot] in #9699
- Update pre-commit hook DavidAnson/markdownlint-cli2 to v0.22.1 (main) by @renovate[bot] in #9702
- Update Red Hat UBI images (main) by @renovate[bot] in #9736
- Update AWS SDK v2 (main) by @renovate[bot] in #9754
- Update Kubernetes ecosystem to v0.36.0 by @AlexFenlon in #9776
- Update Red Hat UBI images (main) by @renovate[bot] in #9772
- Update module github.com/dlclark/regexp2 to v2 by @AlexFenlon in #9777
- Update module github.com/dlclark/regexp2/v2 to v2.1.0 (main) by @renovate[bot] in #9783, #9828, #9990
- Update Red Hat UBI images (main) - autoclosed by @renovate[bot] in #9793
- Update module github.com/cert-manager/cert-manager to v1.20.2 (main) by @renovate[bot] in #9491
- Update golang.org/x (main) by @renovate[bot] in #9807
- Update NGINX and WAF versions to 1.31.0 and R37.0 respectively by @pdabelf5 in #9849
- Update nginx:1.31.0-alpine3.23 Docker digest to dc48b7a (main) by @renovate[bot] in #9880
- Update pre-commit hook psf/black-pre-commit-mirror to v26.5.1 (main) by @renovate[bot] in #9888, #9913
- Bump the pip group across 2 directories with 1 update by @dependabot[bot] in #9825
- Update Red Hat UBI images (main) by @renovate[bot] in #9829
- Update Plus images to Debian 13 Trixie by @AlexFenlon in #9896
- Update module github.com/gruntwork-io/terratest to v1 (main) by @renovate[bot] in #9830
- Update debian:13-slim Docker digest to b6e2a15 (main) by @renovate[bot] in #9910
- Update nginx:1.31.0 Docker digest to 800e7c9 (main) by @renovate[bot] in #9911
- Update Kubernetes ecosystem (main) by @renovate[bot] in #9703
- Update module golang.org/x/crypto to v0.52.0 (main) by @renovate[bot] in #9966
- Update golang.org/x/net to v0.55.0 by @pdabelf5 in #9983
- Update NGINX OSS to 1.31.1 by @AlexFenlon in #9982
- Update module github.com/gkampitakis/go-snaps to v0.5.22 (main) by @renovate[bot] in #10004
- Update module github.com/aws/aws-sdk-go-v2/config to v1.32.18 (main) by @renovate[bot] in #9987
- Update nginx:1.31.1-alpine3.23 Docker digest to 8b1e787 (main) by @renovate[bot] in #10011
- Update ghcr.io/nginx/dependencies/nginx-ubi:ubi10 Docker digest to 3998f88 (release-5.5) by @renovate[bot] in #10009, #10047
- Update nginx:1.31.1 Docker digest to 5aca995 (main) by @renovate[bot] in #10010
- Update Red Hat UBI images (main) by @renovate[bot] in #9940
- Update Red Hat UBI images (release-5.5) by @renovate[bot] in #10048
- Update OpenTelemetry to v1.44.0 (release-5.5) by @renovate[bot] in #10051
Other Changes
- Release 5.4.0 (#9409) by @haywoodsh in #9434
- Update NGINX Agent to 3.8 by @AlexFenlon in #9436
- Fix OpenSSF Scorecard badge link in README by @andy778 in #9017
- Removed Fossa workflow by @thresheek in #9543
- Expand cherry pick workflow by @pdabelf5 in #9725
New Contributors
Full Changelog: v5.4.3...v5.5.0
Upgrade
- For NGINX, use the v5.5.0 images from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v5.5.0 images from the F5 Container registry or build your own image using the v5.5.0 source code.
- For Helm, use version 2.6.0 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginx/kubernetes-ingress/tree/v5.5.0/examples
- Helm Chart -- https://github.com/nginx/kubernetes-ingress/tree/v5.5.0/charts/nginx-ingress
- Operator -- https://github.com/nginx/nginx-ingress-helm-operator