⚠️ Security
- GHSA-jr6p-8pjj-mfx6 Moderate: Incomplete fix of CVE-2026-22872: TenantResource RawItems and Generators still allow cluster-scoped resource creation (cross-tenant privilege escalation) - Without impersonation
- GHSA-68cj-mvg9-rgm2 Moderate: CapsuleConfiguration NodeMetadata regex fields lack webhook validation, allowing MustCompile panic on all Node admission requests
Changelog
✨ New Features
- 8e1cc91: feat(globalcustomquota): add support for not-equals field selector (#1997) (@sandert-k8s)
- 77d1810: feat(chart): add built-in prometheusrules (#1990) (@oliverbaehler)
- 77d1810: feat: add metadata enforcement (#1990) (@oliverbaehler) Read More
- 0c22ce8: feat: define interface for event recorder (#1985) (@bakito)
- 6a762e7: feat: add improve webhook validation for regex properties (#1995) (@oliverbaehler)
- 6a762e7: feat: add metric recorder for all objects with conditions (#1995) (@oliverbaehler)
🐛 Bug fixes
- 4b07463: fix: metric recorders for all conditionals (#1998) (@oliverbaehler)
🛠 Dependency updates
Full Changelog: v0.13.7...v0.13.8
Check out what's new in this release
Docker Images
ghcr.io/projectcapsule/capsule:0.13.8ghcr.io/projectcapsule/capsule:latest
Helm Chart
View this release on Artifact Hub or use the OCI helm chart:
ghcr.io/projectcapsule/charts/capsule:0.13.8
Review the Major Changes section first before upgrading to a new version
Important
Kubernetes compatibility
Note that the Capsule project offers support only for the latest minor version of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors.
| Kubernetes version | Minimum required |
|---|---|
v1.35
| >= 1.35.0
|
Thanks to all the contributors! 🚀 🦄