1.0.25

Maintenance release

• Use Go 1.23.2 for local and Docker image build. This mitigates following CVEs (via Go stdlib):
  • CVE-2024-34155
  • CVE-2024-34156
  • CVE-2024-34158
• Update various dependencies in go.mod

Full Changelog: 1.0.24...1.0.25

1.0.24

Maintenance release

• bump dependencies (cert-manager, apiserver, k8s client etc.)
• Use Go 1.23

Full Changelog: 1.0.23...1.0.24

1.0.23

Maintenance release.

• Bump golang.org/x/net to 0.24 to mitigate CVE-2023-45288
• Bump other dependencies: apiextensions-apiserver,apimachinery,client-go etc.
• use Go 1.22 for compilation

Full Changelog: 1.0.22...1.0.23

1.0.22

Maintenance release.

bump dependencies to fix CVE-2024-24786:

• bump k8s.io/apiextensions-apiserver from 0.29.2 to 0.29.3
• bump k8s.io/apimachinery from 0.29.2 to 0.29.3
• bump k8s.io/client-go from 0.29.2 to 0.29.3
• bump cert-manager to 1.14.4

1.0.21

What's Changed

• fix: do not pass netcup API error in some case by @aellwein in #42
• bump dependencies

Full Changelog: 1.0.20...1.0.21

1.0.20

Minor changes:

• Bump golang.org/x/crypto dependency to 0.17.0 to fix CVE-2023-48795
• Use Go 1.21 for build

1.0.19

Minor changes only.

• change Docker registry to ghcr.io (#28)

1.0.18

Minor release to fix some CVEs:

Following CVEs were fixed:

• CVE-2023-47108
• CVE-2023-45142
• CVE-2023-39325
• GHSA-m425-mq94-257g
• CVE-2023-3978
• CVE-2023-44487

1.0.17

• fix: add add CA certificates from Alpine image

Add well-known CAs to the "naked" busybox image, otherwise
webhook fails to establish connection to Netcup.

Thanks @teksuo for reporting this.

1.0.16

• Use Busybox 1.36.1 Docker image for building release (mitigates CVE-2023-2650)
• Use Go 1.20.5 in a build