v1.12.10
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.12.10
fixes a bug in the DigitalOcean DNS-01 provider which could cause incorrect DNS records to be deleted when using a domain with a CNAME. Special thanks to @BobyMCbobs for reporting this issue and testing the fix!
It also patches CVE-2023-45288.
⚠️ Known Issues
-
ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see release docs for more info and mitigations
-
If you misconfigure two Certificate resources to have the same target Secret resource, cert-manager will generate a MANY CertificateRequests, possibly causing high CPU usage and/ or high costs due to the large number of certificates issued (see #6406).
This problem was resolved in v1.13.2 and other later versions, but the fix cannot be easily backported to v1.12.x. We recommend using v1.12.x with caution (avoid misconfigured Certificate resources) or upgrading to a newer version.
Changes
Bug or Regression
- DigitalOcean: Ensure that only TXT records are considered for deletion when cleaning up after an ACME challenge (#6894, @SgtCoDFish)
- Bump golang.org/x/net to address CVE-2023-45288 (#6933, @SgtCoDFish)