Skip to content

Commit e7c70d6

Browse files
farshadasadpourfarshadasadpour
authored
fix(ingress-nginx): Upgrade ingress-nginx to v1.12.1 and webhook certgen image to v1.5.2 (#12075)
This commit upgrades ingress-nginx to version v1.12.1, addressing multiple critical vulnerabilities including CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, CVE-2025-24513, and CVE-2025-24514 as detailed in the ingress-nginx release notes: https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1 Important Notes: - Fixing CVE-2025-1974 required disabling validation of the generated NGINX configuration during validation of Ingress resources. Invalid Ingress resources may stop the NGINX configuration from being updated. - Recommended mitigations include enabling annotation validation and disabling snippet annotations. Alongside this upgrade, the `ingress_nginx_kube_webhook_certgen_image_tag` has been updated to v1.5.2 for compatibility, based on: kubernetes/ingress-nginx#13066 Changelog: - Updated ingress-nginx version to v1.12.1 in Kubespray. - Updated `ingress_nginx_kube_webhook_certgen_image_tag` in `roles/kubespray-defaults/defaults/main/download.yml` to v1.5.2. Fixes: #12073
1 parent cd9c21b commit e7c70d6

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,7 @@ Note:
129129
- Application
130130
- [cert-manager](https://github.com/jetstack/cert-manager) 1.15.3
131131
- [coredns](https://github.com/coredns/coredns) 1.11.3
132-
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) 1.12.0
132+
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) 1.12.1
133133
- [argocd](https://argoproj.github.io/) 2.14.5
134134
- [helm](https://helm.sh/) 3.16.4
135135
- [metallb](https://metallb.universe.tf/) 0.13.9

roles/kubespray-defaults/defaults/main/download.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -323,13 +323,13 @@ rbd_provisioner_image_tag: "v{{ rbd_provisioner_version }}"
323323
local_path_provisioner_version: "0.0.24"
324324
local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
325325
local_path_provisioner_image_tag: "v{{ local_path_provisioner_version }}"
326-
ingress_nginx_version: "1.12.0"
326+
ingress_nginx_version: "1.12.1"
327327
ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
328328
ingress_nginx_opentelemetry_image_repo: "{{ kube_image_repo }}/ingress-nginx/opentelemetry"
329329
ingress_nginx_controller_image_tag: "v{{ ingress_nginx_version }}"
330330
ingress_nginx_opentelemetry_image_tag: "v20230721-3e2062ee5"
331331
ingress_nginx_kube_webhook_certgen_image_repo: "{{ kube_image_repo }}/ingress-nginx/kube-webhook-certgen"
332-
ingress_nginx_kube_webhook_certgen_image_tag: "v1.5.0"
332+
ingress_nginx_kube_webhook_certgen_image_tag: "v1.5.2"
333333
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
334334
alb_ingress_image_tag: "v1.1.9"
335335
cert_manager_version: "1.15.3"

0 commit comments

Comments
 (0)