Gitea has announced the release of version 1.21.3. This update includes 18 merged pull requests and fixes for a security vulnerability. Users are strongly encouraged to update to this version for important bug fixes.

One notable improvement in this release is that it is built with the latest released version of Golang to resolve the announced CVE with Golang. The specific CVE addressed is CVE-2023-48795.

The problem that was fixed in this release was contributed by @wxiaoguang.

For those interested in updating to Gitea 1.21.3, the software can be downloaded from the downloads page. The installation guide provides more information on how to install the update.

For a full list of changes in Gitea 1.21.3, refer to the Changelog.

Flux CD has released version 2.2.0, a tool for keeping Kubernetes clusters in sync with sources of configuration and automating updates to configuration when there is new code to deploy. This feature release brings several updates and improvements to provide users with the best experience.

The Flux CLI and controllers have been updated to support Kustomize v5.3.0 and Kubernetes v1.28.4. This ensures compatibility with the latest versions and improves performance and stability.

One of the major updates in this release is the significant overhaul of the Flux helm-controller’s reconciliation model. This addresses persistent issues such as the automatic recovery of releases stuck in a pending state. It also improves the observability of the release status and introduces the ability to enable drift detection on a per-object basis. More details on the helm-controller improvements can be found in the Announcing Flux 2.2 GA blog post.

The Flux CLI now allows users to force or reset the reconciliation state of a HelmRelease v2beta2 object using the flux reconcile hr --force and flux reconcile hr --reset commands. This gives users more control over the deployment process.

The Flux CLI also comes with support for bootstrapping Gitea repositories, providing users with more options for managing their configuration sources. It also adds guardrails to flux install and flux bootstrap to protect users from destructive operations. Additionally, the flux version and flux check commands now print the Flux distribution version deployed on the cluster, making it easier for users to keep track of their Flux installation.

The alerting capabilities of Flux have been extended with support for NATS and Bitbucket Server & Data Center. This allows users to use these additional notification providers for alerting and monitoring purposes.

Starting with this release, Flux minor versions are benchmarked to measure the Mean Time To Production (MTTP), providing users with valuable insights into the performance of Flux.

The release is compatible with Kubernetes versions 1.26, 1.27, and 1.28.

The API changes in this release include the promotion of the HelmRelease kind from v2beta1 to v2beta2. The v2beta2 API is backwards compatible with v2beta1, and the v2beta1 API is deprecated and will be removed in a future release. Several new fields have been added, including drift detection and correction on a per-release basis, selective running of Helm tests, and a history of metadata from Helm releases. The Alert and Provider kinds have also been promoted from v1beta2 to v1beta3, with the removal of the .status field. The Bucket API now has a new field for server-side filtering of files, and the OCIRepository and HelmChart APIs have new fields for verifying OIDC identity. The HelmRepository and ImageRepository APIs have a new boolean field for connecting to non-TLS HTTP container registries.

To upgrade to Flux v2.2.0, users can either rerun the bootstrap process or use the Flux GitHub Action. The APIs can be upgraded by deploying the new CRDs and controllers and changing the manifests in Git. It is advised not to delay this procedure as the deprecated versions will be removed after 6 months.

The release also includes new documentation for the HelmRelease v2beta2 specification and a guide on enabling in-memory Kustomize builds.

Overall, Flux v2.2.0 brings several updates and improvements to provide users with a better experience in managing their Kubernetes clusters and configuration sources. Users are encouraged to upgrade to this version for the best experience.

Gitea has released version 1.21.0, which includes numerous new features and improvements. The release consists of 962 pull requests and marks the departure of Gitea Actions from the experimental state. Users can download the new version from the Gitea website.

The release includes several breaking changes that may affect users. One change involves moving public asset files to the proper directory. Previously, these files were served under a different directory, causing confusion for users. To resolve this, the default assets folder has been changed, and users with custom asset files will need to transfer them to the new location.

Another breaking change involves the configuration option for SSH authorized keys backup. Previously, this option was set to automatically create backups of the authorized keys file when a new SSH key was added. However, this caused the backup folder to become excessively large on instances with many users. As a result, the default value of this parameter has been changed, and users who still want backups should manually set it to true.

Additionally, the release removes the CHARSET configuration option for MySQL and always uses utf8mb4. Using utf8 as a charset for MySQL can lead to issues, and as Gitea only supports MySQL v5.7+, support for utf8 is no longer necessary. Existing utf8 databases will continue to work, but users are strongly encouraged to convert them to utf8mb4.

The release also includes improvements to Gitea Actions. Several new features have been added, including scheduled workflows, disabling workflows, and downloading raw task logs. Additionally, the admin page has been enhanced with capabilities such as manually rebuilding the issue index and a details page for each user.

Other notable improvements include the ability to select a specific commit range when reviewing a pull request, notifications for recently pushed branches, support for CODEOWNERS files, and the ability to pre-register OAuth2 applications for git credential helpers.

The release also introduces archived labels, a new concept that allows users to retire labels without deleting them. Gitea Actions have received various enhancements, making them a mature component of Gitea. The blame view has been simplified, and it is now possible to retry failed pull mirror creations.

Furthermore, the release includes improvements to the admin page, the ability to see if the CI is currently successful for all branches, and optimizations to reduce database deadlocks.

Looking ahead, Gitea 1.22 is expected to bring changes to the default themes and drop support for older database versions. The default themes will be renamed, and a new dark theme will be introduced. Users are encouraged to update their database versions for compatibility and security.

Overall, the release of Gitea 1.21.0 brings a range of new features and improvements that enhance the functionality and user experience of the platform. Users are encouraged to update to the latest version to take advantage of these enhancements.

Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes, has announced the release of version v2.9.0. This release includes a total of 368 contributions from 144 contributors, with 73 new features and 59 bug fixes.

Features

• Retry logic for Kubernetes client
• Grace period for repository errors
• Examples added to help output for admin.go file
• Examples added to help output for argocd_server.go file
• ‘Both’ option added for uibannerposition
• PKCE authentication flow for web logins
• Example added for generate-allow-list command
• Examples added to help output for get KEYID command
• Examples added to help output for “gpg_list” command
• Examples added to help output for remaining “create PROJECT ROLE-NAME” commands
• Examples added to argocd proj role cli family
• Admin-app-example added to cli
• Project flag added to avoid permission denied errors on 404
• Notification secrets exposed for request payload templating
• Git requests made configurable
• Write back added to application informer
• Print stderr output from command even on success
• Examples added to help output for “list PROJECT” command
• Examples added to help output for “gpg add” command
• Recursive Helm Values files detection in UI
• Rate limited queue implemented
• Examples added to help output for remaining “get APPNAME” commands
• Repocred-list-example added to cli
• Cluster-list-example added to cli
• Examples added to help output for “delete PROJECT ROLE-NAME” command
• Examples added to projectwindows.go
• Iammanager.keikoproj.io/Iamrole health check added
• Examples added to help output for “generate-spec PROJECT” command
• Repo-example added to cli
• Examples added to help output for “set APPNAME” command
• Examples added to help output for “logs APPNAME” command
• Example added to argocd relogin command
• Examples added to help output for all “argocd proj” commands
• Example added to help output for bcrypt command
• fromYaml and fromYamlArray toYaml functions added to appset
• Example added to help output for app actions command
• Examples added to help output for remaining “argocd account” commands
• Examples added to help output for remaining “argocd repocreds” commands
• Example added to help output for context command
• Individual e2e tests retried in CI
• ignoreApplicationDifferences added to appset
• PushSecret health status and force-sync action implemented
• AnsibleJob CRD health checks implemented
• Patches field added to Kustomize
• Support for AzureDevops Webhooks added to appset
• Dynamic rebalancing of clusters across shards implemented
• Tree option added to output flag for app sync, app wait, and app rollback commands
• Automatically apply extension configs without restarting API-Server
• Patch_ms and setop_ms timings added to reconciliation logs
• Button added for wrapping lines in pod logs viewer
• Option added to output flag for app get and app resources commands for tree view
• Appset preserve labels and global preserve fields added
• Haproxy metrics enabled through helm Chart
• Shorthand flags added for follow and container in app logs command
• ARGOCD_CLUSTER_CACHE_LIST_PAGE_BUFFER_SIZE environment variable added
• RBAC validation command now takes either namespace or policy-file
• Timezone added to projectwindows list
• Dark theme improvements in UI
• Auto-sync now handles ‘another operation is already in progress’ error
• ApplicationSet now deletes Application status
• Various bug fixes and improvements implemented

For the full changelog and more information, please visit the release-2.8…v2.9.0 comparison.

Flux CD, a tool for keeping Kubernetes clusters in sync with sources of configuration like Git, has released version 2.1.2. This patch release comes with various fixes and improvements to provide users with the best experience.

One of the key fixes in this release is the faster recovery of resources such as Kustomization and HelmRelease when the source-controller has restarted and is working on restoring storage. Additionally, the source-controller now prevents failing to reconcile OCIRepositories when artifacts contain symlinks.

Another important fix addresses an issue with the helm-controller miss-labeling Custom Resource Definitions. Flux now also detects immutable field errors in Google Cloud resources managed by Kustomizations, improving the overall stability and reliability of the system.

The CLI has also seen some updates. The error reporting for flux bootstrap has been enhanced when the owner doesn’t match the identity associated with the given token. Furthermore, the flux pull artifact command now allows fetching OCI artifacts produced by other tools.

Here are the components and CLI changes in Flux CD v2.1.2:

Components Changelog

• source-controller v1.1.2
• kustomize-controller v1.1.1
• helm-controller v0.36.2

CLI Changelog

• PR #4324 - @somtochiama - bootstrap: Fix error msg when the Git token doesn’t match the repo owner
• PR #4323 - @stefanprodan - e2e: Update Go dependencies
• PR #4313 - @fluxcdbot - Update toolkit components
• PR #4296 - @Skarlso - fix: only wait for changeset if the result is not empty
• PR #4285 - @matheuscscp - Add badge for SLSA Level 3
• PR #4284 - @errordeveloper - Make flux pull work for OCI artifacts produced by other tools

Flux CD users are highly encouraged to upgrade to version 2.1.2 to benefit from these fixes and improvements.

Gitea has announced the release of version 1.20.5 of their software. This update includes important bug fixes, making it highly recommended for users to update to this version.

To create this release, the Gitea team merged 24 pull requests. Users can download pre-built binaries for their specific platform from the downloads page. Detailed installation instructions can be found in the installation guide.

The changelog for version 1.20.5 includes the following enhancements and bug fixes:

Enhancements:

• Fix z-index on markdown completion
• Use secure cookie for HTTPS sites

Bug Fixes:

• Fix git 2.11 error when checking IsEmpty
• Allow get release download files and lfs files with oauth2 token format
• Fix orphan check for deleted branch
• Quote table release in sql queries
• Fix release URL in webhooks
• Fix successful return value for SyncAndGetUserSpecificDiff
• Fix pagination for followers and following
• Fix issue templates when blank issues are disabled
• Fix context cache bug & enable context cache for dashboard commits’ authors
• Fix INI parsing for value with trailing slash
• Fix PushEvent NullPointerException jenkinsci/github-plugin
• Fix organization field being null in POST /orgs/{orgid}/teams
• Fix bug of review request number

Additionally, there have been improvements in testing and documentation, as well as miscellaneous changes.

The contributors to this release include:

• @Infinoid
• @KN4CK3R
• @lunny
• @sebastian-sauer
• @wxiaoguang