v1.21.0

Deprecations/Removals

• We are supporting Kubernetes version 1.27.0 and above. Older versions are no longer supported.
• We are pushing images to GHCR repo only. The DockerHub images are deprecated and will not be updated further. This applies to all Fission components, environments and keda-connector images.

Fixes

• We have fixed critical security issues in the Fission codebase.
• We have also removed/replaced vulnerable dependencies in the Fission codebase.
• We have SBOM, provenance and key verification for all binaries and images. This ensures the authenticity of the binaries and images.
• Minor fixes and improvements in helm charts

Changelog

• Fix: an invalid env manifest file breaks the executor component which stops the creation and deletion of envs by @soharab-ic in #3034
• Add podSpec to generated environment manifest by @soharab-ic in #3033
• Update K8s version for envtest to 1.30.x by @soharab-ic in #3038
• Remove unreachable code by @soharab-ic in #3039
• Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 by @dependabot in #3056
• Add path safety fixes by @sanketsudake in #3061
• Add OpenSSF Scorecard action by @sanketsudake in #3066
• Add OpenSSF scorecard badge by @sanketsudake in #3067
• Apply best security practices for OpenSSF by @sanketsudake in #3069
• Bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in #3074
• Bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in #3073
• Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #3072
• Bump codecov/codecov-action from 4.5.0 to 5.1.1 by @dependabot in #3071
• Bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @dependabot in #3070
• Skip CI for dependabot PR and remove manual dispatch by @sanketsudake in #3080
• Update Go dependencies by @sanketsudake in #3081
• Bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 by @dependabot in #3077
• Add provenance steps for release by @sanketsudake in #3083
• Update dependabot config by @sanketsudake in #3094
• Grouped dependabot updates for dockerfile and github-actions by @sanketsudake in #3111
• Bump the global group with 9 updates by @dependabot in #3118
• Update dependabot.yml grouping by @sanketsudake in #3119
• Bump golang.org/x/crypto from 0.28.0 to 0.31.0 in the go_modules group by @dependabot in #3110
• Bump the docker-images group across 5 directories with 1 update by @dependabot in #3121
• Bump helm/kind-action from 1.11.0 to 1.12.0 in the github-actions group by @dependabot in #3122
• Fix SBOM and provenance for releases by @sanketsudake in #3124
• Update Go version to 1.23.4 by @sanketsudake in #3126
• Bump the go-dependencies group across 1 directory with 25 updates by @dependabot in #3125
• fix: apply kubernetes resources to the webhook-server by @mrsimonemms in #3084
• Log only related configmap and secret by @lx1036 in #3049
• fix: fix slice init length by @occupyhabit in #3064
• Update create.go to handle namespace isolation by @sofsms in #3130
• Bump the docker-images group across 5 directories with 1 update by @dependabot in #3132
• Bump the go-dependencies group with 3 updates by @dependabot in #3131
• Use controller-gen and code-generator latest version by @sanketsudake in #3133
• Use mholt/archives instead of mholt/archiver by @sanketsudake in #3128
• Update k8s versions and set minimum version to 1.27.0 by @sanketsudake in #3134
• Bump the go-dependencies group with 4 updates by @dependabot in #3141
• Bump the github-actions group with 4 updates by @dependabot in #3140
• PR-3051: Fix download deploy package out of k8s cluster by @soharab-ic in #3136
• Update chart version v1.21.0-rc1 by @sanketsudake in #3143
• Use GHCR repo for fetcher image by default by @sanketsudake in #3145
• Bump the docker-images group across 5 directories with 1 update by @dependabot in #3139
• Update chart version v1.21.0-rc2 by @sanketsudake in #3146
• fix: custom runtime container name is invalid by @lcgash in #3065
• Bump the github-actions group with 2 updates by @dependabot in #3148
• Bump the docker-images group across 5 directories with 1 update by @dependabot in #3149
• Duplicate Job names in helm chart templates by @sanketsudake in #3150
• Adopt custom defaulter and validator interface for webhooks intead of deprecated default by @sanketsudake in #3152
• Update SECURITY.md by @sanketsudake in #3151
• Bump the go-dependencies group with 17 updates by @dependabot in #3147
• Update all images used to GHCR repo by @sanketsudake in #3154

References

• Environments
• Custom Resource Definition Specification
• Releases