·
9 commits
to release-5.3
since this release
What's Changed
🚀 Features
- add sslVerify for jwksUri by @vepatel in #8292
- Add support for ssl ciphers related annotations by @vepatel in #8447
- Implement OIDC front channel logout NGINX directives by @javorszky in #8340
- Add OIDC timeout customization to ConfigMap by @AlexFenlon in #8495
- Support namespaced upstream service reference in VirtualServer by @haywoodsh in #8453
- add rewrite-target annotation by @vepatel in #8508
- Add
client-body-buffer-sizedirective to Ingress Annotations & Configmap by @AlexFenlon in #8548 - Add client-body-buffer-size directive to VirtualServer by @AlexFenlon in #8557
- Add OIDC Policy IDP TLS validation by @pdabelf5 in #8556
- extend cache policy for more configurable parameters by @haywoodsh in #8533
🐛 Bug Fixes
- remove type field for objects with schema ref by @vepatel in #8299
- Cleanup stale socket files on startup by @AlexFenlon in #8455
📦 Helm Chart
- Include
metricsin the helm agent config by @dareste in #8404 - Optionally create HorizontalPodAutoscaler by @pdabelf5 in #8452
🧪 Tests
- Wrap oidc fclo initiated test in a while loop by @javorszky in #8460
- Disable failing foreign upstream test by @pdabelf5 in #8546
- Change foreign upstream resource creation order by @haywoodsh in #8535
🔨 Maintenance
- Version Bump for 5.3.0 by @github-actions[bot] in #8241
- update script to include statefulset yaml by @vepatel in #8259
- fix dry-run logic for docs PR by @vepatel in #8261
- add cache policy to telemetry by @vepatel in #8265
- Use F5 self-hosted runners by @AlexFenlon in #8268
- Fix helm not found in CI pipeline by @AlexFenlon in #8281
- Login to dockerhub when building authenticated images by @pdabelf5 in #8293
- Update Community Call dates by @AlexFenlon in #8295
- Pin all NAP WAF package versions by @pdabelf5 in #8317
- Pin goreleaser version & update with renovate by @pdabelf5 in #8319
- Add assertions document to binary build workflow by @pdabelf5 in #8336
- Only add assertion doc on release runs by @pdabelf5 in #8345
- Update k8s variable syntax for minikube & kind by @pdabelf5 in #8347
- Re-enable NGINX bot by @pdabelf5 in #8354
- Fix Snapshots failing in Version Bump workflow by @AlexFenlon in #8357
- Update k8s version fetch logic by @vepatel in #8379
- Group python and actions changes into one PR of each type by @pdabelf5 in #8393
- Allow easier updates to Agent versions on NAP images by @AlexFenlon in #8303
- Update release with f5 runner by @vepatel in #8402
- Publish helm chart to nginx-charts by @pdabelf5 in #8403
- Remove assertion doc from CI by @AlexFenlon in #8422
- Update goproxy logic & cleanup netrc by @pdabelf5 in #8421
- Add versions to bug report template by @pdabelf5 in #8434
- Split Python tests to reduce run time by @pdabelf5 in #8419
- Replace discouraged PlayWright functions in our pytests by @javorszky in #8467
- Remove unused pytest option by @pdabelf5 in #8531
- Migrate client secret to OIDC for Azure Marketplace by @pdabelf5 in #8532
- Migrate additional Github secrets to Azure Vault by @AlexFenlon in #8528
- Migrate OpenShift & Plus secrets to Azure Vault by @pdabelf5 in #8515
- Migrate NGINX Plus secrets to Azure Vault by @pdabelf5 in #8517
- Migrate docker & nginx bot credentials to Azure Vault by @pdabelf5 in #8530
- Migrate GCR secrets to Azure Vault by @pdabelf5 in #8518
- Fix spacing in README tables by @AlexFenlon in #8597
- Update automated release docs to match previous version by @AlexFenlon in #8591
- update nginx plus waf pkg and alpine base version by @vepatel in #8600
- [cherry-pick] fix git user for release wf by @nginx-bot in #8602
- Fix shell variable globbing issue using quotes by @nginx-bot in #8605
- Update permissions on image promotion CI by @nginx-bot in #8610
📝 Documentation
- Fix foreign service example by @haywoodsh in #8516
- Update README links to reflect documentation URL changes by @ADubhlaoich in #8519
- Update Helm chart NOTES.txt with newer documentation links by @ADubhlaoich in #8586
- update release branch docs by @vepatel in #8653
⬆️ Dependencies
87 changes
- chore(deps): bump the python group with 2 updates by @dependabot[bot] in #8243
- Docker image update e10758e1 by @github-actions[bot] in #8244
- chore(deps): bump github/codeql-action from 3.30.1 to 3.30.3 in the actions group by @dependabot[bot] in #8249, #8263
- chore(deps): bump python from
d99178etoa805109in /tests by @dependabot[bot] in #8248, #8254 - Bump preflight version to v1.14.1 by @pdabelf5 in #8252
- chore(deps): bump the actions group with 2 updates by @dependabot[bot] in #8269
- chore(deps): bump the python group with 5 updates by @dependabot[bot] in #8270
- chore(deps): bump anchore/sbom-action from 0.20.5 to 0.20.6 in the actions group by @dependabot[bot] in #8275
- Docker image update 80954460 by @github-actions[bot] in #8279
- Docker image update 11a34148 by @github-actions[bot] in #8284
- chore(deps): bump the python group with 5 updates by @dependabot[bot] in #8287
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #8286, #8369, #8423, #8539, #8566
- chore: Configure Renovate by @renovate[bot] in #8298
- chore(deps): bump the actions group across 1 directory with 5 updates by @dependabot[bot] in #8300
- Update quay.io/keycloak/keycloak Docker tag to v26.4.7 (main) by @renovate[bot] in #8308, #8459, #8510, #8565, #8576, #8595
- Update docker/dockerfile Docker tag to v1.20 (main) by @renovate[bot] in #8307, #8374, #8570, #8584
- Update dependency requests to v2.32.5 by @renovate[bot] in #8312
- Docker image update 119a0c53 by @github-actions[bot] in #8315
- Update aws-sdk-go-v2 monorepo by @renovate[bot] in #8309
- Update dependency cryptography to v46.0.2 by @renovate[bot] in #8323
- Update module github.com/gkampitakis/go-snaps to v0.5.17 (main) by @renovate[bot] in #8326, #8564, #8582
- Docker image update 40eeffe2 by @github-actions[bot] in #8324
- Update dependency pycparser to v2.23 by @renovate[bot] in #8333
- Update ossf/scorecard-action action to v2.4.3 by @renovate[bot] in #8332
- Docker image update 382b3684 by @github-actions[bot] in #8334
- Update dependency certifi to v2025.8.3 by @renovate[bot] in #8344
- Update actions/cache action to v4.3.0 by @renovate[bot] in #8343
- Update module github.com/golang-jwt/jwt/v4 to v5 by @pdabelf5 in #8337
- Update k8s.io/utils digest to bc988d5 by @renovate[bot] in #8349
- Update dependency grpcio to v1.75.1 by @renovate[bot] in #8355
- Update peter-evans/dockerhub-description action to v5 by @renovate[bot] in #8356
- Update dependency cffi to v2 by @renovate[bot] in #8350
- Update examples with keycloak 26.x by @pdabelf5 in #8362
- Update balabit/syslog-ng Docker tag to v4.10.2 (main) by @renovate[bot] in #8366, #8443, #8466
- Update docker/login-action action to v3.6.0 by @renovate[bot] in #8375
- Update Renovate configuration by @pdabelf5 in #8381
- Docker image update 7502f23c by @nginx-bot in #8384
- Update dependency wrapt to v1.17.3 (main) by @renovate[bot] in #8388
- Update dependency pyyaml to v6.0.3 (main) by @renovate[bot] in #8387
- Update golang:1.25-alpine Docker digest to 182059d (main) by @renovate[bot] in #8389, #8438, #8502
- Update pre-commit hook asottile/pyupgrade to v3.21.2 (main) by @renovate[bot] in #8405, #8525, #8559
- Update python Docker tag to v3.14 (main) by @renovate[bot] in #8406
- Correct space in github actions, update renovate syntax by @pdabelf5 in #8397
- Allow renovate to run postUpgradeTasks by @pdabelf5 in #8424
- Update renovate PR's in github workflow by @pdabelf5 in #8427
- Update module github.com/cert-manager/cert-manager to v1.19.0 (main) by @pdabelf5 in #8429
- Update redhat/ubi9 Docker tag to v9.7-1764578509 (main) by @renovate[bot] in #8431, #8588
- Update module github.com/gruntwork-io/terratest to v0.54.0 (main) by @renovate[bot] in #8396, #8476, #8572
- Update redhat/ubi9-minimal Docker tag to v9.7-1764578379 (main) by @renovate[bot] in #8432, #8589
- Update ghcr.io/nginx/dependencies/nginx-ubi:ubi9 Docker digest to aa99558 (main) by @renovate[bot] in #8437, #8449, #8461, #8491, #8501, #8550, #8563, #8580, #8598
- Upgrade github.com/nginx/nginx-plus-go-client/v3 to v3.0.1 by @pdabelf5 in #8401
- Update aws-sdk-go-v2 monorepo (main) by @renovate[bot] in #8440
- Update redhat/ubi8 Docker digest to a444712 (main) by @renovate[bot] in #8439, #8451, #8558, #8575
- Update module github.com/cert-manager/cert-manager to v1.19.1 (main) by @renovate[bot] in #8428
- Update debian:12-slim Docker digest to 936abff (main) by @renovate[bot] in #8448, #8471, #8542
- Update python:3.14-bookworm Docker digest to 407cd1c (main) by @renovate[bot] in #8450, #8462, #8482, #8543
- Use renovate to monitor test data yaml files by @pdabelf5 in #8445
- Update ghcr.io/nginx/dependencies/nginx-ubi:ubi8 Docker digest to fa931e9 (main) by @renovate[bot] in #8436, #8490, #8549, #8562, #8579, #8587, #8599
- Update aws-sdk-go-v2 monorepo (main) by @renovate[bot] in #8464
- Update golangci/golangci-lint Docker tag to v2.6.2 (main) by @renovate[bot] in #8474, #8551
- Update module github.com/nginx/nginx-prometheus-exporter to v1.5.1 (main) by @renovate[bot] in #8465
- Update renovate to bump minor go versions by @pdabelf5 in #8486
- Update aws-sdk-go-v2 monorepo (main) by @renovate[bot] in #8483
- Update coredns/coredns Docker tag to v1.13.1 (main) by @renovate[bot] in #8484
- Update kindest/node Docker tag to v1.34.0 (main) by @renovate[bot] in #8475
- Update dependency go to v1.25.4 (main) by @renovate[bot] in #8493, #8503
- Update quay.io/jetstack/cert-manager-cainjector Docker tag to v1.19.1 (main) by @renovate[bot] in #8497
- Update quay.io/jetstack/cert-manager-controller Docker tag to v1.19.1 (main) by @renovate[bot] in #8498
- Update quay.io/jetstack/cert-manager-webhook Docker tag to v1.19.1 (main) by @renovate[bot] in #8499
- Update dependency ClusterRole to rbac.authorization.k8s.io/v1 (main) by @renovate[bot] in #8492
- Update registry.k8s.io/external-dns/external-dns Docker tag to v0.20.0 (main) by @renovate[bot] in #8513, #8596
- Update test containers to v0.2.6 by @pdabelf5 in #8514
- Update docker-registry.nginx.com/nap-dos/app_protect_dos_arb Docker tag to v1.2.0 (main) by @renovate[bot] in #8511
- Update pre-commit hook psf/black-pre-commit-mirror to v25.11.0 (main) by @renovate[bot] in #8526
- Update module github.com/aws/aws-sdk-go-v2/config to v1.31.18 (main) by @renovate[bot] in #8524
- Update aws-sdk-go-v2 monorepo (main) by @renovate[bot] in #8544
- Update kubernetes packages to v0.34.2 (main) by @renovate[bot] in #8552
- Update pre-commit hook rhysd/actionlint to v1.7.9 (main) by @renovate[bot] in #8560
- Bump golang.org/x/crypto from 0.42.0 to 0.45.0 in the go_modules group across 1 directory by @dependabot[bot] in #8553
- Update aws-sdk-go-v2 monorepo (main) by @renovate[bot] in #8569
- Update module mvdan.cc/gofumpt to v0.9.2 (main) by @renovate[bot] in #8578
- Update module golang.org/x/tools to v0.39.0 (main) by @renovate[bot] in #8577
- Update NGINX to 1.29.3, NGINX Agent to 3.5 by @pdabelf5 in #8494
- Update python:3.14-trixie Docker digest to d88b120 (main) by @renovate[bot] in #8581
- Bump WAF version to 5.10.0 by @nginx-bot in #8611
- Update golang:1.25-alpine Docker digest to 2611181 (main) by @nginx-bot in #8615
- Update dependency go to v1.25.5 (main) by @nginx-bot in #8616
Other Changes
- fix govulncheck image promotion by @nginx-bot in #8649
- Get k8s version from tests/makefile rather than dockerfile by @nginx-bot in #8651
Full Changelog: v5.2.1...v5.3.0
Upgrade
- For NGINX, use the v5.3.0 images from our DockerHub, GitHub Container, Amazon ECR Public Gallery or Quay.io.
- For NGINX Plus, use the v5.3.0 images from the F5 Container registry or build your own image using the v5.3.0 source code.
- For Helm, use version 2.4.0 of the chart.
Resources
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/
- Configuration examples -- https://github.com/nginx/kubernetes-ingress/tree/v5.3.0/examples
- Helm Chart -- https://github.com/nginx/kubernetes-ingress/tree/v5.3.0/deployments/helm-chart
- Operator -- https://github.com/nginx/nginx-ingress-helm-operator
Contributors
javorszky, renovate, and 9 other contributors