chore(deps): update module helm.sh/helm/v3 to v3.14.2 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
helm.sh/helm/v3	v3.11.3 -> v3.14.2

GitHub Vulnerability Alerts

CVE-2024-25620

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time.

Impact

When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name.

Patches

This issue has been resolved in Helm v3.14.1.

Workarounds

Check all charts used by Helm for path changes in their name as found in the Chart.yaml file. This includes dependencies.

Credits

Disclosed by Dominykas Blyžė at Nearform Ltd.

CVE-2024-26147

A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.

Impact

When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would occur in Helm.

In the Helm SDK this is found when using the LoadIndexFile or DownloadIndexFile functions in the repo package or the LoadDir function in the plugin package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation.

Patches

This issue has been resolved in Helm v3.14.2.

Workarounds

If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem.

If using Helm SDK versions prior to 3.14.2, calls to affected functions can use recover to catch the panic.

For more information

Helm's security policy is spelled out in detail in our SECURITY document.

Credits

Disclosed by Jakub Ciolek at AlphaSense.

---

Path traversal in helm.sh/helm/v3

BIT-helm-2024-25620 / CVE-2024-25620 / GHSA-v53g-5gjp-272r / GO-2024-2554

More information

Details

Path traversal in helm.sh/helm/v3

Severity

Unknown

References

• https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r
• https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Helm dependency management path traversal

BIT-helm-2024-25620 / CVE-2024-25620 / GHSA-v53g-5gjp-272r / GO-2024-2554

More information

Details

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time.

Impact

When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name.

Patches

This issue has been resolved in Helm v3.14.1.

Workarounds

Check all charts used by Helm for path changes in their name as found in the Chart.yaml file. This includes dependencies.

Credits

Disclosed by Dominykas Blyžė at Nearform Ltd.

Severity

• CVSS Score: 6.4 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

References

• https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r
• https://nvd.nist.gov/vuln/detail/CVE-2024-25620
• https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503
• https://github.com/helm/helm
• https://github.com/helm/helm/releases/tag/v3.14.1

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Helm shows secrets in clear text

CVE-2019-25210 / GHSA-jw44-4f3j-q396

More information

Details

An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).

Severity

Moderate

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-25210
• https://github.com/helm/helm/issues/7275
• https://github.com/helm/helm
• https://helm.sh/blog/response-cve-2019-25210
• https://www.cncf.io/projects/helm

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Helm's Missing YAML Content Leads To Panic

BIT-helm-2024-26147 / CVE-2024-26147 / GHSA-r53h-jv2g-vpx6

More information

Details

A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.

Impact

When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would occur in Helm.

In the Helm SDK this is found when using the LoadIndexFile or DownloadIndexFile functions in the repo package or the LoadDir function in the plugin package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation.

Patches

This issue has been resolved in Helm v3.14.2.

Workarounds

If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem.

If using Helm SDK versions prior to 3.14.2, calls to affected functions can use recover to catch the panic.

For more information

Helm's security policy is spelled out in detail in our SECURITY document.

Credits

Disclosed by Jakub Ciolek at AlphaSense.

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

• https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6
• https://nvd.nist.gov/vuln/detail/CVE-2024-26147
• https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af
• https://github.com/helm/helm

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

helm/helm (helm.sh/helm/v3)

v3.14.2: Helm v3.14.2

Compare Source

Helm v3.14.2 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.

Jakub Ciolek with AlphaSense discovered the vulnerability.

Installation and Upgrading

Download Helm v3.14.2. The common platform binaries are here:

• MacOS amd64 (checksum / 64c633ae194bde77b7e7b7936a2814a7417817dc8b7bb7d270bd24a7a17b8d12)
• MacOS arm64 (checksum / ff502fd39b06497fa3d5a51ec2ced02b9fcfdb0e9a948d315fb1b2f13ddc39fb)
• Linux amd64 (checksum / 0885a501d586c1e949e9b113bf3fb3290b0bbf74db9444a1d8c2723a143006a5)
• Linux arm (checksum / b70fb6fa2cdf0a5c782320c9d7e7b155fcaec260169218c98316bb3cf0d431d9)
• Linux arm64 (checksum / c65d6a9557bb359abc2c0d26670de850b52327dc3976ad6f9e14c298ea3e1b61)
• Linux i386 (checksum / 0e08cd56cc952ab4646c57c5ec7cde2412c39373aec3df659a14597dd9874461)
• Linux ppc64le (checksum / f3bc8582ff151e619cd285d9cdf9fef1c5733ee5522d8bed2ef680ef07f87223)
• Linux s390x (checksum / 7bda34aa26638e5116b31385f3b781172572175bf4c1ae00c87d8b154458ed94)
• Linux riscv64 (checksum / f6278facd3e2e6af52a5f6d038f2149428d115ba2b4523edbe5889d1170e9203)
• Windows amd64 (checksum / aa094e435da74ad574f96924c37ecd0c75f0be707ac604ef97ed6021d6bc0784)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.14.3 will contain only bug fixes and be released on March 13, 2024.
• 3.15.0 is the next feature release and will be on May 08, 2024.

v3.14.1: Helm v3.14.1

Compare Source

Helm v3.14.1 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time.

Dominykas Blyžė with Nearform Ltd. discovered the vulnerability.

Installation and Upgrading

Download Helm v3.14.1. The common platform binaries are here:

• MacOS amd64 (checksum / 67928236b37c4e780b9fb5e614fb3b9aece90d60f0b1b4cb7406ee292c2dae3b)
• MacOS arm64 (checksum / 96468f927cc6efb4a2b92fd9419f40ed21d634af2f3e84fb8efa59526c7a003b)
• Linux amd64 (checksum / 75496ea824f92305ff7d28af37f4af57536bf5138399c824dff997b9d239dd42)
• Linux arm (checksum / f50c00c262b74435530e677bcec07637aaeda1ed92ef809b49581a4e6182cbbe)
• Linux arm64 (checksum / f865b8ad4228fd0990bbc5b50615eb6cb9eb31c9a9ca7238401ed897bbbe9033)
• Linux i386 (checksum / 3c94ed0601e0e62c195a7e9b75262b18128c8284662aa0e080bb548dc6d47bcd)
• Linux ppc64le (checksum / 4d853ab8fe3462287c7272fbadd5f73531ecdd6fa0db37d31630e41ae1ae21de)
• Linux s390x (checksum / 19bf07999c7244bfeb0fd27152919b9faa1148cf43910edbb98efa9150058a98)
• Linux riscv64 (checksum / 2660bd8eb37aafc071599b788a24bfe244e5d3ffa42da1599da5a5041dafa214)
• Windows amd64 (checksum / 8a6c78a23a4e497ad8bd288138588adb3e5b49be8dbe82a3200fe7b297dac184)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.14.2 will contain only bug fixes and be released on March 13, 2024.
• 3.15.0 is the next feature release and will be on May 08, 2024.

v3.14.0: Helm v3.14.0

Compare Source

Helm v3.14.0 is a feature release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

• New helm search flag of --fail-on-no-result
• Allow a nested tpl invocation access to defines
• Speed up the tpl function
• Added qps/HELM_QPS parameter that tells Kubernetes packages how to operate
• Added --kube-version to lint command
• The ignore pkg is now public

Installation and Upgrading

Download Helm v3.14.0. The common platform binaries are here:

• MacOS amd64 (checksum / 804586896496f7b3da97f56089ea00f220e075e969b6fdf6c0b7b9cdc22de120)
• MacOS arm64 (checksum / c2f36f3289a01c7c93ca11f84d740a170e0af1d2d0280bd523a409a62b8dfa1d)
• Linux amd64 (checksum / f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651)
• Linux arm (checksum / cf38dfdead7266ae56662743bda0c78655814f0adeca382d1b07a812bb1a599a)
• Linux arm64 (checksum / b29e61674731b15f6ad3d1a3118a99d3cc2ab25a911aad1b8ac8c72d5a9d2952)
• Linux i386 (checksum / c6f110636eb602acfbf738de588061db301eb0bace9ef976e3ef1c70b4640e07)
• Linux ppc64le (checksum / f1f9d3561724863edd4c06d89acb2e2fd8ae0f1b72058ceb891fa1c346ce5dbc)
• Linux s390x (checksum / 82298ef39936f1bef848959a29f77bff92d1309d8646657e3a7733702e81288c)
• Linux riscv64 (checksum / ef3fff42942e715f4b299e63ed39ff758a64322dc8b4923b5a1a32dac7a838f6)
• Windows amd64 (checksum / fa8dfb5141e7a200fcc6ee290554697072a4584791b4fece4b9c60af501f3512)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.14.1 will contain only bug fixes and will be on February 14, 2024.
• 3.15.0 is the next feature release and will be on May 08, 2024.

Changelog

• Improve release action 3fc9f4b (George Jenkins)
• bump version to 69dcc92 (Matt Farina)
• Fix issues when verify generation readiness was merged c042264 (Matt Farina)
• fix test to use the default code's k8sVersionMinor 6e5332e (Joe Julian)
• lint: Add --kube-version flag to set capabilities and deprecation rules 869c1d2 (Antoine Deschênes)
• Update to Go 1.21 for builds 847369c (Matt Farina)
• chore(deps): bump github.com/containerd/containerd from 1.7.6 to 1.7.11 08ea59c (dependabot[bot])
• chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 30e1a2c (dependabot[bot])
• Removing Asset Transparency 803cf2d (Matt Farina)
• tests(pkg/engine): test RenderWithClientProvider a997de1 (Marcin Owsiany)
• Make the ignore pkg public again 5586760 (Ismail Alidzhikov)
• chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 b3cb20a (dependabot[bot])
• Updating to Kubernetes 1.29.0 libraries e5fff68 (Matt Farina)
• feature(pkg/engine): introduce RenderWithClientProvider bfec4ec (Marcin Owsiany)
• chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 70c1519 (dependabot[bot])
• chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 be10183 (dependabot[bot])
• Updating Helm libraries for k8s 1.28.4 015e174 (Matt Farina)
• chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9 2a211bf (dependabot[bot])
• Remove excessive logging ce87ece (Sean Mills)
• chore(deps): bump github/codeql-action from 2.22.7 to 2.22.8 3cb6b06 (dependabot[bot])
• chore(deps): bump github/codeql-action from 2.22.5 to 2.22.7 42c5af2 (dependabot[bot])
• Update CONTRIBUTING.md 312a073 (lixin18)
• Fixing release labelling in rollback 8814bfb (Marcin Chojnacki)
• chore(deps): bump github.com/docker/docker c54e39a (dependabot[bot])
• chore(deps): bump github/codeql-action from 2.22.4 to 2.22.5 d6e9197 (dependabot[bot])
• feat: move livenessProbe and readinessProbe values to default values file 9f0313e (Denis Policastro)
• Revert "fix(main): fix basic auth for helm pull or push" 24e2864 (Matt Farina)
• chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.56.3 c5fe7dd (dependabot[bot])
• Revert "fix(registry): address anonymous pull issue" 992dc58 (Matt Farina)
• Update get-helm-3 81362d9 (Marcel Humburg)
• chore(deps): bump github/codeql-action from 2.22.3 to 2.22.4 6d1f6cd (dependabot[bot])
• chore(deps): bump actions/checkout from 3.6.0 to 4.1.1 372ccca (dependabot[bot])
• chore(deps): bump github/codeql-action from 2.21.8 to 2.22.3 a1a21ae (dependabot[bot])
• Drop filterSystemLabels usage from Query method 250f0bd (Dmitry Chepurovskiy)
• Apply review suggestions 0ec47f8 (Dmitry Chepurovskiy)
• Update get-helm-3 to get version through get.helm.sh f94e5db (Ian Zink)
• feat: print failed hook name b0d1637 (Serge Logvinov)
• chore(deps): bump golang.org/x/net from 0.13.0 to 0.17.0 544cabb (dependabot[bot])
• Fixing precedence issue with the import of values. 25371e2 (Matt Farina)
• chore(create): indent to spaces 919bffe (genofire)
• Allow using label selectors for system labels for sql backend. e6d9b99 (Dmitry Chepurovskiy)
• Allow using label selectors for system labels for secrets and configmap backends. e219c75 (Dmitry Chepurovskiy)
• remove useless print during prepareUpgrade f004d42 (b4nks)
• Add missing with clause to release gh action 9d3d17a (Ian Zink)
• FIX Default ServiceAccount yaml 828763e (Lars Zimmermann)
• fix(registry): address anonymous pull issue fe4c01f (Hidde Beydals)
• fix(registry): unswallow error da3c666 (Hidde Beydals)
• Fix missing run statement on release action 21ea847 (Ian Zink)
• Add qps/HELM_QPS parameter 415af5b (Andy Smith)
• chore(deps): bump oras.land/oras-go from 1.2.3 to 1.2.4 102e931 (dependabot[bot])
• chore(deps): bump github/codeql-action from 2.21.7 to 2.21.8 2505592 (dependabot[bot])
• bump version to v3.13.0 c372b15 (Matt Farina)
• chore(deps): bump github.com/evanphx/json-patch 8b0a78c (dependabot[bot])
• chore(deps): bump golang.org/x/text from 0.11.0 to 0.13.0 58ccfc0 (dependabot[bot])
• Write latest version to get.helm.sh bucket 0619d08 (Ian Zink)
• Increased release information key name max length. 4199be8 (abrarcv170)
• Pin gox to specific commit 0403305 (Antony Chazapis)
• Remove GoFish from package managers for installing the binary a9377f9 (y-yagi)
• Test update for "Allow a nested tpl invocation access to defines in a containing one" b261a1b (Graham Reed)
• Test update for "Speed up tpl" 36d417d (Graham Reed)
• addressing comment 1a3e9a9 (Stefan McShane)
• Add support for RISC-V 786707c (Antony Chazapis)
• lint and validate dependency metadata to reference dependencies with a unique key (name or alias) 6a4035a (Daniel Strobusch)
• Work around template.Clone omitting options 95905f1 (Graham Reed)
• fix: pass 'passCredentialsAll' as env-var to getter fa067ec (Mathias Neerup)
• feat: pass basic auth to env-vars when running download plugins f28447c (Mathias Neerup)
• helm search: New CLI Flag --fail-on-no-result b9cece6 (Bhargav Ravuri)
• Update pkg/kube/ready.go 141fa4a (muang0)
• Update pkg/kube/ready.go 4cb62d1 (muang0)
• Update pkg/kube/ready.go dbb21fc (muang0)
• Update pkg/kube/ready.go fcc0332 (muang0)
• Update pkg/kube/ready.go a1a1aaf (muang0)
• fix post install hook deletion due to before-hook-creation policy fa025fc (zak905)
• Allow a nested tpl invocation access to defines in a containing one a7d3fd6 (Graham Reed)
• Remove the 'reference templates' concept e2a7c79 (Graham Reed)
• Speed up tpl db4f330 (Graham Reed)
• ready checker- comment update Signed-off-by: James Oden [email protected] d008340 (James Oden)
• ready checker- remove duplicate statefulset generational check Signed-off-by: James Oden [email protected] 4f99c86 (James Oden)
• Verify generation in readiness checks d94c509 (James Oden)
• feat(helm): add --reset-then-reuse-values flag to 'helm upgrade' a9d59f9 (Quentin Devos)

v3.13.3: Helm v3.13.3

Compare Source

Helm v3.13.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.13.3. The common platform binaries are here:

• MacOS amd64 (checksum / da654c9e0fd4fcb50cc5dba051c1c9cf398e21ffa5064b47ac89a9697e139d39)
• MacOS arm64 (checksum / 61ba210cd65c53be5c0021c8fc8e0b94f4c122aff32f5ed0e4ea81728108ea20)
• Linux amd64 (checksum / bbb6e7c6201458b235f335280f35493950dcd856825ddcfd1d3b40ae757d5c7d)
• Linux arm (checksum / 0170b15f3951be399e27e0cfdc21edb211d3b6b2698e078f993d9558d9446e3f)
• Linux arm64 (checksum / 44aaa094ae24d01e8c36e327e1837fd3377a0f9152626da088384c5bc6d94562)
• Linux i386 (checksum / a92929ba472ff4d31b83bcdd957f94ebb8c396c371c840afd04fa6a7fba61515)
• Linux ppc64le (checksum / 85afc540af42ebbb6e6a4fe270b04ce1fa27fa72845cd1d352feea0f55df1ffc)
• Linux s390x (checksum / 19dce0dec6225132b80c3f6dfbc9f804cedd8becdbed5e30d197c4bbf20ce3c0)
• Windows amd64 (checksum / abb5e06a3587d8da7cca60c801cfbaa5178f4252c367b2469b3f123da2357cac)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.14.0 is the next feature release and be on January 17, 2024.

Changelog

• Updating Helm libraries for k8s 1.28.4 c8b9489 (Matt Farina)
• Remove excessive logging 2f03d01 (Sean Mills)
• chore(create): indent to spaces 2e63576 (genofire)

v3.13.2: Helm v3.13.2

Compare Source

Helm v3.13.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.13.2. The common platform binaries are here:

• MacOS amd64 (checksum / 977c2faa49993aa8baa2c727f8f35a357576d6278d4d8618a5a010a56ad2dbee)
• MacOS arm64 (checksum / 00f00c66165ba0dcd9efdbef66a5508fb4fe4425991c0e599e0710f8ff7aa02e)
• Linux amd64 (checksum / 55a8e6dce87a1e52c61e0ce7a89bf85b38725ba3e8deb51d4a08ade8a2c70b2d)
• Linux arm (checksum / 06e8436bde78d53ddb5095ba146fe6c7001297c7dceb9ef6b68992c3ecfde770)
• Linux arm64 (checksum / f5654aaed63a0da72852776e1d3f851b2ea9529cb5696337202703c2e1ed2321)
• Linux i386 (checksum / 7d1307e708d4eb043686c8635df567773221397d5d0151d37000b7c472170b3a)
• Linux ppc64le (checksum / 11d96134cc4ec106c23cd8c163072e9aed6cd73e36a3da120e5876d426203f37)
• Linux s390x (checksum / 3ffc5b4a041e5306dc00905ebe5dfea449e34ada268a713d34c69709afd6a9a2)
• Windows amd64 (checksum / 1ef931cb40bfa049fa5ee337ec16181345d7d0c8ab863fe9b04abe320fa2ae6e)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.13.3 is a patch release and will be on December 13, 2023.
• 3.14.0 is the next feature release and be on January 17, 2024.

Changelog

• chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.56.3 2a2fb3b (dependabot[bot])
• Update get-helm-3 8f554be (Marcel Humburg)
• chore(deps): bump github.com/docker/docker 00a334c (dependabot[bot])
• Fixing release labelling in rollback 12826e8 (Marcin Chojnacki)
• Drop filterSystemLabels usage from Query method 666b199 (Dmitry Chepurovskiy)
• Apply review suggestions 7e0084a (Dmitry Chepurovskiy)
• Allow using label selectors for system labels for sql backend. 10018ff (Dmitry Chepurovskiy)
• Allow using label selectors for system labels for secrets and configmap backends. 3b4cacf (Dmitry Chepurovskiy)
• Revert "fix(main): fix basic auth for helm pull or push" e785e6c (Matt Farina)
• Revert "fix(registry): address anonymous pull issue" 268dced (Matt Farina)
• chore(deps): bump golang.org/x/net from 0.13.0 to 0.17.0 99ce118 (dependabot[bot])
• Update get-helm-3 to get version through get.helm.sh 28f208c (Ian Zink)

v3.13.1: Helm v3.13.1

Compare Source

Helm v3.13.1 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.13.1. The common platform binaries are here:

• MacOS amd64 (checksum / e207e009b931162b0383b463c333a2792355200e91dbcf167c97c150e9f5fedb)
• MacOS arm64 (checksum / 46596d6d2d9aa545eb74f40684858fac0841df373ca760af1259d3493161d8c9)
• Linux amd64 (checksum / 98c363564d00afd0cc3088e8f830f2a0eeb5f28755b3d8c48df89866374a1ed0)
• Linux arm (checksum / a9c188c1a79d2eb1721aece7c4e7cfcd56fa76d1e37bd7c9c05d3969bb0499b4)
• Linux arm64 (checksum / 8c4a0777218b266a7b977394aaf0e9cef30ed2df6e742d683e523d75508d6efe)
• Linux i386 (checksum / 384e1f97b6dafad62ccdd856e9453b68143e4dbdc7b9cf9a2a2f79c2aa7c2cc9)
• Linux ppc64le (checksum / f0d4ae95b4db25d03ced987e30d424564bd4727af6a4a0b7fca41f14203306fb)
• Linux s390x (checksum / b657b72b34f568527093dede148ae72fcbc1f2e67d3fd6f2ffa1095637fbddb6)
• Windows amd64 (checksum / 6e16fbc5e50a5841be2dc725e790234f09aa2a5ebe289493c90f65ecae7b156f)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.13.2 is a patch release and will be on November 08, 2023.
• 3.14.0 is the next feature release and be on January 17, 2024.

Changelog

• Fixing precedence issue with the import of values. 3547a4b (Matt Farina)
• Add missing with clause to release gh action 6f9ad87 (Ian Zink)
• FIX Default ServiceAccount yaml bae7b32 (Lars Zimmermann)
• fix(registry): unswallow error 06e4fb1 (Hidde Beydals)
• remove useless print during prepareUpgrade 0e7ec78 (b4nks)
• fix(registry): address anonymous pull issue 0ac7894 (Hidde Beydals)
• Fix missing run statement on release action 0901269 (Ian Zink)
• Write latest version to get.helm.sh bucket 6101393 (Ian Zink)
• chore(deps): bump oras.land/oras-go from 1.2.3 to 1.2.4 c99a8ac (dependabot[bot])
• Increased release information key name max length. 52a029d (abrarcv170)
• chore(deps): bump golang.org/x/text from 0.11.0 to 0.13.0 ff8e61d (dependabot[bot])

v3.13.0: Helm v3.13.0

Compare Source

Helm v3.13.0 is a feature release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

• The --dry-run flag now has multiple options which can enable Helm to connect to a Kubernetes instance. The default, when --dry-run is used, is unchanged.
• Values handling had numerous issues fixed and now consistently has a priority of (1) User specified values (e.g CLI), (2) parent chart values, (3) imported values, and (4) subchart values. Additionally, null can now consistently be used to remove values. Note, there is a regression around this in 3.13.0 that's fixed in 3.13.1.
• Can work with OCI registries over HTTP using the --plain-http flag
• Helm now adds the OCI creation annotation
• New helm get metadata command
• The SQL driver now only needs write on the first run or when the schema is updated
• Added labels support for install and upgrade commands
• The ability to have index.yaml holding JSON content instead of YAML using the --json flag when creating it. JSON is faster to parse and uses less memory which impacts larger files. This is backwards compatible as Helm, all the way back to 3.0.0, parsing can handle JSON content in the index.yaml file.

Installation and Upgrading

Download Helm v3.13.0. The common platform binaries are here:

• MacOS amd64 (checksum / d44aa324ba6b2034e1f9eec34b80ec386a5e2c88a3db47f7276b3b5981ebd2a1)
• MacOS arm64 (checksum / fda10c694f2e926d8b4195c12001e83413b598fb7a828c8b6751ae4a355e0ca6)
• Linux amd64 (checksum / 138676351483e61d12dfade70da6c03d471bbdcac84eaadeb5e1d06fa114a24f)
• Linux arm (checksum / bb2cdde0d12c55f65e88e7c398e67463e74bc236f68b7f307a73174b35628c2e)
• Linux arm64 (checksum / d12a0e73a7dbff7d89d13e0c6eb73f5095f72d70faea30531941d320678904d2)
• Linux i386 (checksum / f644910b9eb5f0a8427397c06dc0ddd9412925a0631decf2740363d38a8c9190)
• Linux ppc64le (checksum / d9be0057c21ce5994885630340b4f2725a68510deca6e3c455030d83336e4797)
• Linux s390x (checksum / ef0b68f9c55220c31a5071d73e877c27c40965889d9e28234aaed223a5df4730)
• Windows amd64 (checksum / 8989f94407d31da2697a7354fba5f5c436b27ea193f76de6f1d37a51898a97a1)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.13.1 is the next bug fix release and will be on October 11, 2023.
• 3.14.0 is the next feature release and be on January 17, 2024.

Changelog

• bump version to v3.13.0 825e86f (Matt Farina)
• Fix leaking goroutines in Install 169561a (Michał Słapek)
• chore(deps): bump github.com/containerd/containerd from 1.7.3 to 1.7.6 417040d (dependabot[bot])
• chore(deps): bump github/codeql-action from 2.21.5 to 2.21.7 610217f (dependabot[bot])
• Update Helm to use k8s 1.28.2 libraries c2ab954 (Matt Farina)
• chore(deps): bump github.com/cyphar/filepath-securejoin b9fd7f5 (dependabot[bot])
• make the dependabot k8s.io group explicit ca3a05e (Joe Julian)
• use dependabot's group support for k8s.io dependencies 04ec71a (Joe Julian)
• chore(deps): bump transparencylog/github-releases-asset-transparency-verify-action ebb3168 (dependabot[bot])
• chore(deps): bump github/codeql-action from 2.21.4 to 2.21.5 fa45978 (dependabot[bot])
• doc:Executing helm rollback release 0 will roll back to the previous release e01731d (ithrael)
• fix conflict 4944acb (Maxim Trofimov)
• add big tests 6138e10 (Maxim Trofimov)
• fix conflict 199784f (Maxim Trofimov)
• fix b786cb4 (Maxim Trofimov)
• add check if all migrations already applied df5904d (Maxim Trofimov)
• chore(deps): bump github.com/moby/term fa89665 (dependabot[bot])
• chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 4283b2c (dependabot[bot])
• chore(deps): bump golang.org/x/term from 0.10.0 to 0.11.0 d82cc90 (dependabot[bot])
• Use labels instead of selectorLabels for pod labels 479be0c (Tim Chaplin)
• fix(helm): fix GetPodLogs, the hooks should be sorted before get the logs of each hook 4e5e68d (Bingtan Lu)
• chore(deps): bump github.com/rubenv/sql-migrate from 1.5.1 to 1.5.2 3c26d65 (dependabot[bot])
• remove blank ee1cbed (ithrael)
• add blank 0eb3df6 (ithrael)
• add rollback unit test 0688046 (ithrael)
• fix: helm rollback err tips db9460c (ithrael)
• chore(deps): bump github.com/containerd/containerd from 1.7.0 to 1.7.3 817e646 (dependabot[bot])
• Add Ian Zink (z4ce) as triage maintainer 758dc01 (Ian Zink)
• chore(deps): bump github/codeql-action from 2.21.3 to 2.21.4 04850dc (dependabot[bot])
• chore: HTTPGetter add default timeout 2011a31 (0xff-dev)
• fix: precedence typo bf543d9 (guoguangwu)
• Avoid nil dereference if passing a nil resolver 3607cd7 (Antonio Gamez Diaz)
• Add required changes after merge 197d1de (Antonio Gamez Diaz)
• goimports 5b08985 (satoru)
• Fix #​3352, add support for --ignore-not-found just like kubectl delete 48dbda2 (suzaku)
• chore(deps): bump github/codeql-action from 2.21.2 to 2.21.3 aab4c45 (dependabot[bot])
• chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 c3a4122 (dependabot[bot])
• Fix helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject 5c7a631 (MR ZHAO)
• Restore helm get metadata command 0b5e9d3 (Mikhail Kopylov)
• Revert "Add

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.