v1.13
The latest version of the 1.13 release of Enterprise Kyverno is v1.13.2-n4k.nirmata.1.
For a complete list of changes, refer to the upstream Changelog.
v1.13.2-n4k.nirmata.1
Breaking Changes
Default exception settings: the Helm chart values of the prior versions enabled exceptions by default for all namespaces. This creates a potential security issue. See CVE-2024-48921 for more details. This change will impact users who were relying on policy exceptions to be enabled in all namespaces.
If you do not want to use Policy Exceptions, you can continue to use the default installation settings.
If you were not using Policy Exceptions previously and want to use it from 1.13 onwards, it is advised to set features.policyExceptions.enabled to true in the values.yaml file and store exceptions in a dedicated namespace by setting features.policyExceptions.namespace to nirmata-exceptions.
If you were using Policy Exceptions previously, when upgrading to this new version, set the features.policyExceptions.enabled to true in the values.yaml file, and set the exception namespace value to the namespace that you used for storing exceptions. Example, if exceptions were stored in the kyverno namespace, then set features.policyExceptions.namespace to kyverno. Since it was possible to create eceptions in any namespace before, in order to maintain backwards compatibility, you can also set features.policyExceptions.namespace to *.
NOTE: Limiting exceptions to a specific namespace is recommended.