lilly/lillinfra

Fork 0

Update all non-major dependencies #37

Open

renovatebot wants to merge 2 commits from renovate/all-minor-patch into main

renovatebot commented

2026-04-17 15:02:36 +02:00

Collaborator

This PR contains the following updates:

Package	Type	Update	Change
cert-manager		minor	`v1.18.2` → `v1.20.2`
csi-driver-nfs		minor	`v4.11.0` → `v4.13.2`
docker.io/netboxcommunity/netbox	Kustomization	minor	`v4.3` → `v4.6`
ghcr.io/goauthentik/proxy (source)	Kustomization	minor	`2025.10` → `2025.12`
ghcr.io/goauthentik/server (source)	Kustomization	minor	`2025.10` → `2025.12`
ghcr.io/goauthentik/server (source)	Kustomization	minor	`2025.8` → `2025.12`
ghcr.io/immich-app/immich-machine-learning	Kustomization	minor	`v2.4.1` → `v2.7.5`
ghcr.io/immich-app/immich-server	Kustomization	minor	`v2.4.1` → `v2.7.5`
ghcr.io/usememos/memos	Kustomization	minor	`0.25` → `0.28`
haproxy-ingress (source)	HelmChart	minor	`0.15.0` → `0.16.1`
metallb/metallb	Kustomization	patch	`v0.15.2` → `v0.15.3`
pnpm (source)	packageManager	minor	`10.28.0` → `10.33.4`
proxmox (source)	required_provider	minor	`0.81.0` → `0.106.0`
rancher/local-path-provisioner	Kustomization	patch	`v0.0.32` → `v0.0.36`

Release Notes

cert-manager/cert-manager (cert-manager)

`v1.20.2`

Compare Source

v1.20.2 fixes invalid YAML generated in the Helm chart when both webhook.config
and webhook.volumes are defined, and bumps Go to 1.26.2 along with dependencies
to address reported vulnerabilities.

Changes by Kind

Bug or Regression

Helm: Fix invalid YAML generated when both webhook.config and webhook.volumes are defined. (#8665, @cert-manager-bot)

Other (Cleanup or Flake)

Bump go dependencies with reported vulnerabilities (#8704, @erikgb)
Bump go to 1.26.2 (#8703, @erikgb)

`v1.20.1`

Compare Source

v1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate parentRef bug when both issuer config and annotations are present (Gateway API).

Bug or Regression

Fixed duplicate parentRef bug when both issuer config and annotations are present. (#8658, @hjoshi123)
Add missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. (#8655, @erikgb)
Bump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. (#8657, @erikgb)

`v1.20.0`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.0 adds alpha support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta.

Changes by Kind

Feature

Added a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. (#8370, @jcpunk)
Added selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} (#8256, @tareksha)
Added support for specifying imagePullSecrets in the startupapicheck-job Helm template to enable pulling images from private registries. (#8186, @mathieu-clnk)
Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. (#8355, @dancmeyers)
Added parentRef override annotations on the Certificate resource. (#8518, @hjoshi123)
Added support for azure private zones for dns01 issuer. (#8494, @hjoshi123)
Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. (#7642, @robertlestak)
Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget (#7728, @jcpunk)
For Venafi provider, read venafi.cert-manager.io/custom-fields annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. (#8301, @k0da)
Improve error message when CA issuers are misconfigured to use a clashing secret name (#8374, @majiayu000)
Introduce a new Ingress annotation acme.cert-manager.io/http01-ingress-ingressclassname to override http01.ingress.ingressClassName field in HTTP-01 challenge solvers. (#8244, @lunarwhite)
Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#8195, @StingRayZA)
Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. (#8228, @terinjokes)
Added experimental XListenerSets feature gate (#8394, @hjoshi123)

Documentation

Add GWAPI documentation to NOTES.TXT in helm chart (#8353, @jaxels10)

Bug or Regression

Adds logs for cases when acme server returns us a fatal error in the order controller (#8199, @Peac36)
Fixed an issue where kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8160, @inteon)
Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. (#8232, @eleanor-merry)
Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. (#8456, @tkna)
Fix unregulated retries with the DigitalOcean DNS-01 solver
Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging (#8221, @wallrj-cyberark)
Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (#8403, @calm329)
Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (#8424, @SlashNephy)
Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. (#8443, @alviss7)
Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8173, @erikgb)
Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (#8469, @SgtCoDFish)
Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#8290, @octo-sts[bot])
When Prometheus monitoring is enabled, the metrics label is now set to the intended value of cert-manager. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). (#8162, @LiquidPL)

Other (Cleanup or Flake)

Promoted the OtherNames feature to Beta and enabled it by default (#8288, @wallrj-cyberark)
Promoting XListenerSets feature gate to ListenerSets (#8501, @hjoshi123)
Rebranding of the Venafi Issuer to CyberArk (#8215, @iossifbenbassat123)
Switched to SSA for challenge finalizer updates (#8519, @inteon)
The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) (#8408, @wallrj-cyberark)
The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. (#8287, @wallrj-cyberark)
Update cert-manager's ACME client, forked from golang/x/crypto (#8268, @SgtCoDFish)
Use the latest version of Kyverno (1.16.2) in the best-practice installation tests (#8389, @wallrj-cyberark)
We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. (#8426, @hjoshi123)

`v1.20.0-beta.0`

Compare Source

Changes since v1.20.0-alpha.1

In this release, parentRef override annotations, Azure private DNS zone support, and configurable PEM size limits were added, while an ACME TXT record cleanup issue in CloudDNS and a potential controller panic from malformed DNS responses were fixed.

Feature

Added parentRef override annotations on the Certificate resource. (#8518, @hjoshi123)
Added support for azure private zones for dns01 issuer. (#8494, @hjoshi123)
Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. (#7642, @robertlestak)

Bug or Regression

Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. (#8456, @tkna)
Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (#8469, @SgtCoDFish)

Other (Cleanup or Flake)

Promoting xlistenerset feature gate to listenerset (#8501, @hjoshi123)
Switched to SSA for challenge finalizer updates (#8519, @inteon)

`v1.20.0-alpha.1`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This is a pre-release for cert-manager v1.20.0. Please help with testing!

Changed since v1.20.0-alpha.0

This alpha release adds experimental XListenerSet support, NetworkPolicy and CRD selectable field features, fixes critical bugs including an infinite re-issuance loop and IPv6 HTTP-01 challenge issues, patches security vulnerabilities (CVE-2025-61727, CVE-2025-61729), promotes OtherNames to Beta and DefaultPrivateKeyRotationPolicyAlways to GA, and changes the default container UID/GID from 1000/0 to 65532/65532.

Feature

Added experimental XListenerSet feature gate (#8394, @hjoshi123)
Add a set of flags to permit setting NetworkPolicy across all deployed containers.
Remove redundant global IP ranges from example policies. (#8370, @jcpunk)
Add selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} (#8256, @tareksha)
Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. (#8355, @dancmeyers)
Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget (#7728, @jcpunk)
For Venafi provider, read venafi.cert-manager.io/custom-fields annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. (#8301, @k0da)
Improve error message when CA issuers are misconfigured to use a clashing secret name (#8374, @majiayu000)
Introduce a new Ingress annotation acme.cert-manager.io/http01-ingress-ingressclassname to override http01.ingress.ingressClassName field in HTTP-01 challenge solvers. (#8244, @lunarwhite)
Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#8195, @StingRayZA)
Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. (#8228, @terinjokes)

Bug or Regression

Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. (#8232, @eleanor-merry)
Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (#8403, @calm329)
Fixed an issue where HTTP-01 challenges failed when the Host header containing an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (#8424, @SlashNephy)
Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. (#8443, @alviss7)
Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#8290, @octo-sts[bot])

Other (Cleanup or Flake)

Promoted the OtherNames feature to Beta and enabled it by default (#8288, @wallrj-cyberark)
The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) (#8408, @wallrj-cyberark)
The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. (#8287, @wallrj-cyberark)
Update cert-manager's ACME client, forked from golang/x/crypto (#8268, @SgtCoDFish)
Use the latest version of Kyverno (1.16.2) in the best-practice installation tests (#8389, @wallrj-cyberark)
Rebranding of the Venafi Issuer to CyberArk (#8215, @iossifbenbassat123)
Add GWAPI documentation to NOTES.TXT in helm chart (#8353, @jaxels10)
We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. (#8426, @hjoshi123)

Dependencies Changes

Added

github.com/aws/aws-sdk-go-v2/service/signin: v1.0.5
github.com/go-openapi/testify/v2: v2.0.2

Changed

cloud.google.com/go/auth: v0.17.0 → v0.18.1
github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.19.1 → v1.21.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.13.0 → v1.13.1
github.com/AzureAD/microsoft-authentication-library-for-go: v1.5.0 → v1.6.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.29.0 → v1.30.0
github.com/Masterminds/semver/v3: v3.3.1 → v3.4.0
github.com/Venafi/vcert/v5: v5.12.2 → v5.12.3
github.com/akamai/AkamaiOPEN-edgegrid-golang/v12: v12.1.0 → v12.3.0
github.com/aws/aws-sdk-go-v2/config: v1.31.16 → v1.32.7
github.com/aws/aws-sdk-go-v2/credentials: v1.18.20 → v1.19.7
github.com/aws/aws-sdk-go-v2/feature/ec2/imds: v1.18.12 → v1.18.17
github.com/aws/aws-sdk-go-v2/internal/configsources: v1.4.12 → v1.4.17
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2: v2.7.12 → v2.7.17
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding: v1.13.2 → v1.13.4
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url: v1.13.12 → v1.13.17
github.com/aws/aws-sdk-go-v2/service/route53: v1.59.2 → v1.62.1
github.com/aws/aws-sdk-go-v2/service/sso: v1.30.0 → v1.30.9
github.com/aws/aws-sdk-go-v2/service/ssooidc: v1.35.4 → v1.35.13
github.com/aws/aws-sdk-go-v2/service/sts: v1.39.0 → v1.41.6
github.com/aws/aws-sdk-go-v2: v1.39.5 → v1.41.1
github.com/aws/smithy-go: v1.23.2 → v1.24.0
github.com/cncf/xds/go: 2ac532f → 0feb691
github.com/digitalocean/godo: v1.167.0 → v1.173.0
github.com/envoyproxy/go-control-plane/envoy: v1.32.4 → v1.35.0
github.com/envoyproxy/go-control-plane: v0.13.4 → 75eaa19
github.com/go-jose/go-jose/v4: v4.1.2 → v4.1.3
github.com/go-openapi/jsonpointer: v0.22.1 → v0.22.4
github.com/go-openapi/jsonreference: v0.21.2 → v0.21.4
github.com/go-openapi/swag/jsonname: v0.25.1 → v0.25.4
github.com/google/gnostic-models: v0.7.0 → v0.7.1
github.com/google/pprof: d1b30fe → 27863c8
github.com/googleapis/enterprise-certificate-proxy: v0.3.6 → v0.3.11
github.com/googleapis/gax-go/v2: v2.15.0 → v2.16.0
github.com/hashicorp/vault/sdk: v0.20.0 → v0.21.0
github.com/miekg/dns: v1.1.68 → v1.1.72
github.com/onsi/ginkgo/v2: v2.22.0 → v2.27.2
github.com/onsi/gomega: v1.36.1 → v1.38.2
github.com/sagikazarmark/locafero: v0.10.0 → v0.11.0
github.com/spf13/afero: v1.14.0 → v1.15.0
github.com/spf13/cast: v1.9.2 → v1.10.0
github.com/spf13/cobra: v1.10.1 → v1.10.2
github.com/spf13/viper: v1.20.1 → v1.21.0
github.com/spiffe/go-spiffe/v2: v2.5.0 → v2.6.0
go.etcd.io/bbolt: v1.4.2 → v1.4.3
go.etcd.io/etcd/api/v3: v3.6.4 → v3.6.5
go.etcd.io/etcd/client/pkg/v3: v3.6.4 → v3.6.5
go.etcd.io/etcd/client/v3: v3.6.4 → v3.6.5
go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5
go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5
go.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1
go.opentelemetry.io/contrib/detectors/gcp: v1.36.0 → v1.38.0
go.opentelemetry.io/otel/metric: v1.37.0 → v1.39.0
go.opentelemetry.io/otel/sdk/metric: v1.37.0 → v1.39.0
go.opentelemetry.io/otel/sdk: v1.37.0 → v1.39.0
go.opentelemetry.io/otel/trace: v1.37.0 → v1.39.0
go.opentelemetry.io/otel: v1.37.0 → v1.39.0
go.uber.org/zap: v1.27.0 → v1.27.1
go.yaml.in/yaml/v2: v2.4.2 → v2.4.3
golang.org/x/crypto: v0.43.0 → v0.47.0
golang.org/x/mod: v0.28.0 → v0.31.0
golang.org/x/net: v0.46.0 → v0.49.0
golang.org/x/oauth2: v0.32.0 → v0.34.0
golang.org/x/sync: v0.17.0 → v0.19.0
golang.org/x/sys: v0.37.0 → v0.40.0
golang.org/x/telemetry: aef8a43 → 8fff8a5
golang.org/x/term: v0.36.0 → v0.39.0
golang.org/x/text: v0.30.0 → v0.33.0
golang.org/x/tools: v0.37.0 → v0.40.0
google.golang.org/api: v0.254.0 → v0.262.0
google.golang.org/genproto/googleapis/api: a7a43d2 → ff82c1b
google.golang.org/genproto/googleapis/bytestream: 3a174f9 → 409b4a9
google.golang.org/genproto/googleapis/rpc: 3a174f9 → 409b4a9
google.golang.org/genproto: 513f239 → ff82c1b
google.golang.org/grpc: v1.76.0 → v1.78.0
google.golang.org/protobuf: v1.36.10 → v1.36.11
k8s.io/api: v0.34.1 → v0.35.0
k8s.io/apiextensions-apiserver: v0.34.1 → v0.35.0
k8s.io/apimachinery: v0.34.1 → v0.35.0
k8s.io/apiserver: v0.34.1 → v0.35.0
k8s.io/client-go: v0.34.1 → v0.35.0
k8s.io/code-generator: v0.34.1 → v0.35.0
k8s.io/component-base: v0.34.1 → v0.35.0
k8s.io/gengo/v2: c297c0c → ec3ebc5
k8s.io/kms: v0.34.1 → v0.35.0
k8s.io/kube-aggregator: v0.34.1 → v0.35.0
k8s.io/kube-openapi: 589584f → 4e65d59
k8s.io/utils: 0af2bda → bc988d5
sigs.k8s.io/controller-runtime: v0.22.4 → v0.23.1
sigs.k8s.io/gateway-api: v1.4.0 → v1.4.1
sigs.k8s.io/structured-merge-diff/v6: v6.3.0 → d9cc664
software.sslmate.com/src/go-pkcs12: v0.6.0 → v0.7.0

Removed

github.com/zeebo/errs: v1.4.0

`v1.20.0-alpha.0`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ This is a pre-release. For testing only!

Changes since `v1.19.0`

Feature

Add built-in "Ready" status metrics for ClusterIssuer and Issuer resources. (#8188, @mikeluttikhuis)
Add support for specifying imagePullSecrets in the startupapicheck-job Helm template to enable pulling images from private registries. (#8186, @mathieu-clnk)

Bug or Regression

Adds logs for cases when acme server returns us a fatal error in the order controller (#8199, @Peac36)
BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8160, @inteon)
Fix unregulated retries with the DigitalOcean DNS-01 solver (#8221, @wallrj-cyberark)
Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging (#8221, @wallrj-cyberark)
Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8173, @erikgb)
When Prometheus monitoring is enabled, the metrics label is now set to the intended value of cert-manager. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). (#8162, @LiquidPL)

`v1.19.5`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This is a simple patch release to fix some reported vulnerabilities. All users are recommended to upgrade.

Changes by Kind

Other (Cleanup or Flake)

Bump go dependencies with reported vulnerabilities (#8706, @erikgb)
Bump go to 1.25.8 to address several reported vulnerabilities (#8628, @SgtCoDFish)
Bump go to 1.25.9 (#8705, @erikgb)

`v1.19.4`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.19.4 is a simple patch release to fix some reported vulnerabilities - notably CVE-2026-24051 and CVE-2025-68121. All users should upgrade.

Changes by Kind

Bug or Regression

Bump go to address CVE-2025-68121 (#8526, @SgtCoDFish)
Bump otel SDK to address GO-2026-4394 (#8531, @SgtCoDFish)

`v1.19.3`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This release contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release.

Changes by Kind

Bug or Regression

Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (#8415, @cert-manager-bot)
Fixed an issue where HTTP-01 challenges failed when the Host header contained an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (#8436, @cert-manager-bot)
Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (#8468, @SgtCoDFish)

Other (Cleanup or Flake)

Bump go to 1.25.6 (#8459, @SgtCoDFish)

`v1.19.2`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We updated Go to fix some vulnerabilities in the standard library.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since `v1.19.1`

Bug or Regression

Address false positive vulnerabilities CVE-2025-47914 and CVE-2025-58181 which were reported by Trivy. (#8283, @SgtCoDFish)
Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#8294, @wallrj-cyberark)
Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#8233, @cert-manager-bot)

Other (Cleanup or Flake)

Update cert-manager's ACME client, forked from golang/x/crypto (#8270, @SgtCoDFish)
Updated Debian 12 distroless base images (#8326, @wallrj-cyberark)

`v1.19.1`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We reverted the CRD-based API defaults for Certificate.Spec.IssuerRef and CertificateRequest.Spec.IssuerRef after they were found to cause unexpected certificate renewals after upgrading to 1.19.0. We will try re-introducing these API defaults in cert-manager 1.20.
We fixed a bug that caused certificates to be re-issued unexpectedly if the issuerRef kind or group was changed to one of the "runtime" default values.
We upgraded Go to 1.25.3 to address the following security vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, and CVE-2025-61725.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since v1.19.0:

Bug or Regression

BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8175, @cert-manager-bot)
Bump Go to 1.25.3 to fix a backwards incompatible change to the validation of DNS names in X.509 SAN fields which prevented the use of DNS names with a trailing dot (#8177, @wallrj-cyberark)
Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8178, @cert-manager-bot)

`v1.19.0`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ Known issues: The following known issues are fixed in v1.19.1:

Unexpected certificate renewal after upgrading to 1.19.0

This release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues.

📖 Read the full release notes at cert-manager.io: https://cert-manager.io/docs/releases/release-notes/release-notes-1.19

Changes since v1.18.0:

Feature

Add IPv6 rules to the default network policy (#7726, @jcpunk)
Add global.nodeSelector to helm chart to allow for a single nodeSelector to be set across all services. (#7818, @StingRayZA)
Add a feature gate to default to Ingress pathType Exact in ACME HTTP01 Ingress challenge solvers. (#7795, @sspreitzer)
Add generated applyconfigurations allowing clients to make type-safe server-side apply requests for cert-manager resources. (#7866, @erikgb)
Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). (#7414, @erikgb)
Added certmanager_certificate_challenge_status Prometheus metric. (#7736, @hjoshi123)
Added protocol field for rfc2136 DNS01 provider (#7881, @hjoshi123)
Added experimental field hostUsers flag to all pods. Not set by default. (#7973, @hjoshi123)
Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global --acme-http01-solver-resource-* settings. (#7972, @lunarwhite)
The CAInjectorMerging feature has been promoted to BETA and is now enabled by default (#8017, @ThatsMrTalbot)
The controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. (#8072, @prasad89)
Updated certificate metrics to the collector approach. (#7856, @hjoshi123)

Bug or Regression

ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization (#7796, @hjoshi123)
BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#7816, @kinolaev)
Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (class, ingressClassName, name) are specified simultaneously (#8021, @lunarwhite)
Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#7961, @SgtCoDFish)
Reverted adding the global.rbac.disableHTTPChallengesRole Helm option. (#7836, @inteon)
This change removes the path label of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. (#8109, @mladen-rusev-cyberark)
Use the latest version of ingress-nginx in E2E tests to ensure compatibility (#7792, @wallrj)

Other (Cleanup or Flake)

Helm: Fix naming template of tokenrequest RoleBinding resource to improve consistency (#7761, @lunarwhite)
Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (#7928, @SgtCoDFish)
Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (#8003, @hjoshi123)
Update kind images to include the Kubernetes 1.33 node image (#7786, @wallrj)
Use maps.Copy for cleaner map handling (#8092, @quantpoet)
Vault: Migrate Vault E2E add-on tests from deprecated vault-client-go to the new vault/api client. (#8059, @armagankaratosun)

`v1.19.0-alpha.0`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ This is a pre-release. For testing only!

Changes since v1.18.0:

Feature

Add IPv6 rules to the default network policy (#7726, @jcpunk)
Add global.nodeSelector to helm chart to allow for a single nodeSelector to be set across all services. (#7818, @StingRayZA)
Add generated applyconfigurations allowing clients to make type safe server-side apply requests for cert-manager resources. (#7866, @erikgb)
Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). (#7414, @erikgb)
Added certmanager_certificate_challenge_status Prometheus metric. (#7736, @hjoshi123)
Added protocol field for rfc2136 DNS01 provider (#7881, @hjoshi123)
CAInjectorMerging has been promoted to BETA and is now enabled by default (#8017, @ThatsMrTalbot)
Feature: Add support for ACME profiles extension. (#7777, @wallrj)
Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global --acme-http01-solver-resource-* settings. (#7972, @lunarwhite)
The controller, webhook and ca-injector now logs its version and git commit on startup for easier debugging and support. (#8072, @prasad89)
Updated certificate metrics to the collector approach. (#7856, @hjoshi123)

Bug or Regression

ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization (#7796, @hjoshi123)
BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#7816, @kinolaev)
Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (class, ingressClassName, name) are specified simultaneously (#8021, @lunarwhite)
Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#7961, @SgtCoDFish)
Reverted adding the global.rbac.disableHTTPChallengesRole Helm option. (#7836, @inteon)
Use the latest version of ingress-nginx in E2E tests to ensure compatibility (#7792, @wallrj)

Other (Cleanup or Flake)

Helm: Fix naming template of tokenrequest RoleBinding resource to improve consistency (#7761, @lunarwhite)
Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (#7928, @SgtCoDFish)
Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (#8003, @hjoshi123)
Update kind images to include the Kubernetes 1.33 node image (#7786, @wallrj)
Use maps.Copy for cleaner map handling (#8092, @quantpoet)

`v1.18.6`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.18.6 is a simple patch release to fix some reported vulnerabilities, most notably CVE-2025-68121.

NB: We didn't attempt to patch CVE-2026-24051 but that vulnerability affects macOS only, so cert-manager will be unaffected.

Changes by Kind

Bug or Regression

Bump Go to address CVE-2025-68121 (#8525, @SgtCoDFish)

`v1.18.5`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This release contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release.

Changes by Kind

Bug or Regression

Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (#8414, @cert-manager-bot)
Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (#8437, @cert-manager-bot)
Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (#8467, @SgtCoDFish)

Other (Cleanup or Flake)

Bump go to 1.24.12 (#8460, @SgtCoDFish)

`v1.18.4`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We updated Go to fix some vulnerabilities in the standard library.

📖 Read the full 1.18 release notes on the cert-manager.io website before upgrading.

Changes since `v1.18.3`

Bug or Regression

Address false positive vulnerabilities CVE-2025-47914 and CVE-2025-58181 which were reported by Trivy. (#8282, @SgtCoDFish)
Update Go to v1.24.11 to fix CVE-2025-61727 and CVE-2025-61729 (#8295, @wallrj-cyberark)

Other (Cleanup or Flake)

Update cert-manager's ACME client, forked from golang/x/crypto (#8271, @SgtCoDFish)
Updated Debian 12 distroless base images (#8328, @wallrj-cyberark)

`v1.18.3`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We fixed a bug which caused certificates to be re-issued unexpectedly, if the issuerRef kind or group was changed to one of the "runtime" default values. We increased the size limit when parsing PEM certificate chains to handle leaf certificates with large numbers of DNS named or other identities. We upgraded Go to 1.24.9 to fix various non-critical security vulnerabilities.

📖 Read the full 1.18 release notes on the cert-manager.io website before upgrading.

Changes since v1.18.2:

Bug or Regression

BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8174, @cert-manager-bot)
Bump Go to 1.24.9. Fixes the following vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, CVE-2025-61725 (#8176, @wallrj-cyberark)
Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#7966, @cert-manager-bot)

Other (Cleanup or Flake)

Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (#7964, @cert-manager-bot)
Upgrades Go to v1.24.6 (#7974, @SgtCoDFish)

kubernetes-csi/csi-driver-nfs (csi-driver-nfs)

`v4.13.2`: release

Compare Source

What's Changed

[release-4.13] fix: avoid VolumeAttributesClass error logs in csi sidecar containers by @andyzhangx in #1049
[release-4.13] test: upgrade to golint 2.10 by @k8s-infra-cherrypick-robot in #1069
[release-4.13] test: fix CVE-2026-25679 in trivy action by @k8s-infra-cherrypick-robot in #1070
[release-4.13] security: Update trivy-action to use sha for v0.35.0 by @k8s-infra-cherrypick-robot in #1076
fix: CVE-2026-33186 by @andyzhangx in #1077
[release-4.13] chore: build with go1.25.9 by @andyzhangx in #1085
[release-4.13] test: fix trivy action failure by @k8s-infra-cherrypick-robot in #1083
[release-4.13] cleanup: add validatePath to newNFSVolume by @k8s-infra-cherrypick-robot in #1089
doc: cut v4.13.2 release by @andyzhangx in #1092

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.1...v4.13.2

`v4.13.1`: release

Compare Source

What's Changed

[release-4.13] chore: validate mount path by @k8s-infra-cherrypick-robot in #1041
[release-4.13] chore: Update csi release tools by @andyzhangx in #1043
doc: cut v4.13.1 release by @andyzhangx in #1042

New Contributors

@k8s-infra-cherrypick-robot made their first contribution in #1041

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.0...v4.13.1

`v4.13.0`: release

Compare Source

What's Changed

chore(deps): bump golang.org/x/net from 0.45.0 to 0.46.0 by @dependabot[bot] in #979
doc: cut v4.12.0 release by @andyzhangx in #978
chore: Update csi release tools by @andyzhangx in #981
chore(deps): bump golang.org/x/mod from 0.28.0 to 0.29.0 by @dependabot[bot] in #982
chore: Update csi release tools by @andyzhangx in #984
doc: update new chart versions by @andyzhangx in #990
Release tool update by @darshansreenivas in #992
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.26.0 to 2.27.2 by @dependabot[bot] in #996
chore: Update csi release tools by @andyzhangx in #997
chore: upgrade CSI driver sidecar image versions by @andyzhangx in #1000
fix: CVE-2025-52881 by @andyzhangx in #1003
test: upgrade to csi-test v5.4.0 by @andyzhangx in #1005
fix: CVE-2025-58181 by @andyzhangx in #1007
chore(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 by @dependabot[bot] in #1008
chore(deps): bump golang.org/x/mod from 0.29.0 to 0.30.0 by @dependabot[bot] in #1009
doc: fix volumeHandle format by @andyzhangx in #1010
Make baseRepo feature work by default without per-image repository overrides by @Copilot in #1012
test: fix trivy CVE-2025-61727 by @andyzhangx in #1013
docs: fix typo (hlem → helm) by @thakurnishu in #1016
chore(deps): bump github.com/onsi/gomega from 1.38.2 to 1.38.3 by @dependabot[bot] in #1017
fix: CVE-2025-13281 by @andyzhangx in #1021
chore: upgrade csi-provisioner to v6.1.0 by @andyzhangx in #1020
chore: build image with go1.24.11 to fix CVE by @andyzhangx in #1022
cleanup: refine mount time out error message by @andyzhangx in #1023
test: fix CVE-2025-61726 trivy failure by @andyzhangx in #1027
chore(deps): bump build-image/debian-base from bookworm-v1.0.6 to bookworm-v1.0.7 by @dependabot[bot] in #1028
chore: Update csi release tools by @andyzhangx in #1029
feat: add optional healthcheck for node-driver-registrar by @ajhetherington in #1026
feat: add --enable-snapshot-compression flag to control snapshot compression by @Copilot in #1011
chore: remove vendor-specific cloud-provider-azure dependency from generic NFS CSI driver by @Copilot in #1024

New Contributors

@darshansreenivas made their first contribution in #992
@Copilot made their first contribution in #1012
@thakurnishu made their first contribution in #1016
@ajhetherington made their first contribution in #1026

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.0...v4.13.0

`v4.12.1`: release

Compare Source

What's Changed

doc: cut v4.12.1 release by @andyzhangx in #987
[release-4.12] chore: Update csi release tools by @andyzhangx in #988

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.0...v4.12.1

`v4.12.0`: release

Compare Source

What's Changed

doc: cut v4.11.0 release by @andyzhangx in #880
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.0 to 2.23.1 by @dependabot[bot] in #883
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.1 to 2.23.2 by @dependabot[bot] in #884
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.2 to 2.23.3 by @dependabot[bot] in #887
chore(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 by @dependabot[bot] in #888
chore(deps): bump github.com/onsi/gomega from 1.36.2 to 1.36.3 by @dependabot[bot] in #890
chore: use go1.24 by @andyzhangx in #895
chore(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by @dependabot[bot] in #893
chore(deps): bump google.golang.org/grpc from 1.71.0 to 1.71.1 by @dependabot[bot] in #896
chore(deps): bump github.com/onsi/gomega from 1.36.3 to 1.37.0 by @dependabot[bot] in #897
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 by @dependabot[bot] in #898
chore(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 by @dependabot[bot] in #900
test: fix CVE-2025-22871 in trivy action by @andyzhangx in #902
chore: upgrade resizer sidecar image version to v1.13.2 by @andyzhangx in #903
feat: add POD_NAMESPACE environment var by @mfhunruh in #901
chore(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 by @dependabot[bot] in #904
chore: upgrade snapshot sidecar image to v8.2.1 by @andyzhangx in #905
fix: goroutine leak when timeout by @andyzhangx in #907
chore(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 by @dependabot[bot] in #910
chore: create voume/snapshot should respect mountOptions in secret by @andyzhangx in #911
chore(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.1 by @dependabot[bot] in #913
chore(deps): bump google.golang.org/grpc from 1.72.1 to 1.72.2 by @dependabot[bot] in #916
chore: upgrade sidecar image versions by @andyzhangx in #920
chore(deps): bump google.golang.org/grpc from 1.72.2 to 1.73.0 by @dependabot[bot] in #922
chore(deps): bump golang.org/x/mod from 0.24.0 to 0.25.0 by @dependabot[bot] in #924
test: fix CVE-2025-4673 in trivy action by @andyzhangx in #926
chore(deps): bump build-image/debian-base from bookworm-v1.0.4 to bookworm-v1.0.5 by @dependabot[bot] in #928
chore(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by @dependabot[bot] in #925
chore(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 by @dependabot[bot] in #931
chore: upgrade snapshot and csi-resizer image versions by @andyzhangx in #932
chore(deps): bump golang.org/x/mod from 0.25.0 to 0.26.0 by @dependabot[bot] in #933
chore(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 by @dependabot[bot] in #934
chore(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 by @dependabot[bot] in #935
chore(deps): bump google.golang.org/grpc from 1.74.0 to 1.74.2 by @dependabot[bot] in #936
chore(deps): bump github.com/onsi/gomega from 1.37.0 to 1.38.0 by @dependabot[bot] in #937
chore(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 by @dependabot[bot] in #938
chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 by @dependabot[bot] in #941
chore(deps): bump golang.org/x/mod from 0.26.0 to 0.27.0 by @dependabot[bot] in #942
test: fix CVE-2025-47907 trivy test failure by @andyzhangx in #943
chore(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7 by @dependabot[bot] in #947
chore(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #948
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.4 to 2.25.0 by @dependabot[bot] in #951
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.0 to 2.25.1 by @dependabot[bot] in #952
chore(deps): bump github.com/onsi/gomega from 1.38.0 to 1.38.1 by @dependabot[bot] in #953
chore(deps): bump google.golang.org/grpc from 1.74.2 to 1.75.0 by @dependabot[bot] in #954
fix: CVE-2025-5187 by @andyzhangx in #956
chore(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in #958
chore(deps): bump github.com/onsi/gomega from 1.38.1 to 1.38.2 by @dependabot[bot] in #957
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 by @dependabot[bot] in #959
chore(deps): bump golang.org/x/mod from 0.27.0 to 0.28.0 by @dependabot[bot] in #960
chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @dependabot[bot] in #961
chore(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.9 by @dependabot[bot] in #962
chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.75.1 by @dependabot[bot] in #963
chore(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 by @dependabot[bot] in #964
chore(deps): bump build-image/debian-base from bookworm-v1.0.5 to bookworm-v1.0.6 by @dependabot[bot] in #966
chore: upgrade csi sidecar image versions by @andyzhangx in #967
doc: update semver change doc for helm chart install by @andyzhangx in #969
chore(deps): bump google.golang.org/protobuf from 1.36.9 to 1.36.10 by @dependabot[bot] in #970
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 by @dependabot[bot] in #971
chore(deps): bump google.golang.org/grpc from 1.75.1 to 1.76.0 by @dependabot[bot] in #972
chore(deps): bump github/codeql-action from 3 to 4 by @dependabot[bot] in #975
chore(deps): bump golang.org/x/net from 0.44.0 to 0.45.0 by @dependabot[bot] in #976
feat: support multiple storage classes creation using helm chart by @andyzhangx in #977

New Contributors

@mfhunruh made their first contribution in #901

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.11.0...v4.12.0

immich-app/immich (ghcr.io/immich-app/immich-machine-learning)

`v2.7.5`

Compare Source

v2.7.5

What's Changed

🐛 Bug fixes

fix(server): add rate limit and deduplication to version check by @zackpollard in #27747

🌐 Translations

chore(web): update translations by @weblate in #27589

Full Changelog: https://github.com/immich-app/immich/compare/v2.7.4...v2.7.5

`v2.7.4`

Compare Source

v2.7.4

This release addresses some issues with image rendering on the mobile app

What's Changed

🐛 Bug fixes

refactor(mobile): cleanup iOS image loading pipeline by @LeLunZ in #27672
fix(server): hide original filename when not showing metadata by @meesfrensel in #27581
fix(mobile): fix Flutter cache eviction on thumbnails by @LeLunZ in #27663
chore: pump cronet version by @shenlong-tanwen in #27685

Full Changelog: https://github.com/immich-app/immich/compare/v2.7.3...v2.7.4

`v2.7.3`

Compare Source

v2.7.3

What's Changed

🐛 Bug fixes

fix(server): avoid false restore failures on large database imports by @ErasmusAndre in #27420
fix(mobile): improve image load cancellation handling by @LeLunZ in #27624
fix(server): people search not showing for 3 or less characters by @zackpollard in #27629
fix(web): don't cache empty search results for people search by @zackpollard in #27632
fix(mobile): get provider refs before async gaps in backup page by @LeLunZ in #27597
fix: ssr open graph tags by @jrasm91 in #27639

📚 Documentation

fix(docs): updated docker deprecation link by @mmomjian in #27633

New Contributors

@fluffy made their first contribution in #27606
@ErasmusAndre made their first contribution in #27420

Full Changelog: https://github.com/immich-app/immich/compare/v2.7.2...v2.7.3

`v2.7.2`

Compare Source

You knew it was coming 😅

This release addresses the following issues:

Fix an issue with the default helmet.json file
Fix an issue with ML containers not working on some older CPUs
Fix an issue with importing external libraries

What's Changed

🐛 Bug fixes

fix: csp quotes by @bo0tzz in #27592
fix(ml): downgrade numpy by @mertalev in #27591
fix(server): library import batch size by @mertalev in #27595

Full Changelog: https://github.com/immich-app/immich/compare/v2.7.0...v2.7.2

`v2.7.0`

Compare Source

v2.7.0

Welcome to Immich v2.7.0!

This release includes enhancements to the asset viewer, security improvements, changes to the duplicate APIs and viewer, and a bunch of bug fixes. Keep reading below for the complete highlights and a note on the upcoming v3.0.0 release.

[!NOTE]
We're working on a managed backup service for Immich with end-to-end encrypted backups of your library to a remote datacentre where only you hold the keys.

We've put together a quick survey (~5 mins) to get a better idea of how you're backing things up today and what you'd actually want from something like this. Your answers help us figure out what to prioritise, so we'd really appreciate it if you took a few minutes to fill it out.

Leave your email at the end if you're interested in joining our free closed beta when it's ready.

https://futo-backups-survey.immich.app/

Known limitations

The machine learning service on amd64 currently requires the >= x86-64-v2 microarchitecture. This will be patched in an upcoming patch release for backward compatibility with very old processors (before ~2010), but it will become a minimum requirement in 3.0. arm64 is not affected by this change.

Highlights

Remove from album (asset viewer)
Move to locked folder (folder page)
Editor shortcuts
Create a new face on-the-fly in the face tag editor
Resolve duplicates
Helmet configuration
Version check infrastructure
Notable fix: live photo and video download in Safari
Notable fix: escape HTML in the Panorama Photo Viewer

Remove from album

The web has a new action, "Remove from album," available in the asset viewer that makes it easier to remove an asset from an album. This action is available to both album and asset owners.

Move to locked folder in the Folder view

Similarly, the folder view now includes the "Move to locked folder" action.

Editor shortcuts

Users on the web can now edit with keyboard shortcuts. Press e to open the editor. Once in the editor, press [ or ] to rotate the asset +/- 90 degrees. Finally, save any changes and close the editor with ENTER.

https://github.com/user-attachments/assets/969de104-b02d-41a6-830b-3e1a49541d14

Create a new face on-the-fly in the face tag editor

You can now create a new face/person on the fly from the face tagging editor interface

Deduplication improvements

The duplicate screen has gone through a bunch of iterations since it was first introduced all the way back in May, 2024. The latest release moves a bunch of logic from the client to the server, which now automatically suggests which asset to keep based on image size and EXIF data. Additionally, the new server implementation will automatically synchronize metadata, including albums, favorite status, rating, description, visibility, location, and tags. For more information about this process, see the new documentation.

Helmet configuration

You can now opt in to using a Content Security Policy (CSP) in Immich. The new environment variant IMMICH_HELMET_FILE accepts a boolean or a path to a helmet configuration file.

Recommend action: The team recommends setting IMMICH_HELMET_FILE=true to enable the default policy. Then, please let us know if you run into any issues with it.

Background and details

Since Immich is deployed in so many different ways, it has been hard to figure out how to enable a CSP that would not conflict with or break existing installs that might use 3rd party map providers, custom CSS, embed Immich in an iframe, or other such features. In this release, we have added the ability to both opt in to a default policy and configure a custom one. To use the default policy, simply set the environment variable IMMICH_HELMET_FILE=true. To use a custom policy, set the environment variable to a path on disk (within the immich-server) that contains a valid helmet configuration (e.g. IMMICH_HELMET_FILE=/opt/immich/helmet.json). CSP can be used to control what scripts are allowed to run on the page, which domains to load images from, etc. Additionally, it can be used to configure headers for Referrer-Policy, X-Powered-By, X-Frame-Options, and others.

New version check infrastructure

Prior to this release, instances that used the automatic version check feature would send HTTP requests to github.com. Now, we have set up a small service at version.immich.cloud to handle these types of requests. This avoids any privacy implications of connecting to github.com , as well as moves the request load to our own infrastructure.

Notable fix: live photo and video download in Safari

When downloading files in Safari with the same name, it will simply overwrite the file instead of automatically renaming it. In this release, the still and motion parts of a live photo are now named differently to prevent this from happening.

Notable fix: escape HTML in panorama photo viewer

In v2.6.0, we added the ability to show/view clip text in the panorama viewer, but introduced an XSS vulnerability, which has been fixed in this release. Interestingly, this was XSS using text in the image, which would then get read by OCR.

Notable fix: Immich User Agent for external requests

Similar to the mobile app, the server now sends a custom User Agent header. The format for the User Agent is immich-server/{version}. For example, immich-server/2.7.0.

`v3.0.0`

Just a heads up that this is the likely to be the last release before v3.0.0. Being a major release there will be a handful of breaking changes, although it's worth noting that nothing is currently planned that requires user intervention. It is mainly changes that impact 3rd party developers. More information and details should be available in the coming weeks.

Support Immich

SUPPORT THE PROJECT!

If you find the project helpful, you can support Immich by purchasing a product key at https://buy.immich.app or our merchandise at https://immich.store

What's Changed

🚀 Features

feat: add support for helmet configuration by @jrasm91 in #27058
feat: create new person in face editor by @alextran1502 in #27364

🌟 Enhancements

feat(web): add a seperate tooltip for switching from dark to light mode by @Vogeluff in #27297
feat(web): focus on face-editor search input by @cratoo in #27136
feat(web): add RemoveFromAlbumAction to asset viewer nav bar by @timonrieger in #27000
feat(web): add shortcuts to rotate images by @squishykid in #26927
feat(server): add checksum algorithm field by @etnoy in #26573
feat(server): resolve duplicates by @Phlogi in #25316
chore(mobile): reduce spacing on video controls by @uhthomas in #27313
perf(server): optimize people page query by @ffchung in #27346
feat(web): dim photo outside hovered face bounding box by @midzelis in #27402
feat(web): OCR overlay interactivity during zoom by @midzelis in #27039
feat: add move to lock folder in folder view by @alextran1502 in #27384
feat(web): highlight active person thumbnail in detail panel and edit faces panel by @midzelis in #27401
feat: move version checks to our own infrastructure by @zackpollard in #27450
feat: add preview button when selecting images by @johnmaguire in #27305
fix: user-agent format by @jrasm91 in #27488
chore(mobile): reduce buffering timer duration by @uhthomas in #27111
fix(mobile): use key on video controls by @uhthomas in #27512
feat(server): Add support for .ts files by @ray in #27529

🐛 Bug fixes

fix(server): refresh unedited asset dimensions on metadata extraction by @michelheusschen in #27220
fix(server): memory fragmentation by @mertalev in #27027
fix(database restores): don't assume onboarding has completed by @insertish in #27052
fix(web): preserve timezone when changing timestamp (Closes #25354) by @updatemike in #27095
fix: various command palette usages by @danieldietzler in #27304
fix(web): keep map view open after closing asset viewer by @diiogofer in #26980
fix(web): prevent Safari from overwriting live photo image with video by @saurav61091 in #26898
fix(mobile): video icon not showing on memories by @YarosMallorca in #27311
fix(mobile): mismatch between system and app color when using low-chroma system color scheme by @putuprema in #27282
fix(mobile): images loads sometimes cancel too early by @LeLunZ in #27067
fix(mobile): streamline error handling for live photo saving by @LeLunZ in #27337
fix(web): keep upload totals stable when dismissing items (#27247) by @Nicolas-micuda-becker in #27354
fix(mobile): low upload timeout on android by @mertalev in #27399
fix(web): add drop shadow to asset viewer nav bar and prevent button shrinking by @midzelis in #27404
fix(mobile): favorite button not updating state by @YarosMallorca in #27271
fix: detection of WebM container by @chanb22 in #24182
fix(web): prevent AssetUpdate from adding unrelated timeline assets by @michelheusschen in #27369
fix: withFilePath select edited or unedited file by @bwees in #27328
fix(web): Enable stack selector in shared album view by @timonrieger in #24641
fix(server): use substring matching for person name search by @okxint in #26903
fix: escape html by @jrasm91 in #27469
fix(mobile): ignore pointer events on toasts by @uhthomas in #26990
fix(mobile): reset video controls hide timer when showing controls ch… by @uhthomas in #26985
fix(mobile): don't update search filters in-place by @uhthomas in #26965
fix(web): isFullScreen initial value check is incorrect by @midzelis in #27520
fix(mobile): transparent system navbar when trash bottom bar is visible by @putuprema in #27093
fix: timestamp handling for database backup in Web UI by @AfonsoMendoncaRibeiro in #27359
fix: allow bots to access /s/ urls by @domints in #27579

📚 Documentation

feat(docs): add keycloack example to oauth docs by @robson90 in #27425

🌐 Translations

chore(web): update translations by @weblate in #27029
chore(web): update translations by @weblate in #27483

New Contributors

@Vogeluff made their first contribution in #27297
@updatemike made their first contribution in #27095
@diiogofer made their first contribution in #26980
@squishykid made their first contribution in #26927
@Phlogi made their first contribution in #25316
@saurav61091 made their first contribution in #26898
@putuprema made their first contribution in #27282
@ffchung made their first contribution in #27346
@chanb22 made their first contribution in #24182
@robson90 made their first contribution in #27425
@okxint made their first contribution in #26903
@johnmaguire made their first contribution in #27305
@ray made their first contribution in #27529
@AfonsoMendoncaRibeiro made their first contribution in #27359
@domints made their first contribution in #27579

Full Changelog: https://github.com/immich-app/immich/compare/v2.6.3...v2.7.0

`v2.6.3`

Compare Source

v2.6.3

What's Changed

🐛 Bug fixes

fix(mobile): remove upload timeout by @mertalev in #27237
fix(web): prevent horizontal scroll bar in asset viewer side panel by @michelheusschen in #27270
fix(web): shifting motion image button by @YarosMallorca in #27275
chore(docs): withPeople parameter description by @YarosMallorca in #27262
fix(server): filter out empty search suggestions by @michelheusschen in #27292
fix: incorrect asset face sync by @bwees in #27243

Full Changelog: https://github.com/immich-app/immich/compare/v2.6.2...v2.6.3

`v2.6.2`

Compare Source

v2.6.2

This release addresses the following issues

Fixed a bug where the shared link would error out when public users upload to the shared link
Fixed a bug where the URL switching feature doesn't work with external URLs
Fixed a bug where the "add to album" selection box on the web doesn't include albums that are shared with the user
Fixed several issues regarding the search filter on the mobile app and the web

What's Changed

🐛 Bug fixes

fix(mobile): simplified chinese not available by @YarosMallorca in #27066
fix(web): allow showing combobox items outside modals by @michelheusschen in #27075
fix(web): preserve album scroll when adding to other albums by @michelheusschen in #27078
fix(server): queue version check job when config changed by @uhthomas in #27094
fix: shared link add to album by @jrasm91 in #27063
fix: svelte reactivity issues by @danieldietzler in #27109
fix(mobile): cronet image cache clearing on android by @LeLunZ in #27054
fix(mobile): view similar photos from search by @YarosMallorca in #27149
fix(mobile): no results before applying filter by @YarosMallorca in #27155
fix(mobile): star rating always defaults to 0 by @YarosMallorca in #27157
fix: download original stale cache when edited by @danieldietzler in #27195
fix(web): restore duplicate viewer arrow key navigation by @michelheusschen in #27176
fix(web): update upload summary when removing items (#27035) by @Nicolas-micuda-becker in #27139
fix(mobile): option padding on search dropdowns by @YarosMallorca in #27154
fix(mobile): add keys to people list by @YarosMallorca in #27112
fix(mobile): add cookie for auxiliary url by @mertalev in #27209
fix: album picker show all albums by @danieldietzler in #27211
fix(server): album permissions for editors by @YarosMallorca in #27214
fix(mobile/web): album cover buttons consistency by @YarosMallorca in #27213

📚 Documentation

fix(docs): clarify ML CPU architecture by @mmomjian in #27187

New Contributors

@Nicolas-micuda-becker made their first contribution in #27139

Full Changelog: https://github.com/immich-app/immich/compare/v2.6.1...v2.6.2

`v2.6.1`

Compare Source

v2.6.1

Hot fixes

Fixed a failed migration issue on the mobile app when the URL Switching feature is used

What's Changed

🐛 Bug fixes

fix(server): fallback to email when name is empty by @jrasm91 in #27016
fix: ignore errors deleting untitled album by @jrasm91 in #27020
fix(web): wrap long album title by @jrasm91 in #27012
fix(web): stop in-progress uploads on logout by @jrasm91 in #27021
fix: writing empty exif tags by @danieldietzler in #27025
fix(web): disable send button by @jrasm91 in #27051
fix(mobile): server url migration by @mertalev in #27050

Full Changelog: https://github.com/immich-app/immich/compare/v2.6.0...v2.6.1

`v2.6.0`

Compare Source

v2.6.0

Welcome to Immich v2.6.0, This release is a collection of more than 350 commits over 6 weeks. I know, it is an eternity between releases compared to our previous era. This version focuses on bug fixes and enhancements across the app to provide a more delightful and smoother experience to you. This release also prepares for the next major release in the coming month, which will remove the old timeline implementation. Let's dive into the highlights of the release:

[!WARNING]
For those who are still using the old timeline, please switch to the new timeline to avoid interruption, as the old timeline will be removed in the next release.

ps: The old timeline has an exclamation icon next to the logo.

Highlights

Map side panel (web)
Pick album cover (mobile)
Shared link slugs (mobile)
Shared link presets (web)
Native HTTP clients (mobile)
Video player and asset viewer improvements (mobile)
Improved search results (mobile)
schema-check: a new immich-admin command
Read profile claims from ID token (OAuth)
Notable fix: cast videos now automatically loop
Notable fix: correctly extract make and model from Sony XAVC video files
Notable fix: escape key handling on web
Notable fix: healthcheck endpoint in maintenance mode
Notable fix: timeline rendering for RTL languages like Arabic and Hebrew
Notable fix: prevent server crash when extracting invalid metadata

Map side panel (web)

The map view on the web now opens a mini-timeline component as a side panel when you click on a cluster of assets. This makes it easier to view the cluster at a glance and enables bulk actions, such as adding to favorites and adding to an album.

Pick album cover (mobile)

Users can now pick a new album cover directly from the mobile app.

https://github.com/user-attachments/assets/7f99dc80-21c6-4ce6-9f75-8e6b0163dcaa

Shared link slugs (mobile)

The mobile app now also supports setting a shared link slug, a feature that's been available on the web for a while.

https://github.com/user-attachments/assets/5420995a-cfd4-471d-a3ac-db4fa45de780

Shared link presets (web)

The expiration form input on the web was always a bit confusing, but it's been updated to make it easier to see and understand when a shared link will expire.

Native HTTP clients (mobile)

The mobile app now uses native HTTP clients across both Android and iOS, with support for mTLS, self-signed certificates, basic auth, and custom headers. These features should now be more reliable and extend to background tasks, video playback, and other parts of the app. This also improves the app's overall network request performance thanks to HTTP/2 and HTTP/3, multiplexing, and caching.

Video player and asset viewer improvements (mobile)

The asset viewer has undergone many improvements under the hood to make it simpler, faster and more reliable. We've also added playback support for GIFs, enabled video zooming, and made many more bug fixes and tweaks.

The asset viewer now uses a gradient for actions, and video controls have been restyled

Inline asset details

This used to be a bottom sheet and had a lot of glue for alignment. The new version is much more responsive and less buggy.

Before

https://github.com/user-attachments/assets/43b59b59-7d6a-48d0-94d7-84b8cae1c2a9

After

https://github.com/user-attachments/assets/9217b6f4-1c92-40b0-bd95-a0681307cf38

Improved search results (mobile)

The search results page now loads more results without rebuilding the entire grid, and should now load much faster. There are also new screens for when there are no search results and when all results have been loaded.

https://github.com/user-attachments/assets/42ce69d4-1618-48ee-9cb9-91ec22e12b27

`schema-check`: a new `immich-admin` command

A new immich-admin command has been added in this release: schema-check. The command runs a report on the database to check if any indexes, constraints, tables, or columns are missing. This check also runs automatically on startup.

Read profile claims from `idToken` (OAuth)

Prior to v2.6.0, Immich resolved the email and other claims from the userinfo endpoint. Now, Immich also supports reading those claims directly from the idToken. This makes it possible to use providers such as Microsoft ADFS that do not support the userinfo endpoint.

As always, there are many more QoL improvements, bug fixes, and enhancements in this release. Please find the full release note below

Support Immich

SUPPORT THE PROJECT!

If you find the project helpful, you can support Immich by purchasing a product key at https://buy.immich.app or our merchandise at https://immich.store

What's Changed

🔒 Security

fix(server): restrict individual shared link asset removal to owners by @michelheusschen in #26868
fix: add to shared link by @jrasm91 in #26886

🚀 Features

feat: shared link login by @jrasm91 in #25678
feat: schema-check by @jrasm91 in #25904
feat: add people deeplink by @arne182 in #25686
feat(mobile): inline asset details by @uhthomas in #25952
feat(mobile): filter by tags by @benjamonnguyen in #26196
feat: add .mxf file support by @timonrieger in #24644
feat: tap to see next/previous image by @thezeroalpha in #20286
feat(mobile): Allow users to set album cover from mobile app by @timonrieger in #25515
feat(mobile): Allow users to set profile picture from asset viewer by @timonrieger in #25517
feat: ROCm 7.2 and MIGraphX support by @kprinssu in #26178
feat(web): map timeline sidepanel by @michelheusschen in #26532
feat: add responsive layout to broken asset by @midzelis in #26384
feat(web): toggle zoom on double-click in photo viewer by @midzelis in #26732
feat(mobile): show animated images in asset viewer by @LeLunZ in #26614
feat(mobile): open in browser by @YarosMallorca in #26369

🌟 Enhancements

feat: verify permissions by @jrasm91 in #25647
feat(web): change link expiration logic & presets by @YarosMallorca in #26064
feat(mobile): dynamic layout in new timeline by @shenlong-tanwen in #23837
feat(cli): change progress bar to display file size by @Nykri in #23328
feat(mobile): dynamic multi-line album name by @uhthomas in #26040
feat(mobile): hide search by context/OCR if disabled on server (#25472) by @Nacolis in #26063
fix(release): add docker-compose.rootless.yml to released assets by @dnozay in #26261
feat(web): show ocr text boxes in panoramas by @meesfrensel in #25727
feat(web): loop chromecast video by @etnoy in #24410
chore(web): merge "Add to album" and "Add to shared album" actions into a single action by @timonrieger in #24669
feat(mobile): timeline - add bottomWidgetBuilder by @PeterOmbodi in #25634
feat(mobile): video zooming in asset viewer by @goalie2002 in #22036
feat(mobile): Add slug support for shared links by @Lauritz-Tieste in #26441
feat: warn when losing transparency during thumbnail generation by @midzelis in #26243
perf(mobile): optimized album sorting by @YarosMallorca in #25179
feat(mobile): prompt when deleting from trash by @YarosMallorca in #26392
feat: getAssetEdits respond with edit IDs by @bwees in #26445
fix(server): accept showAt and hideAt for creating memories by @meesfrensel in #26429
feat(server): SyncAssetEditV1 by @bwees in #26446
feat: splash screen error page by @shenlong-tanwen in #26460
feat(mobile): add confirmation dialog to permanent delete action by @ByteSizedMarius in #26442
feat: enhance face-editor positioning by @midzelis in #26303
feat: improve HEIC, HEIF and JPEG XL browser support detection by @nicosemp in #26122
refactor(web): remove replaceAsset action by @timonrieger in #26444
feat(web): bounding box for faces when hovering over the face in photo view by @cratoo in #26667
feat(mobile): keep search results visible by @uhthomas in #26498
feat(mobile): use shared native client by @mertalev in #25942
feat(mobile): SyncAssetEditV1 by @bwees in #26518
feat(ml): enable openvino for cpu by @apejcic in #22948
feat: responsive video duration in thumbnail by @midzelis in #26770
feat(web): animate zoom toggle with cubicOut easing by @midzelis in #26731
feat(mobile): consolidate video controls by @uhthomas in #26673
feat(web): add shortcut "p" to open/close the face tag box by @cratoo in #26826
feat(mobile): use material design 3 slider by @uhthomas in #26829
feat: adaptive progressive image loading for photo viewer by @midzelis in #26636
fix(server): extract make/model from sony video files by @brendanngo in #26833
chore(mobile): remove background from asset viewer back button by @uhthomas in #26851
feat(server): support IDPs that only send the userinfo in the ID token by @Belnadifia in #26717
feat(web): improve OCR overlay text fitting, reactivity, and accessibility by @midzelis in #26678
fix(web): allow pasting PIN code from clipboard or password manager by @pressslav in #26944

🐛 Bug fixes

fix: ignore checksum constraint error when logging by @jrasm91 in #26113
fix(web): use locale for date picker by @michelheusschen in #26125
fix(web): escape shortcut handling by @michelheusschen in #26096
fix(mobile): Login routing on Splash screen by @PeterOmbodi in #26128
fix: null local date time in timeline queries by @shenlong-tanwen in #26133
fix(web): prevent event manager from throwing error by @michelheusschen in #26156
fix(web): improve api key modal responsiveness by @klenner1 in #26151
fix(web): show correct assets in memory gallery by @michelheusschen in #26157
fix(web): add missing @immich/ui translations by @michelheusschen in #26143
fix(mobile): timeline handling on foldable phones + ensuring that images are not cut off by @bkchr in #25088
fix(mobile): prevent nav bar label text wrapping by @chrislongros in #26011
fix(mobile): hide latest version warnings by @uhthomas in #26036
fix(mobile): inconsistent query for people by @YarosMallorca in #24437
fix(web): timeline multi select group state by @michelheusschen in #26180
fix(web): add checkerboard background for transparent images by @agent-steven in #26091
fix(mobile): inherit toolbar opacity by @uhthomas in #25694
fix(web): focus tag input when modal opens by @michelheusschen in #26256
fix(web): clear face boxes when switching assets by @michelheusschen in #26249
fix(web): clear unsaved asset description when changing asset by @michelheusschen in #26255
fix(web): clear cache when asset changes by @michelheusschen in #26257
fix: utc time zone upserts by @danieldietzler in #26258
fix: metadata crash by @jrasm91 in #26327
fix: prevent server crash when extraction of metadata fails if the assets are corrupted by @Devansh-Jani in #26042
fix(server): db restore failure when DB_URL is set to unix-domain socket connection by @fabio-garavini in #26252
fix: Download the edited version when downloading multiple photos by @MontejoJorge in #26259
fix: include DROP INDEX in transaction to prevent missing index on rollback by @haoxi911 in #25399
fix: safari address bar color by @jrasm91 in #26346
fix(web): prevent panorama image reload during asset updates by @michelheusschen in #26349
fix(web): favoriting assets opened via GalleryViewer by @michelheusschen in #26350
fix(i18n): add translation key for partner's photos by @timonrieger in #26348
fix(web): single select scroll behavior by @timonrieger in #26358
perf: add indexes to improve People API response times by @bxtdvd in #26337
fix: pin code reset modal by @jrasm91 in #26370
fix(mobile): Reset "People" search filter chip if no selections are made by @benjamonnguyen in #26267
fix(cli): delete sidecar files after upload if requested by @timonrieger in #26353
fix(web): album description auto height by @michelheusschen in #26420
fix(web): prevent side panel overlap during transition by @michelheusschen in #26398
fix(web): storage template example by @mmomjian in #26424
fix(web): prevent state_unsafe_mutation error on people page by @michelheusschen in #26438
fix: missing deletedAt and isVisible columns on mobile by @bwees in #26414
fix(mobile): joinLocal on archived timeline by @YarosMallorca in #26387
fix: always show library scan button by @etnoy in #26428
fix: retain asset when either asset is a favorite by @shenlong-tanwen in #26473
fix(web): prevent null folder tree on concurrent load by @michelheusschen in #26489
fix(web): toast warning when trying to upload unsupported file type by @meesfrensel in #26492
fix(mobile): birthday picker shows limited months when no date exists by @socksprox in #26407
fix: consider DAR when extracting video dimension by @alextran1502 in #25293
feat(mobile): Prevent premature image cache eviction when higher image loading is enabled by @LeLunZ in #26208
refactor: star rating by @meesfrensel in #26357
fix(mobile): set correct initial system-ui mode in asset viewer by @goalie2002 in #26500
fix(server): Live Photo migration bug when album is in template by @NikhilAlapati in #25329
fix(web): handle delete shortcut on shared link page as remove by @meesfrensel in #26552
fix(mobile): prevent video player from being recreated unnecessarily by @uhthomas in #26553
fix(mobile): don't cut off top corners of app bar by @uhthomas in #26550
feat: update onnxruntime-openvino to 1.24.1 and intel drivers by @savely-krasovsky in #26565
fix: hide download action for local/merged assets by @YarosMallorca in #26461
fix(web): top bar z index on search page by @YarosMallorca in #26582
fix(web): show shared link download button when logged in by @Snowknight26 in #26629
fix(mobile): asset viewer hero animation by @uhthomas in #26545
fix(web): timeline and asset viewer RTL support by @meesfrensel in #26513
fix(server): clean up edited thumbnail when deleting asset by @michelheusschen in #26664
fix: implement existing withStacked on searchAssetBuilder by @babbitt in #26607
fix(mobile): video state by @uhthomas in #26574
fix(maintenance mode): wait for valid server config on restart by @insertish in #26456
fix(web): inconsistent asset nav bar state after visiting shared link by @Snowknight26 in #26674
fix(web): download toast showing wrong filename for motion assets by @Snowknight26 in #26689
fix(mobile): add safe area for asset details by @uhthomas in #26675
fix(web): combobox dropdown positioning in modals by @michelheusschen in #26707
fix(web): video stealing focus when it plays again when looping by @Snowknight26 in #26704
fix(ml): batch size setting by @mertalev in #26524
fix(server): clarify transcoding bitrate policy by @meesfrensel in #26711
fix: playback style migration by @alextran1502 in #26718
fix(web): asset viewer showing wrong viewer type when hovering on stack thumbnails by @Snowknight26 in #26741
fix(server): opus handling as accepted audio codec in transcode policy by @skatsubo in #26736
fix(web): refresh recent albums sidebar after album changes by @michelheusschen in #26757
fix(web): show the correct cursor at crop bounds when editing an asset by @Snowknight26 in #26748
fix(web): recalculate face bounding boxes by @cratoo in #26737
fix(web): context menu overflow by @SevereCloud in #26760
fix(web): correct tag rounding in search options by @michelheusschen in #26814
fix(web): prevent unrelated assets from appearing in tag view by @michelheusschen in #26816
fix(mobile): use tabular figures in backup page by @uhthomas in #26830
fix(mobile): wrap backup error message text by @uhthomas in #26834
fix(server): use correct day ordering in timeline buckets by @michelheusschen in #26821
fix(web): face selection box position resetting on browser resize by @Snowknight26 in #26766
fix: use correct original URL for 360 video panorama playback by @luis15pt in #26831
fix(web): disable drag and drop for internal items by @michelheusschen in #26897
fix(web): keep header fixed on individual shared links by @michelheusschen in #26892
fix: SMTP over TLS by @nathanielhourt in #26893
fix(web): copy yearMonth in MonthGroup to avoid shared object reference with asset in #26890
fix(mobile): use shared auth for background_downloader by @mertalev in #26911
fix(web): prevent search page error on missing album filter by @michelheusschen in #26948
fix(server): sync files to disk by @uhthomas in #26881
fix(web): jump to primary stacked asset from memory by @michelheusschen in #26978
fix(mobile): reflect asset deletions instantly by @uhthomas in #26835
fix: healthcheck by @jrasm91 in #26989
fix(web): escape handling for tagging and adding a face in asset viewer by @cratoo in #26870
fix: filter after searching by asset id by @jrasm91 in #26994
fix: bounding box return type by @jrasm91 in #27014
fix: validate accept header before returning html by @jrasm91 in #27019

📚 Documentation

chore(docs): Update help channel for developers by @Mraedis in #26284
feat(docs): Explain configuration file location for Docker Compose by @keunes in #24989
chore(docs): add quick-start guide for DevPod with docker by @dhlavaty in #26213
feat(docs): Adding information about parameter c= by @aviv926 in #26430
feat: doc links by @jrasm91 in #26519
fix(docs): add ocr to job flow diagram by @niij in #26505

🌐 Translations

chore(web): update translations by @weblate in #26118
fix: clarify external domain setting is used for emails too by @chrislongros in #26009
chore(web): update translations by @weblate in #26167
fix(web): error page i18n by @meesfrensel in #26517
chore(web): clarify locale settings description by @meesfrensel in #25562
chore(web): update translations by @weblate in #26192

New Contributors

@klenner1 made their first contribution in #26151
@bkchr made their first contribution in #25088
@chrislongros made their first contribution in #26011
@agent-steven made their first contribution in #26091
@dhlavaty made their first contribution in #26238
@Nacolis made their first contribution in #26063
@ewinnd made their first contribution in #26277
@dnozay made their first contribution in #26261
@keunes made their first contribution in #24989
@Devansh-Jani made their first contribution in #26042
@benjamonnguyen made their first contribution in #26196
@fabio-garavini made their first contribution in #26252
@haoxi911 made their first contribution in #25399
@thezeroalpha made their first contribution in #20286
@socksprox made their first contribution in #26407
@kprinssu made their first contribution in #26178
@babbitt made their first contribution in #26607
@niij made their first contribution in #26505
@cratoo made their first contribution in #26667
@M123-dev made their first contribution in #26630
@apejcic made their first contribution in #22948
@SevereCloud made their first contribution in #26760
@brendanngo made their first contribution in #26833
@luis15pt made their first contribution in #26831
@nathanielhourt made their first contribution in #26893
@Belnadifia made their first contribution in #26717
@pressslav made their first contribution in #26944

Full Changelog: https://github.com/immich-app/immich/compare/v2.5.6...v2.6.0

`v2.5.6`

Compare Source

v2.5.6

This patch release addresses the following issues

Fixed an issue where thumbnail generation runs every night when full-size image generation option is enabled.
Fixed an issue where iOS is slow to start in some cases.
Fixed an issue where Android device cannot delete asset using Free Up Space feature if it has more than a few thousand assets

🐛 Bug fixes

fix: enhance album sorting functionality with order handling by @LeLunZ in #24816
fix: add missing translations for image editor by @michelheusschen in #25957
fix: image and video download complete notification shows "file_name" by @romoisverycool in #25975
fix: user profile refetched each time on opening app dialog by @shenlong-tanwen in #25992
fix: improve albums page load time on firefox by @michelheusschen in #26025
fix: reduce queue graph jitter and include paused count by @michelheusschen in #26023
fix(web): toast fixed location by @YarosMallorca in #25966
fix: scroll jump when opening show & hide people by @michelheusschen in #25932
fix(web): display storage unit next to value instead of absolute positioning in admin user page by @K0lin in #25985
fix: iOS slow start by @alextran1502 in #26043
fix: profile dialog auto dismiss after opening on iPad by @alextran1502 in #26046
fix(web): prevent context menu from overflowing viewport by @ttpss930141011 in #26041
fix: slideshow setting dropdown overflow by @michelheusschen in #26066
fix: free up space using small batch size to reliably work on Android by @alextran1502 in #26047
fix(web): removing a person in an asset, doesn't remove the asset in … by @dolfje in #26068
fix(mobile): handle image stream completion when no image is emitted by @LeLunZ in #25984
fix: evict image from cache on error during image loading by @LeLunZ in #26078
fix(server): thumbnail queueing by @mertalev in #26077
fix: create face exif orientation handling by @bwees in #26108
fix(web): refresh text by @jrasm91 in #26071
fix: correctly cancel select all assets by @michelheusschen in #26067
fix: person thumbnail generation on edited assets by @bwees in #26112
fix: local date time group fall back by @alextran1502 in #26110

📚 Documentation

feat(docs): version policy by @mmomjian in #25979
feat(deployment): rootless compose file by @mmomjian in #25931
docs: update ml-hardware-acceleration.md by @cmrtdev in #25755

🌐 Translations

chore(web): update translations by @weblate in #25947

New Contributors

@ttpss930141011 made their first contribution in #26041
@dolfje made their first contribution in #26068
@cmrtdev made their first contribution in #25755
@nicosemp made their first contribution in #25599

Full Changelog: https://github.com/immich-app/immich/compare/v2.5.5...v2.5.6

`v2.5.5`

Compare Source

v2.5.5

v2.5.4 was in the way of getting out, and we got another annoyance bug fixed, so we rolled it into v2.5.5

Happy Friday! This release addresses more bugs from the v2.5.0 release. Enjoy!

Fixed an issue where changing the timezone on the web changes the time instead of the timezone
Fixed an issue where background task on iOS don't get triggered as often
Fixes some issues regarding the usage of self-signed certificate and mLTS on the mobile app

🐛 Bug fixes

fix(mobile): cancel share download when dialog is dismissed by @cmdPromptCritical in #25466
fix: album dto docs by @jrasm91 in #25873
fix: null validation by @jrasm91 in #25891
fix(server): deleting stacked assets by @jrasm91 in #25874
fix: close tag modal after tagging assets by @michelheusschen in #25884
fix: correctly sync shared link download with metadata toggle by @michelheusschen in #25885
fix: date time picker text color in dark mode by @alextran1502 in #25883
fix: allow null tagIds in search dto by @michelheusschen in #25920
fix: improve asset editor exit handling by @michelheusschen in #25917
fix: make switch labels properly clickable by @michelheusschen in #25898
fix: ensure theme stays in sync with @immich/ui by @michelheusschen in #25922
fix: preserve hidden people state across pagination by @michelheusschen in #25886
fix: file name search label by @alextran1502 in #25916
fix(mobile): mtls on native clients by @mertalev in #25802
fix: time zone upserts by @danieldietzler in #25889
fix(web): Ensure profile picture is cropped to 1:1 ratio by @aditya-ai-architect in #25892
fix(mobile): reset asset index on timeline refresh by @uhthomas in #25729
fix: timezone in timeline bucketing by @shenlong-tanwen in #25894
fix(mobile): Update preview and PageController position when the asset count decreases while the last item is selected by @PeterOmbodi in #25563
fix(server): use provided database username for restore & ensure name is not mangled by @insertish in #25679
fix: image download complete notification shows an extra {file_name} template tag by @romoisverycool in #25936
fix: face and edit handling by @bwees in #25738
fix: queue assets missing fullsize files for thumbnail regeneration by @midzelis in #25794
fix: dedupe version announcement modal by @jrasm91 in #25946
fix(cli): suppress startup messages for immich-admin by @VahantSharma in #25928

📚 Documentation

docs: update manual backup/restore to match the automatic process by @insertish in #25924
fix(docs): add missing --json-output arg to CLI example by @Xiol in #25870
docs: remove writeTimeout on traefik example by @kaysond in #25837

🌐 Translations

chore(web): update translations by @weblate in #25585

New Contributors

@aditya-ai-architect made their first contribution in #25892
@VahantSharma made their first contribution in #25927
@Xiol made their first contribution in #25870
@cmdPromptCritical made their first contribution in #25466
@romoisverycool made their first contribution in #25936
@didekoning made their first contribution in #25937

Full Changelog: https://github.com/immich-app/immich/compare/v2.5.3...v2.5.5

`v2.5.3`

Compare Source

What's Changed

🐛 Bug fixes

chore: remove random code snippet by @jrasm91 in #25677
fix: reset and unsaved change states in editor by @bwees in #25588
fix: no notification if release check is disabled by @jrasm91 in #25688
fix(mobile): hide latest version if disabled by @uhthomas in #25691
fix(web): enable asset viewer navigation across memory boundaries by @midzelis in #25741
fix: upload progress bar flickering by @alextran1502 in #25829
fix: prevent stale values in edit user form after save by @michelheusschen in #25859
fix: prevent album page get rebuilt when resuming app by @alextran1502 in #25862
fix: prevent backspace from accidentally triggering delete modals by @michelheusschen in #25858
fix: metadata extraction race condition by @danieldietzler in #25866
fix: reset zoom when navigating between assets by @michelheusschen in #25863

📚 Documentation

docs(openapi): Add descriptions to OpenAPI specification by @timonrieger in #25185
fix(docs): clarify supported vector version by @mmomjian in #25753

Full Changelog: https://github.com/immich-app/immich/compare/v2.5.2...v2.5.3

`v2.5.2`

Compare Source

v2.5.2

v2.5.1 has been sacrificed for the release God, so the Android app can now be released

[!NOTE]
This version of the mobile app will pull down some data from the server to fix the incorrect data in the mobile app local database, so you will see the sync icon running for a little bit

Hotfixes

Fixed a bug where the video aspect ratio is played incorrectly for the remote asset
Fixed a bug where memory generation failed
Fixed a bug where memories don't show on the web until the page is refreshed
Fixed a bug where the Load original image option doesn't render the image on iOS

What's Changed

🐛 Bug fixes

fix: deleting asset from asset-viewer on search results by @midzelis in #25596
fix: escape handling in search asset viewer by @danieldietzler in #25621
fix: correctly show owner in album options modal by @danieldietzler in #25618
fix(server): don't assume maintenance action is set by @insertish in #25622
fix: album card ranges by @danieldietzler in #25639
fix(mobile): show controls by default on motion photos by @goalie2002 in #25638
fix: escape handling by @danieldietzler in #25627
fix(mobile): set correct system-ui mode on asset viewer init by @goalie2002 in #25610
fix(mobile): actually load original image by @mertalev in #25646
fix: width and height migration issue by @alextran1502 in #25643
fix: memory lane by @jrasm91 in #25652
fix: memory generation by @jrasm91 in #25650
fix(mobile): tall image scrolling by @ByteSizedMarius in #25649

Full Changelog: https://github.com/immich-app/immich/compare/v2.5.0...v2.5.2

`v2.5.0`: - 90000 Stars Release

Compare Source

v2.5.0

[!NOTE]

01/27

20:23 GMT: We are halting the release of the mobile app as there are some reported issues with migration

22:00 GMT: Found the issue with the migration for the experimental sync-delete feature on Android. Will fix and release a new update soon. ETA tomorrow CTS time

22:24 GMT: iOS is released as the migration doesn't affect iOS users

01/28

Discovered some annoyance bugs regarding editing after ready to release v2.5.1, so spent the whole day fixing them and will release v2.5.2 on Thursday (01/29)

Sorry for the inconvenience

Highlights

Happy New Year! Welcome to Immich v2.5.0. This release is our fireworks to celebrate both the new year and reaching 90,000 stars on GitHub. It is packed with major features that have been in the works for quite some time, and the team has kicked off the year with incredible momentum that we're excited to carry forward. We couldn't wait to share this with you. Let's dive right in:

Free Up Space
Non-destructive editing
Database backup and restore (web)
Upload improvements
Visual refresh across all platforms
Disable admin setup
Star rating (mobile)
Additional fine-grained permissions (api keys)
Progressive JPEGs
Slideshow loop option (web)
Native HTTP clients for HTTP/2 and HTTP/3 image loading

Free Up Space

This feature was requested ages ago. So long in fact, that it has a 3-digit ID (#165)! Given the rapid iteration and development pace of the pre-stable era, it was risky to include it in the app due to its bulk-delete nature. But it is now 2026 😄, so here we are.

Free Up Space allows you to remove local media files from your device that have already been successfully backed up to your Immich server (and are not in Immich trash). This helps reclaim storage on your mobile device without losing your memories. The feature can be accessed from the user profile panel or from the Settings page in the mobile app.

There are configuration options and steps to make sure that everything is verified before deleting from the app.

Configuration:
- Cutoff date: Free Up Space will only look for photos and videos on or before this date.
- Keep albums: Hold all photos and videos in the selected albums on your device, regardless of other settings. By default, **WhatsApp** related albums are selected to be kept on the device. Assets that are not already on the device will not be redownloaded.
- Keep favorites: This works the same way **Keep albums** . By default, favorited assets are preserved on your device.
- Keep on device: You can choose to restrict removal to **Always keep** All photos or All videos, regardless of other settings. This setting can hamper freeing up space significantly — with 80 GB of videos and 40 GB of photos, selecting **Always keep photos** retains thousands of photos on your device.

[!TIP]
These configurations are persistent to make it convenient for those who perform this task often.

Scan & Review: Before any files are removed, you are presented with a review screen to confirm which items will be deleted and how much storage will be reclaimed.
Deletion: Confirmed items are moved to your device's native Trash/Recycle Bin.

[!NOTE]
Reclaim storage
To use the reclaimed space right away, you must manually empty the system/gallery trash outside Immich.

For more information about this feature, please read it here

Non-destructive editing

Immich now supports non-destructive photo editing. This means that any edits you make to an asset do not modify the original file; instead, the modifications are stored in the database, and new thumbnails are generated based on those changes. This means you can always revert to the original asset if needed.

When you download an edited asset, Immich provides the edited version by default. However, you can choose to download the original version if needed. Immich always generates an edited full-size version based on your full-size quality settings. This occurs regardless of whether the "Enable full-size image generation" setting is enabled or disabled.

[!NOTE]
Limitations:

Mobile clients must be updated to v2.5.0 in order view the edited version of an asset. Clients will continue to > see the original asset if on a mobile app version <2.5.0

As of this version, the edited download won't include the EXIF metadata of the original asset. This feature will come in future releases.

Mobile editing still uses the old edit system (saving a new version of the photo). The mobile editor will be upgraded to use the new non-destructive editing system in a future release.

You can click on the following icon to enter edit mode

Currently, Immich supports the following types of edits:

Cropping
Rotation
Mirroring

Opening the editor on an edited asset will load the existing edits back in so you can make adjustments and changes.

Backup and restore from the web UI

Backup and restore are an important part of any self-hosted application; this feature helps you maintain reliable access to your instance during unexpected events, such as database corruption caused by system failure or power loss.

Historically, restoring an Immich instance to a specific point required the user to have access to the command line, which proved challenging for many users, especially those new to self-hosting and software maintenance.

Now, we have the entire backup and restore pipeline built into Immich, which allows you to quickly restore a database backup directly from the web UI. You can perform the steps either from the Administration > Maintenance page, or from a brand new instance on the welcome page.

Restore from Administration's Maintenance page

Restore from Onboarding page

For more detailed steps, please read them in our documentation

Upload improvement

This release also improves foreground upload in the mobile app. The previous implementation improves background uploads but leaves foreground uploads less reliable by leveraging the queue system to offload upload handling to the OS, which can be throttled under specific criteria.

We are taking back more control over handling uploads with the try-and-true method used in the old timeline, but this time it is supercharged with concurrent uploads and also correctly handles assets with missing file extensions from software such as DJI or Fusion Camera.

Upload now will also send unique metadata for each asset to the server, so it can be used to quickly retrieve the checksum when reinstalling the app, saving time and CPU resources. This is especially useful for iCloud users, as the hashing process can take a long time.

For iOS and iCloud users, it is recommended to go to App Settings > Sync Status and tap the "Sync Cloud IDs" button to backfill the metadata for the uploaded content. You only need to do this once.

Visual refresh across all platforms

This release also brings you a refreshed look and feel across the web, mobile app, and the documentation sites, with a new font face ("The-name-must-not-be-named" Sans) that improves reading legibility, especially for numbers and smaller text.

The UI library (https://ui.immich.app/) components have also been added to the web app in more places. You should see a more standardized, coherent, and better hierarchy for UI components across the app.

All icon buttons now come with a tooltip, so you don't have to guess what function the button serves

Star rating (mobile)

Mobile now has the star-rating feature, similar to the web application. If you don't see a star rating on either platform, make sure the feature is enabled here.

Disable admin setup

New installs show a welcome page and allow anyone to sign up / register as an admin. To have more control over whether this is allowed or not, we have added the following environment variable:

IMMICH_ALLOW_SETUP=true|false

This is especially useful if you have already initialized Immich and never want this situation to be possible in the future, which can happen if for whatever reason the database is reset.

Additional fine-grained permissions (api keys)

Some existing endpoints have been assigned fine-grained permissions, allowing the creation of API keys with limited access. The new permissions include:\n

map.read - Retrieve a list of latitude and longitude coordinates for every asset with location data
map.search - Retrieve location information for latitude & longitude coordinates
folder.read - Retrieve information about folders and which assets they contain

Progressive JPEGs

All image-generation settings now include a new option to enable progressive JPEGs. When enabled, supported browsers will progressively render the image.

Slideshow loop option (web)

The slideshow settings on the web now include an option to automatically start the slideshow over.

Native HTTP clients

All remote images are now requested using optimized HTTP clients, meaning images load more quickly and can keep up with your scrolling. Caching is also improved: not only does this make images even snappier to load after being downloaded, it also improves the offline experience with better responsiveness and a larger cache size.

As always, there are many more QoL improvements, bug fixes, and enhancements in this release. Please find the full release note below

Support Immich

SUPPORT THE PROJECT!

If you find the project helpful, you can support Immich by purchasing a product key at https://buy.immich.app or our merchandise at https://immich.store

What's Changed

🚀 Features

feat: workflow ui by @alextran1502 in #24190
feat: disable admin setup by @jrasm91 in #24628
feat: free up space by @alextran1502 in #24999
feat: use fastlane sigh to manage signing profiles by @alextran1502 in #25089
feat: image editing by @bwees in #24155
feat: add cloud id during native sync by @shenlong-tanwen in #20418
feat: restore database backups by @insertish in #23978
feat(mobile): star rating by @YarosMallorca in #24457
feat(mobile): scrollbar for album page by @alextran1502 in #25507

🌟 Enhancements

feat: focus jumped-to item in timeline by @bo0tzz in #24738
chore: web editor improvements by @bwees in #25169
feat: modal routes by @jrasm91 in #24726
feat: prefer admin settings page over users page by @jrasm91 in #24780
feat: shared link edit by @jrasm91 in #24783
feat(mobile): use tabular figures in backup info card by @wrbl606 in #24820
feat(mobile): album options to kebab menu by @idubnori in #24204
feat: Hide/show controls when zoom state changes by @Lauritz-Tieste in #24784
feat(server): Support camera make, model, and lensModel in Storage Template by @rahul-kumar-saini in #24650
feat(ml): update ONNX Runtime, OpenVINO and ROCm stack by @savely-krasovsky in #23458
chore(server): Vchord 1.0 support by @mmomjian in #23845
feat(web): Add coordinate pair location searching. by @GustavJones in #24799
feat: show asset owners for editors in shared albums by @ama156 in #24890
feat(web): undo delete single asset by @YarosMallorca in #24439
feat(server): implement switchable logging formats (console/json) by @DanielRamosAcosta in #24791
chore(web): bump immich/ui for tooltips by @jrasm91 in #24632
feat(web): star rating keyboard shortcut by @cbochs in #24620
feat: bulk asset metadata endpoints by @jrasm91 in #25133
feat(mobile): 2026 font by @alextran1502 in #25213
feat(web): search albums by description by @YarosMallorca in #25244
feat(web): 2026 font by @alextran1502 in #25174
chore: dart http foreground upload by @alextran1502 in #24883
feat: update intel compute driver by @savely-krasovsky in #25259
feat: download original asset by @danieldietzler in #25302
feat: allow /memory?id= in AndroidManifest by @arne182 in #25373
fix: add scoped API permissions to map endpoints by @meesfrensel in #25423
fix(server): scoped permissions for more endpoints by @meesfrensel in #25452
feat: generate progressive JPEGs for thumbnails by @midzelis in #25463
feat: loop slideshows by @GeneralZero in #25462
feat(mobile): native clients by @mertalev in #21459

🐛 Bug fixes

fix(maintenance): prevent enable/disable maintenance CLI hanging on occasion by @insertish in #24713
fix(web): display jxl original by @mertalev in #24766
fix(web): stale album info by @jrasm91 in #24787
fix: album card timezone by @danieldietzler in #24855
fix(web): let slideshow videos play (#19601) by @keanucz in #24914
fix(server): update exiftool-vendored to v34.3 for correct colon-less timezone parsing by @dosten in #24979
fix(mobile): hide delete action for remote-only assets by @skrmc in #25010
fix: import config from json by @MontejoJorge in #25030
fix: search input has incorrect focus state after closing the search filter modal by @alextran1502 in #24886
fix(web): duplicate key error and enable expiration editing for expired shared links by @timonrieger in #24686
fix: shared-link-mapper by @jrasm91 in #24794
fix(server): migrate motion part of live photo by @NikhilAlapati in #24688
fix(web): use asset date for change date popup when single asset selected by @majiayu000 in #25076
fix(web): long text taking more width than expected in duplicate manager by @HemendraSinghShekhawat in #24547
fix(web): broken asset urls if shared link has photos in name by @YarosMallorca in #24451
fix(server): search statistics with personIds returns 500 by @majiayu000 in #25074
fix(web): server stats layout by @meesfrensel in #25085
fix: enter now submits the date modals by @fabb in #25053
fix(web): improve text contrast in minimized upload panel by @majiayu000 in #25075
fix: propagate iCloud Shared Album flag by @alextran1502 in #25060
fix: description does not rerender when navigating between assets by @alextran1502 in #25137
fix(server): avoid upserting empty metadata array by @timonrieger in #25143
fix(server): Document HTTP 200 response for duplicate uploads in OpenAPI by @timonrieger in #25148
fix(web): person asset count doesn't update when navigating by @YarosMallorca in #24438
fix(mobile): remove weird zooming behaviour on videos and play/pause button delay by @goalie2002 in #24006
fix: unlock properties after successful sidecar write by @danieldietzler in #25168
fix(web): show relevant navbar options for partner assets by @YarosMallorca in #24832
fix(web): added background gradient for video time visibility by @HemendraSinghShekhawat in #25138
feat(mobile): do not restore locally deleted assets during trash sync (Android) by @PeterOmbodi in #24218
fix: asset local type casting by @alextran1502 in #25214
fix(web): ocr button not clickable for stacked assets by @YarosMallorca in #25210
fix(web): Handle upload failures from public users by @juliancarrivick in #24826
fix(mobile): prevent system UI from hiding on drag down gesture by @goalie2002 in #25240
fix: migration order by @jrasm91 in #25249
fix(web): redirect to login by @jrasm91 in #25254
fix(mobile): improve asset transition back to timeline by @goalie2002 in #24485
fix: dark mode appbar color by @akashKarmakar02 in #24976
fix(web): add min-width to setting input field by @K0lin in #25317
fix(server): api key update checks by @jrasm91 in #25363
fix(mobile): album selector icon visibility by @ByteSizedMarius in #25311
fix(mobile): indicators not showing on thumbnail tile after asset change in viewer by @goalie2002 in #25297
fix(web): handle deletion from asset viewer on map page by @meesfrensel in #25393
fix: tag update race condition by @danieldietzler in #25371
fix(web): allow exiting pin setup flow by @meesfrensel in #25413
fix: upload file without extension by @alextran1502 in #25419
fix: incorrect asset viewer scale on image frame update by @shenlong-tanwen in #25430
fix(mobile): bring back map settings by @shenlong-tanwen in #25448
fix(web): fix badge value in queues page by @beinganukul in #25445
fix(mobile): backfill asset dimensions to exif table by @bwees in #25483
fix(mobile): do not try to load video as image by @mertalev in #25495

📚 Documentation

fix: product keys wording in commercial guidelines faq by @bo0tzz in #24765
docs: config options for hardware transcoding by @Javex in #24853
fix: use my.immich.app as url placeholder in docs by @bo0tzz in #25153
chore: update Thai README (remove "under active development" lines) by @ppnplus in #25208
fix(docs): add missing mermaid dependency and configuration by @bdoerfchen in #25247
chore(docs): update RAM req by @mmomjian in #25344
feat(docs): add Free Up Space section by @aviv926 in #25253
docs: update README_de_DE.md by @solluh in #25443
fix(docs): document that fullsize thumbnail might redirect to original by @meesfrensel in #25416
docs: update documentation by @alextran1502 in #25440

New Contributors

@wrbl606 made their first contribution in #24820
@keanucz made their first contribution in #24914
@rahul-kumar-saini made their first contribution in #24650
@dosten made their first contribution in #24979
@GustavJones made their first contribution in #24799
@skrmc made their first contribution in #25010
@ama156 made their first contribution in #24890
@DanielRamosAcosta made their first contribution in #24791
@NikhilAlapati made their first contribution in #24688
@flpcury made their first contribution in #24867
@Javex made their first contribution in #24853
@majiayu000 made their first contribution in #25076
@HemendraSinghShekhawat made their first contribution in #24547
@cbochs made their first contribution in #24620
@fabb made their first contribution in #25053
@ppnplus made their first contribution in #25208
@juliancarrivick made their first contribution in #24826
@bdoerfchen made their first contribution in #25247
@akashKarmakar02 made their first contribution in #24976
@K0lin made their first contribution in #25317
@NAM-MAN made their first contribution in #25320
@ByteSizedMarius made their first contribution in #25311
@arne182 made their first contribution in #25373
@solluh made their first contribution in #25443
@beinganukul made their first contribution in #25445
@GeneralZero made their first contribution in #25462

Full Changelog: https://github.com/immich-app/immich/compare/v2.4.1...v2.5.0

usememos/memos (ghcr.io/usememos/memos)

`v0.28`

Features

auth: add SSO user identity linkage (#5883) (d688914)
memos: choose created or updated time for memos (#5894) (c268551)
redesign account and SSO management (#5886) (ee17998)

Bug Fixes

auth: harden authorization and username validation (#5890) (0fb83a7)
disable modal prop on DropdownMenu to prevent scroll disappearing (#5861) (d98f665)
fix legacy username auth flows (#5885) (30c0611)
markdown: split mixed task and bullet lists (e2c6084)
reduce list memo query overhead (#5880) (5063804)
web: preserve task checkbox state (#5867) (b5863d7)

`v0.27`

Bug Fixes

mixed-case user resource names (#5853) (01be01f)
release: inject build version into artifacts (f8a304b)
user resource names can be uuidv4 from idp sub claim (#5856) (bbded58)

haproxy-ingress/charts (haproxy-ingress)

metallb/metallb (metallb/metallb)

`v0.15.3`

Compare Source

See the release notes for the details:

https://metallb.universe.tf/release-notes/#version-0-15-3

pnpm/pnpm (pnpm)

`v10.33.4`

Compare Source

`v10.33.3`: pnpm 10.33.3

Compare Source

Patch Changes

When self-updating from v10's @pnpm/exe to v11+ on Intel macOS (darwin-x64), pnpm self-update now transparently switches to the JS-only pnpm package on npm instead of installing @pnpm/exe@v11+ (which doesn't ship a working binary for Intel Macs because of an upstream Node.js SEA bug — see #11423 and nodejs/node#62893). Without this, the self-update would silently leave the user with no working pnpm binary. The new install requires Node.js to be available on PATH; a warning is printed when the swap happens. All other host/version combinations are unchanged.
pnpm self-update (with no version argument) no longer downgrades pnpm when the registry's latest dist-tag points to an older release than the currently active version. Run pnpm self-update latest to force a downgrade #11418.

Platinum Sponsors

Gold Sponsors

`v10.33.2`

Compare Source

`v10.33.1`: pnpm 10.33.1

Compare Source

Patch Changes

When a project's packageManager field selects pnpm v11 or newer, commands that v10 would have passed through to npm (version, login, logout, publish, unpublish, deprecate, dist-tag, docs, ping, search, star, stars, unstar, whoami, etc.) are now handed over to the wanted pnpm, which implements them natively. Previously they silently shelled out to npm — making, for example, pnpm version --help print npm's help on a project with packageManager: pnpm@11.0.0-rc.3 #11328.

Platinum Sponsors

Gold Sponsors

`v10.33.0`: pnpm 10.33

Compare Source

Minor Changes

Added a new dedupePeers setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (name@version) instead of full dep paths, eliminating nested suffixes like (foo@1.0.0(bar@2.0.0)). This dramatically reduces the number of package instances in projects with many recursive peer dependencies #11070.

Patch Changes

Fail on incompatible lockfiles in CI when frozen lockfile mode is enabled, while preserving non-frozen CI fallback behavior.
When package metadata is malformed or can't be fetched, the error thrown will now show the originating error.
Fixed intermittent failures when multiple pnpm dlx calls run concurrently for the same package. When the global virtual store is enabled, the importer now verifies file content before skipping a rename, avoiding destructive swap-renames that break concurrent processes. Also tolerates EPERM during bin creation on Windows and properly propagates enableGlobalVirtualStore through the install pipeline.
Fixed handling of non-string version selectors in hoistPeers, preventing invalid peer dependency specifiers.
Improve the non-interactive modules purge error hint to include the confirmModulesPurge=false workaround.

When pnpm needs to recreate node_modules but no TTY is available, the error now suggests either setting CI=true or disabling the purge confirmation prompt via confirmModulesPurge=false.

Adds a regression test for the non-TTY flow.
Fixed false "Command not found" errors on Windows when a command exists in PATH but exits with a non-zero code. Also fixed path resolution for --filter contexts where the command runs in a different package directory.
When a pnpm-lock.yaml contains two documents, ignore the first one. pnpm v11 will write two lockfile documents into pnpm-lock.yaml in order to store pnpm version integrities and config dependency resolutions.
Fixed a bug preventing the clearCache function returned by createNpmResolver from properly clearing metadata cache.

Platinum Sponsors

Gold Sponsors

`v10.32.1`: pnpm 10.32.1

Compare Source

Patch Changes

Fix a regression where pnpm-workspace.yaml without a packages field caused all directories to be treated as workspace projects. This broke projects that use pnpm-workspace.yaml only for settings (e.g. minimumReleaseAge) without defining workspace packages #10909.

Platinum Sponsors

Gold Sponsors

`v10.32.0`: pnpm 10.32

Compare Source

Minor Changes

Added --all flag to pnpm approve-builds that approves all pending builds without interactive prompts #10136.

Patch Changes

Reverted change related to setting explicitly the npm config file path, which caused regressions.
Reverted fix related to lockfile-include-tarball-url. Fixes #10915.

Platinum Sponsors

Gold Sponsors

`v10.31.0`: pnpm 10.31

Compare Source

Minor Changes

When pnpm updates the pnpm-workspace.yaml, comments, string formatting, and whitespace will be preserved.

Patch Changes

Added -F as a short alias for the --filter option in the help output.
Handle undefined pkgSnapshot in pnpm why -r #10700.
Fix headless install not being used when a project has an injected self-referencing file: dependency that resolves to link: in the lockfile.
Fixed a race condition when multiple worker threads import the same package to the global virtual store concurrently. The rename operation now tolerates ENOTEMPTY/EEXIST errors if another thread already completed the import.
When lockfile-include-tarball-url is set to false, tarball URLs are now always excluded from the lockfile. Previously, tarball URLs could still appear for packages hosted under non-standard URLs, making the behavior flaky and inconsistent #6667.
Fixed optimisticRepeatInstall skipping install when overrides, packageExtensions, ignoredOptionalDependencies, patchedDependencies, or peersSuffixMaxLength changed.
Fixed pnpm patch-commit failing with "unable to access '/.config/git/attributes': Permission denied" error in environments where HOME is unset or non-standard (Docker containers, CI systems).

The issue occurred because pnpm was setting HOME and the Windows user profile env var to empty strings to suppress user git configuration when running git diff. This caused git to resolve the home directory (~) as root (/), leading to permission errors when attempting to access /.config/git/attributes.

Now uses GIT_CONFIG_GLOBAL: os.devNull instead, which is git's proper mechanism for bypassing user-level configuration without corrupting the home directory path resolution.

Fixes #6537
Fix pnpm why -r --parseable missing dependents when multiple workspace packages share the same dependency #8100.
Fix link-workspace-packages=true incorrectly linking workspace packages when the requested version doesn't match the workspace package's version. Previously, on fresh installs the version constraint is overridden to * in the fallback resolution paths, causing any workspace package with a matching name to be linked regardless of version #10173.
Fixed pnpm update --interactive table breaking with long version strings (e.g., prerelease versions like 7.0.0-dev.20251209.1) by dynamically calculating column widths instead of using hardcoded values #10316.
Explicitly tell npm the path to the global rc config file.
The parameter set by the --allow-build flag is written to allowBuilds.
Fix a bug in which specifying filter on pnpm-workspace.yaml would cause pnpm to not detect any projects.
Print help message on running pnpm dlx without arguments and exit.

Platinum Sponsors

Gold Sponsors

`v10.30.3`: pnpm 10.30.3

Compare Source

Patch Changes

Fixed version switching via packageManager field failing when pnpm is installed as a standalone executable in environments without a system Node.js #10687.

Platinum Sponsors

Gold Sponsors

`v10.30.2`: pnpm 10.30.2

Compare Source

Patch Changes

Fix auto-installed peer dependencies ignoring overrides when a stale version exists in the lockfile.
Fixed "input line too long" error on Windows when running lifecycle scripts with the global virtual store enabled #10673.
Update @zkochan/js-yaml to fix moderate vulnerability.

Platinum Sponsors

Gold Sponsors

`v10.30.1`: pnpm 10.30.1

Compare Source

Patch Changes

Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #10649.

Platinum Sponsors

Gold Sponsors

`v10.30.0`: pnpm 10.30

Compare Source

Minor Changes

pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #7122.
Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #10596.

Platinum Sponsors

Gold Sponsors

`v10.29.3`: pnpm 10.29.3

Compare Source

Patch Changes

Fixed an out-of-memory error in pnpm list (and pnpm why) on large dependency graphs by replacing the recursive tree builder with a two-phase approach: a BFS dependency graph followed by cached tree materialization. Duplicate subtrees are now deduplicated in the output, shown as "deduped (N deps hidden)" #10586.
Fixed allowBuilds not working when set via .pnpmfile.cjs #10516.
When the enableGlobalVirtualStore option is set, the pnpm deploy command would incorrectly create symlinks to the global virtual store. To keep the deploy directory self-contained, pnpm deploy now ignores this setting and always creates a localized virtual store within the deploy directory.
Fixed minimumReleaseAgeExclude not being respected by pnpm dlx #10338.

Platinum Sponsors

Gold Sponsors

`v10.29.2`: pnpm 10.29.2

Compare Source

Patch Changes

Reverted a fix shipped in v10.29.1, which caused another issue #10571.
Reverted fix: Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #10497.

Platinum Sponsors

Gold Sponsors

`v10.29.1`: pnpm 10.29.1

Compare Source

Minor Changes

The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
Support configuring auditLevel in the pnpm-workspace.yaml file #10540.
Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #10436.

Patch Changes

Fixed pnpm list --json returning incorrect paths when using global virtual store #10187.
Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #10290.
Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #10497.
Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #10176.
Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #10281.
Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #10460.
Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #10540.
update tar to version 7.5.7 to fix security issue

Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842
Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #10325.
Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #10271.
pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #10561.
Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #10457.

Platinum Sponsors

Gold Sponsors

`v10.28.2`: pnpm 10.28.2

Compare Source

Patch Changes

Security fix: prevent path traversal in directories.bin field.
When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.
Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #9950.

Platinum Sponsors

Gold Sponsors

`v10.28.1`: pnpm 10.28.1

Compare Source

Patch Changes

Fixed installation of config dependencies from private registries.

Added support for object type in configDependencies when the tarball URL returned from package metadata differs from the computed URL #10431.
Fix path traversal vulnerability in binary fetcher ZIP extraction
- Validate ZIP entry paths before extraction to prevent writing files outside target directory
- Validate BinaryResolution.prefix (basename) to prevent directory escape via crafted prefix
- Both attack vectors now throw ERR_PNPM_PATH_TRAVERSAL error
Support plain http:// and https:// URLs ending with .git as git repository dependencies.

Previously, URLs like https://gitea.example.org/user/repo.git#commit were not recognized as git repositories because they lacked the git+ prefix (e.g., git+https://). This caused issues when installing dependencies from self-hosted git servers like Gitea or Forgejo that don't provide tarball downloads.

Changes:
- The git resolver now runs before the tarball resolver, ensuring git URLs are handled by the correct resolver
- The git resolver now recognizes plain http:// and https:// URLs ending in .git as git repositories
- Removed the isRepository check from the tarball resolver since it's no longer needed with the new resolver order
Fixes #10468
pnpm run -r and pnpm run --filter now fail with a non-zero exit code when no packages have the specified script. Previously, this only failed when all packages were selected. Use --if-present to suppress this error #6844.
Fixed a path traversal vulnerability in tarball extraction on Windows. The path normalization was only checking for ./ but not .\. Since backslashes are directory separators on Windows, malicious packages could use paths like foo\..\..\.npmrc to write files outside the package directory.
When running "pnpm exec" from a subdirectory of a project, don't change the current working directory to the root of the project #5759.
Fixed a path traversal vulnerability in pnpm's bin linking. Bin names starting with @ bypassed validation, and after scope normalization, path traversal sequences like ../../ remained intact.
Revert Try to avoid making network calls with preferOffline #10334.
Fix --save-peer to write valid semver ranges to peerDependencies for protocol-based installs (e.g. jsr:) by deriving from resolved versions when available and falling back to * if none is available #10417.
Do not exclude the root workspace project, when it is explicitly selected via a filter #10465.

Platinum Sponsors

Gold Sponsors

bpg/terraform-provider-proxmox (proxmox)

`v0.106.0`

Compare Source

Features

lxc: add support for mknod() feature (#2845) (07f91b4)

Bug Fixes

lxc: allow disabling feature flags on update (#2857) (2f3ae58)
lxc: refresh features, start_on_boot, hookscript in read (#2852) (e316aba)
network: allow unknown ports on linux bridge validate (#2855) (dacac9c)

Miscellaneous

ci: Update actions/add-to-project action (v1.0.2 → v2) (#2860) (5939390)

`v0.105.0`

Compare Source

Features

core: add SFTP file upload method (#2836) (39ca5d3)
network: add vids attribute to proxmox_network_linux_bridge (#2841) (f391b1c)
sdn: add support for EVPN controller (#2839) (ed23beb)

Bug Fixes

acme: mark eab_hmac_key and eab_kid as Sensitive (#2838) (30051b2)
ci: derive bot identity from app-slug output, not /app endpoint (b801d67)
ci: read release PR branch from action output, not gh pr view (52565bb)
lxc: gate host_managed on PVE 9.1+, not 9.0+ (#2828) (d348aed)
network: catch omitted vlan_aware in vids validator (#2849) (9e47424)

Miscellaneous

ci: update goreleaser/goreleaser-action action (v7.1.0 → v7.2.1) (#2831) (2506f61)
ci: Update JetBrains/qodana-action action (v2025.3.2 → v2026.1.0) (#2834) (d485cc9)
code: address Qodana code-quality findings (#2827) (b0e08d7)
core: add nil-safe helpers for nil to value conversion (#2829) (03493e9)
deps: update golangci/golangci-lint (v2.11.4 → v2.12.1) (#2844) (c3a14a3)
deps: update image golang (1e598ea → b54cbf5) (#2830) (16c2280)
deps: update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.40.0 → v2.40.1) (#2843) (114ce5a)
docs: configure context7.json indexing with version sync (ac70974)
lxc: restructure container docs for LLM retrieval (#2833) (7d264d8)

`v0.104.0`

Compare Source

Features

lxc: add host_managed option for container networking (#2812) (03dcffb)

Bug Fixes

lxc: apply disk acl/quota/replicate on container create (#2824) (0d64b73)
vm: stop re-emitting format= on existing import_from disks (#2822) (edfdac6)
vm: treat missing disk volume as not-found during read (#2821) (07cd772)

Miscellaneous

ci: Update googleapis/release-please-action action (v4.4.1 → v5) (#2820) (c607cbc)
ci: update goreleaser/goreleaser-action action (v7.0.0 → v7.1.0) (#2823) (4d86ada)
deps: update github.com/hashicorp/terraform-plugin-* (#2819) (65e1e16)
deps: update image golang (5f3787b → 1e598ea) (#2818) (4e2d74e)
vm2: add design for VM Plugin Framework migration (d824227)
vm2: audit VM resource implementation (#2810) (618e0cb)
vm2: mark PR #1 merged in tracker (8624144)

`v0.103.0`

Compare Source

Features

cluster: refactoring and improving proxmox_metrics_server (#2805) (354abf4)
file: add file_name_regex filter to proxmox_files data source (#2802) (c84eca9)
hw: add proxmox_hardware_pci data source (#2799) (76618a1)

Miscellaneous

cluster: align cluster_options with ADR-003/005 (#2804) (829ba6b)
deps: update image golang (fcdb3e4 → 5f3787b) (#2807) (d067ce0)

`v0.102.0`

Compare Source

⚠ BREAKING CHANGES

lxc: use computed cpu.units value instead of hardcoded 1024 (#2791)

Features

provider: add node_address_source ssh attribute for DNS-based node resolution (#2792) (87d0abb)
vm: add upgrade attribute to cloud-init initialization block (#2788) (e828b52)
vm: wait for guest agent readiness before reboot (#2790) (40317ec)

Bug Fixes

example: update /example/* to use short aliases (d6f1680)
lxc: use computed cpu.units value instead of hardcoded 1024 (#2791) (b54e6c5)

Miscellaneous

ci: update actions/create-github-app-token action (v3.0.0 → v3.1.1) (#2796) (8397ff6)
ci: update actions/setup-go digest (4b73464 → 4a36011) (#2793) (bfbf78c)
ci: update actions/upload-artifact digest (bbbca2d → 043fb46) (#2794) (5c82af8)
ci: update googleapis/release-please-action action (v4.4.0 → v4.4.1) (#2798) (7b10d95)
code: update to use Golang 1.26.x (#2785) (d2f3c70)
deps: update image golang (2a2b4b5 → fcdb3e4) (#2797) (32d0937)
deps: update module github.com/hashicorp/terraform-plugin-mux (v0.23.0 → v0.23.1) (#2795) (19925da)
docs: codify audit-discovered conventions into ADR-003/004/005 (#2787) (d8c8c75)
docs: update links to reference bpg.sh for documentation (b36528a)
docs: update upgrade.md guide (befb41d)

`v0.101.1`

Compare Source

Bug Fixes

docs: add missing examples and import sections for short-name aliases (#2784) (5f59d52)

Miscellaneous

ci: Update actions/github-script action (v8 → v9) (#2782) (c8c9823)
deps: update image golang (1.26.1 → 1.26.2) (#2778) (6805a82)
deps: update image golang (595c784 → cd78d88) (#2777) (ef0c04d)
deps: update module golang.org/x/crypto (v0.49.0 → v0.50.0) (#2780) (a963a30)
deps: update module golang.org/x/net (v0.52.0 → v0.53.0) (#2781) (d167c32)

`v0.101.0`

Compare Source

⚠ BREAKING CHANGES

vm: fix and improve VM datasources, deprecate SDK datasource (#2764)

Features

core: surface PVE task warnings from VM/container operations (#2761) (28850c8)
lxc: add cpu.limit attribute for containers (#2744) (cb25180)
lxc: add full flag to clone block (#2755) (f7010e1)
network: add linux bond interface resource (5db6deb), closes #1980

Bug Fixes

docs: add storage import docs (#2759) (079902f)
hwmapping,ha: better 'not-found' detection in read and delete (#2767) (ac53f8c)
network: adjust Linux Bridge name validator to PVE UI constraint (#2762) (190f7fa)
network: improve consistency of linux network interface resources (#2776) (57a97ce)
vm: fix and improve VM datasources, deprecate SDK datasource (#2764) (0ce6d0c)
vm: use move_disk API for EFI disk and TPM state storage migration (#2757) (c78c873)

Miscellaneous

deps: update module github.com/hashicorp/go-version (v1.8.0 → v1.9.0) (#2760) (7362ba5)
docs: update terraform local (2.7.0 → 2.8.0) (#2765) (0424b01)

`v0.100.0`

Compare Source

⚠ BREAKING CHANGES

vm: set power state of VM centrally (#2508)

Features

access: add short-name aliases for access resources (#2720) (8b690cf)
acme: add short-name aliases for ACME resources (#2721) (d386759)
cluster: add short-name aliases for cluster resources (#2725) (8fafc04)
ha: add short-name aliases for HA resources (#2722) (acd0d9f)
node: add short-name aliases for node resources (#2726) (33914d5)
provider: add short-name aliases for vm, version, and pool resources (#2728) (38dca5a)
sdn: add short-name aliases for SDN resources (#2724) (0028588)
storage: add short-name aliases for storage resources (#2727) (798f1ea)

Bug Fixes

cpu: update docs, tests (033b8f5)
docs: update broken doc links (#2754) (b7d0242)
lychee: update comments for clarity (6fea54e)
vm: mark disk size as computed to prevent passthrough drift (#2718) (cba4dd6)
vm: prevent disk resize revert when combined with config changes (#2751) (f45cf78)
vm: set power state of VM centrally (#2508) (b8ceecd)
vm: support fractional cpulimit values (#2745) (445e47c)

Miscellaneous

core: add migration helpers for resource type name rename (ADR-007) (#2719) (b2bb732)
deps: update golangci/golangci-lint (v2.11.3 → v2.11.4) (#2729) (f95bc46)
dev: update ADRs and reference examples (#2752) (15afbe8)
dev: update code-review skill (a7a489f)
docs: document usage of ZFS storage in acc tests (2eca921)
docs: update FWK reference examples documentation (c20d0be)
test: add tier-based and resource-targeted test execution (#2753) (31b4706)
test: improve acceptance test stability and reliability (#2746) (f54fca2)

`v0.99.0`

Compare Source

Features

backup: add proxmox_backup_job resource and proxmox_backup_jobs data source (#2711) (92b3e88)
file: add proxmox_files data source (#2703) (e848a57)
ha: add proxmox_virtual_environment_harule resource (PVE 9+) (#2682) (31ab05a)
provider: add support for replication (#2661) (ca9a5f7)

Bug Fixes

access: remove overly restrictive username_claim validation on openid realm (#2685) (7782dc5)
ci: correct repository reference in sync-docs workflow (f225107)
ha: handle nil Strict value in HARule and update API response validation (3bf1e8c)
lxc: ignore warnings in container create and clone tasks (#2701) (7f7e36d)
vm: reboot after disk resize when disk is not hotpluggable (#2686) (4ffb2f1)
vm: skip cloud-init device update when only config changed (#2709) (46e8362)

Miscellaneous

ci: Update actions/create-github-app-token action (v2.2.1 → v3.0.0) (#2698) (7983416)
ci: Update dorny/paths-filter action (v3.0.2 → v4.0.1) (#2699) (9828faa)
ci: update jetbrains/qodana-action action (v2025.3.1 → v2025.3.2) (#2712) (98e9407)
deps: bump google.golang.org/grpc from 1.79.2 to 1.79.3 (#2713) (c653d7c)
deps: update github.com/hashicorp/terraform-plugin-* (#2693) (db6522f)
deps: update golangci/golangci-lint (#2670) (979ce29)
deps: update golangci/golangci-lint (v2.11.2 → v2.11.3) (#2692) (a737b37)
deps: update image golang (c7e98cc → 595c784) (#2708) (d6339f9)
deps: update image golang (e2ddb15 → c7e98cc) (#2691) (c33b2ab)
deps: update module golang.org/x/crypto (v0.48.0 → v0.49.0) (#2696) (e7484c2)
deps: update module golang.org/x/net (v0.51.0 → v0.52.0) (#2697) (951bc29)
dev: introduce ADR-007 for resource type name migration to shorter prefix (1c07f6d)

`v0.98.1`

Compare Source

Bug Fixes

pool: support nested pool IDs in API endpoints (#2680) (c6c726b)
provider: preserve null tos in ACME account when API returns empty string (#2672) (f9bbd7d)
vm: replace enumerated network and IP config fields with dynamic unmarshaling (#2679) (e5b2771)
vm: support removal of network devices from VM configuration (#2674) (9b5a978)

Miscellaneous

deps: update image golang (1.26.0 → 1.26.1) (#2669) (9a8d85b)
docs: clarify example prerequisites for SSH, node name, timezone, and DHCP (8f97a34)
vm: deprecate 'enabled' attribute on 'network_device' block (#2678) (65b809d)

`v0.98.0`

Compare Source

Features

access: add OpenID Connect realm resource and documentation (#2655) (51c7535)
lxc: add support for entrypoint attribute (#2543) (178a8ad)

Bug Fixes

lxc: wrong mapping of ignore-unpack-errors attr in create API request (8fe621d)
vm: add started attribute to cloned_vm resource (#2666) (d9b292a)

Miscellaneous

ci: Update crazy-max/ghaction-import-gpg action (v6.3.0 → v7.0.0) (#2665) (e77ea1e)
ci: Update peter-evans/repository-dispatch action (v3 → v4) (#2653) (3408558)
deps: bump cloudflare/circl to v1.6.3 (da4b6ab)
deps: update image golang (9edf713 → fb612b7) (#2663) (369254f)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.14.0 → v7.14.1) (#2664) (b25f773)
docs: fix broken links (c792dc9)
docs: remove TOC section from the main documentation page (d6638f7)
docs: update badge links in readme.md (7de7db1)
docs: update os type l26 linux kernel range for vm (#2657) (cdd7356)
docs: update shields in readme.md (8988f21)
docs: update terraform proxmox (0.97.0 → 0.97.1) (#2648) (6811fb3)
fwk: standardize model files (#2651) (911d8d3)

`v0.97.1`

Compare Source

Bug Fixes

firewall: handle missing security group in Read and fix id override Create (#2647) (f526c39)
hwmapping: enable nested USB hubs (#2636) (d42fe74)
vm,lxc: add name validation (#2631) (53cce6f)
vm: allow adding EFI disk without forcing VM replacement (#2645) (d636403)

Miscellaneous

ci: Update actions/attest-build-provenance action (v3 → v4) (#2641) (de5f833)
ci: update actions/setup-go digest (7a3fe6c → 4b73464) (#2643) (9af341a)
ci: Update actions/upload-artifact action (v6 → v7) (#2642) (4d84904)
ci: Update hashicorp/setup-terraform action (#2635) (af078b7)
ci: update lycheeverse/lychee-action action (v2.7.0 → v2.8.0) (#2638) (5271851)
deps: update github.com/hashicorp/terraform-plugin-* (#2634) (345f785)
deps: update image golang (c83e68f → 9edf713) (#2633) (c47a705)
deps: update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.2 → v2.39.0) (#2639) (8b3bff1)
deps: update module golang.org/x/net (v0.50.0 → v0.51.0) (#2640) (587d1fe)
docs: add vm-lifecycle, multi-node, and upgrade guides (#2628) (d2b8729)

`v0.97.0`

Compare Source

Features

lxc: implement idmap support via SSH config file editing (#2579) (63334e1)

Bug Fixes

ci: exclude ARM architecture for Windows builds in goreleaser (9c268a5)
docs: clarify SSH password inheritance with API token auth (#2624) (d453924)
firewall: handle "already exists" error in SG and IPSet create (#2627) (06f3c6f)
firewall: update rules with position awareness (#2593) (2bd6b98)
lxc, vm: add retries for LXC operations, unify retry logic into shared package (#2616) (39c0198)
storage: unknown encryption_key_fingerprint after PBS apply (#2625) (82c49fd)
vm: preserve disk deletions in update request (#2614) (b12111f)
vm: remove duplicate line in ipConfigObjects (#2618) (0a4ab5b)
vm: skip cdrom devices during disk read-back on import (#2626) (64c2db2)

Miscellaneous

ci: update actions/stale digest (9971854 → b5d41d4) (#2611) (fcead36)
ci: Update goreleaser/goreleaser-action action (v6.4.0 → v7.0.0) (#2623) (f7ab67d)
deps: update golangci/golangci-lint (v2.9.0 → v2.10.1) (#2603) (3e64ec4)
docs: update terraform local (2.6.2 → 2.7.0) (#2612) (6da27f6)

`v0.96.0`

Compare Source

Features

cluster: add otel options to metrics server resource (#2595) (32dfac8)
network: add configurable timeout for network reload operations (#2573) (ed8593d)

Bug Fixes

cluster: fix Description body-building bug and standardize delete handling in options (#2601) (a704bb1)
file: retry read-back after upload for distributed storage consistency (#2571) (989a4ba)
hwmapping: add comment validator, fix acceptance tests (#2609) (f943051)
network: properly delete cidr/cidr6 when address is removed from linux (#2587) (a52a11f)
network: properly delete optional fields when removed from VLAN config (#2599) (d0f1704)
node: add CPU utilization to node data source (#2605) (1a1cbbb)
sdn: avoid mtu=0 when omitted for sdn zones (#2584) (66c43d8)
sdn: better apply resiliency, fix import of a pending zone (#2610) (a9ea3c1)
vm: clean up orphaned re-import code and clarify import_from as create-only (#2568) (2160f00)

Miscellaneous

core: unify Delete field type across API client structs (#2604) (d6a66f4)
deps: update golangci/golangci-lint (v2.8.0 → v2.9.0) (#2589) (ee0f07f)
deps: update image golang (1.25.7 → 1.26.0) (#2590) (8f5d598)
deps: update module golang.org/x/crypto (v0.47.0 → v0.48.0) (#2591) (43c295b)
deps: update module golang.org/x/net (v0.49.0 → v0.50.0) (#2592) (7b83dd8)
test: do not run SDN acceptance tests in parallel (#2607) (ac1fabd)
test: fix parallel VM tests execution (#2608) (09500be)

`v0.95.0`

Compare Source

⚠ BREAKING CHANGES

node: correct cpu_count inconsistency between _node and _nodes data sources (#2559)

Bug Fixes

docs: update PR title guidelines for breaking changes and contributor notes (d884c4a)
lxc: apply start_on_boot and features on clone and update (#2562) (b21616a)
node: correct cpu_count inconsistency between _node and _nodes data sources (#2559) (c4d8d6b)
vm: apply custom timeouts on update operations (#2561) (e9bb225)
vm: correctly update hotpluggable devices (#2556) (9d4155a)
vm: reboot before disk resize to prevent pending changes from reverting size (#2563) (3465c84)

Miscellaneous

ci: Update actions/checkout action (v4.2.2 → v6.0.2) (#2554) (9262783)
ci: update actions/checkout digest (8e8c483 → de0fac2) (#2557) (db2bba1)
deps: update image golang (011d6e2 → cc73743) (#2564) (5b10da9)
deps: update image golang (1.25.6 → 1.25.7) (#2552) (d148eb0)
deps: update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.1 → v2.38.2) (#2553) (aa1b8ce)
dev: update templates and define skills for LLM agent flows (#2542) (615c670)
docs: add Architecture Decision Records for the dev process (#2546) (97317f6)
docs: add notice to enable 'Import' content type to allow its use with file resources (#2558) (90ce565)
docs: fix links in DEBUGGING.md (8beb699)

`v0.94.0`

Compare Source

Features

firewall: add proxmox_virtual_environment_node_firewall (#2502) (d45f269)

Bug Fixes

lxc: provision mount points when cloning containers (#2529) (67990d7), closes #2518 #2507
network: update reload timeout and retry (#2510) (f66b9dd)
sdn: correct EVPN resource handling and improvements to base zone (#2501) (c159715)
storage: add validator for acceptable values for storage content and update docs (#2519) (fc8b018)
vm: add missing cpu types (#2499) (f51c8df)
vm: handle nil ip_config block in cloud-init during clone (#2527) (4ed5433)
vm: require reboot for CPU core or socket changes (#2534) (3ca754c), closes #2516

`v0.93.1`

Compare Source

Bug Fixes

docs: prevent path traversal in sudoers tee configuration (#2524) (bd604c4)

Miscellaneous

ci: update actions/checkout action (v6.0.1 → v6.0.2) (#2521) (84e0b97)
ci: update actions/setup-go digest (4dc6199 → 7a3fe6c) (#2520) (1a1174c)
deps: update image golang (1.25.5 → 1.25.6) (#2504) (3e75bbb)
deps: update image golang (6cc2338 → 8bbd140) (#2503) (d087c97)
deps: update module golang.org/x/net (v0.48.0 → v0.49.0) (#2506) (9fe808a)
docs: update terraform local (2.6.1 → 2.6.2) (#2522) (8c64b5e)
docs: update terraform tls (4.1.0 → 4.2.1) (#2523) (94d9dd3)

`v0.93.0`

Compare Source

Features

lxc: add path_in_datastore computed attribute for cross-resource refs (#2493) (616ec37)
lxc: enable root disk resize without recreate (#2321) (581782c)
vm: add ha-aware migration for ha-managed vms (#2476) (4f5b4fb)
vm: add support for hotplug parameter (#2356) (891fd41)

Bug Fixes

docs: improve provider documentation readability and structure (#2487) (b9457fa)
example: make lxc container use root provider so it works (#2458) (7e1a379)
lxc: allow mounting existing subvol with size argument (#2491) (0b9e1e0)
ssh: harden try_sudo for PVE 9, improve shell compatibility (#2480) (f3dd703)
vm: prevent initialization drift when cloning VM with user_account (#2486) (dbd4fd5)
vm: resizing disk deletes cdrom / cloud-init (#2484) (ae17149)

Miscellaneous

docs: minor docs fixes and improvements (#2481) (b52af8d)

`v0.92.0`

Compare Source

⚠ BREAKING CHANGES

The proxmox_virtual_environment_download_file resource now checks the upstream URL's Content-Length during every refresh with overwrite=true (default). This restores the original behavior from v0.33.0 that was accidentally removed in v0.78.2. Users who want to disable upstream checking should set overwrite=false.
The proxmox_virtual_environment_firewall_options resource now requires exactly one of vm_id or container_id to be specified. Previously, configurations with only node_name would pass validation but fail at runtime. This change enforces the requirement at validation time.

Features

access: add LDAP realm and sync resources (#2454) (085b73b), closes #1871
docs: add universal LLM Agent instructions and contribution guidelines (#2473) (16abacc)

Bug Fixes

api: detect TFA requirement and return clear error message (#2477) (876849d)
docs: clarify documentation workflow for FWK resources (#2475) (7bd295a)
docs: fix broken links in docs (#2464) (cdeddf8)
docs: update reference to setting up proxmox (#2455) (3c11ffd)
file: restore upstream URL change detection in download_file (#2474) (ad181ee), closes #2470
firewall: make vm_id/container_id required in VM/Container -level firewall options (#2453) (5ded5d4)
storage: prevent "was absent, but now present" error for backups block (#2465) (501c09b)
vm: allow vcpus hotplug without reboot (#2466) (f864d36)
vm: correct disk speed settings for multiple disks and update detection (#2478) (0889c74)

Miscellaneous

deps: update golangci/golangci-lint (v2.7.2 → v2.8.0) (#2472) (5009161)
deps: Update module github.com/avast/retry-go/v4 (v4.7.0 → v5.0.0) (#2452) (1f664be)
docs: remove outdated Ceph handles from apt_standard_repository docs (#2471) (ccbaabd), closes #2421
docs: update terraform proxmox (0.90.0 → 0.91.0) (#2459) (d175ef0)

`v0.91.0`

Compare Source

Features

acme: add support for certificate ordering (#2292) (a2a970d)
sdn: add support for Fabric resources (#2444) (b223dad)
storage: add support for provisioning storage types (NFS/CIFS/PBS/Directory/LVM) (#2130) (f361704)

Bug Fixes

core: handle scientific notation in CustomInt/CustomInt64 unmarshaling (#2431) (4baff92)
vm: allow TPM state updates in place (#2446) (f8717c4)

Miscellaneous

code: cleanup issues reported by static code alalysis (#2442) (686e575)
code: cleanups and linter rules adjustment (#2443) (1eee491)
deps: update image golang (36b4f45 → b6ba523) (#2439) (f82f03c)
deps: update image golang (b6ba523 → 6cc2338) (#2448) (2b22bde)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.12.1 → v7.14.0) (#2438) (4bdd335)
deps: update module github.com/google/go-querystring (v1.1.0 → v1.2.0) (#2440) (ad6b9b2)
docs: add guide for creating VMs from compressed cloud images (#2449) (daa339b)
docs: update contributing guidelines and dev setup guides (#2447) (371e0a1)
docs: update terraform proxmox (0.89.1 → 0.90.0) (#2435) (975f818)

`v0.90.0`

Compare Source

Features

cloned_vm: add cloned VM resource implementation (#2424) (88cad5c)
provider: add ContentType in ListDatastoreFiles (#2423) (773b174)

Miscellaneous

ci: Update actions/upload-artifact action (v5 → v6) (#2419) (3021c54)
ci: update jetbrains/qodana-action action (v2025.2.3 → v2025.2.4) (#2426) (5b2e9ea)
ci: update jetbrains/qodana-action action (v2025.2.4 → v2025.3.1) (#2434) (db3c5bf)
deps: update image golang (20b91ed → a22b2e6) (#2418) (fa883ec)
deps: update image golang (a22b2e6 → 36b4f45) (#2425) (11fccbe)
docs and dev UX improvements (#2427) (a034e8b)

`v0.89.1`

Compare Source

Bug Fixes

vm,lxc: revert deprecation notice for pool_id attribute (#2405) (af3efa9)
vm: allow EFI disk parameter updates without VM recreation (51b8d39), closes #1515
vm: handle disk size mismatch when re-adding removed disk (#2411) (d7346d4)
vm: match CPU type format with PVE (#2409) (63f22db)
vm: prevent perpetual diff when using pool_membership without pool_id (#2408) (acc95bf)
vm: prevent unnecessary reboots on hotplug operations (#2412) (77dc49e), closes #538
vm: retry disk resize on 'does not exist' errors (#2407) (f5f5437)
vm: retry HTTP 500 errors when waiting for agent retrieving IPs (#2410) (c324ef0)

Miscellaneous

ci: update jetbrains/qodana-action action (v2025.2.2 → v2025.2.3) (#2400) (893fd6d)
deps: update golangci/golangci-lint (v2.7.1 → v2.7.2) (#2413) (99e30e1)
deps: update module golang.org/x/crypto (v0.45.0 → v0.46.0) (#2414) (67ac0b1)
deps: update module golang.org/x/net (v0.47.0 → v0.48.0) (#2415) (b0aabfd)

`v0.89.0`

Compare Source

⚠ BREAKING CHANGES

vm: revert cpu.units default to use PVE server default (#2402)

Features

lxc: add env parameter support (#2383) (ef134fc)
oci: add proxmox_virtual_environment_oci_image resource for OCI Images Management (#2373) (86a5bf1)
sdn: add possibility to apply SDN changes on a particular actions (#2386) (01e6433)

Bug Fixes

vm: do not re-import existing disks during update (#2401) (0c7fad9)
vm: revert cpu.units default to use PVE server default (#2402) (c9b8a3f)

Miscellaneous

ci: pin dependencies (#2388) (84bf77d)
ci: update actions/checkout action (v6.0.0 → v6.0.1) (#2398) (5eb8020)
ci: update actions/checkout digest (1af3b93 → 8e8c483) (#2396) (a9926ca)
ci: update actions/create-github-app-token action (v2.2.0 → v2.2.1) (#2399) (2f6c1b4)
ci: Update actions/github-script action (v7 → v8) (#2394) (aaef00e)
ci: update actions/stale digest (5f858e3 → 9971854) (#2397) (cd63393)
ci: update golangci/golangci-lint-action digest (e7fa5ac → 1e7e51e) (#2389) (6593102)
deps: update github.com/hashicorp/terraform-plugin-* (#2392) (459cdfc)
deps: update golangci/golangci-lint (v2.6.2 → v2.7.1) (#2393) (4b5652f)
deps: update image golang (1.25.4 → 1.25.5) (#2390) (54e6aa5)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.12.0 → v7.12.1) (#2391) (5952ae7)

`v0.88.0`

Compare Source

Features

provider: add OTel implementation for metrics resource (#2372) (d37a8bb)
vm,lxc: add wait_for_ip configuration for agent/network interfaces (#2362) (f24add3)
vm: support custom cloud init drive file format (#2375) (ddccd0a)

Bug Fixes

apt: add support for modern APT sources (PVE9+) (#2376) (6f6edec)
disk: restore updating boot disk. (#2150) (0da0bcb)
example: comment out otel metrics server resource (fc94e2a)
lxc: allow container creation/update with correct mountoptions (#2319) (c2dc3a7)
lxc: ignore link-local addresses when waiting for network IPs (#2357) (8c081f5)
vm: convert to template using proper endpoint (#2340) (5615298)
vm: prevent state changes after VM import (#2294) (f0bb501)

Miscellaneous

ci: Update actions/checkout action (#2361) (f5d4676)
ci: update actions/create-github-app-token action (v2.1.4 → v2.2.0) (#2366) (3055dc2)
ci: update actions/setup-go digest (4469467 → 4dc6199) (#2365) (bcce7da)
ci: update golangci/golangci-lint-action digest (0a35821 → e7fa5ac) (#2358) (dd416a1)
ci: update jetbrains/qodana-action action (v2025.2.1 → v2025.2.2) (#2360) (092df22)
deps: update golangci/golangci-lint (v2.5.0 → v2.6.2) (#2304) (0937f2b)
deps: update image golang (e68f6a0 → f60eaa8) (#2359) (b80a193)
deps: update image golang (f60eaa8 → 6981837) (#2370) (faf56bc)
deps: Update module github.com/avast/retry-go/v4 (v4.7.0 → v5.0.0) (#2380) (630240d)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.10.0 → v7.11.0) (#2379) (5e55d92)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.11.0 → v7.12.0) (#2384) (2f7bbb1)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.9.0 → v7.10.0) (#2371) (d3b4847)
deps: update module github.com/hashicorp/go-version (v1.7.0 → v1.8.0) (#2381) (ad38c5b)
deps: update module golang.org/x/crypto (v0.44.0 → v0.45.0) [security] (#2348) (78ce72e)
docs: update terraform local (2.5.3 → 2.6.1) (#2367) (d5b3c64)
update docs to pve 9.1, fix example tests (#2350) (6e2a5aa)
vm: refactor network devices update logic (#2260) (db3d7ec)

`v0.87.0`

Compare Source

Features

pool: add pool_membership resource (#2297) (95f180b)
sdn: add support for VNets datasource (#2299) (c25f19a)
vm: add purge_on_destroy and delete_unreferenced_disks_on_destroy parameters (#2345) (05a59aa)

Bug Fixes

access: imported group resource missing group_id (#2333) (ee1c525)
apt: add missing Ceph Squid (#2318) (8b9bf62)
file: better error message for unsupported import content type (#2344) (f94e25d)
firewall: appending a rule without re-creating the whole ruleset (#2310) (6290cce)
lxc: panic when cloning a container with empty IP config (#2347) (0a259ca)
lxc: race condition in container clone / reboot operations (#2320) (ce358d5)
sdn: fix subnet datasource IP address datatype (#2300) (7ffb314)
ssh: update sudo check logic and cache check results (#2309) (702500c)
vm: increase max disk limit to 31 (#2302) (2ae021a)

Miscellaneous

ci: Update golangci/golangci-lint-action action (v8 → v9) (#2330) (90810fa)
ci: update lycheeverse/lychee-action action (v2.6.1 → v2.7.0) (#2305) (9a788da)
deps: update image golang (1.25.3 → 1.25.4) (#2328) (90f876f)
deps: update image golang (6ca9eb0 → e68f6a0) (#2335) (5354d6b)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.8.1 → v7.8.2) (#2303) (cd9b5fb)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.8.2 → v7.9.0) (#2329) (76680dd)
deps: update module github.com/hashicorp/terraform-plugin-log (v0.9.0 → v0.10.0) (#2336) (6dd51fd)
deps: update module golang.org/x/crypto (v0.43.0 → v0.44.0) (#2337) (fb3fbfc)
deps: update module golang.org/x/net (v0.46.0 → v0.47.0) (#2338) (9f57e9f)
docs: document auto option for enabling SLAAC in IPv6 config in vm and lxc (#2317) (e8c70d7)
docs: update the main doc page for consistency (#2326) (7e4f421)
lxc,vm: add deprecation notice for pool_id attribute (#2312) (3c507cc)

`v0.86.0`

Compare Source

Features

firewall: ability to import firewall rules & options (#2269) (dd1afe6)
firewall: add ability to import ipsets (#2280) (33c751d)
firewall: support node-level firewall rules (#2281) (18c675b)

Bug Fixes

lxc: delete dns attributes when set to null (#2263) (a32988a)
vm: correctly detect pool membership for VM (#2264) (5a5c9c6)

Miscellaneous

ci: Update actions/upload-artifact action (v4 → v5) (#2275) (ad4bbd7)
ci: update googleapis/release-please-action action (v4.3.0 → v4.4.0) (#2273) (0bcba7b)
deps: update image golang (7d73c4c → 8c945d3) (#2253) (a2bb9b6)
deps: update image golang (8c945d3 → dd08f76) (#2270) (4c1514f)
deps: update image golang (dd08f76 → 6bac879) (#2283) (0c9879a)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.8.0 → v7.8.1) (#2271) (11d4c71)
deps: update module github.com/hashicorp/terraform-plugin-framework-timeouts (v0.6.0 → v0.7.0) (#2274) (b9ccb0d)
deps: update module github.com/pkg/sftp (v1.13.9 → v1.13.10) (#2272) (fdbe313)
docs: update CONTRIBUTING.md (#2278) (110093b)

`v0.85.1`

Compare Source

Bug Fixes

docs: clarify that ip in ct ip_config must be in CIDR notation (#2238) (f3b835f)
lxc: DNS / hostname update is not applied (#2245) (9aa1eaf)
sdn: add missing dhcp field to simple zone datasource (#2243) (b4b8d09)
sdn: handle attribute delete in all SDN resources (#2248) (50accca)
sdn: zone: make nodes attribute optional (#2242) (798623b)

Miscellaneous

deps: update image golang (1.25.2 → 1.25.3) (#2246) (3d2092f)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.7.3 → v7.8.0) (#2241) (ecf7920)
deps: update module github.com/hashicorp/terraform-plugin-docs (v0.23.0 → v0.24.0) (#2247) (6e23c90)

`v0.85.0`

Compare Source

Features

sdn: Add DHCP Config for SDN Simple Zone Resource (#2210) (f5d3d92)

Bug Fixes

file: add import content type to file datasource (#2221) (f918bed)
vm: allow cpu units = 1 for cgroups v2 compatibility (#2237) (3fc688b)

Miscellaneous

ci: update actions/stale digest (3a9db7e → 5f858e3) (#2222) (b38066b)
ci: Update peter-evans/create-issue-from-file action (v5.0.1 → v6.0.0) (#2217) (29748a5)
deps: update image golang (1.25.1 → 1.25.2) (#2228) (9e77057)
deps: update image golang (8305f5f → ab1f5c4) (#2215) (6a1f972)
deps: update module github.com/hashicorp/terraform-plugin-framework (v1.16.0 → v1.16.1) (#2216) (515c6bb)
deps: update module github.com/hashicorp/terraform-plugin-framework-validators (v0.18.0 → v0.19.0) (#2230) (761fb70)
deps: update module github.com/skeema/knownhosts (v1.3.1 → v1.3.2) (#2229) (b6022d4)
deps: update module golang.org/x/net (v0.44.0 → v0.45.0) (#2231) (60fdfd6)
deps: update module golang.org/x/net (v0.45.0 → v0.46.0) (#2236) (68bd667)

`v0.84.1`

Compare Source

Bug Fixes

api: handle PVE API's 403 response status (#2207) (46e8c24)
sdn: subnet validation errors when using value interpolation (#2204) (5f876c0)

Miscellaneous

deps: update golangci/golangci-lint (v2.4.0 → v2.5.0) (#2193) (2ab3d94)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.7.1 → v7.7.3) (#2203) (3692434)
deps: update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.0 → v2.38.1) (#2197) (0387296)

`v0.84.0`

Compare Source

Features

file: add file datasource (#2176) (8244813)
sdn: add support for Subnet resource and datasource (#2191) (1df305d)
sdn: add support for VNet resource and datasource (#2185) (8938d86)

Miscellaneous

deps: update github.com/hashicorp/terraform-plugin-* (#2187) (09b704a)
deps: update image golang (bb979b2 → 8305f5f) (#2186) (b70fa62)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.6.0 → v7.7.0) (#2189) (46dbc68)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.7.0 → v7.7.1) (#2192) (11f4002)
deps: update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.37.0 → v2.38.0) (#2188) (2b2d619)

`v0.83.2`

Compare Source

Bug Fixes

firewall: detect drift when rules are manually deleted (#2178) (6b84d5a)
firewall: prevent perpetual plan drift on rule attribute removal (#2177) (0e72580)
vm: disk deletion may reorder disks (#2174) (e339fef)

Miscellaneous

ci: update actions/create-github-app-token action (v2.1.1 → v2.1.4) (#2179) (70cfb58)
deps: update image golang (b773c94 → bb979b2) (#2173) (7944277)

`v0.83.1`

Compare Source

Bug Fixes

ci: update link checker config (#2151) (e017881)

Miscellaneous

ci: Update actions/setup-go action (v5 → v6) (#2154) (16814d4)
ci: Update actions/stale action (v9 → v10) (#2155) (87e6392)
code: minor code cleanups (#2156)ssh (9e22c3c)
deps: update image golang (1.25.0 → 1.25.1) (#2153) (a58bf4f)
deps: update image golang (a5e935d → d6bdb04) (#2161) (58d833d)
deps: update image golang (d6bdb04 → b773c94) (#2169) (a979850)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.5.1 → v7.6.0) (#2162) (ffdc3a5)
deps: update module golang.org/x/crypto (v0.41.0 → v0.42.0) (#2163) (4e73d56)
deps: update module golang.org/x/net (v0.43.0 → v0.44.0) (#2170) (ed366b5)
docs: improve container documentation (#2160) (380fd7f)
docs: improve vm.initialization documentation (#2158) (29ef9d2)
docs: include vm/lxc lock error details in the README known issues section (#2166) (1810273)
docs: update reference to release-build in contributing doc (#2167) (739471a)
docs: update sdn_applier example (c275e03)

`v0.83.0`

Compare Source

Features

sdn: add custom resource to apply sdn_* configurations (#2127) (e13d7ef)

Bug Fixes

docs: correct minor typos / formatting (#2144) (a2e4ff0)

Miscellaneous

ci: Update actions/attest-build-provenance action (v2 → v3) (#2142) (f62e69d)
ci: update googleapis/release-please-action action (v4.2.0 → v4.3.0) (#2136) (f634b2e)
ci: update lycheeverse/lychee-action action (v2.5.0 → v2.6.0) (#2137) (64c1ab3)
ci: update lycheeverse/lychee-action action (v2.6.0 → v2.6.1) (#2138) (7f56290)
deps: update image golang (4859242 → 5502b0e) (#2134) (20f41e8)
deps: update image golang (91e2cd4 → 4859242) (#2128) (9ae882e)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.3.0 → v7.4.0) (#2129) (11b8167)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.4.0 → v7.5.1) (#2143) (2eae3ee)
deps: update module github.com/stretchr/testify (v1.10.0 → v1.11.1) (#2135) (6b00db6)

`v0.82.1`

Compare Source

Bug Fixes

vm: prevent re-creation of previously imported disks on update (#2122) (c6c1c18)

Miscellaneous

deps: update image golang (9e56f0d → 91e2cd4) (#2123) (9d179dd)
docs: fix TOC format, cleanup cloud image guide (#2121) (b321a01)

`v0.82.0`

Compare Source

Features

docs: update compatibility notes for PVE 9.x (#2116) (08ea66a)
lxc: add proxmox_virtual_environment_containers data source (#2090) (45f2805)
lxc: Add missing configuration options for container rootfs (#2067) (b2c5012)

Bug Fixes

lxc: adjust max number of container's IP configs (#2088) (602568e)
provider: parsing PVE version reported by API (#2115) (f1501e2)
vm: regression: disk re-ordering on re-apply (#2114) (634ad69)

Miscellaneous

ci: Update actions/checkout action (#2098) (3855cb2)
ci: update actions/create-github-app-token action (v2.0.6 → v2.1.0) (#2095) (6161969)
ci: update actions/create-github-app-token action (v2.1.0 → v2.1.1) (#2099) (7f5d771)
ci: update goreleaser/goreleaser-action action (v6.3.0 → v6.4.0) (#2111) (78ce7f0)
ci: update jetbrains/qodana-action action (v2025.1.1 → v2025.2.1) (#2106) (0dec643)
ci: update lycheeverse/lychee-action action (v2.4.1 → v2.5.0) (#2096) (7c98464)
deps: update golangci/golangci-lint (v2.3.0 → v2.3.1) (#2074) (9947a86)
deps: update golangci/golangci-lint (v2.3.1 → v2.4.0) (#2110) (21bed82)
deps: update image golang (1.24.5 → 1.24.6) (#2085) (ac91fe8)
deps: update image golang (1.24.6 → 1.25.0) (#2107) (9e10206)
deps: update image golang (10a15b9 → 9e56f0d) (#2109) (420add8)
deps: update module github.com/hashicorp/terraform-plugin-testing (v1.13.2 → v1.13.3) (#2113) (1863847)
deps: update module golang.org/x/crypto (v0.40.0 → v0.41.0) (#2086) (5018b31)
deps: update module golang.org/x/net (v0.42.0 → v0.43.0) (#2087) (5151dcc)
docs: cleanup and update clone-vm example (#2094) (c7cd61a)
docs: remove spurious sdn datasource .tf examples (#2092) (91e0fbf)

rancher/local-path-provisioner (rancher/local-path-provisioner)

`v0.0.36`: Local Path Provisioner v0.0.36

Compare Source

What's Changed

chore(ci): bump aquasecurity/trivy-action to v0.35.0 by @macedogm in #563
chore: remove trivy-scan.yaml by @derekbit in #565
chore: pin GH actions to commit sha by @c3y1huang in #564
chore: use registry.suse.com/bci/golang by @derekbit in #566
chore: remove dapper by @derekbit in #567
chore: revert to golang:1.26.1-alpine image by @derekbit in #568
chore: update to golang 1.26.2 by @derekbit in #570
fix: update dockerfile by @derekbit in #574
chore: pin kind, kubectl and kustomize versins by @derekbit in #575
fix: qualify image references to avoid short-name resolution and Docker Hub rate limits by @bejaratommy in #573
helm: make debug logging configurable via values by @bejaratommy in #572
fix: add helper pod template validation by @derekbit in #576
fix: relax helper pod template validation by @derekbit in #577

New Contributors

@c3y1huang made their first contribution in #564
@bejaratommy made their first contribution in #573

Full Changelog: https://github.com/rancher/local-path-provisioner/compare/v0.0.35...v0.0.36

`v0.0.35`: Local Path Provisioner v0.0.35

Compare Source

What's Changed

Add FOSSA scanning workflow by @macedogm in #551
Build linux/ppc64le images through build on GitHub Actions by @kishen-v in #554
updated golang to 1.26.0 by @jgoodall in #557
feat: Allow custom node affinity keys by @ipantchev in #559
chore: update golang to 1.26.1 by @derekbit in #561
chore(release): bump to v0.0.35 by @derekbit in #562

New Contributors

@macedogm made their first contribution in #551
@jgoodall made their first contribution in #557
@ipantchev made their first contribution in #559

Full Changelog: https://github.com/rancher/local-path-provisioner/compare/v0.0.34...v0.0.35

`v0.0.34`: Local Path Provisioner v0.0.34

Compare Source

What's Changed

fix: mitigate the impact of enforcing a pathPattern prefix by @mantissahz in #547
fix: read allowUnsafePathPattern from storageclass annotations by @derekbit in #548
chore(release): bump to v0.0.34 by @derekbit in #549
feat: allow specifying additional annotations on StorageClass by @utkuozdemir in #550

New Contributors

@utkuozdemir made their first contribution in #550

Full Changelog: https://github.com/rancher/local-path-provisioner/compare/v0.0.33...v0.0.34

`v0.0.33`: Local Path Provisioner v0.0.33

Compare Source

What's Changed

fix: don't try to clean up pvs on nodes that are gone by @marcusramberg in #480
upgrade go to 1.24.6 by @lizzzcai in #521
bump go 1.25 by @farazkhawaja in #526
add storageClass.allowedTopologies in helm chart by @lizzzcai in #522
fix(chart): correct ServiceAccount namespace in ClusterRoleBinding by @J3m3 in #528
Add common labels to helperPod config map template by @michaeldvinci in #519
chore: update pod_test.go by @derekbit in #531
fix: give clusterrole update on pvc by @marcusramberg in #530
Add support for s390x architecture by @SanyogDeshmukh in #534
feat: add priorityClassName support for provisioner and helper pods by @dibaro in #525
fix: prohibit the reference path in pathPattern by @mantissahz in #542
chore: explicitly set hostUsers by @jcpunk in #541
fix: podDisruptionBudget renders correctly in all cases by @jcpunk in #540
chore(release): bump to 0.0.33 by @derekbit in #543

New Contributors

@marcusramberg made their first contribution in #480
@lizzzcai made their first contribution in #521
@farazkhawaja made their first contribution in #526
@J3m3 made their first contribution in #528
@michaeldvinci made their first contribution in #519
@SanyogDeshmukh made their first contribution in #534
@dibaro made their first contribution in #525

Full Changelog: https://github.com/rancher/local-path-provisioner/compare/v0.0.32...v0.0.33

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | [cert-manager](https://github.com/cert-manager/cert-manager) | | minor | `v1.18.2` → `v1.20.2` | ![age](https://developer.mend.io/api/mc/badges/age/github-release-attachments/cert-manager%2fcert-manager/v1.20.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-release-attachments/cert-manager%2fcert-manager/v1.18.2/v1.20.2?slim=true) | | [csi-driver-nfs](https://github.com/kubernetes-csi/csi-driver-nfs) | | minor | `v4.11.0` → `v4.13.2` | ![age](https://developer.mend.io/api/mc/badges/age/github-tags/kubernetes-csi%2fcsi-driver-nfs/v4.13.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/kubernetes-csi%2fcsi-driver-nfs/v4.11.0/v4.13.2?slim=true) | | [docker.io/netboxcommunity/netbox](https://github.com/netbox-community/netbox-docker) | Kustomization | minor | `v4.3` → `v4.6` | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fnetboxcommunity%2fnetbox/v4.6?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fnetboxcommunity%2fnetbox/v4.3/v4.6?slim=true) | | [ghcr.io/goauthentik/proxy](https://goauthentik.io) ([source](https://github.com/goauthentik/authentik)) | Kustomization | minor | `2025.10` → `2025.12` | ![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fgoauthentik%2fproxy/2025.12?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fgoauthentik%2fproxy/2025.10/2025.12?slim=true) | | [ghcr.io/goauthentik/server](https://goauthentik.io) ([source](https://github.com/goauthentik/authentik)) | Kustomization | minor | `2025.10` → `2025.12` | ![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fgoauthentik%2fserver/2025.12?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fgoauthentik%2fserver/2025.10/2025.12?slim=true) | | [ghcr.io/goauthentik/server](https://goauthentik.io) ([source](https://github.com/goauthentik/authentik)) | Kustomization | minor | `2025.8` → `2025.12` | ![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fgoauthentik%2fserver/2025.12?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fgoauthentik%2fserver/2025.8/2025.12?slim=true) | | [ghcr.io/immich-app/immich-machine-learning](https://github.com/immich-app/immich) | Kustomization | minor | `v2.4.1` → `v2.7.5` | ![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fimmich-app%2fimmich-machine-learning/v2.7.5?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fimmich-app%2fimmich-machine-learning/v2.4.1/v2.7.5?slim=true) | | [ghcr.io/immich-app/immich-server](https://github.com/immich-app/immich) | Kustomization | minor | `v2.4.1` → `v2.7.5` | ![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fimmich-app%2fimmich-server/v2.7.5?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fimmich-app%2fimmich-server/v2.4.1/v2.7.5?slim=true) | | [ghcr.io/usememos/memos](https://github.com/usememos/memos) | Kustomization | minor | `0.25` → `0.28` | ![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fusememos%2fmemos/0.28?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fusememos%2fmemos/0.25/0.28?slim=true) | | [haproxy-ingress](https://haproxy-ingress.github.io) ([source](https://github.com/haproxy-ingress/charts)) | HelmChart | minor | `0.15.0` → `0.16.1` | ![age](https://developer.mend.io/api/mc/badges/age/helm/haproxy-ingress/0.16.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/haproxy-ingress/0.15.0/0.16.1?slim=true) | | [metallb/metallb](https://github.com/metallb/metallb) | Kustomization | patch | `v0.15.2` → `v0.15.3` | ![age](https://developer.mend.io/api/mc/badges/age/github-tags/metallb%2fmetallb/v0.15.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/metallb%2fmetallb/v0.15.2/v0.15.3?slim=true) | | [pnpm](https://pnpm.io) ([source](https://github.com/pnpm/pnpm/tree/HEAD/pnpm)) | packageManager | minor | [`10.28.0` → `10.33.4`](https://renovatebot.com/diffs/npm/pnpm/10.28.0/10.33.4) | ![age](https://developer.mend.io/api/mc/badges/age/npm/pnpm/10.33.4?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pnpm/10.28.0/10.33.4?slim=true) | | [proxmox](https://search.opentofu.org/provider/bpg/proxmox) ([source](https://github.com/bpg/terraform-provider-proxmox)) | required_provider | minor | `0.81.0` → `0.106.0` | ![age](https://developer.mend.io/api/mc/badges/age/terraform-provider/bpg%2fproxmox/0.106.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/terraform-provider/bpg%2fproxmox/0.81.0/0.106.0?slim=true) | | [rancher/local-path-provisioner](https://github.com/rancher/local-path-provisioner) | Kustomization | patch | `v0.0.32` → `v0.0.36` | ![age](https://developer.mend.io/api/mc/badges/age/github-tags/rancher%2flocal-path-provisioner/v0.0.36?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/rancher%2flocal-path-provisioner/v0.0.32/v0.0.36?slim=true) | --- ### Release Notes <details> <summary>cert-manager/cert-manager (cert-manager)</summary> ### [`v1.20.2`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.2) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.1...v1.20.2) v1.20.2 fixes invalid YAML generated in the Helm chart when both `webhook.config` and `webhook.volumes` are defined, and bumps Go to 1.26.2 along with dependencies to address reported vulnerabilities. ##### Changes by Kind ##### Bug or Regression - Helm: Fix invalid YAML generated when both `webhook.config` and `webhook.volumes` are defined. ([#8665](https://github.com/cert-manager/cert-manager/issues/8665), [@cert-manager-bot](https://github.com/cert-manager-bot)) ##### Other (Cleanup or Flake) - Bump go dependencies with reported vulnerabilities ([#8704](https://github.com/cert-manager/cert-manager/issues/8704), [@erikgb](https://github.com/erikgb)) - Bump go to 1.26.2 ([#8703](https://github.com/cert-manager/cert-manager/issues/8703), [@erikgb](https://github.com/erikgb)) ### [`v1.20.1`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.1) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.0...v1.20.1) v1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate `parentRef` bug when both issuer config and annotations are present (Gateway API). ##### Bug or Regression - Fixed duplicate `parentRef` bug when both issuer config and annotations are present. ([#8658](https://github.com/cert-manager/cert-manager/issues/8658), [@hjoshi123](https://github.com/hjoshi123)) - Add missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. ([#8655](https://github.com/cert-manager/cert-manager/issues/8655), [@erikgb](https://github.com/erikgb)) - Bump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. ([#8657](https://github.com/cert-manager/cert-manager/issues/8657), [@erikgb](https://github.com/erikgb)) ### [`v1.20.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.0-beta.0...v1.20.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.20.0 adds alpha support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta. ##### Changes by Kind ##### Feature - Added a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. ([#8370](https://github.com/cert-manager/cert-manager/issues/8370), [@jcpunk](https://github.com/jcpunk)) - Added selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} ([#8256](https://github.com/cert-manager/cert-manager/issues/8256), [@tareksha](https://github.com/tareksha)) - Added support for specifying `imagePullSecrets` in the `startupapicheck-job` Helm template to enable pulling images from private registries. ([#8186](https://github.com/cert-manager/cert-manager/issues/8186), [@mathieu-clnk](https://github.com/mathieu-clnk)) - Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. ([#8355](https://github.com/cert-manager/cert-manager/issues/8355), [@dancmeyers](https://github.com/dancmeyers)) - Added `parentRef` override annotations on the Certificate resource. ([#8518](https://github.com/cert-manager/cert-manager/issues/8518), [@hjoshi123](https://github.com/hjoshi123)) - Added support for azure private zones for dns01 issuer. ([#8494](https://github.com/cert-manager/cert-manager/issues/8494), [@hjoshi123](https://github.com/hjoshi123)) - Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. ([#7642](https://github.com/cert-manager/cert-manager/issues/7642), [@robertlestak](https://github.com/robertlestak)) - Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget ([#7728](https://github.com/cert-manager/cert-manager/issues/7728), [@jcpunk](https://github.com/jcpunk)) - For Venafi provider, read `venafi.cert-manager.io/custom-fields` annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. ([#8301](https://github.com/cert-manager/cert-manager/issues/8301), [@k0da](https://github.com/k0da)) - Improve error message when CA issuers are misconfigured to use a clashing secret name ([#8374](https://github.com/cert-manager/cert-manager/issues/8374), [@majiayu000](https://github.com/majiayu000)) - Introduce a new Ingress annotation `acme.cert-manager.io/http01-ingress-ingressclassname` to override `http01.ingress.ingressClassName` field in HTTP-01 challenge solvers. ([#8244](https://github.com/cert-manager/cert-manager/issues/8244), [@lunarwhite](https://github.com/lunarwhite)) - Update `global.nodeSelector` to helm chart to perform a `merge` and allow for a single `nodeSelector` to be set across all services. ([#8195](https://github.com/cert-manager/cert-manager/issues/8195), [@StingRayZA](https://github.com/StingRayZA)) - Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. ([#8228](https://github.com/cert-manager/cert-manager/issues/8228), [@terinjokes](https://github.com/terinjokes)) - Added experimental `XListenerSets` feature gate ([#8394](https://github.com/cert-manager/cert-manager/issues/8394), [@hjoshi123](https://github.com/hjoshi123)) ##### Documentation - Add GWAPI documentation to NOTES.TXT in helm chart ([#8353](https://github.com/cert-manager/cert-manager/issues/8353), [@jaxels10](https://github.com/jaxels10)) ##### Bug or Regression - Adds logs for cases when acme server returns us a fatal error in the order controller ([#8199](https://github.com/cert-manager/cert-manager/issues/8199), [@Peac36](https://github.com/Peac36)) - Fixed an issue where kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed ([#8160](https://github.com/cert-manager/cert-manager/issues/8160), [@inteon](https://github.com/inteon)) - Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. ([#8232](https://github.com/cert-manager/cert-manager/issues/8232), [@eleanor-merry](https://github.com/eleanor-merry)) - Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. ([#8456](https://github.com/cert-manager/cert-manager/issues/8456), [@tkna](https://github.com/tkna)) - Fix unregulated retries with the DigitalOcean DNS-01 solver Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging ([#8221](https://github.com/cert-manager/cert-manager/issues/8221), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#8403](https://github.com/cert-manager/cert-manager/issues/8403), [@calm329](https://github.com/calm329)) - Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#8424](https://github.com/cert-manager/cert-manager/issues/8424), [@SlashNephy](https://github.com/SlashNephy)) - Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. ([#8443](https://github.com/cert-manager/cert-manager/issues/8443), [@alviss7](https://github.com/alviss7)) - Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#8173](https://github.com/cert-manager/cert-manager/issues/8173), [@erikgb](https://github.com/erikgb)) - Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#8469](https://github.com/cert-manager/cert-manager/issues/8469), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Update Go to `v1.25.5` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#8290](https://github.com/cert-manager/cert-manager/issues/8290), [@octo-sts](https://github.com/octo-sts)\[bot]) - When Prometheus monitoring is enabled, the metrics label is now set to the intended value of `cert-manager`. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). ([#8162](https://github.com/cert-manager/cert-manager/issues/8162), [@LiquidPL](https://github.com/LiquidPL)) ##### Other (Cleanup or Flake) - Promoted the OtherNames feature to Beta and enabled it by default ([#8288](https://github.com/cert-manager/cert-manager/issues/8288), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Promoting `XListenerSets` feature gate to `ListenerSets` ([#8501](https://github.com/cert-manager/cert-manager/issues/8501), [@hjoshi123](https://github.com/hjoshi123)) - Rebranding of the Venafi Issuer to CyberArk ([#8215](https://github.com/cert-manager/cert-manager/issues/8215), [@iossifbenbassat123](https://github.com/iossifbenbassat123)) - Switched to SSA for challenge finalizer updates ([#8519](https://github.com/cert-manager/cert-manager/issues/8519), [@inteon](https://github.com/inteon)) - The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) ([#8408](https://github.com/cert-manager/cert-manager/issues/8408), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. ([#8287](https://github.com/cert-manager/cert-manager/issues/8287), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Update cert-manager's ACME client, forked from golang/x/crypto ([#8268](https://github.com/cert-manager/cert-manager/issues/8268), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Use the latest version of Kyverno (1.16.2) in the best-practice installation tests ([#8389](https://github.com/cert-manager/cert-manager/issues/8389), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. ([#8426](https://github.com/cert-manager/cert-manager/issues/8426), [@hjoshi123](https://github.com/hjoshi123)) ### [`v1.20.0-beta.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0-beta.0) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.0-alpha.1...v1.20.0-beta.0) #### Changes since v1.20.0-alpha.1 In this release, parentRef override annotations, Azure private DNS zone support, and configurable PEM size limits were added, while an ACME TXT record cleanup issue in CloudDNS and a potential controller panic from malformed DNS responses were fixed. ##### Feature - Added `parentRef` override annotations on the Certificate resource. ([#8518](https://github.com/cert-manager/cert-manager/issues/8518), [@hjoshi123](https://github.com/hjoshi123)) - Added support for azure private zones for dns01 issuer. ([#8494](https://github.com/cert-manager/cert-manager/issues/8494), [@hjoshi123](https://github.com/hjoshi123)) - Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. ([#7642](https://github.com/cert-manager/cert-manager/issues/7642), [@robertlestak](https://github.com/robertlestak)) ##### Bug or Regression - Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. ([#8456](https://github.com/cert-manager/cert-manager/issues/8456), [@tkna](https://github.com/tkna)) - Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#8469](https://github.com/cert-manager/cert-manager/issues/8469), [@SgtCoDFish](https://github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Promoting xlistenerset feature gate to listenerset ([#8501](https://github.com/cert-manager/cert-manager/issues/8501), [@hjoshi123](https://github.com/hjoshi123)) - Switched to SSA for challenge finalizer updates ([#8519](https://github.com/cert-manager/cert-manager/issues/8519), [@inteon](https://github.com/inteon)) ### [`v1.20.0-alpha.1`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0-alpha.1) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.0-alpha.0...v1.20.0-alpha.1) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This is a pre-release for cert-manager v1.20.0. Please help with testing! ##### Changed since v1.20.0-alpha.0 This alpha release adds experimental XListenerSet support, NetworkPolicy and CRD selectable field features, fixes critical bugs including an infinite re-issuance loop and IPv6 HTTP-01 challenge issues, patches security vulnerabilities (CVE-2025-61727, CVE-2025-61729), promotes OtherNames to Beta and DefaultPrivateKeyRotationPolicyAlways to GA, and changes the default container UID/GID from 1000/0 to 65532/65532. ##### Feature - Added experimental `XListenerSet` feature gate ([#8394](https://github.com/cert-manager/cert-manager/issues/8394), [@hjoshi123](https://github.com/hjoshi123)) - Add a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. ([#8370](https://github.com/cert-manager/cert-manager/issues/8370), [@jcpunk](https://github.com/jcpunk)) - Add selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} ([#8256](https://github.com/cert-manager/cert-manager/issues/8256), [@tareksha](https://github.com/tareksha)) - Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. ([#8355](https://github.com/cert-manager/cert-manager/issues/8355), [@dancmeyers](https://github.com/dancmeyers)) - Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget ([#7728](https://github.com/cert-manager/cert-manager/issues/7728), [@jcpunk](https://github.com/jcpunk)) - For Venafi provider, read `venafi.cert-manager.io/custom-fields` annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. ([#8301](https://github.com/cert-manager/cert-manager/issues/8301), [@k0da](https://github.com/k0da)) - Improve error message when CA issuers are misconfigured to use a clashing secret name ([#8374](https://github.com/cert-manager/cert-manager/issues/8374), [@majiayu000](https://github.com/majiayu000)) - Introduce a new Ingress annotation `acme.cert-manager.io/http01-ingress-ingressclassname` to override `http01.ingress.ingressClassName` field in HTTP-01 challenge solvers. ([#8244](https://github.com/cert-manager/cert-manager/issues/8244), [@lunarwhite](https://github.com/lunarwhite)) - Update `global.nodeSelector` to helm chart to perform a `merge` and allow for a single `nodeSelector` to be set across all services. ([#8195](https://github.com/cert-manager/cert-manager/issues/8195), [@StingRayZA](https://github.com/StingRayZA)) - Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. ([#8228](https://github.com/cert-manager/cert-manager/issues/8228), [@terinjokes](https://github.com/terinjokes)) ##### Bug or Regression - Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. ([#8232](https://github.com/cert-manager/cert-manager/issues/8232), [@eleanor-merry](https://github.com/eleanor-merry)) - Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#8403](https://github.com/cert-manager/cert-manager/issues/8403), [@calm329](https://github.com/calm329)) - Fixed an issue where HTTP-01 challenges failed when the Host header containing an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#8424](https://github.com/cert-manager/cert-manager/issues/8424), [@SlashNephy](https://github.com/SlashNephy)) - Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. ([#8443](https://github.com/cert-manager/cert-manager/issues/8443), [@alviss7](https://github.com/alviss7)) - Update Go to `v1.25.5` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#8290](https://github.com/cert-manager/cert-manager/issues/8290), [@octo-sts](https://github.com/octo-sts)\[bot]) ##### Other (Cleanup or Flake) - Promoted the OtherNames feature to Beta and enabled it by default ([#8288](https://github.com/cert-manager/cert-manager/issues/8288), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) ([#8408](https://github.com/cert-manager/cert-manager/issues/8408), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. ([#8287](https://github.com/cert-manager/cert-manager/issues/8287), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Update cert-manager's ACME client, forked from golang/x/crypto ([#8268](https://github.com/cert-manager/cert-manager/issues/8268), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Use the latest version of Kyverno (1.16.2) in the best-practice installation tests ([#8389](https://github.com/cert-manager/cert-manager/issues/8389), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Rebranding of the Venafi Issuer to CyberArk ([#8215](https://github.com/cert-manager/cert-manager/issues/8215), [@iossifbenbassat123](https://github.com/iossifbenbassat123)) - Add GWAPI documentation to NOTES.TXT in helm chart ([#8353](https://github.com/cert-manager/cert-manager/issues/8353), [@jaxels10](https://github.com/jaxels10)) - We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. ([#8426](https://github.com/cert-manager/cert-manager/issues/8426), [@hjoshi123](https://github.com/hjoshi123)) <details> <summary>Dependencies Changes</summary> ##### Added - github.com/aws/aws-sdk-go-v2/service/signin: [v1.0.5](https://github.com/aws/aws-sdk-go-v2/service/signin/tree/v1.0.5) - github.com/go-openapi/testify/v2: [v2.0.2](https://github.com/go-openapi/testify/v2/tree/v2.0.2) ##### Changed - cloud.google.com/go/auth: v0.17.0 → v0.18.1 - github.com/Azure/azure-sdk-for-go/sdk/azcore: [v1.19.1 → v1.21.0](https://github.com/Azure/azure-sdk-for-go/sdk/azcore/compare/v1.19.1...v1.21.0) - github.com/Azure/azure-sdk-for-go/sdk/azidentity: [v1.13.0 → v1.13.1](https://github.com/Azure/azure-sdk-for-go/sdk/azidentity/compare/v1.13.0...v1.13.1) - github.com/AzureAD/microsoft-authentication-library-for-go: [v1.5.0 → v1.6.0](https://github.com/AzureAD/microsoft-authentication-library-for-go/compare/v1.5.0...v1.6.0) - github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: [v1.29.0 → v1.30.0](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/compare/v1.29.0...v1.30.0) - github.com/Masterminds/semver/v3: [v3.3.1 → v3.4.0](https://github.com/Masterminds/semver/v3/compare/v3.3.1...v3.4.0) - github.com/Venafi/vcert/v5: [v5.12.2 → v5.12.3](https://github.com/Venafi/vcert/v5/compare/v5.12.2...v5.12.3) - github.com/akamai/AkamaiOPEN-edgegrid-golang/v12: [v12.1.0 → v12.3.0](https://github.com/akamai/AkamaiOPEN-edgegrid-golang/v12/compare/v12.1.0...v12.3.0) - github.com/aws/aws-sdk-go-v2/config: [v1.31.16 → v1.32.7](https://github.com/aws/aws-sdk-go-v2/config/compare/v1.31.16...v1.32.7) - github.com/aws/aws-sdk-go-v2/credentials: [v1.18.20 → v1.19.7](https://github.com/aws/aws-sdk-go-v2/credentials/compare/v1.18.20...v1.19.7) - github.com/aws/aws-sdk-go-v2/feature/ec2/imds: [v1.18.12 → v1.18.17](https://github.com/aws/aws-sdk-go-v2/feature/ec2/imds/compare/v1.18.12...v1.18.17) - github.com/aws/aws-sdk-go-v2/internal/configsources: [v1.4.12 → v1.4.17](https://github.com/aws/aws-sdk-go-v2/internal/configsources/compare/v1.4.12...v1.4.17) - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2: [v2.7.12 → v2.7.17](https://github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/compare/v2.7.12...v2.7.17) - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding: [v1.13.2 → v1.13.4](https://github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/compare/v1.13.2...v1.13.4) - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url: [v1.13.12 → v1.13.17](https://github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/compare/v1.13.12...v1.13.17) - github.com/aws/aws-sdk-go-v2/service/route53: [v1.59.2 → v1.62.1](https://github.com/aws/aws-sdk-go-v2/service/route53/compare/v1.59.2...v1.62.1) - github.com/aws/aws-sdk-go-v2/service/sso: [v1.30.0 → v1.30.9](https://github.com/aws/aws-sdk-go-v2/service/sso/compare/v1.30.0...v1.30.9) - github.com/aws/aws-sdk-go-v2/service/ssooidc: [v1.35.4 → v1.35.13](https://github.com/aws/aws-sdk-go-v2/service/ssooidc/compare/v1.35.4...v1.35.13) - github.com/aws/aws-sdk-go-v2/service/sts: [v1.39.0 → v1.41.6](https://github.com/aws/aws-sdk-go-v2/service/sts/compare/v1.39.0...v1.41.6) - github.com/aws/aws-sdk-go-v2: [v1.39.5 → v1.41.1](https://github.com/aws/aws-sdk-go-v2/compare/v1.39.5...v1.41.1) - github.com/aws/smithy-go: [v1.23.2 → v1.24.0](https://github.com/aws/smithy-go/compare/v1.23.2...v1.24.0) - github.com/cncf/xds/go: [2ac532f → 0feb691](https://github.com/cncf/xds/go/compare/2ac532f...0feb691) - github.com/digitalocean/godo: [v1.167.0 → v1.173.0](https://github.com/digitalocean/godo/compare/v1.167.0...v1.173.0) - github.com/envoyproxy/go-control-plane/envoy: [v1.32.4 → v1.35.0](https://github.com/envoyproxy/go-control-plane/envoy/compare/v1.32.4...v1.35.0) - github.com/envoyproxy/go-control-plane: [v0.13.4 → 75eaa19](https://github.com/envoyproxy/go-control-plane/compare/v0.13.4...75eaa19) - github.com/go-jose/go-jose/v4: [v4.1.2 → v4.1.3](https://github.com/go-jose/go-jose/v4/compare/v4.1.2...v4.1.3) - github.com/go-openapi/jsonpointer: [v0.22.1 → v0.22.4](https://github.com/go-openapi/jsonpointer/compare/v0.22.1...v0.22.4) - github.com/go-openapi/jsonreference: [v0.21.2 → v0.21.4](https://github.com/go-openapi/jsonreference/compare/v0.21.2...v0.21.4) - github.com/go-openapi/swag/jsonname: [v0.25.1 → v0.25.4](https://github.com/go-openapi/swag/jsonname/compare/v0.25.1...v0.25.4) - github.com/google/gnostic-models: [v0.7.0 → v0.7.1](https://github.com/google/gnostic-models/compare/v0.7.0...v0.7.1) - github.com/google/pprof: [d1b30fe → 27863c8](https://github.com/google/pprof/compare/d1b30fe...27863c8) - github.com/googleapis/enterprise-certificate-proxy: [v0.3.6 → v0.3.11](https://github.com/googleapis/enterprise-certificate-proxy/compare/v0.3.6...v0.3.11) - github.com/googleapis/gax-go/v2: [v2.15.0 → v2.16.0](https://github.com/googleapis/gax-go/v2/compare/v2.15.0...v2.16.0) - github.com/hashicorp/vault/sdk: [v0.20.0 → v0.21.0](https://github.com/hashicorp/vault/sdk/compare/v0.20.0...v0.21.0) - github.com/miekg/dns: [v1.1.68 → v1.1.72](https://github.com/miekg/dns/compare/v1.1.68...v1.1.72) - github.com/onsi/ginkgo/v2: [v2.22.0 → v2.27.2](https://github.com/onsi/ginkgo/v2/compare/v2.22.0...v2.27.2) - github.com/onsi/gomega: [v1.36.1 → v1.38.2](https://github.com/onsi/gomega/compare/v1.36.1...v1.38.2) - github.com/sagikazarmark/locafero: [v0.10.0 → v0.11.0](https://github.com/sagikazarmark/locafero/compare/v0.10.0...v0.11.0) - github.com/spf13/afero: [v1.14.0 → v1.15.0](https://github.com/spf13/afero/compare/v1.14.0...v1.15.0) - github.com/spf13/cast: [v1.9.2 → v1.10.0](https://github.com/spf13/cast/compare/v1.9.2...v1.10.0) - github.com/spf13/cobra: [v1.10.1 → v1.10.2](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2) - github.com/spf13/viper: [v1.20.1 → v1.21.0](https://github.com/spf13/viper/compare/v1.20.1...v1.21.0) - github.com/spiffe/go-spiffe/v2: [v2.5.0 → v2.6.0](https://github.com/spiffe/go-spiffe/v2/compare/v2.5.0...v2.6.0) - go.etcd.io/bbolt: v1.4.2 → v1.4.3 - go.etcd.io/etcd/api/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/client/pkg/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/client/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5 - go.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1 - go.opentelemetry.io/contrib/detectors/gcp: v1.36.0 → v1.38.0 - go.opentelemetry.io/otel/metric: v1.37.0 → v1.39.0 - go.opentelemetry.io/otel/sdk/metric: v1.37.0 → v1.39.0 - go.opentelemetry.io/otel/sdk: v1.37.0 → v1.39.0 - go.opentelemetry.io/otel/trace: v1.37.0 → v1.39.0 - go.opentelemetry.io/otel: v1.37.0 → v1.39.0 - go.uber.org/zap: v1.27.0 → v1.27.1 - go.yaml.in/yaml/v2: v2.4.2 → v2.4.3 - golang.org/x/crypto: v0.43.0 → v0.47.0 - golang.org/x/mod: v0.28.0 → v0.31.0 - golang.org/x/net: v0.46.0 → v0.49.0 - golang.org/x/oauth2: v0.32.0 → v0.34.0 - golang.org/x/sync: v0.17.0 → v0.19.0 - golang.org/x/sys: v0.37.0 → v0.40.0 - golang.org/x/telemetry: aef8a43 → 8fff8a5 - golang.org/x/term: v0.36.0 → v0.39.0 - golang.org/x/text: v0.30.0 → v0.33.0 - golang.org/x/tools: v0.37.0 → v0.40.0 - google.golang.org/api: v0.254.0 → v0.262.0 - google.golang.org/genproto/googleapis/api: a7a43d2 → ff82c1b - google.golang.org/genproto/googleapis/bytestream: 3a174f9 → 409b4a9 - google.golang.org/genproto/googleapis/rpc: 3a174f9 → 409b4a9 - google.golang.org/genproto: 513f239 → ff82c1b - google.golang.org/grpc: v1.76.0 → v1.78.0 - google.golang.org/protobuf: v1.36.10 → v1.36.11 - k8s.io/api: v0.34.1 → v0.35.0 - k8s.io/apiextensions-apiserver: v0.34.1 → v0.35.0 - k8s.io/apimachinery: v0.34.1 → v0.35.0 - k8s.io/apiserver: v0.34.1 → v0.35.0 - k8s.io/client-go: v0.34.1 → v0.35.0 - k8s.io/code-generator: v0.34.1 → v0.35.0 - k8s.io/component-base: v0.34.1 → v0.35.0 - k8s.io/gengo/v2: c297c0c → ec3ebc5 - k8s.io/kms: v0.34.1 → v0.35.0 - k8s.io/kube-aggregator: v0.34.1 → v0.35.0 - k8s.io/kube-openapi: 589584f → 4e65d59 - k8s.io/utils: 0af2bda → bc988d5 - sigs.k8s.io/controller-runtime: v0.22.4 → v0.23.1 - sigs.k8s.io/gateway-api: v1.4.0 → v1.4.1 - sigs.k8s.io/structured-merge-diff/v6: v6.3.0 → d9cc664 - software.sslmate.com/src/go-pkcs12: v0.6.0 → v0.7.0 ##### Removed - github.com/zeebo/errs: [v1.4.0](https://github.com/zeebo/errs/tree/v1.4.0) </details> ### [`v1.20.0-alpha.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0-alpha.0) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.5...v1.20.0-alpha.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. > ⚠️ This is a pre-release. For testing only! #### Changes since `v1.19.0` ##### Feature - Add built-in "Ready" status metrics for ClusterIssuer and Issuer resources. ([#8188](https://github.com/cert-manager/cert-manager/issues/8188), [@mikeluttikhuis](https://github.com/mikeluttikhuis)) - Add support for specifying `imagePullSecrets` in the `startupapicheck-job` Helm template to enable pulling images from private registries. ([#8186](https://github.com/cert-manager/cert-manager/issues/8186), [@mathieu-clnk](https://github.com/mathieu-clnk)) ##### Bug or Regression - Adds logs for cases when acme server returns us a fatal error in the order controller ([#8199](https://github.com/cert-manager/cert-manager/issues/8199), [@Peac36](https://github.com/Peac36)) - BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed ([#8160](https://github.com/cert-manager/cert-manager/issues/8160), [@inteon](https://github.com/inteon)) - Fix unregulated retries with the DigitalOcean DNS-01 solver ([#8221](https://github.com/cert-manager/cert-manager/issues/8221), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging ([#8221](https://github.com/cert-manager/cert-manager/issues/8221), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#8173](https://github.com/cert-manager/cert-manager/issues/8173), [@erikgb](https://github.com/erikgb)) - When Prometheus monitoring is enabled, the metrics label is now set to the intended value of `cert-manager`. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). ([#8162](https://github.com/cert-manager/cert-manager/issues/8162), [@LiquidPL](https://github.com/LiquidPL)) ### [`v1.19.5`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.5) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.4...v1.19.5) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This is a simple patch release to fix some reported vulnerabilities. All users are recommended to upgrade. ##### Changes by Kind ##### Other (Cleanup or Flake) - Bump go dependencies with reported vulnerabilities ([#8706](https://github.com/cert-manager/cert-manager/pull/8706), [@erikgb](https://github.com/erikgb)) - Bump go to 1.25.8 to address several reported vulnerabilities ([#8628](https://github.com/cert-manager/cert-manager/pull/8628), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Bump go to 1.25.9 ([#8705](https://github.com/cert-manager/cert-manager/pull/8705), [@erikgb](https://github.com/erikgb)) ### [`v1.19.4`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.4) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.3...v1.19.4) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.19.4 is a simple patch release to fix some reported vulnerabilities - notably CVE-2026-24051 and CVE-2025-68121. All users should upgrade. ##### Changes by Kind ##### Bug or Regression - Bump go to address CVE-2025-68121 ([#8526](https://github.com/cert-manager/cert-manager/issues/8526), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Bump otel SDK to address GO-2026-4394 ([#8531](https://github.com/cert-manager/cert-manager/issues/8531), [@SgtCoDFish](https://github.com/SgtCoDFish)) ### [`v1.19.3`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.3) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.2...v1.19.3) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This release contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release. #### Changes by Kind ##### Bug or Regression - Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#8415](https://github.com/cert-manager/cert-manager/issues/8415), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Fixed an issue where HTTP-01 challenges failed when the Host header contained an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#8436](https://github.com/cert-manager/cert-manager/issues/8436), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#8468](https://github.com/cert-manager/cert-manager/issues/8468), [@SgtCoDFish](https://github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump go to 1.25.6 ([#8459](https://github.com/cert-manager/cert-manager/issues/8459), [@SgtCoDFish](https://github.com/SgtCoDFish)) ### [`v1.19.2`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.2) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.1...v1.19.2) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. We updated Go to fix some vulnerabilities in the standard library. > 📖 Read the [full 1.19 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.19) on the cert-manager.io website before upgrading. #### Changes since `v1.19.1` ##### Bug or Regression - Address false positive vulnerabilities `CVE-2025-47914` and `CVE-2025-58181` which were reported by Trivy. ([#8283](https://github.com/cert-manager/cert-manager/issues/8283), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Update Go to `v1.25.5` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#8294](https://github.com/cert-manager/cert-manager/issues/8294), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Update `global.nodeSelector` to helm chart to perform a `merge` and allow for a single `nodeSelector` to be set across all services. ([#8233](https://github.com/cert-manager/cert-manager/issues/8233), [@cert-manager-bot](https://github.com/cert-manager-bot)) ##### Other (Cleanup or Flake) - Update cert-manager's ACME client, forked from `golang/x/crypto` ([#8270](https://github.com/cert-manager/cert-manager/issues/8270), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Updated Debian 12 distroless base images ([#8326](https://github.com/cert-manager/cert-manager/issues/8326), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) ### [`v1.19.1`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.1) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.0...v1.19.1) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. We reverted the CRD-based API defaults for `Certificate.Spec.IssuerRef` and `CertificateRequest.Spec.IssuerRef` after they were found to cause unexpected certificate renewals after upgrading to 1.19.0. We will try re-introducing these API defaults in cert-manager `1.20`. We fixed a bug that caused certificates to be re-issued unexpectedly if the `issuerRef` kind or group was changed to one of the "runtime" default values. We upgraded Go to `1.25.3` to address the following security vulnerabilities: `CVE-2025-61724`, `CVE-2025-58187`, `CVE-2025-47912`, `CVE-2025-58183`, `CVE-2025-61723`, `CVE-2025-58186`, `CVE-2025-58185`, `CVE-2025-58188`, and `CVE-2025-61725`. > 📖 Read the [full 1.19 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.19) on the cert-manager.io website before upgrading. Changes since `v1.19.0`: ##### Bug or Regression - BUGFIX: in case kind or group in the `issuerRef` of a Certificate was omitted, upgrading to `1.19.x` incorrectly caused the certificate to be renewed ([#8175](https://github.com/cert-manager/cert-manager/issues/8175), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Bump Go to 1.25.3 to fix a backwards incompatible change to the validation of DNS names in X.509 SAN fields which prevented the use of DNS names with a trailing dot ([#8177](https://github.com/cert-manager/cert-manager/issues/8177), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#8178](https://github.com/cert-manager/cert-manager/issues/8178), [@cert-manager-bot](https://github.com/cert-manager-bot)) ### [`v1.19.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.0) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.0-alpha.0...v1.19.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. > ⚠️ **Known issues**: The following known issues are fixed in [v1.19.1](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.1): > > - [Unexpected certificate renewal after upgrading to 1.19.0](https://github.com/cert-manager/cert-manager/issues/8158) This release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues. > 📖 Read the full release notes at cert-manager.io: <https://cert-manager.io/docs/releases/release-notes/release-notes-1.19> Changes since `v1.18.0`: ##### Feature - Add IPv6 rules to the default network policy ([#7726](https://github.com/cert-manager/cert-manager/issues/7726), [@jcpunk](https://github.com/jcpunk)) - Add `global.nodeSelector` to helm chart to allow for a single `nodeSelector` to be set across all services. ([#7818](https://github.com/cert-manager/cert-manager/issues/7818), [@StingRayZA](https://github.com/StingRayZA)) - Add a feature gate to default to Ingress `pathType` `Exact` in ACME HTTP01 Ingress challenge solvers. ([#7795](https://github.com/cert-manager/cert-manager/issues/7795), [@sspreitzer](https://github.com/sspreitzer)) - Add generated `applyconfigurations` allowing clients to make type-safe server-side apply requests for cert-manager resources. ([#7866](https://github.com/cert-manager/cert-manager/issues/7866), [@erikgb](https://github.com/erikgb)) - Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). ([#7414](https://github.com/cert-manager/cert-manager/issues/7414), [@erikgb](https://github.com/erikgb)) - Added `certmanager_certificate_challenge_status` Prometheus metric. ([#7736](https://github.com/cert-manager/cert-manager/issues/7736), [@hjoshi123](https://github.com/hjoshi123)) - Added `protocol` field for `rfc2136` DNS01 provider ([#7881](https://github.com/cert-manager/cert-manager/issues/7881), [@hjoshi123](https://github.com/hjoshi123)) - Added experimental field `hostUsers` flag to all pods. Not set by default. ([#7973](https://github.com/cert-manager/cert-manager/issues/7973), [@hjoshi123](https://github.com/hjoshi123)) - Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global `--acme-http01-solver-resource-*` settings. ([#7972](https://github.com/cert-manager/cert-manager/issues/7972), [@lunarwhite](https://github.com/lunarwhite)) - The `CAInjectorMerging` feature has been promoted to BETA and is now enabled by default ([#8017](https://github.com/cert-manager/cert-manager/issues/8017), [@ThatsMrTalbot](https://github.com/ThatsMrTalbot)) - The controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. ([#8072](https://github.com/cert-manager/cert-manager/issues/8072), [@prasad89](https://github.com/prasad89)) - Updated `certificate` metrics to the collector approach. ([#7856](https://github.com/cert-manager/cert-manager/issues/7856), [@hjoshi123](https://github.com/hjoshi123)) ##### Bug or Regression - ACME: Increased challenge authorization timeout to 2 minutes to fix `error waiting for authorization` ([#7796](https://github.com/cert-manager/cert-manager/issues/7796), [@hjoshi123](https://github.com/hjoshi123)) - BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints ([#7816](https://github.com/cert-manager/cert-manager/issues/7816), [@kinolaev](https://github.com/kinolaev)) - Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (`class`, `ingressClassName`, `name`) are specified simultaneously ([#8021](https://github.com/cert-manager/cert-manager/issues/8021), [@lunarwhite](https://github.com/lunarwhite)) - Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities ([#7961](https://github.com/cert-manager/cert-manager/issues/7961), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Reverted adding the `global.rbac.disableHTTPChallengesRole` Helm option. ([#7836](https://github.com/cert-manager/cert-manager/issues/7836), [@inteon](https://github.com/inteon)) - This change removes the `path` label of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. ([#8109](https://github.com/cert-manager/cert-manager/issues/8109), [@mladen-rusev-cyberark](https://github.com/mladen-rusev-cyberark)) - Use the latest version of `ingress-nginx` in E2E tests to ensure compatibility ([#7792](https://github.com/cert-manager/cert-manager/issues/7792), [@wallrj](https://github.com/wallrj)) ##### Other (Cleanup or Flake) - Helm: Fix naming template of `tokenrequest` RoleBinding resource to improve consistency ([#7761](https://github.com/cert-manager/cert-manager/issues/7761), [@lunarwhite](https://github.com/lunarwhite)) - Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data ([#7928](https://github.com/cert-manager/cert-manager/issues/7928), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. ([#8003](https://github.com/cert-manager/cert-manager/issues/8003), [@hjoshi123](https://github.com/hjoshi123)) - Update kind images to include the Kubernetes 1.33 node image ([#7786](https://github.com/cert-manager/cert-manager/issues/7786), [@wallrj](https://github.com/wallrj)) - Use `maps.Copy` for cleaner map handling ([#8092](https://github.com/cert-manager/cert-manager/issues/8092), [@quantpoet](https://github.com/quantpoet)) - Vault: Migrate Vault E2E add-on tests from deprecated `vault-client-go` to the new `vault/api` client. ([#8059](https://github.com/cert-manager/cert-manager/issues/8059), [@armagankaratosun](https://github.com/armagankaratosun)) ### [`v1.19.0-alpha.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.0-alpha.0) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.18.6...v1.19.0-alpha.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. > ⚠️ This is a pre-release. For testing only! Changes since `v1.18.0`: ##### Feature - Add IPv6 rules to the default network policy ([`#7726`](https://github.com/cert-manager/cert-manager/pull/7726), [`@jcpunk`](https://github.com/jcpunk)) - Add `global.nodeSelector` to helm chart to allow for a single `nodeSelector` to be set across all services. ([`#7818`](https://github.com/cert-manager/cert-manager/pull/7818), [`@StingRayZA`](https://github.com/StingRayZA)) - Add generated `applyconfigurations` allowing clients to make type safe server-side apply requests for cert-manager resources. ([`#7866`](https://github.com/cert-manager/cert-manager/pull/7866), [`@erikgb`](https://github.com/erikgb)) - Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). ([`#7414`](https://github.com/cert-manager/cert-manager/pull/7414), [`@erikgb`](https://github.com/erikgb)) - Added `certmanager_certificate_challenge_status` Prometheus metric. ([`#7736`](https://github.com/cert-manager/cert-manager/pull/7736), [`@hjoshi123`](https://github.com/hjoshi123)) - Added `protocol` field for `rfc2136` DNS01 provider ([`#7881`](https://github.com/cert-manager/cert-manager/pull/7881), [`@hjoshi123`](https://github.com/hjoshi123)) - `CAInjectorMerging` has been promoted to BETA and is now enabled by default ([`#8017`](https://github.com/cert-manager/cert-manager/pull/8017), [`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot)) - Feature: Add support for [`ACME profiles extension`](https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/). ([`#7777`](https://github.com/cert-manager/cert-manager/pull/7777), [`@wallrj`](https://github.com/wallrj)) - Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global `--acme-http01-solver-resource-*` settings. ([`#7972`](https://github.com/cert-manager/cert-manager/pull/7972), [`@lunarwhite`](https://github.com/lunarwhite)) - The controller, webhook and ca-injector now logs its version and git commit on startup for easier debugging and support. ([`#8072`](https://github.com/cert-manager/cert-manager/pull/8072), [`@prasad89`](https://github.com/prasad89)) - Updated `certificate` metrics to the collector approach. ([`#7856`](https://github.com/cert-manager/cert-manager/pull/7856), [`@hjoshi123`](https://github.com/hjoshi123)) ##### Bug or Regression - ACME: Increased challenge authorization timeout to 2 minutes to fix `error waiting for authorization` ([`#7796`](https://github.com/cert-manager/cert-manager/pull/7796), [`@hjoshi123`](https://github.com/hjoshi123)) - BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints ([`#7816`](https://github.com/cert-manager/cert-manager/pull/7816), [`@kinolaev`](https://github.com/kinolaev)) - Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (`class`, `ingressClassName`, `name`) are specified simultaneously ([`#8021`](https://github.com/cert-manager/cert-manager/pull/8021), [`@lunarwhite`](https://github.com/lunarwhite)) - Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities ([`#7961`](https://github.com/cert-manager/cert-manager/pull/7961), [`@SgtCoDFish`](https://github.com/SgtCoDFish)) - Reverted adding the `global.rbac.disableHTTPChallengesRole` Helm option. ([`#7836`](https://github.com/cert-manager/cert-manager/pull/7836), [`@inteon`](https://github.com/inteon)) - Use the latest version of ingress-nginx in E2E tests to ensure compatibility ([`#7792`](https://github.com/cert-manager/cert-manager/pull/7792), [`@wallrj`](https://github.com/wallrj)) ##### Other (Cleanup or Flake) - Helm: Fix naming template of `tokenrequest` RoleBinding resource to improve consistency ([`#7761`](https://github.com/cert-manager/cert-manager/pull/7761), [`@lunarwhite`](https://github.com/lunarwhite)) - Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data ([`#7928`](https://github.com/cert-manager/cert-manager/pull/7928), [`@SgtCoDFish`](https://github.com/SgtCoDFish)) - Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. ([`#8003`](https://github.com/cert-manager/cert-manager/pull/8003), [`@hjoshi123`](https://github.com/hjoshi123)) - Update kind images to include the Kubernetes 1.33 node image ([`#7786`](https://github.com/cert-manager/cert-manager/pull/7786), [`@wallrj`](https://github.com/wallrj)) - Use `maps.Copy` for cleaner map handling ([`#8092`](https://github.com/cert-manager/cert-manager/pull/8092), [`@quantpoet`](https://github.com/quantpoet)) ### [`v1.18.6`](https://github.com/cert-manager/cert-manager/releases/tag/v1.18.6) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.18.5...v1.18.6) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.18.6 is a simple patch release to fix some reported vulnerabilities, most notably [CVE-2025-68121](https://nvd.nist.gov/vuln/detail/CVE-2025-68121). NB: We didn't attempt to patch [CVE-2026-24051](https://nvd.nist.gov/vuln/detail/CVE-2026-24051) but that vulnerability affects macOS only, so cert-manager will be unaffected. ##### Changes by Kind ##### Bug or Regression - Bump Go to address CVE-2025-68121 ([#8525](https://github.com/cert-manager/cert-manager/issues/8525), [@SgtCoDFish](https://github.com/SgtCoDFish)) ### [`v1.18.5`](https://github.com/cert-manager/cert-manager/releases/tag/v1.18.5) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.18.4...v1.18.5) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This release contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release. ##### Changes by Kind ##### Bug or Regression - Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#8414](https://github.com/cert-manager/cert-manager/issues/8414), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#8437](https://github.com/cert-manager/cert-manager/issues/8437), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#8467](https://github.com/cert-manager/cert-manager/issues/8467), [@SgtCoDFish](https://github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump go to 1.24.12 ([#8460](https://github.com/cert-manager/cert-manager/issues/8460), [@SgtCoDFish](https://github.com/SgtCoDFish)) ### [`v1.18.4`](https://github.com/cert-manager/cert-manager/releases/tag/v1.18.4) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.18.3...v1.18.4) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. We updated Go to fix some vulnerabilities in the standard library. > 📖 Read the [full 1.18 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.18) on the cert-manager.io website before upgrading. ##### Changes since `v1.18.3` ##### Bug or Regression - Address false positive vulnerabilities `CVE-2025-47914` and `CVE-2025-58181` which were reported by Trivy. ([#8282](https://github.com/cert-manager/cert-manager/issues/8282), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Update Go to `v1.24.11` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#8295](https://github.com/cert-manager/cert-manager/issues/8295), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) ##### Other (Cleanup or Flake) - Update cert-manager's ACME client, forked from `golang/x/crypto` ([#8271](https://github.com/cert-manager/cert-manager/issues/8271), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Updated Debian 12 distroless base images ([#8328](https://github.com/cert-manager/cert-manager/issues/8328), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) ### [`v1.18.3`](https://github.com/cert-manager/cert-manager/releases/tag/v1.18.3) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.18.2...v1.18.3) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. We fixed a bug which caused certificates to be re-issued unexpectedly, if the issuerRef kind or group was changed to one of the "runtime" default values. We increased the size limit when parsing PEM certificate chains to handle leaf certificates with large numbers of DNS named or other identities. We upgraded Go to 1.24.9 to fix various non-critical security vulnerabilities. > 📖 Read the [full 1.18 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.18) on the cert-manager.io website before upgrading. Changes since `v1.18.2`: ##### Bug or Regression - BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed ([#8174](https://github.com/cert-manager/cert-manager/issues/8174), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Bump Go to 1.24.9. Fixes the following vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, CVE-2025-61725 ([#8176](https://github.com/cert-manager/cert-manager/issues/8176), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities ([#7966](https://github.com/cert-manager/cert-manager/issues/7966), [@cert-manager-bot](https://github.com/cert-manager-bot)) ##### Other (Cleanup or Flake) - Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data ([#7964](https://github.com/cert-manager/cert-manager/issues/7964), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Upgrades Go to v1.24.6 ([#7974](https://github.com/cert-manager/cert-manager/issues/7974), [@SgtCoDFish](https://github.com/SgtCoDFish)) </details> <details> <summary>kubernetes-csi/csi-driver-nfs (csi-driver-nfs)</summary> ### [`v4.13.2`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.13.2): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.1...v4.13.2) ##### What's Changed - \[release-4.13] fix: avoid VolumeAttributesClass error logs in csi sidecar containers by [@andyzhangx](https://github.com/andyzhangx) in [#1049](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1049) - \[release-4.13] test: upgrade to golint 2.10 by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1069](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1069) - \[release-4.13] test: fix CVE-2026-25679 in trivy action by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1070](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1070) - \[release-4.13] security: Update trivy-action to use sha for v0.35.0 by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1076](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1076) - fix: CVE-2026-33186 by [@andyzhangx](https://github.com/andyzhangx) in [#1077](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1077) - \[release-4.13] chore: build with go1.25.9 by [@andyzhangx](https://github.com/andyzhangx) in [#1085](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1085) - \[release-4.13] test: fix trivy action failure by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1083](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1083) - \[release-4.13] cleanup: add validatePath to newNFSVolume by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1089](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1089) - doc: cut v4.13.2 release by [@andyzhangx](https://github.com/andyzhangx) in [#1092](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1092) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.1...v4.13.2> ### [`v4.13.1`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.13.1): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.0...v4.13.1) ##### What's Changed - \[release-4.13] chore: validate mount path by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1041](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1041) - \[release-4.13] chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#1043](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1043) - doc: cut v4.13.1 release by [@andyzhangx](https://github.com/andyzhangx) in [#1042](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1042) ##### New Contributors - [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) made their first contribution in [#1041](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1041) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.0...v4.13.1> ### [`v4.13.0`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.13.0): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.1...v4.13.0) ##### What's Changed - chore(deps): bump golang.org/x/net from 0.45.0 to 0.46.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#979](https://github.com/kubernetes-csi/csi-driver-nfs/pull/979) - doc: cut v4.12.0 release by [@andyzhangx](https://github.com/andyzhangx) in [#978](https://github.com/kubernetes-csi/csi-driver-nfs/pull/978) - chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#981](https://github.com/kubernetes-csi/csi-driver-nfs/pull/981) - chore(deps): bump golang.org/x/mod from 0.28.0 to 0.29.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#982](https://github.com/kubernetes-csi/csi-driver-nfs/pull/982) - chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#984](https://github.com/kubernetes-csi/csi-driver-nfs/pull/984) - doc: update new chart versions by [@andyzhangx](https://github.com/andyzhangx) in [#990](https://github.com/kubernetes-csi/csi-driver-nfs/pull/990) - Release tool update by [@darshansreenivas](https://github.com/darshansreenivas) in [#992](https://github.com/kubernetes-csi/csi-driver-nfs/pull/992) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.26.0 to 2.27.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#996](https://github.com/kubernetes-csi/csi-driver-nfs/pull/996) - chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#997](https://github.com/kubernetes-csi/csi-driver-nfs/pull/997) - chore: upgrade CSI driver sidecar image versions by [@andyzhangx](https://github.com/andyzhangx) in [#1000](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1000) - fix: CVE-2025-52881 by [@andyzhangx](https://github.com/andyzhangx) in [#1003](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1003) - test: upgrade to csi-test v5.4.0 by [@andyzhangx](https://github.com/andyzhangx) in [#1005](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1005) - fix: CVE-2025-58181 by [@andyzhangx](https://github.com/andyzhangx) in [#1007](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1007) - chore(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1008](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1008) - chore(deps): bump golang.org/x/mod from 0.29.0 to 0.30.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1009](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1009) - doc: fix volumeHandle format by [@andyzhangx](https://github.com/andyzhangx) in [#1010](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1010) - Make baseRepo feature work by default without per-image repository overrides by [@Copilot](https://github.com/Copilot) in [#1012](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1012) - test: fix trivy CVE-2025-61727 by [@andyzhangx](https://github.com/andyzhangx) in [#1013](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1013) - docs: fix typo (hlem → helm) by [@thakurnishu](https://github.com/thakurnishu) in [#1016](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1016) - chore(deps): bump github.com/onsi/gomega from 1.38.2 to 1.38.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#1017](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1017) - fix: CVE-2025-13281 by [@andyzhangx](https://github.com/andyzhangx) in [#1021](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1021) - chore: upgrade csi-provisioner to v6.1.0 by [@andyzhangx](https://github.com/andyzhangx) in [#1020](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1020) - chore: build image with go1.24.11 to fix CVE by [@andyzhangx](https://github.com/andyzhangx) in [#1022](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1022) - cleanup: refine mount time out error message by [@andyzhangx](https://github.com/andyzhangx) in [#1023](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1023) - test: fix CVE-2025-61726 trivy failure by [@andyzhangx](https://github.com/andyzhangx) in [#1027](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1027) - chore(deps): bump build-image/debian-base from bookworm-v1.0.6 to bookworm-v1.0.7 by [@dependabot](https://github.com/dependabot)\[bot] in [#1028](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1028) - chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#1029](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1029) - feat: add optional healthcheck for node-driver-registrar by [@ajhetherington](https://github.com/ajhetherington) in [#1026](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1026) - feat: add --enable-snapshot-compression flag to control snapshot compression by [@Copilot](https://github.com/Copilot) in [#1011](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1011) - chore: remove vendor-specific cloud-provider-azure dependency from generic NFS CSI driver by [@Copilot](https://github.com/Copilot) in [#1024](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1024) ##### New Contributors - [@darshansreenivas](https://github.com/darshansreenivas) made their first contribution in [#992](https://github.com/kubernetes-csi/csi-driver-nfs/pull/992) - [@Copilot](https://github.com/Copilot) made their first contribution in [#1012](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1012) - [@thakurnishu](https://github.com/thakurnishu) made their first contribution in [#1016](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1016) - [@ajhetherington](https://github.com/ajhetherington) made their first contribution in [#1026](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1026) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.0...v4.13.0> ### [`v4.12.1`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.12.1): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.0...v4.12.1) ##### What's Changed - doc: cut v4.12.1 release by [@andyzhangx](https://github.com/andyzhangx) in [#987](https://github.com/kubernetes-csi/csi-driver-nfs/pull/987) - \[release-4.12] chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#988](https://github.com/kubernetes-csi/csi-driver-nfs/pull/988) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.0...v4.12.1> ### [`v4.12.0`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.12.0): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.11.0...v4.12.0) ##### What's Changed - doc: cut v4.11.0 release by [@andyzhangx](https://github.com/andyzhangx) in [#880](https://github.com/kubernetes-csi/csi-driver-nfs/pull/880) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.0 to 2.23.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#883](https://github.com/kubernetes-csi/csi-driver-nfs/pull/883) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.1 to 2.23.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#884](https://github.com/kubernetes-csi/csi-driver-nfs/pull/884) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.2 to 2.23.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#887](https://github.com/kubernetes-csi/csi-driver-nfs/pull/887) - chore(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 by [@dependabot](https://github.com/dependabot)\[bot] in [#888](https://github.com/kubernetes-csi/csi-driver-nfs/pull/888) - chore(deps): bump github.com/onsi/gomega from 1.36.2 to 1.36.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#890](https://github.com/kubernetes-csi/csi-driver-nfs/pull/890) - chore: use go1.24 by [@andyzhangx](https://github.com/andyzhangx) in [#895](https://github.com/kubernetes-csi/csi-driver-nfs/pull/895) - chore(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#893](https://github.com/kubernetes-csi/csi-driver-nfs/pull/893) - chore(deps): bump google.golang.org/grpc from 1.71.0 to 1.71.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#896](https://github.com/kubernetes-csi/csi-driver-nfs/pull/896) - chore(deps): bump github.com/onsi/gomega from 1.36.3 to 1.37.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#897](https://github.com/kubernetes-csi/csi-driver-nfs/pull/897) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 by [@dependabot](https://github.com/dependabot)\[bot] in [#898](https://github.com/kubernetes-csi/csi-driver-nfs/pull/898) - chore(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#900](https://github.com/kubernetes-csi/csi-driver-nfs/pull/900) - test: fix CVE-2025-22871 in trivy action by [@andyzhangx](https://github.com/andyzhangx) in [#902](https://github.com/kubernetes-csi/csi-driver-nfs/pull/902) - chore: upgrade resizer sidecar image version to v1.13.2 by [@andyzhangx](https://github.com/andyzhangx) in [#903](https://github.com/kubernetes-csi/csi-driver-nfs/pull/903) - feat: add POD\_NAMESPACE environment var by [@mfhunruh](https://github.com/mfhunruh) in [#901](https://github.com/kubernetes-csi/csi-driver-nfs/pull/901) - chore(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#904](https://github.com/kubernetes-csi/csi-driver-nfs/pull/904) - chore: upgrade snapshot sidecar image to v8.2.1 by [@andyzhangx](https://github.com/andyzhangx) in [#905](https://github.com/kubernetes-csi/csi-driver-nfs/pull/905) - fix: goroutine leak when timeout by [@andyzhangx](https://github.com/andyzhangx) in [#907](https://github.com/kubernetes-csi/csi-driver-nfs/pull/907) - chore(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#910](https://github.com/kubernetes-csi/csi-driver-nfs/pull/910) - chore: create voume/snapshot should respect mountOptions in secret by [@andyzhangx](https://github.com/andyzhangx) in [#911](https://github.com/kubernetes-csi/csi-driver-nfs/pull/911) - chore(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#913](https://github.com/kubernetes-csi/csi-driver-nfs/pull/913) - chore(deps): bump google.golang.org/grpc from 1.72.1 to 1.72.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#916](https://github.com/kubernetes-csi/csi-driver-nfs/pull/916) - chore: upgrade sidecar image versions by [@andyzhangx](https://github.com/andyzhangx) in [#920](https://github.com/kubernetes-csi/csi-driver-nfs/pull/920) - chore(deps): bump google.golang.org/grpc from 1.72.2 to 1.73.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#922](https://github.com/kubernetes-csi/csi-driver-nfs/pull/922) - chore(deps): bump golang.org/x/mod from 0.24.0 to 0.25.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#924](https://github.com/kubernetes-csi/csi-driver-nfs/pull/924) - test: fix CVE-2025-4673 in trivy action by [@andyzhangx](https://github.com/andyzhangx) in [#926](https://github.com/kubernetes-csi/csi-driver-nfs/pull/926) - chore(deps): bump build-image/debian-base from bookworm-v1.0.4 to bookworm-v1.0.5 by [@dependabot](https://github.com/dependabot)\[bot] in [#928](https://github.com/kubernetes-csi/csi-driver-nfs/pull/928) - chore(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#925](https://github.com/kubernetes-csi/csi-driver-nfs/pull/925) - chore(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#931](https://github.com/kubernetes-csi/csi-driver-nfs/pull/931) - chore: upgrade snapshot and csi-resizer image versions by [@andyzhangx](https://github.com/andyzhangx) in [#932](https://github.com/kubernetes-csi/csi-driver-nfs/pull/932) - chore(deps): bump golang.org/x/mod from 0.25.0 to 0.26.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#933](https://github.com/kubernetes-csi/csi-driver-nfs/pull/933) - chore(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#934](https://github.com/kubernetes-csi/csi-driver-nfs/pull/934) - chore(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#935](https://github.com/kubernetes-csi/csi-driver-nfs/pull/935) - chore(deps): bump google.golang.org/grpc from 1.74.0 to 1.74.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#936](https://github.com/kubernetes-csi/csi-driver-nfs/pull/936) - chore(deps): bump github.com/onsi/gomega from 1.37.0 to 1.38.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#937](https://github.com/kubernetes-csi/csi-driver-nfs/pull/937) - chore(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#938](https://github.com/kubernetes-csi/csi-driver-nfs/pull/938) - chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#941](https://github.com/kubernetes-csi/csi-driver-nfs/pull/941) - chore(deps): bump golang.org/x/mod from 0.26.0 to 0.27.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#942](https://github.com/kubernetes-csi/csi-driver-nfs/pull/942) - test: fix CVE-2025-47907 trivy test failure by [@andyzhangx](https://github.com/andyzhangx) in [#943](https://github.com/kubernetes-csi/csi-driver-nfs/pull/943) - chore(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7 by [@dependabot](https://github.com/dependabot)\[bot] in [#947](https://github.com/kubernetes-csi/csi-driver-nfs/pull/947) - chore(deps): bump actions/checkout from 4 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [#948](https://github.com/kubernetes-csi/csi-driver-nfs/pull/948) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.4 to 2.25.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#951](https://github.com/kubernetes-csi/csi-driver-nfs/pull/951) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.0 to 2.25.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#952](https://github.com/kubernetes-csi/csi-driver-nfs/pull/952) - chore(deps): bump github.com/onsi/gomega from 1.38.0 to 1.38.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#953](https://github.com/kubernetes-csi/csi-driver-nfs/pull/953) - chore(deps): bump google.golang.org/grpc from 1.74.2 to 1.75.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#954](https://github.com/kubernetes-csi/csi-driver-nfs/pull/954) - fix: CVE-2025-5187 by [@andyzhangx](https://github.com/andyzhangx) in [#956](https://github.com/kubernetes-csi/csi-driver-nfs/pull/956) - chore(deps): bump actions/setup-go from 5 to 6 by [@dependabot](https://github.com/dependabot)\[bot] in [#958](https://github.com/kubernetes-csi/csi-driver-nfs/pull/958) - chore(deps): bump github.com/onsi/gomega from 1.38.1 to 1.38.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#957](https://github.com/kubernetes-csi/csi-driver-nfs/pull/957) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#959](https://github.com/kubernetes-csi/csi-driver-nfs/pull/959) - chore(deps): bump golang.org/x/mod from 0.27.0 to 0.28.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#960](https://github.com/kubernetes-csi/csi-driver-nfs/pull/960) - chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#961](https://github.com/kubernetes-csi/csi-driver-nfs/pull/961) - chore(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.9 by [@dependabot](https://github.com/dependabot)\[bot] in [#962](https://github.com/kubernetes-csi/csi-driver-nfs/pull/962) - chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.75.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#963](https://github.com/kubernetes-csi/csi-driver-nfs/pull/963) - chore(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#964](https://github.com/kubernetes-csi/csi-driver-nfs/pull/964) - chore(deps): bump build-image/debian-base from bookworm-v1.0.5 to bookworm-v1.0.6 by [@dependabot](https://github.com/dependabot)\[bot] in [#966](https://github.com/kubernetes-csi/csi-driver-nfs/pull/966) - chore: upgrade csi sidecar image versions by [@andyzhangx](https://github.com/andyzhangx) in [#967](https://github.com/kubernetes-csi/csi-driver-nfs/pull/967) - doc: update semver change doc for helm chart install by [@andyzhangx](https://github.com/andyzhangx) in [#969](https://github.com/kubernetes-csi/csi-driver-nfs/pull/969) - chore(deps): bump google.golang.org/protobuf from 1.36.9 to 1.36.10 by [@dependabot](https://github.com/dependabot)\[bot] in [#970](https://github.com/kubernetes-csi/csi-driver-nfs/pull/970) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#971](https://github.com/kubernetes-csi/csi-driver-nfs/pull/971) - chore(deps): bump google.golang.org/grpc from 1.75.1 to 1.76.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#972](https://github.com/kubernetes-csi/csi-driver-nfs/pull/972) - chore(deps): bump github/codeql-action from 3 to 4 by [@dependabot](https://github.com/dependabot)\[bot] in [#975](https://github.com/kubernetes-csi/csi-driver-nfs/pull/975) - chore(deps): bump golang.org/x/net from 0.44.0 to 0.45.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#976](https://github.com/kubernetes-csi/csi-driver-nfs/pull/976) - feat: support multiple storage classes creation using helm chart by [@andyzhangx](https://github.com/andyzhangx) in [#977](https://github.com/kubernetes-csi/csi-driver-nfs/pull/977) ##### New Contributors - [@mfhunruh](https://github.com/mfhunruh) made their first contribution in [#901](https://github.com/kubernetes-csi/csi-driver-nfs/pull/901) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.11.0...v4.12.0> </details> <details> <summary>immich-app/immich (ghcr.io/immich-app/immich-machine-learning)</summary> ### [`v2.7.5`](https://github.com/immich-app/immich/releases/tag/v2.7.5) [Compare Source](https://github.com/immich-app/immich/compare/v2.7.4...v2.7.5) ##### v2.7.5 ##### What's Changed ##### 🐛 Bug fixes - fix(server): add rate limit and deduplication to version check by [@zackpollard](https://github.com/zackpollard) in [#27747](https://github.com/immich-app/immich/pull/27747) ##### 🌐 Translations - chore(web): update translations by [@weblate](https://github.com/weblate) in [#27589](https://github.com/immich-app/immich/pull/27589) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.7.4...v2.7.5> ### [`v2.7.4`](https://github.com/immich-app/immich/releases/tag/v2.7.4) [Compare Source](https://github.com/immich-app/immich/compare/v2.7.3...v2.7.4) ##### v2.7.4 This release addresses some issues with image rendering on the mobile app ##### What's Changed ##### 🐛 Bug fixes - refactor(mobile): cleanup iOS image loading pipeline by [@LeLunZ](https://github.com/LeLunZ) in [#27672](https://github.com/immich-app/immich/pull/27672) - fix(server): hide original filename when not showing metadata by [@meesfrensel](https://github.com/meesfrensel) in [#27581](https://github.com/immich-app/immich/pull/27581) - fix(mobile): fix Flutter cache eviction on thumbnails by [@LeLunZ](https://github.com/LeLunZ) in [#27663](https://github.com/immich-app/immich/pull/27663) - chore: pump cronet version by [@shenlong-tanwen](https://github.com/shenlong-tanwen) in [#27685](https://github.com/immich-app/immich/pull/27685) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.7.3...v2.7.4> ### [`v2.7.3`](https://github.com/immich-app/immich/releases/tag/v2.7.3) [Compare Source](https://github.com/immich-app/immich/compare/v2.7.2...v2.7.3) ##### v2.7.3 ##### What's Changed ##### 🐛 Bug fixes - fix(server): avoid false restore failures on large database imports by [@ErasmusAndre](https://github.com/ErasmusAndre) in [#27420](https://github.com/immich-app/immich/pull/27420) - fix(mobile): improve image load cancellation handling by [@LeLunZ](https://github.com/LeLunZ) in [#27624](https://github.com/immich-app/immich/pull/27624) - fix(server): people search not showing for 3 or less characters by [@zackpollard](https://github.com/zackpollard) in [#27629](https://github.com/immich-app/immich/pull/27629) - fix(web): don't cache empty search results for people search by [@zackpollard](https://github.com/zackpollard) in [#27632](https://github.com/immich-app/immich/pull/27632) - fix(mobile): get provider refs before async gaps in backup page by [@LeLunZ](https://github.com/LeLunZ) in [#27597](https://github.com/immich-app/immich/pull/27597) - fix: ssr open graph tags by [@jrasm91](https://github.com/jrasm91) in [#27639](https://github.com/immich-app/immich/pull/27639) ##### 📚 Documentation - fix(docs): updated docker deprecation link by [@mmomjian](https://github.com/mmomjian) in [#27633](https://github.com/immich-app/immich/pull/27633) ##### New Contributors - [@fluffy](https://github.com/fluffy) made their first contribution in [#27606](https://github.com/immich-app/immich/pull/27606) - [@ErasmusAndre](https://github.com/ErasmusAndre) made their first contribution in [#27420](https://github.com/immich-app/immich/pull/27420) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.7.2...v2.7.3> ### [`v2.7.2`](https://github.com/immich-app/immich/releases/tag/v2.7.2) [Compare Source](https://github.com/immich-app/immich/compare/v2.7.0...v2.7.2) You knew it was coming :sweat\_smile: This release addresses the following issues: - Fix an issue with the default helmet.json file - Fix an issue with ML containers not working on some older CPUs - Fix an issue with importing external libraries  ##### What's Changed ##### 🐛 Bug fixes - fix: csp quotes by [@bo0tzz](https://github.com/bo0tzz) in [#27592](https://github.com/immich-app/immich/pull/27592) - fix(ml): downgrade numpy by [@mertalev](https://github.com/mertalev) in [#27591](https://github.com/immich-app/immich/pull/27591) - fix(server): library import batch size by [@mertalev](https://github.com/mertalev) in [#27595](https://github.com/immich-app/immich/pull/27595) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.7.0...v2.7.2> ### [`v2.7.0`](https://github.com/immich-app/immich/releases/tag/v2.7.0) [Compare Source](https://github.com/immich-app/immich/compare/v2.6.3...v2.7.0) ##### v2.7.0 Welcome to Immich `v2.7.0`! This release includes enhancements to the asset viewer, security improvements, changes to the duplicate APIs and viewer, and a bunch of bug fixes. Keep reading below for the complete highlights and a note on the upcoming `v3.0.0` release. > \[!NOTE]\ > We're working on a managed backup service for Immich with end-to-end encrypted backups of your library to a remote datacentre where only you hold the keys. > > We've put together a quick survey (\~5 mins) to get a better idea of how you're backing things up today and what you'd actually want from something like this. Your answers help us figure out what to prioritise, so we'd really appreciate it if you took a few minutes to fill it out. > > Leave your email at the end if you're interested in joining our free closed beta when it's ready. > > <https://futo-backups-survey.immich.app/> ##### Known limitations - The machine learning service on `amd64` currently requires the `>= x86-64-v2` microarchitecture. This will be patched in an upcoming patch release for backward compatibility with very old processors (before \~2010), but it will become a minimum requirement in 3.0. `arm64` is not affected by this change. ##### Highlights - Remove from album (asset viewer) - Move to locked folder (folder page) - Editor shortcuts - Create a new face on-the-fly in the face tag editor - Resolve duplicates - Helmet configuration - Version check infrastructure - Notable fix: live photo and video download in Safari - Notable fix: escape HTML in the Panorama Photo Viewer ##### Remove from album The web has a new action, "Remove from album," available in the asset viewer that makes it easier to remove an asset from an album. This action is available to both album and asset owners. <img width="360" height="202" alt="image" src="https://github.com/user-attachments/assets/e5facb24-ed10-4adc-957a-37147cca5634" /> ##### Move to locked folder in the Folder view Similarly, the folder view now includes the "Move to locked folder" action. <img width="1900" height="762" alt="image" src="https://github.com/user-attachments/assets/c39e792b-81da-4c31-a23f-03f96853fe8e" /> ##### Editor shortcuts Users on the web can now edit with keyboard shortcuts. Press `e` to open the editor. Once in the editor, press `[` or `]` to rotate the asset +/- 90 degrees. Finally, save any changes and close the editor with `ENTER`. <https://github.com/user-attachments/assets/969de104-b02d-41a6-830b-3e1a49541d14> ##### Create a new face on-the-fly in the face tag editor You can now create a new face/person on the fly from the face tagging editor interface <img width="350" alt="image" src="https://github.com/user-attachments/assets/c39db0e3-da47-4421-9040-5f51650deee9" /> <img width="350" alt="image" src="https://github.com/user-attachments/assets/0c81a1ee-c54e-4167-9dff-95719fe44595" /> ##### Deduplication improvements The duplicate screen has gone through a bunch of iterations since it was first introduced all the way back in May, 2024. The latest release moves a bunch of logic from the client to the server, which now automatically suggests which asset to keep based on image size and EXIF data. Additionally, the new server implementation will automatically synchronize metadata, including albums, favorite status, rating, description, visibility, location, and tags. For more information about this process, see the new [documentation](https://docs.immich.app/features/duplicates-utility). ##### Helmet configuration You can now opt in to using a [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP) in Immich. The new environment variant `IMMICH_HELMET_FILE` accepts a boolean or a path to a [helmet](https://helmetjs.github.io/) configuration file. **Recommend action:** The team recommends setting `IMMICH_HELMET_FILE=true` to enable the default policy. Then, please let us know if you run into any issues with it. ##### Background and details Since Immich is deployed in so many different ways, it has been hard to figure out how to enable a CSP that would not conflict with or break existing installs that might use 3rd party map providers, custom CSS, embed Immich in an iframe, or other such features. In this release, we have added the ability to both opt in to a default policy and configure a custom one. To use the default policy, simply set the environment variable `IMMICH_HELMET_FILE=true`. To use a custom policy, set the environment variable to a path on disk (within the immich-server) that contains a valid helmet configuration (e.g. `IMMICH_HELMET_FILE=/opt/immich/helmet.json`). CSP can be used to control what scripts are allowed to run on the page, which domains to load images from, etc. Additionally, it can be used to configure headers for [Referrer-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Referrer-Policy), [X-Powered-By](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Powered-By), [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options), and others. ##### New version check infrastructure Prior to this release, instances that used the automatic version check feature would send HTTP requests to `github.com`. Now, we have set up a small service at `version.immich.cloud` to handle these types of requests. This avoids any privacy implications of connecting to `github.com` , as well as moves the request load to our own infrastructure. ##### Notable fix: live photo and video download in Safari When downloading files in Safari with the same name, it will simply overwrite the file instead of automatically renaming it. In this release, the still and motion parts of a live photo are now named differently to prevent this from happening. ##### Notable fix: escape HTML in panorama photo viewer In `v2.6.0`, we added the ability to show/view clip text in the panorama viewer, but introduced an XSS vulnerability, which has been fixed in this release. Interestingly, this was XSS using text in the image, which would then get read by OCR. ##### Notable fix: Immich User Agent for external requests Similar to the mobile app, the server now sends a custom [User Agent](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/User-Agent) header. The format for the User Agent is `immich-server/{version}`. For example, `immich-server/2.7.0`. ##### `v3.0.0` Just a heads up that this is the likely to be the last release before `v3.0.0`. Being a major release there will be a handful of breaking changes, *although it's worth noting that nothing is currently planned that requires user intervention*. It is mainly changes that impact 3rd party developers. More information and details should be available in the coming weeks. ##### Support Immich <p align="center"> <img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExbjY2eWc5Y2F0ZW56MmR4aWE0dDhzZXlidXRmYWZyajl1bWZidXZpcyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/87CKDqErVfMqY/giphy.gif" width="450" title="SUPPORT THE PROJECT!"> </p> If you find the project helpful, you can support Immich by purchasing a product key at <https://buy.immich.app> or our merchandise at <https://immich.store> ***  ##### What's Changed ##### 🚀 Features - feat: add support for helmet configuration by [@jrasm91](https://github.com/jrasm91) in [#27058](https://github.com/immich-app/immich/pull/27058) - feat: create new person in face editor by [@alextran1502](https://github.com/alextran1502) in [#27364](https://github.com/immich-app/immich/pull/27364) ##### 🌟 Enhancements - feat(web): add a seperate tooltip for switching from dark to light mode by [@Vogeluff](https://github.com/Vogeluff) in [#27297](https://github.com/immich-app/immich/pull/27297) - feat(web): focus on face-editor search input by [@cratoo](https://github.com/cratoo) in [#27136](https://github.com/immich-app/immich/pull/27136) - feat(web): add RemoveFromAlbumAction to asset viewer nav bar by [@timonrieger](https://github.com/timonrieger) in [#27000](https://github.com/immich-app/immich/pull/27000) - feat(web): add shortcuts to rotate images by [@squishykid](https://github.com/squishykid) in [#26927](https://github.com/immich-app/immich/pull/26927) - feat(server): add checksum algorithm field by [@etnoy](https://github.com/etnoy) in [#26573](https://github.com/immich-app/immich/pull/26573) - feat(server): resolve duplicates by [@Phlogi](https://github.com/Phlogi) in [#25316](https://github.com/immich-app/immich/pull/25316) - chore(mobile): reduce spacing on video controls by [@uhthomas](https://github.com/uhthomas) in [#27313](https://github.com/immich-app/immich/pull/27313) - perf(server): optimize people page query by [@ffchung](https://github.com/ffchung) in [#27346](https://github.com/immich-app/immich/pull/27346) - feat(web): dim photo outside hovered face bounding box by [@midzelis](https://github.com/midzelis) in [#27402](https://github.com/immich-app/immich/pull/27402) - feat(web): OCR overlay interactivity during zoom by [@midzelis](https://github.com/midzelis) in [#27039](https://github.com/immich-app/immich/pull/27039) - feat: add move to lock folder in folder view by [@alextran1502](https://github.com/alextran1502) in [#27384](https://github.com/immich-app/immich/pull/27384) - feat(web): highlight active person thumbnail in detail panel and edit faces panel by [@midzelis](https://github.com/midzelis) in [#27401](https://github.com/immich-app/immich/pull/27401) - feat: move version checks to our own infrastructure by [@zackpollard](https://github.com/zackpollard) in [#27450](https://github.com/immich-app/immich/pull/27450) - feat: add preview button when selecting images by [@johnmaguire](https://github.com/johnmaguire) in [#27305](https://github.com/immich-app/immich/pull/27305) - fix: user-agent format by [@jrasm91](https://github.com/jrasm91) in [#27488](https://github.com/immich-app/immich/pull/27488) - chore(mobile): reduce buffering timer duration by [@uhthomas](https://github.com/uhthomas) in [#27111](https://github.com/immich-app/immich/pull/27111) - fix(mobile): use key on video controls by [@uhthomas](https://github.com/uhthomas) in [#27512](https://github.com/immich-app/immich/pull/27512) - feat(server): Add support for .ts files by [@ray](https://github.com/ray) in [#27529](https://github.com/immich-app/immich/pull/27529) ##### 🐛 Bug fixes - fix(server): refresh unedited asset dimensions on metadata extraction by [@michelheusschen](https://github.com/michelheusschen) in [#27220](https://github.com/immich-app/immich/pull/27220) - fix(server): memory fragmentation by [@mertalev](https://github.com/mertalev) in [#27027](https://github.com/immich-app/immich/pull/27027) - fix(database restores): don't assume onboarding has completed by [@insertish](https://github.com/insertish) in [#27052](https://github.com/immich-app/immich/pull/27052) - fix(web): preserve timezone when changing timestamp (Closes [#25354](https://github.com/immich-app/immich/issues/25354)) by [@updatemike](https://github.com/updatemike) in [#27095](https://github.com/immich-app/immich/pull/27095) - fix: various command palette usages by [@danieldietzler](https://github.com/danieldietzler) in [#27304](https://github.com/immich-app/immich/pull/27304) - fix(web): keep map view open after closing asset viewer by [@diiogofer](https://github.com/diiogofer) in [#26980](https://github.com/immich-app/immich/pull/26980) - fix(web): prevent Safari from overwriting live photo image with video by [@saurav61091](https://github.com/saurav61091) in [#26898](https://github.com/immich-app/immich/pull/26898) - fix(mobile): video icon not showing on memories by [@YarosMallorca](https://github.com/YarosMallorca) in [#27311](https://github.com/immich-app/immich/pull/27311) - fix(mobile): mismatch between system and app color when using low-chroma system color scheme by [@putuprema](https://github.com/putuprema) in [#27282](https://github.com/immich-app/immich/pull/27282) - fix(mobile): images loads sometimes cancel too early by [@LeLunZ](https://github.com/LeLunZ) in [#27067](https://github.com/immich-app/immich/pull/27067) - fix(mobile): streamline error handling for live photo saving by [@LeLunZ](https://github.com/LeLunZ) in [#27337](https://github.com/immich-app/immich/pull/27337) - fix(web): keep upload totals stable when dismissing items ([#27247](https://github.com/immich-app/immich/issues/27247)) by [@Nicolas-micuda-becker](https://github.com/Nicolas-micuda-becker) in [#27354](https://github.com/immich-app/immich/pull/27354) - fix(mobile): low upload timeout on android by [@mertalev](https://github.com/mertalev) in [#27399](https://github.com/immich-app/immich/pull/27399) - fix(web): add drop shadow to asset viewer nav bar and prevent button shrinking by [@midzelis](https://github.com/midzelis) in [#27404](https://github.com/immich-app/immich/pull/27404) - fix(mobile): favorite button not updating state by [@YarosMallorca](https://github.com/YarosMallorca) in [#27271](https://github.com/immich-app/immich/pull/27271) - fix: detection of WebM container by [@chanb22](https://github.com/chanb22) in [#24182](https://github.com/immich-app/immich/pull/24182) - fix(web): prevent AssetUpdate from adding unrelated timeline assets by [@michelheusschen](https://github.com/michelheusschen) in [#27369](https://github.com/immich-app/immich/pull/27369) - fix: withFilePath select edited or unedited file by [@bwees](https://github.com/bwees) in [#27328](https://github.com/immich-app/immich/pull/27328) - fix(web): Enable stack selector in shared album view by [@timonrieger](https://github.com/timonrieger) in [#24641](https://github.com/immich-app/immich/pull/24641) - fix(server): use substring matching for person name search by [@okxint](https://github.com/okxint) in [#26903](https://github.com/immich-app/immich/pull/26903) - fix: escape html by [@jrasm91](https://github.com/jrasm91) in [#27469](https://github.com/immich-app/immich/pull/27469) - fix(mobile): ignore pointer events on toasts by [@uhthomas](https://github.com/uhthomas) in [#26990](https://github.com/immich-app/immich/pull/26990) - fix(mobile): reset video controls hide timer when showing controls ch… by [@uhthomas](https://github.com/uhthomas) in [#26985](https://github.com/immich-app/immich/pull/26985) - fix(mobile): don't update search filters in-place by [@uhthomas](https://github.com/uhthomas) in [#26965](https://github.com/immich-app/immich/pull/26965) - fix(web): isFullScreen initial value check is incorrect by [@midzelis](https://github.com/midzelis) in [#27520](https://github.com/immich-app/immich/pull/27520) - fix(mobile): transparent system navbar when trash bottom bar is visible by [@putuprema](https://github.com/putuprema) in [#27093](https://github.com/immich-app/immich/pull/27093) - fix: timestamp handling for database backup in Web UI by [@AfonsoMendoncaRibeiro](https://github.com/AfonsoMendoncaRibeiro) in [#27359](https://github.com/immich-app/immich/pull/27359) - fix: allow bots to access /s/ urls by [@domints](https://github.com/domints) in [#27579](https://github.com/immich-app/immich/pull/27579) ##### 📚 Documentation - feat(docs): add keycloack example to oauth docs by [@robson90](https://github.com/robson90) in [#27425](https://github.com/immich-app/immich/pull/27425) ##### 🌐 Translations - chore(web): update translations by [@weblate](https://github.com/weblate) in [#27029](https://github.com/immich-app/immich/pull/27029) - chore(web): update translations by [@weblate](https://github.com/weblate) in [#27483](https://github.com/immich-app/immich/pull/27483) ##### New Contributors - [@Vogeluff](https://github.com/Vogeluff) made their first contribution in [#27297](https://github.com/immich-app/immich/pull/27297) - [@updatemike](https://github.com/updatemike) made their first contribution in [#27095](https://github.com/immich-app/immich/pull/27095) - [@diiogofer](https://github.com/diiogofer) made their first contribution in [#26980](https://github.com/immich-app/immich/pull/26980) - [@squishykid](https://github.com/squishykid) made their first contribution in [#26927](https://github.com/immich-app/immich/pull/26927) - [@Phlogi](https://github.com/Phlogi) made their first contribution in [#25316](https://github.com/immich-app/immich/pull/25316) - [@saurav61091](https://github.com/saurav61091) made their first contribution in [#26898](https://github.com/immich-app/immich/pull/26898) - [@putuprema](https://github.com/putuprema) made their first contribution in [#27282](https://github.com/immich-app/immich/pull/27282) - [@ffchung](https://github.com/ffchung) made their first contribution in [#27346](https://github.com/immich-app/immich/pull/27346) - [@chanb22](https://github.com/chanb22) made their first contribution in [#24182](https://github.com/immich-app/immich/pull/24182) - [@robson90](https://github.com/robson90) made their first contribution in [#27425](https://github.com/immich-app/immich/pull/27425) - [@okxint](https://github.com/okxint) made their first contribution in [#26903](https://github.com/immich-app/immich/pull/26903) - [@johnmaguire](https://github.com/johnmaguire) made their first contribution in [#27305](https://github.com/immich-app/immich/pull/27305) - [@ray](https://github.com/ray) made their first contribution in [#27529](https://github.com/immich-app/immich/pull/27529) - [@AfonsoMendoncaRibeiro](https://github.com/AfonsoMendoncaRibeiro) made their first contribution in [#27359](https://github.com/immich-app/immich/pull/27359) - [@domints](https://github.com/domints) made their first contribution in [#27579](https://github.com/immich-app/immich/pull/27579) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.6.3...v2.7.0> ### [`v2.6.3`](https://github.com/immich-app/immich/releases/tag/v2.6.3) [Compare Source](https://github.com/immich-app/immich/compare/v2.6.2...v2.6.3) ##### v2.6.3 ##### What's Changed ##### 🐛 Bug fixes - fix(mobile): remove upload timeout by [@mertalev](https://github.com/mertalev) in [#27237](https://github.com/immich-app/immich/pull/27237) - fix(web): prevent horizontal scroll bar in asset viewer side panel by [@michelheusschen](https://github.com/michelheusschen) in [#27270](https://github.com/immich-app/immich/pull/27270) - fix(web): shifting motion image button by [@YarosMallorca](https://github.com/YarosMallorca) in [#27275](https://github.com/immich-app/immich/pull/27275) - chore(docs): withPeople parameter description by [@YarosMallorca](https://github.com/YarosMallorca) in [#27262](https://github.com/immich-app/immich/pull/27262) - fix(server): filter out empty search suggestions by [@michelheusschen](https://github.com/michelheusschen) in [#27292](https://github.com/immich-app/immich/pull/27292) - fix: incorrect asset face sync by [@bwees](https://github.com/bwees) in [#27243](https://github.com/immich-app/immich/pull/27243) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.6.2...v2.6.3> ### [`v2.6.2`](https://github.com/immich-app/immich/releases/tag/v2.6.2) [Compare Source](https://github.com/immich-app/immich/compare/v2.6.1...v2.6.2) ##### v2.6.2 This release addresses the following issues - Fixed a bug where the shared link would error out when public users upload to the shared link - Fixed a bug where the URL switching feature doesn't work with external URLs - Fixed a bug where the "add to album" selection box on the web doesn't include albums that are shared with the user - Fixed several issues regarding the search filter on the mobile app and the web  ##### What's Changed ##### 🐛 Bug fixes - fix(mobile): simplified chinese not available by [@YarosMallorca](https://github.com/YarosMallorca) in [#27066](https://github.com/immich-app/immich/pull/27066) - fix(web): allow showing combobox items outside modals by [@michelheusschen](https://github.com/michelheusschen) in [#27075](https://github.com/immich-app/immich/pull/27075) - fix(web): preserve album scroll when adding to other albums by [@michelheusschen](https://github.com/michelheusschen) in [#27078](https://github.com/immich-app/immich/pull/27078) - fix(server): queue version check job when config changed by [@uhthomas](https://github.com/uhthomas) in [#27094](https://github.com/immich-app/immich/pull/27094) - fix: shared link add to album by [@jrasm91](https://github.com/jrasm91) in [#27063](https://github.com/immich-app/immich/pull/27063) - fix: svelte reactivity issues by [@danieldietzler](https://github.com/danieldietzler) in [#27109](https://github.com/immich-app/immich/pull/27109) - fix(mobile): cronet image cache clearing on android by [@LeLunZ](https://github.com/LeLunZ) in [#27054](https://github.com/immich-app/immich/pull/27054) - fix(mobile): view similar photos from search by [@YarosMallorca](https://github.com/YarosMallorca) in [#27149](https://github.com/immich-app/immich/pull/27149) - fix(mobile): no results before applying filter by [@YarosMallorca](https://github.com/YarosMallorca) in [#27155](https://github.com/immich-app/immich/pull/27155) - fix(mobile): star rating always defaults to 0 by [@YarosMallorca](https://github.com/YarosMallorca) in [#27157](https://github.com/immich-app/immich/pull/27157) - fix: download original stale cache when edited by [@danieldietzler](https://github.com/danieldietzler) in [#27195](https://github.com/immich-app/immich/pull/27195) - fix(web): restore duplicate viewer arrow key navigation by [@michelheusschen](https://github.com/michelheusschen) in [#27176](https://github.com/immich-app/immich/pull/27176) - fix(web): update upload summary when removing items ([#27035](https://github.com/immich-app/immich/issues/27035)) by [@Nicolas-micuda-becker](https://github.com/Nicolas-micuda-becker) in [#27139](https://github.com/immich-app/immich/pull/27139) - fix(mobile): option padding on search dropdowns by [@YarosMallorca](https://github.com/YarosMallorca) in [#27154](https://github.com/immich-app/immich/pull/27154) - fix(mobile): add keys to people list by [@YarosMallorca](https://github.com/YarosMallorca) in [#27112](https://github.com/immich-app/immich/pull/27112) - fix(mobile): add cookie for auxiliary url by [@mertalev](https://github.com/mertalev) in [#27209](https://github.com/immich-app/immich/pull/27209) - fix: album picker show all albums by [@danieldietzler](https://github.com/danieldietzler) in [#27211](https://github.com/immich-app/immich/pull/27211) - fix(server): album permissions for editors by [@YarosMallorca](https://github.com/YarosMallorca) in [#27214](https://github.com/immich-app/immich/pull/27214) - fix(mobile/web): album cover buttons consistency by [@YarosMallorca](https://github.com/YarosMallorca) in [#27213](https://github.com/immich-app/immich/pull/27213) ##### 📚 Documentation - fix(docs): clarify ML CPU architecture by [@mmomjian](https://github.com/mmomjian) in [#27187](https://github.com/immich-app/immich/pull/27187) ##### New Contributors - [@Nicolas-micuda-becker](https://github.com/Nicolas-micuda-becker) made their first contribution in [#27139](https://github.com/immich-app/immich/pull/27139) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.6.1...v2.6.2> ### [`v2.6.1`](https://github.com/immich-app/immich/releases/tag/v2.6.1) [Compare Source](https://github.com/immich-app/immich/compare/v2.6.0...v2.6.1) ##### v2.6.1 ##### Hot fixes - Fixed a failed migration issue on the mobile app when the URL Switching feature is used ##### What's Changed ##### 🐛 Bug fixes - fix(server): fallback to email when name is empty by [@jrasm91](https://github.com/jrasm91) in [#27016](https://github.com/immich-app/immich/pull/27016) - fix: ignore errors deleting untitled album by [@jrasm91](https://github.com/jrasm91) in [#27020](https://github.com/immich-app/immich/pull/27020) - fix(web): wrap long album title by [@jrasm91](https://github.com/jrasm91) in [#27012](https://github.com/immich-app/immich/pull/27012) - fix(web): stop in-progress uploads on logout by [@jrasm91](https://github.com/jrasm91) in [#27021](https://github.com/immich-app/immich/pull/27021) - fix: writing empty exif tags by [@danieldietzler](https://github.com/danieldietzler) in [#27025](https://github.com/immich-app/immich/pull/27025) - fix(web): disable send button by [@jrasm91](https://github.com/jrasm91) in [#27051](https://github.com/immich-app/immich/pull/27051) - fix(mobile): server url migration by [@mertalev](https://github.com/mertalev) in [#27050](https://github.com/immich-app/immich/pull/27050) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.6.0...v2.6.1> ### [`v2.6.0`](https://github.com/immich-app/immich/releases/tag/v2.6.0) [Compare Source](https://github.com/immich-app/immich/compare/v2.5.6...v2.6.0) ##### v2.6.0 Welcome to Immich `v2.6.0`, This release is a collection of more than *350 commits over 6 weeks*. I know, it is an eternity between releases compared to our previous era. This version focuses on bug fixes and enhancements across the app to provide a more delightful and smoother experience to you. This release also prepares for the next major release in the coming month, which will remove the old timeline implementation. Let's dive into the highlights of the release: > \[!WARNING] > For those who are still using the old timeline, please switch to the new timeline to avoid interruption, as the old timeline will be removed in the next release. > > ps: The old timeline has an exclamation icon next to the logo. <img width="525" height="120" alt="image" src="https://github.com/user-attachments/assets/ed36ea22-b16e-472f-961c-c19501712ba5" /> ##### Highlights - Map side panel (web) - Pick album cover (mobile) - Shared link slugs (mobile) - Shared link presets (web) - Native HTTP clients (mobile) - Video player and asset viewer improvements (mobile) - Improved search results (mobile) - `schema-check`: a new `immich-admin` command - Read profile claims from ID token (OAuth) - Notable fix: cast videos now automatically loop - Notable fix: correctly extract make and model from Sony XAVC video files - Notable fix: escape key handling on web - Notable fix: healthcheck endpoint in maintenance mode - Notable fix: timeline rendering for RTL languages like Arabic and Hebrew - Notable fix: prevent server crash when extracting invalid metadata ##### Map side panel (web) The map view on the web now opens a mini-timeline component as a side panel when you click on a cluster of assets. This makes it easier to view the cluster at a glance and enables bulk actions, such as adding to favorites and adding to an album. <img width="800" alt="image" src="https://github.com/user-attachments/assets/6f90b04d-4aa7-4f68-b59c-c2b912e638f7" /> ##### Pick album cover (mobile) Users can now pick a new album cover directly from the mobile app. <https://github.com/user-attachments/assets/7f99dc80-21c6-4ce6-9f75-8e6b0163dcaa> ##### Shared link slugs (mobile) The mobile app now also supports setting a shared link slug, a feature that's been available on the web for a while. <https://github.com/user-attachments/assets/5420995a-cfd4-471d-a3ac-db4fa45de780> ##### Shared link presets (web) The expiration form input on the web was always a bit confusing, but it's been updated to make it easier to see and understand when a shared link will expire. <img width="400" alt="image" src="https://github.com/user-attachments/assets/9d6124a9-eec2-43e8-b228-e1ac6c0415e8" /> ##### Native HTTP clients (mobile) The mobile app now uses native HTTP clients across both Android and iOS, with support for mTLS, self-signed certificates, basic auth, and custom headers. These features should now be more reliable and extend to background tasks, video playback, and other parts of the app. This also improves the app's overall network request performance thanks to HTTP/2 and HTTP/3, multiplexing, and caching. ##### Video player and asset viewer improvements (mobile) The asset viewer has undergone many improvements under the hood to make it simpler, faster and more reliable. We've also added playback support for GIFs, enabled video zooming, and made many more bug fixes and tweaks. ##### The asset viewer now uses a gradient for actions, and video controls have been restyled <img width="300" alt="image" src="https://github.com/user-attachments/assets/9a4e0892-f178-45fc-812c-10a6cba3f48b" /> ##### Inline asset details This used to be a bottom sheet and had a lot of glue for alignment. The new version is much more responsive and less buggy. ##### Before <https://github.com/user-attachments/assets/43b59b59-7d6a-48d0-94d7-84b8cae1c2a9> ##### After <https://github.com/user-attachments/assets/9217b6f4-1c92-40b0-bd95-a0681307cf38> ##### Improved search results (mobile) The search results page now loads more results without rebuilding the entire grid, and should now load much faster. There are also new screens for when there are no search results and when all results have been loaded. <https://github.com/user-attachments/assets/42ce69d4-1618-48ee-9cb9-91ec22e12b27> ##### `schema-check`: a new `immich-admin` command A new `immich-admin` command has been added in this release: `schema-check`. The command runs a report on the database to check if any indexes, constraints, tables, or columns are missing. This check also runs automatically on startup. ##### Read profile claims from `idToken` (OAuth) Prior to `v2.6.0`, Immich resolved the `email` and other claims from the [userinfo](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) endpoint. Now, Immich also supports reading those claims directly from the `idToken`. This makes it possible to use providers such as Microsoft ADFS that do not support the userinfo endpoint. *** As always, there are many more QoL improvements, bug fixes, and enhancements in this release. Please find the full release note below ##### Support Immich <p align="center"> <img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExbjY2eWc5Y2F0ZW56MmR4aWE0dDhzZXlidXRmYWZyajl1bWZidXZpcyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/87CKDqErVfMqY/giphy.gif" width="450" title="SUPPORT THE PROJECT!"> </p> If you find the project helpful, you can support Immich by purchasing a product key at <https://buy.immich.app> or our merchandise at <https://immich.store> ***  ##### What's Changed ##### 🔒 Security - fix(server): restrict individual shared link asset removal to owners by [@michelheusschen](https://github.com/michelheusschen) in [#26868](https://github.com/immich-app/immich/pull/26868) - fix: add to shared link by [@jrasm91](https://github.com/jrasm91) in [#26886](https://github.com/immich-app/immich/pull/26886) ##### 🚀 Features - feat: shared link login by [@jrasm91](https://github.com/jrasm91) in [#25678](https://github.com/immich-app/immich/pull/25678) - feat: schema-check by [@jrasm91](https://github.com/jrasm91) in [#25904](https://github.com/immich-app/immich/pull/25904) - feat: add people deeplink by [@arne182](https://github.com/arne182) in [#25686](https://github.com/immich-app/immich/pull/25686) - feat(mobile): inline asset details by [@uhthomas](https://github.com/uhthomas) in [#25952](https://github.com/immich-app/immich/pull/25952) - feat(mobile): filter by tags by [@benjamonnguyen](https://github.com/benjamonnguyen) in [#26196](https://github.com/immich-app/immich/pull/26196) - feat: add .mxf file support by [@timonrieger](https://github.com/timonrieger) in [#24644](https://github.com/immich-app/immich/pull/24644) - feat: tap to see next/previous image by [@thezeroalpha](https://github.com/thezeroalpha) in [#20286](https://github.com/immich-app/immich/pull/20286) - feat(mobile): Allow users to set album cover from mobile app by [@timonrieger](https://github.com/timonrieger) in [#25515](https://github.com/immich-app/immich/pull/25515) - feat(mobile): Allow users to set profile picture from asset viewer by [@timonrieger](https://github.com/timonrieger) in [#25517](https://github.com/immich-app/immich/pull/25517) - feat: ROCm 7.2 and MIGraphX support by [@kprinssu](https://github.com/kprinssu) in [#26178](https://github.com/immich-app/immich/pull/26178) - feat(web): map timeline sidepanel by [@michelheusschen](https://github.com/michelheusschen) in [#26532](https://github.com/immich-app/immich/pull/26532) - feat: add responsive layout to broken asset by [@midzelis](https://github.com/midzelis) in [#26384](https://github.com/immich-app/immich/pull/26384) - feat(web): toggle zoom on double-click in photo viewer by [@midzelis](https://github.com/midzelis) in [#26732](https://github.com/immich-app/immich/pull/26732) - feat(mobile): show animated images in asset viewer by [@LeLunZ](https://github.com/LeLunZ) in [#26614](https://github.com/immich-app/immich/pull/26614) - feat(mobile): open in browser by [@YarosMallorca](https://github.com/YarosMallorca) in [#26369](https://github.com/immich-app/immich/pull/26369) ##### 🌟 Enhancements - feat: verify permissions by [@jrasm91](https://github.com/jrasm91) in [#25647](https://github.com/immich-app/immich/pull/25647) - feat(web): change link expiration logic & presets by [@YarosMallorca](https://github.com/YarosMallorca) in [#26064](https://github.com/immich-app/immich/pull/26064) - feat(mobile): dynamic layout in new timeline by [@shenlong-tanwen](https://github.com/shenlong-tanwen) in [#23837](https://github.com/immich-app/immich/pull/23837) - feat(cli): change progress bar to display file size by [@Nykri](https://github.com/Nykri) in [#23328](https://github.com/immich-app/immich/pull/23328) - feat(mobile): dynamic multi-line album name by [@uhthomas](https://github.com/uhthomas) in [#26040](https://github.com/immich-app/immich/pull/26040) - feat(mobile): hide search by context/OCR if disabled on server ([#25472](https://github.com/immich-app/immich/issues/25472)) by [@Nacolis](https://github.com/Nacolis) in [#26063](https://github.com/immich-app/immich/pull/26063) - fix(release): add docker-compose.rootless.yml to released assets by [@dnozay](https://github.com/dnozay) in [#26261](https://github.com/immich-app/immich/pull/26261) - feat(web): show ocr text boxes in panoramas by [@meesfrensel](https://github.com/meesfrensel) in [#25727](https://github.com/immich-app/immich/pull/25727) - feat(web): loop chromecast video by [@etnoy](https://github.com/etnoy) in [#24410](https://github.com/immich-app/immich/pull/24410) - chore(web): merge "Add to album" and "Add to shared album" actions into a single action by [@timonrieger](https://github.com/timonrieger) in [#24669](https://github.com/immich-app/immich/pull/24669) - feat(mobile): timeline - add bottomWidgetBuilder by [@PeterOmbodi](https://github.com/PeterOmbodi) in [#25634](https://github.com/immich-app/immich/pull/25634) - feat(mobile): video zooming in asset viewer by [@goalie2002](https://github.com/goalie2002) in [#22036](https://github.com/immich-app/immich/pull/22036) - feat(mobile): Add slug support for shared links by [@Lauritz-Tieste](https://github.com/Lauritz-Tieste) in [#26441](https://github.com/immich-app/immich/pull/26441) - feat: warn when losing transparency during thumbnail generation by [@midzelis](https://github.com/midzelis) in [#26243](https://github.com/immich-app/immich/pull/26243) - perf(mobile): optimized album sorting by [@YarosMallorca](https://github.com/YarosMallorca) in [#25179](https://github.com/immich-app/immich/pull/25179) - feat(mobile): prompt when deleting from trash by [@YarosMallorca](https://github.com/YarosMallorca) in [#26392](https://github.com/immich-app/immich/pull/26392) - feat: getAssetEdits respond with edit IDs by [@bwees](https://github.com/bwees) in [#26445](https://github.com/immich-app/immich/pull/26445) - fix(server): accept showAt and hideAt for creating memories by [@meesfrensel](https://github.com/meesfrensel) in [#26429](https://github.com/immich-app/immich/pull/26429) - feat(server): SyncAssetEditV1 by [@bwees](https://github.com/bwees) in [#26446](https://github.com/immich-app/immich/pull/26446) - feat: splash screen error page by [@shenlong-tanwen](https://github.com/shenlong-tanwen) in [#26460](https://github.com/immich-app/immich/pull/26460) - feat(mobile): add confirmation dialog to permanent delete action by [@ByteSizedMarius](https://github.com/ByteSizedMarius) in [#26442](https://github.com/immich-app/immich/pull/26442) - feat: enhance face-editor positioning by [@midzelis](https://github.com/midzelis) in [#26303](https://github.com/immich-app/immich/pull/26303) - feat: improve HEIC, HEIF and JPEG XL browser support detection by [@nicosemp](https://github.com/nicosemp) in [#26122](https://github.com/immich-app/immich/pull/26122) - refactor(web): remove replaceAsset action by [@timonrieger](https://github.com/timonrieger) in [#26444](https://github.com/immich-app/immich/pull/26444) - feat(web): bounding box for faces when hovering over the face in photo view by [@cratoo](https://github.com/cratoo) in [#26667](https://github.com/immich-app/immich/pull/26667) - feat(mobile): keep search results visible by [@uhthomas](https://github.com/uhthomas) in [#26498](https://github.com/immich-app/immich/pull/26498) - feat(mobile): use shared native client by [@mertalev](https://github.com/mertalev) in [#25942](https://github.com/immich-app/immich/pull/25942) - feat(mobile): SyncAssetEditV1 by [@bwees](https://github.com/bwees) in [#26518](https://github.com/immich-app/immich/pull/26518) - feat(ml): enable openvino for cpu by [@apejcic](https://github.com/apejcic) in [#22948](https://github.com/immich-app/immich/pull/22948) - feat: responsive video duration in thumbnail by [@midzelis](https://github.com/midzelis) in [#26770](https://github.com/immich-app/immich/pull/26770) - feat(web): animate zoom toggle with cubicOut easing by [@midzelis](https://github.com/midzelis) in [#26731](https://github.com/immich-app/immich/pull/26731) - feat(mobile): consolidate video controls by [@uhthomas](https://github.com/uhthomas) in [#26673](https://github.com/immich-app/immich/pull/26673) - feat(web): add shortcut "p" to open/close the face tag box by [@cratoo](https://github.com/cratoo) in [#26826](https://github.com/immich-app/immich/pull/26826) - feat(mobile): use material design 3 slider by [@uhthomas](https://github.com/uhthomas) in [#26829](https://github.com/immich-app/immich/pull/26829) - feat: adaptive progressive image loading for photo viewer by [@midzelis](https://github.com/midzelis) in [#26636](https://github.com/immich-app/immich/pull/26636) - fix(server): extract make/model from sony video files by [@brendanngo](https://github.com/brendanngo) in [#26833](https://github.com/immich-app/immich/pull/26833) - chore(mobile): remove background from asset viewer back button by [@uhthomas](https://github.com/uhthomas) in [#26851](https://github.com/immich-app/immich/pull/26851) - feat(server): support IDPs that only send the userinfo in the ID token by [@Belnadifia](https://github.com/Belnadifia) in [#26717](https://github.com/immich-app/immich/pull/26717) - feat(web): improve OCR overlay text fitting, reactivity, and accessibility by [@midzelis](https://github.com/midzelis) in [#26678](https://github.com/immich-app/immich/pull/26678) - fix(web): allow pasting PIN code from clipboard or password manager by [@pressslav](https://github.com/pressslav) in [#26944](https://github.com/immich-app/immich/pull/26944) ##### 🐛 Bug fixes - fix: ignore checksum constraint error when logging by [@jrasm91](https://github.com/jrasm91) in [#26113](https://github.com/immich-app/immich/pull/26113) - fix(web): use locale for date picker by [@michelheusschen](https://github.com/michelheusschen) in [#26125](https://github.com/immich-app/immich/pull/26125) - fix(web): escape shortcut handling by [@michelheusschen](https://github.com/michelheusschen) in [#26096](https://github.com/immich-app/immich/pull/26096) - fix(mobile): Login routing on Splash screen by [@PeterOmbodi](https://github.com/PeterOmbodi) in [#26128](https://github.com/immich-app/immich/pull/26128) - fix: null local date time in timeline queries by [@shenlong-tanwen](https://github.com/shenlong-tanwen) in [#26133](https://github.com/immich-app/immich/pull/26133) - fix(web): prevent event manager from throwing error by [@michelheusschen](https://github.com/michelheusschen) in [#26156](https://github.com/immich-app/immich/pull/26156) - fix(web): improve api key modal responsiveness by [@klenner1](https://github.com/klenner1) in [#26151](https://github.com/immich-app/immich/pull/26151) - fix(web): show correct assets in memory gallery by [@michelheusschen](https://github.com/michelheusschen) in [#26157](https://github.com/immich-app/immich/pull/26157) - fix(web): add missing [@immich/ui](https://github.com/immich/ui) translations by [@michelheusschen](https://github.com/michelheusschen) in [#26143](https://github.com/immich-app/immich/pull/26143) - fix(mobile): timeline handling on foldable phones + ensuring that images are not cut off by [@bkchr](https://github.com/bkchr) in [#25088](https://github.com/immich-app/immich/pull/25088) - fix(mobile): prevent nav bar label text wrapping by [@chrislongros](https://github.com/chrislongros) in [#26011](https://github.com/immich-app/immich/pull/26011) - fix(mobile): hide latest version warnings by [@uhthomas](https://github.com/uhthomas) in [#26036](https://github.com/immich-app/immich/pull/26036) - fix(mobile): inconsistent query for people by [@YarosMallorca](https://github.com/YarosMallorca) in [#24437](https://github.com/immich-app/immich/pull/24437) - fix(web): timeline multi select group state by [@michelheusschen](https://github.com/michelheusschen) in [#26180](https://github.com/immich-app/immich/pull/26180) - fix(web): add checkerboard background for transparent images by [@agent-steven](https://github.com/agent-steven) in [#26091](https://github.com/immich-app/immich/pull/26091) - fix(mobile): inherit toolbar opacity by [@uhthomas](https://github.com/uhthomas) in [#25694](https://github.com/immich-app/immich/pull/25694) - fix(web): focus tag input when modal opens by [@michelheusschen](https://github.com/michelheusschen) in [#26256](https://github.com/immich-app/immich/pull/26256) - fix(web): clear face boxes when switching assets by [@michelheusschen](https://github.com/michelheusschen) in [#26249](https://github.com/immich-app/immich/pull/26249) - fix(web): clear unsaved asset description when changing asset by [@michelheusschen](https://github.com/michelheusschen) in [#26255](https://github.com/immich-app/immich/pull/26255) - fix(web): clear cache when asset changes by [@michelheusschen](https://github.com/michelheusschen) in [#26257](https://github.com/immich-app/immich/pull/26257) - fix: utc time zone upserts by [@danieldietzler](https://github.com/danieldietzler) in [#26258](https://github.com/immich-app/immich/pull/26258) - fix: metadata crash by [@jrasm91](https://github.com/jrasm91) in [#26327](https://github.com/immich-app/immich/pull/26327) - fix: prevent server crash when extraction of metadata fails if the assets are corrupted by [@Devansh-Jani](https://github.com/Devansh-Jani) in [#26042](https://github.com/immich-app/immich/pull/26042) - fix(server): db restore failure when `DB_URL` is set to unix-domain socket connection by [@fabio-garavini](https://github.com/fabio-garavini) in [#26252](https://github.com/immich-app/immich/pull/26252) - fix: Download the edited version when downloading multiple photos by [@MontejoJorge](https://github.com/MontejoJorge) in [#26259](https://github.com/immich-app/immich/pull/26259) - fix: include `DROP INDEX` in transaction to prevent missing index on rollback by [@haoxi911](https://github.com/haoxi911) in [#25399](https://github.com/immich-app/immich/pull/25399) - fix: safari address bar color by [@jrasm91](https://github.com/jrasm91) in [#26346](https://github.com/immich-app/immich/pull/26346) - fix(web): prevent panorama image reload during asset updates by [@michelheusschen](https://github.com/michelheusschen) in [#26349](https://github.com/immich-app/immich/pull/26349) - fix(web): favoriting assets opened via GalleryViewer by [@michelheusschen](https://github.com/michelheusschen) in [#26350](https://github.com/immich-app/immich/pull/26350) - fix(i18n): add translation key for partner's photos by [@timonrieger](https://github.com/timonrieger) in [#26348](https://github.com/immich-app/immich/pull/26348) - fix(web): single select scroll behavior by [@timonrieger](https://github.com/timonrieger) in [#26358](https://github.com/immich-app/immich/pull/26358) - perf: add indexes to improve People API response times by [@bxtdvd](https://github.com/bxtdvd) in [#26337](https://github.com/immich-app/immich/pull/26337) - fix: pin code reset modal by [@jrasm91](https://github.com/jrasm91) in [#26370](https://github.com/immich-app/immich/pull/26370) - fix(mobile): Reset "People" search filter chip if no selections are made by [@benjamonnguyen](https://github.com/benjamonnguyen) in [#26267](https://github.com/immich-app/immich/pull/26267) - fix(cli): delete sidecar files after upload if requested by [@timonrieger](https://github.com/timonrieger) in [#26353](https://github.com/immich-app/immich/pull/26353) - fix(web): album description auto height by [@michelheusschen](https://github.com/michelheusschen) in [#26420](https://github.com/immich-app/immich/pull/26420) - fix(web): prevent side panel overlap during transition by [@michelheusschen](https://github.com/michelheusschen) in [#26398](https://github.com/immich-app/immich/pull/26398) - fix(web): storage template example by [@mmomjian](https://github.com/mmomjian) in [#26424](https://github.com/immich-app/immich/pull/26424) - fix(web): prevent `state_unsafe_mutation` error on people page by [@michelheusschen](https://github.com/michelheusschen) in [#26438](https://github.com/immich-app/immich/pull/26438) - fix: missing deletedAt and isVisible columns on mobile by [@bwees](https://github.com/bwees) in [#26414](https://github.com/immich-app/immich/pull/26414) - fix(mobile): joinLocal on archived timeline by [@YarosMallorca](https://github.com/YarosMallorca) in [#26387](https://github.com/immich-app/immich/pull/26387) - fix: always show library scan button by [@etnoy](https://github.com/etnoy) in [#26428](https://github.com/immich-app/immich/pull/26428) - fix: retain asset when either asset is a favorite by [@shenlong-tanwen](https://github.com/shenlong-tanwen) in [#26473](https://github.com/immich-app/immich/pull/26473) - fix(web): prevent null folder tree on concurrent load by [@michelheusschen](https://github.com/michelheusschen) in [#26489](https://github.com/immich-app/immich/pull/26489) - fix(web): toast warning when trying to upload unsupported file type by [@meesfrensel](https://github.com/meesfrensel) in [#26492](https://github.com/immich-app/immich/pull/26492) - fix(mobile): birthday picker shows limited months when no date exists by [@socksprox](https://github.com/socksprox) in [#26407](https://github.com/immich-app/immich/pull/26407) - fix: consider DAR when extracting video dimension by [@alextran1502](https://github.com/alextran1502) in [#25293](https://github.com/immich-app/immich/pull/25293) - feat(mobile): Prevent premature image cache eviction when higher image loading is enabled by [@LeLunZ](https://github.com/LeLunZ) in [#26208](https://github.com/immich-app/immich/pull/26208) - refactor: star rating by [@meesfrensel](https://github.com/meesfrensel) in [#26357](https://github.com/immich-app/immich/pull/26357) - fix(mobile): set correct initial system-ui mode in asset viewer by [@goalie2002](https://github.com/goalie2002) in [#26500](https://github.com/immich-app/immich/pull/26500) - fix(server): Live Photo migration bug when album is in template by [@NikhilAlapati](https://github.com/NikhilAlapati) in [#25329](https://github.com/immich-app/immich/pull/25329) - fix(web): handle delete shortcut on shared link page as remove by [@meesfrensel](https://github.com/meesfrensel) in [#26552](https://github.com/immich-app/immich/pull/26552) - fix(mobile): prevent video player from being recreated unnecessarily by [@uhthomas](https://github.com/uhthomas) in [#26553](https://github.com/immich-app/immich/pull/26553) - fix(mobile): don't cut off top corners of app bar by [@uhthomas](https://github.com/uhthomas) in [#26550](https://github.com/immich-app/immich/pull/26550) - feat: update onnxruntime-openvino to 1.24.1 and intel drivers by [@savely-krasovsky](https://github.com/savely-krasovsky) in [#26565](https://github.com/immich-app/immich/pull/26565) - fix: hide download action for local/merged assets by [@YarosMallorca](https://github.com/YarosMallorca) in [#26461](https://github.com/immich-app/immich/pull/26461) - fix(web): top bar z index on search page by [@YarosMallorca](https://github.com/YarosMallorca) in [#26582](https://github.com/immich-app/immich/pull/26582) - fix(web): show shared link download button when logged in by [@Snowknight26](https://github.com/Snowknight26) in [#26629](https://github.com/immich-app/immich/pull/26629) - fix(mobile): asset viewer hero animation by [@uhthomas](https://github.com/uhthomas) in [#26545](https://github.com/immich-app/immich/pull/26545) - fix(web): timeline and asset viewer RTL support by [@meesfrensel](https://github.com/meesfrensel) in [#26513](https://github.com/immich-app/immich/pull/26513) - fix(server): clean up edited thumbnail when deleting asset by [@michelheusschen](https://github.com/michelheusschen) in [#26664](https://github.com/immich-app/immich/pull/26664) - fix: implement existing withStacked on searchAssetBuilder by [@babbitt](https://github.com/babbitt) in [#26607](https://github.com/immich-app/immich/pull/26607) - fix(mobile): video state by [@uhthomas](https://github.com/uhthomas) in [#26574](https://github.com/immich-app/immich/pull/26574) - fix(maintenance mode): wait for valid server config on restart by [@insertish](https://github.com/insertish) in [#26456](https://github.com/immich-app/immich/pull/26456) - fix(web): inconsistent asset nav bar state after visiting shared link by [@Snowknight26](https://github.com/Snowknight26) in [#26674](https://github.com/immich-app/immich/pull/26674) - fix(web): download toast showing wrong filename for motion assets by [@Snowknight26](https://github.com/Snowknight26) in [#26689](https://github.com/immich-app/immich/pull/26689) - fix(mobile): add safe area for asset details by [@uhthomas](https://github.com/uhthomas) in [#26675](https://github.com/immich-app/immich/pull/26675) - fix(web): combobox dropdown positioning in modals by [@michelheusschen](https://github.com/michelheusschen) in [#26707](https://github.com/immich-app/immich/pull/26707) - fix(web): video stealing focus when it plays again when looping by [@Snowknight26](https://github.com/Snowknight26) in [#26704](https://github.com/immich-app/immich/pull/26704) - fix(ml): batch size setting by [@mertalev](https://github.com/mertalev) in [#26524](https://github.com/immich-app/immich/pull/26524) - fix(server): clarify transcoding bitrate policy by [@meesfrensel](https://github.com/meesfrensel) in [#26711](https://github.com/immich-app/immich/pull/26711) - fix: playback style migration by [@alextran1502](https://github.com/alextran1502) in [#26718](https://github.com/immich-app/immich/pull/26718) - fix(web): asset viewer showing wrong viewer type when hovering on stack thumbnails by [@Snowknight26](https://github.com/Snowknight26) in [#26741](https://github.com/immich-app/immich/pull/26741) - fix(server): opus handling as accepted audio codec in transcode policy by [@skatsubo](https://github.com/skatsubo) in [#26736](https://github.com/immich-app/immich/pull/26736) - fix(web): refresh recent albums sidebar after album changes by [@michelheusschen](https://github.com/michelheusschen) in [#26757](https://github.com/immich-app/immich/pull/26757) - fix(web): show the correct cursor at crop bounds when editing an asset by [@Snowknight26](https://github.com/Snowknight26) in [#26748](https://github.com/immich-app/immich/pull/26748) - fix(web): recalculate face bounding boxes by [@cratoo](https://github.com/cratoo) in [#26737](https://github.com/immich-app/immich/pull/26737) - fix(web): context menu overflow by [@SevereCloud](https://github.com/SevereCloud) in [#26760](https://github.com/immich-app/immich/pull/26760) - fix(web): correct tag rounding in search options by [@michelheusschen](https://github.com/michelheusschen) in [#26814](https://github.com/immich-app/immich/pull/26814) - fix(web): prevent unrelated assets from appearing in tag view by [@michelheusschen](https://github.com/michelheusschen) in [#26816](https://github.com/immich-app/immich/pull/26816) - fix(mobile): use tabular figures in backup page by [@uhthomas](https://github.com/uhthomas) in [#26830](https://github.com/immich-app/immich/pull/26830) - fix(mobile): wrap backup error message text by [@uhthomas](https://github.com/uhthomas) in [#26834](https://github.com/immich-app/immich/pull/26834) - fix(server): use correct day ordering in timeline buckets by [@michelheusschen](https://github.com/michelheusschen) in [#26821](https://github.com/immich-app/immich/pull/26821) - fix(web): face selection box position resetting on browser resize by [@Snowknight26](https://github.com/Snowknight26) in [#26766](https://github.com/immich-app/immich/pull/26766) - fix: use correct original URL for 360 video panorama playback by [@luis15pt](https://github.com/luis15pt) in [#26831](https://github.com/immich-app/immich/pull/26831) - fix(web): disable drag and drop for internal items by [@michelheusschen](https://github.com/michelheusschen) in [#26897](https://github.com/immich-app/immich/pull/26897) - fix(web): keep header fixed on individual shared links by [@michelheusschen](https://github.com/michelheusschen) in [#26892](https://github.com/immich-app/immich/pull/26892) - fix: SMTP over TLS by [@nathanielhourt](https://github.com/nathanielhourt) in [#26893](https://github.com/immich-app/immich/pull/26893) - fix(web): copy yearMonth in MonthGroup to avoid shared object reference with asset in [#26890](https://github.com/immich-app/immich/pull/26890) - fix(mobile): use shared auth for background\_downloader by [@mertalev](https://github.com/mertalev) in [#26911](https://github.com/immich-app/immich/pull/26911) - fix(web): prevent search page error on missing album filter by [@michelheusschen](https://github.com/michelheusschen) in [#26948](https://github.com/immich-app/immich/pull/26948) - fix(server): sync files to disk by [@uhthomas](https://github.com/uhthomas) in [#26881](https://github.com/immich-app/immich/pull/26881) - fix(web): jump to primary stacked asset from memory by [@michelheusschen](https://github.com/michelheusschen) in [#26978](https://github.com/immich-app/immich/pull/26978) - fix(mobile): reflect asset deletions instantly by [@uhthomas](https://github.com/uhthomas) in [#26835](https://github.com/immich-app/immich/pull/26835) - fix: healthcheck by [@jrasm91](https://github.com/jrasm91) in [#26989](https://github.com/immich-app/immich/pull/26989) - fix(web): escape handling for tagging and adding a face in asset viewer by [@cratoo](https://github.com/cratoo) in [#26870](https://github.com/immich-app/immich/pull/26870) - fix: filter after searching by asset id by [@jrasm91](https://github.com/jrasm91) in [#26994](https://github.com/immich-app/immich/pull/26994) - fix: bounding box return type by [@jrasm91](https://github.com/jrasm91) in [#27014](https://github.com/immich-app/immich/pull/27014) - fix: validate accept header before returning html by [@jrasm91](https://github.com/jrasm91) in [#27019](https://github.com/immich-app/immich/pull/27019) ##### 📚 Documentation - chore(docs): Update help channel for developers by [@Mraedis](https://github.com/Mraedis) in [#26284](https://github.com/immich-app/immich/pull/26284) - feat(docs): Explain configuration file location for Docker Compose by [@keunes](https://github.com/keunes) in [#24989](https://github.com/immich-app/immich/pull/24989) - chore(docs): add quick-start guide for DevPod with docker by [@dhlavaty](https://github.com/dhlavaty) in [#26213](https://github.com/immich-app/immich/pull/26213) - feat(docs): Adding information about parameter c= by [@aviv926](https://github.com/aviv926) in [#26430](https://github.com/immich-app/immich/pull/26430) - feat: doc links by [@jrasm91](https://github.com/jrasm91) in [#26519](https://github.com/immich-app/immich/pull/26519) - fix(docs): add ocr to job flow diagram by [@niij](https://github.com/niij) in [#26505](https://github.com/immich-app/immich/pull/26505) ##### 🌐 Translations - chore(web): update translations by [@weblate](https://github.com/weblate) in [#26118](https://github.com/immich-app/immich/pull/26118) - fix: clarify external domain setting is used for emails too by [@chrislongros](https://github.com/chrislongros) in [#26009](https://github.com/immich-app/immich/pull/26009) - chore(web): update translations by [@weblate](https://github.com/weblate) in [#26167](https://github.com/immich-app/immich/pull/26167) - fix(web): error page i18n by [@meesfrensel](https://github.com/meesfrensel) in [#26517](https://github.com/immich-app/immich/pull/26517) - chore(web): clarify locale settings description by [@meesfrensel](https://github.com/meesfrensel) in [#25562](https://github.com/immich-app/immich/pull/25562) - chore(web): update translations by [@weblate](https://github.com/weblate) in [#26192](https://github.com/immich-app/immich/pull/26192) ##### New Contributors - [@klenner1](https://github.com/klenner1) made their first contribution in [#26151](https://github.com/immich-app/immich/pull/26151) - [@bkchr](https://github.com/bkchr) made their first contribution in [#25088](https://github.com/immich-app/immich/pull/25088) - [@chrislongros](https://github.com/chrislongros) made their first contribution in [#26011](https://github.com/immich-app/immich/pull/26011) - [@agent-steven](https://github.com/agent-steven) made their first contribution in [#26091](https://github.com/immich-app/immich/pull/26091) - [@dhlavaty](https://github.com/dhlavaty) made their first contribution in [#26238](https://github.com/immich-app/immich/pull/26238) - [@Nacolis](https://github.com/Nacolis) made their first contribution in [#26063](https://github.com/immich-app/immich/pull/26063) - [@ewinnd](https://github.com/ewinnd) made their first contribution in [#26277](https://github.com/immich-app/immich/pull/26277) - [@dnozay](https://github.com/dnozay) made their first contribution in [#26261](https://github.com/immich-app/immich/pull/26261) - [@keunes](https://github.com/keunes) made their first contribution in [#24989](https://github.com/immich-app/immich/pull/24989) - [@Devansh-Jani](https://github.com/Devansh-Jani) made their first contribution in [#26042](https://github.com/immich-app/immich/pull/26042) - [@benjamonnguyen](https://github.com/benjamonnguyen) made their first contribution in [#26196](https://github.com/immich-app/immich/pull/26196) - [@fabio-garavini](https://github.com/fabio-garavini) made their first contribution in [#26252](https://github.com/immich-app/immich/pull/26252) - [@haoxi911](https://github.com/haoxi911) made their first contribution in [#25399](https://github.com/immich-app/immich/pull/25399) - [@thezeroalpha](https://github.com/thezeroalpha) made their first contribution in [#20286](https://github.com/immich-app/immich/pull/20286) - [@socksprox](https://github.com/socksprox) made their first contribution in [#26407](https://github.com/immich-app/immich/pull/26407) - [@kprinssu](https://github.com/kprinssu) made their first contribution in [#26178](https://github.com/immich-app/immich/pull/26178) - [@babbitt](https://github.com/babbitt) made their first contribution in [#26607](https://github.com/immich-app/immich/pull/26607) - [@niij](https://github.com/niij) made their first contribution in [#26505](https://github.com/immich-app/immich/pull/26505) - [@cratoo](https://github.com/cratoo) made their first contribution in [#26667](https://github.com/immich-app/immich/pull/26667) - [@M123-dev](https://github.com/M123-dev) made their first contribution in [#26630](https://github.com/immich-app/immich/pull/26630) - [@apejcic](https://github.com/apejcic) made their first contribution in [#22948](https://github.com/immich-app/immich/pull/22948) - [@SevereCloud](https://github.com/SevereCloud) made their first contribution in [#26760](https://github.com/immich-app/immich/pull/26760) - [@brendanngo](https://github.com/brendanngo) made their first contribution in [#26833](https://github.com/immich-app/immich/pull/26833) - [@luis15pt](https://github.com/luis15pt) made their first contribution in [#26831](https://github.com/immich-app/immich/pull/26831) - [@nathanielhourt](https://github.com/nathanielhourt) made their first contribution in [#26893](https://github.com/immich-app/immich/pull/26893) - [@Belnadifia](https://github.com/Belnadifia) made their first contribution in [#26717](https://github.com/immich-app/immich/pull/26717) - [@pressslav](https://github.com/pressslav) made their first contribution in [#26944](https://github.com/immich-app/immich/pull/26944) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.5.6...v2.6.0> ### [`v2.5.6`](https://github.com/immich-app/immich/releases/tag/v2.5.6) [Compare Source](https://github.com/immich-app/immich/compare/v2.5.5...v2.5.6) ##### v2.5.6 This patch release addresses the following issues - Fixed an issue where thumbnail generation runs every night when `full-size image generation` option is enabled. - Fixed an issue where iOS is slow to start in some cases. - Fixed an issue where Android device cannot delete asset using Free Up Space feature if it has more than a few thousand assets  ##### 🐛 Bug fixes - fix: enhance album sorting functionality with order handling by [@LeLunZ](https://github.com/LeLunZ) in [#24816](https://github.com/immich-app/immich/pull/24816) - fix: add missing translations for image editor by [@michelheusschen](https://github.com/michelheusschen) in [#25957](https://github.com/immich-app/immich/pull/25957) - fix: image and video download complete notification shows "file\_name" by [@romoisverycool](https://github.com/romoisverycool) in [#25975](https://github.com/immich-app/immich/pull/25975) - fix: user profile refetched each time on opening app dialog by [@shenlong-tanwen](https://github.com/shenlong-tanwen) in [#25992](https://github.com/immich-app/immich/pull/25992) - fix: improve albums page load time on firefox by [@michelheusschen](https://github.com/michelheusschen) in [#26025](https://github.com/immich-app/immich/pull/26025) - fix: reduce queue graph jitter and include paused count by [@michelheusschen](https://github.com/michelheusschen) in [#26023](https://github.com/immich-app/immich/pull/26023) - fix(web): toast fixed location by [@YarosMallorca](https://github.com/YarosMallorca) in [#25966](https://github.com/immich-app/immich/pull/25966) - fix: scroll jump when opening show & hide people by [@michelheusschen](https://github.com/michelheusschen) in [#25932](https://github.com/immich-app/immich/pull/25932) - fix(web): display storage unit next to value instead of absolute positioning in admin user page by [@K0lin](https://github.com/K0lin) in [#25985](https://github.com/immich-app/immich/pull/25985) - fix: iOS slow start by [@alextran1502](https://github.com/alextran1502) in [#26043](https://github.com/immich-app/immich/pull/26043) - fix: profile dialog auto dismiss after opening on iPad by [@alextran1502](https://github.com/alextran1502) in [#26046](https://github.com/immich-app/immich/pull/26046) - fix(web): prevent context menu from overflowing viewport by [@ttpss930141011](https://github.com/ttpss930141011) in [#26041](https://github.com/immich-app/immich/pull/26041) - fix: slideshow setting dropdown overflow by [@michelheusschen](https://github.com/michelheusschen) in [#26066](https://github.com/immich-app/immich/pull/26066) - fix: free up space using small batch size to reliably work on Android by [@alextran1502](https://github.com/alextran1502) in [#26047](https://github.com/immich-app/immich/pull/26047) - fix(web): removing a person in an asset, doesn't remove the asset in … by [@dolfje](https://github.com/dolfje) in [#26068](https://github.com/immich-app/immich/pull/26068) - fix(mobile): handle image stream completion when no image is emitted by [@LeLunZ](https://github.com/LeLunZ) in [#25984](https://github.com/immich-app/immich/pull/25984) - fix: evict image from cache on error during image loading by [@LeLunZ](https://github.com/LeLunZ) in [#26078](https://github.com/immich-app/immich/pull/26078) - fix(server): thumbnail queueing by [@mertalev](https://github.com/mertalev) in [#26077](https://github.com/immich-app/immich/pull/26077) - fix: create face exif orientation handling by [@bwees](https://github.com/bwees) in [#26108](https://github.com/immich-app/immich/pull/26108) - fix(web): refresh text by [@jrasm91](https://github.com/jrasm91) in [#26071](https://github.com/immich-app/immich/pull/26071) - fix: correctly cancel select all assets by [@michelheusschen](https://github.com/michelheusschen) in [#26067](https://github.com/immich-app/immich/pull/26067) - fix: person thumbnail generation on edited assets by [@bwees](https://github.com/bwees) in [#26112](https://github.com/immich-app/immich/pull/26112) - fix: local date time group fall back by [@alextran1502](https://github.com/alextran1502) in [#26110](https://github.com/immich-app/immich/pull/26110) ##### 📚 Documentation - feat(docs): version policy by [@mmomjian](https://github.com/mmomjian) in [#25979](https://github.com/immich-app/immich/pull/25979) - feat(deployment): rootless compose file by [@mmomjian](https://github.com/mmomjian) in [#25931](https://github.com/immich-app/immich/pull/25931) - docs: update ml-hardware-acceleration.md by [@cmrtdev](https://github.com/cmrtdev) in [#25755](https://github.com/immich-app/immich/pull/25755) ##### 🌐 Translations - chore(web): update translations by [@weblate](https://github.com/weblate) in [#25947](https://github.com/immich-app/immich/pull/25947) ##### New Contributors - [@ttpss930141011](https://github.com/ttpss930141011) made their first contribution in [#26041](https://github.com/immich-app/immich/pull/26041) - [@dolfje](https://github.com/dolfje) made their first contribution in [#26068](https://github.com/immich-app/immich/pull/26068) - [@cmrtdev](https://github.com/cmrtdev) made their first contribution in [#25755](https://github.com/immich-app/immich/pull/25755) - [@nicosemp](https://github.com/nicosemp) made their first contribution in [#25599](https://github.com/immich-app/immich/pull/25599) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.5.5...v2.5.6> ### [`v2.5.5`](https://github.com/immich-app/immich/releases/tag/v2.5.5) [Compare Source](https://github.com/immich-app/immich/compare/v2.5.3...v2.5.5) ##### v2.5.5 *`v2.5.4` was in the way of getting out, and we got another annoyance bug fixed, so we rolled it into `v2.5.5`* Happy Friday! This release addresses more bugs from the `v2.5.0` release. Enjoy! - Fixed an issue where changing the timezone on the web changes the time instead of the timezone - Fixed an issue where background task on iOS don't get triggered as often - Fixes some issues regarding the usage of self-signed certificate and mLTS on the mobile app ##### 🐛 Bug fixes - fix(mobile): cancel share download when dialog is dismissed by [@cmdPromptCritical](https://github.com/cmdPromptCritical) in [#25466](https://github.com/immich-app/immich/pull/25466) - fix: album dto docs by [@jrasm91](https://github.com/jrasm91) in [#25873](https://github.com/immich-app/immich/pull/25873) - fix: null validation by [@jrasm91](https://github.com/jrasm91) in [#25891](https://github.com/immich-app/immich/pull/25891) - fix(server): deleting stacked assets by [@jrasm91](https://github.com/jrasm91) in [#25874](https://github.com/immich-app/immich/pull/25874) - fix: close tag modal after tagging assets by [@michelheusschen](https://github.com/michelheusschen) in [#25884](https://github.com/immich-app/immich/pull/25884) - fix: correctly sync shared link download with metadata toggle by [@michelheusschen](https://github.com/michelheusschen) in [#25885](https://github.com/immich-app/immich/pull/25885) - fix: date time picker text color in dark mode by [@alextran1502](https://github.com/alextran1502) in [#25883](https://github.com/immich-app/immich/pull/25883) - fix: allow null tagIds in search dto by [@michelheusschen](https://github.com/michelheusschen) in [#25920](https://github.com/immich-app/immich/pull/25920) - fix: improve asset editor exit handling by [@michelheusschen](https://github.com/michelheusschen) in [#25917](https://github.com/immich-app/immich/pull/25917) - fix: make switch labels properly clickable by [@michelheusschen](https://github.com/michelheusschen) in [#25898](https://github.com/immich-app/immich/pull/25898) - fix: ensure theme stays in sync with [@immich/ui](https://github.com/immich/ui) by [@michelheusschen](https://github.com/michelheusschen) in [#25922](https://github.com/immich-app/immich/pull/25922) - fix: preserve hidden people state across pagination by [@michelheusschen](https://github.com/michelheusschen) in [#25886](https://github.com/immich-app/immich/pull/25886) - fix: file name search label by [@alextran1502](https://github.com/alextran1502) in [#25916](https://github.com/immich-app/immich/pull/25916) - fix(mobile): mtls on native clients by [@mertalev](https://github.com/mertalev) in [#25802](https://github.com/immich-app/immich/pull/25802) - fix: time zone upserts by [@danieldietzler](https://github.com/danieldietzler) in [#25889](https://github.com/immich-app/immich/pull/25889) - fix(web): Ensure profile picture is cropped to 1:1 ratio by [@aditya-ai-architect](https://github.com/aditya-ai-architect) in [#25892](https://github.com/immich-app/immich/pull/25892) - fix(mobile): reset asset index on timeline refresh by [@uhthomas](https://github.com/uhthomas) in [#25729](https://github.com/immich-app/immich/pull/25729) - fix: timezone in timeline bucketing by [@shenlong-tanwen](https://github.com/shenlong-tanwen) in [#25894](https://github.com/immich-app/immich/pull/25894) - fix(mobile): Update preview and PageController position when the asset count decreases while the last item is selected by [@PeterOmbodi](https://github.com/PeterOmbodi) in [#25563](https://github.com/immich-app/immich/pull/25563) - fix(server): use provided database username for restore & ensure name is not mangled by [@insertish](https://github.com/insertish) in [#25679](https://github.com/immich-app/immich/pull/25679) - fix: image download complete notification shows an extra {file\_name} template tag by [@romoisverycool](https://github.com/romoisverycool) in [#25936](https://github.com/immich-app/immich/pull/25936) - fix: face and edit handling by [@bwees](https://github.com/bwees) in [#25738](https://github.com/immich-app/immich/pull/25738) - fix: queue assets missing fullsize files for thumbnail regeneration by [@midzelis](https://github.com/midzelis) in [#25794](https://github.com/immich-app/immich/pull/25794) - fix: dedupe version announcement modal by [@jrasm91](https://github.com/jrasm91) in [#25946](https://github.com/immich-app/immich/pull/25946) - fix(cli): suppress startup messages for immich-admin by [@VahantSharma](https://github.com/VahantSharma) in [#25928](https://github.com/immich-app/immich/pull/25928) ##### 📚 Documentation - docs: update manual backup/restore to match the automatic process by [@insertish](https://github.com/insertish) in [#25924](https://github.com/immich-app/immich/pull/25924) - fix(docs): add missing --json-output arg to CLI example by [@Xiol](https://github.com/Xiol) in [#25870](https://github.com/immich-app/immich/pull/25870) - docs: remove writeTimeout on traefik example by [@kaysond](https://github.com/kaysond) in [#25837](https://github.com/immich-app/immich/pull/25837) ##### 🌐 Translations - chore(web): update translations by [@weblate](https://github.com/weblate) in [#25585](https://github.com/immich-app/immich/pull/25585) ##### New Contributors - [@aditya-ai-architect](https://github.com/aditya-ai-architect) made their first contribution in [#25892](https://github.com/immich-app/immich/pull/25892) - [@VahantSharma](https://github.com/VahantSharma) made their first contribution in [#25927](https://github.com/immich-app/immich/pull/25927) - [@Xiol](https://github.com/Xiol) made their first contribution in [#25870](https://github.com/immich-app/immich/pull/25870) - [@cmdPromptCritical](https://github.com/cmdPromptCritical) made their first contribution in [#25466](https://github.com/immich-app/immich/pull/25466) - [@romoisverycool](https://github.com/romoisverycool) made their first contribution in [#25936](https://github.com/immich-app/immich/pull/25936) - [@didekoning](https://github.com/didekoning) made their first contribution in [#25937](https://github.com/immich-app/immich/pull/25937) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.5.3...v2.5.5> ### [`v2.5.3`](https://github.com/immich-app/immich/releases/tag/v2.5.3) [Compare Source](https://github.com/immich-app/immich/compare/v2.5.2...v2.5.3) ##### What's Changed ##### 🐛 Bug fixes - chore: remove random code snippet by [@jrasm91](https://github.com/jrasm91) in [#25677](https://github.com/immich-app/immich/pull/25677) - fix: reset and unsaved change states in editor by [@bwees](https://github.com/bwees) in [#25588](https://github.com/immich-app/immich/pull/25588) - fix: no notification if release check is disabled by [@jrasm91](https://github.com/jrasm91) in [#25688](https://github.com/immich-app/immich/pull/25688) - fix(mobile): hide latest version if disabled by [@uhthomas](https://github.com/uhthomas) in [#25691](https://github.com/immich-app/immich/pull/25691) - fix(web): enable asset viewer navigation across memory boundaries by [@midzelis](https://github.com/midzelis) in [#25741](https://github.com/immich-app/immich/pull/25741) - fix: upload progress bar flickering by [@alextran1502](https://github.com/alextran1502) in [#25829](https://github.com/immich-app/immich/pull/25829) - fix: prevent stale values in edit user form after save by [@michelheusschen](https://github.com/michelheusschen) in [#25859](https://github.com/immich-app/immich/pull/25859) - fix: prevent album page get rebuilt when resuming app by [@alextran1502](https://github.com/alextran1502) in [#25862](https://github.com/immich-app/immich/pull/25862) - fix: prevent backspace from accidentally triggering delete modals by [@michelheusschen](https://github.com/michelheusschen) in [#25858](https://github.com/immich-app/immich/pull/25858) - fix: metadata extraction race condition by [@danieldietzler](https://github.com/danieldietzler) in [#25866](https://github.com/immich-app/immich/pull/25866) - fix: reset zoom when navigating between assets by [@michelheusschen](https://github.com/michelheusschen) in [#25863](https://github.com/immich-app/immich/pull/25863) ##### 📚 Documentation - docs(openapi): Add descriptions to OpenAPI specification by [@timonrieger](https://github.com/timonrieger) in [#25185](https://github.com/immich-app/immich/pull/25185) - fix(docs): clarify supported vector version by [@mmomjian](https://github.com/mmomjian) in [#25753](https://github.com/immich-app/immich/pull/25753) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.5.2...v2.5.3> ### [`v2.5.2`](https://github.com/immich-app/immich/releases/tag/v2.5.2) [Compare Source](https://github.com/immich-app/immich/compare/v2.5.0...v2.5.2) ##### v2.5.2 *`v2.5.1` has been sacrificed for the release God, so the Android app can now be released* > \[!NOTE] > This version of the mobile app will pull down some data from the server to fix the incorrect data in the mobile app local database, so you will see the sync icon running for a little bit ##### Hotfixes - Fixed a bug where the video aspect ratio is played incorrectly for the remote asset - Fixed a bug where memory generation failed - Fixed a bug where memories don't show on the web until the page is refreshed - Fixed a bug where the `Load original image` option doesn't render the image on iOS ##### What's Changed ##### 🐛 Bug fixes - fix: deleting asset from asset-viewer on search results by [@midzelis](https://github.com/midzelis) in [#25596](https://github.com/immich-app/immich/pull/25596) - fix: escape handling in search asset viewer by [@danieldietzler](https://github.com/danieldietzler) in [#25621](https://github.com/immich-app/immich/pull/25621) - fix: correctly show owner in album options modal by [@danieldietzler](https://github.com/danieldietzler) in [#25618](https://github.com/immich-app/immich/pull/25618) - fix(server): don't assume maintenance action is set by [@insertish](https://github.com/insertish) in [#25622](https://github.com/immich-app/immich/pull/25622) - fix: album card ranges by [@danieldietzler](https://github.com/danieldietzler) in [#25639](https://github.com/immich-app/immich/pull/25639) - fix(mobile): show controls by default on motion photos by [@goalie2002](https://github.com/goalie2002) in [#25638](https://github.com/immich-app/immich/pull/25638) - fix: escape handling by [@danieldietzler](https://github.com/danieldietzler) in [#25627](https://github.com/immich-app/immich/pull/25627) - fix(mobile): set correct system-ui mode on asset viewer init by [@goalie2002](https://github.com/goalie2002) in [#25610](https://github.com/immich-app/immich/pull/25610) - fix(mobile): actually load original image by [@mertalev](https://github.com/mertalev) in [#25646](https://github.com/immich-app/immich/pull/25646) - fix: width and height migration issue by [@alextran1502](https://github.com/alextran1502) in [#25643](https://github.com/immich-app/immich/pull/25643) - fix: memory lane by [@jrasm91](https://github.com/jrasm91) in [#25652](https://github.com/immich-app/immich/pull/25652) - fix: memory generation by [@jrasm91](https://github.com/jrasm91) in [#25650](https://github.com/immich-app/immich/pull/25650) - fix(mobile): tall image scrolling by [@ByteSizedMarius](https://github.com/ByteSizedMarius) in [#25649](https://github.com/immich-app/immich/pull/25649) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.5.0...v2.5.2> ### [`v2.5.0`](https://github.com/immich-app/immich/releases/tag/v2.5.0): - 90000 Stars Release [Compare Source](https://github.com/immich-app/immich/compare/v2.4.1...v2.5.0) ##### v2.5.0 > \[!NOTE] > > ### 01/27 > > - 20:23 GMT: We are halting the release of the mobile app as there are some reported issues with migration > - 22:00 GMT: Found the issue with the migration for the experimental sync-delete feature on Android. Will fix and release a new update soon. ETA tomorrow CTS time > - 22:24 GMT: iOS is released as the migration doesn't affect iOS users > > ### 01/28 > > - Discovered some annoyance bugs regarding editing after ready to release `v2.5.1`, so spent the whole day fixing them and will release `v2.5.2` on Thursday (01/29) > > Sorry for the inconvenience ##### Highlights Happy New Year! Welcome to Immich `v2.5.0`. This release is our fireworks to celebrate both the new year and reaching *90,000* stars on GitHub. It is packed with major features that have been in the works for quite some time, and the team has kicked off the year with incredible momentum that we're excited to carry forward. We couldn't wait to share this with you. Let's dive right in: - Free Up Space - Non-destructive editing - Database backup and restore (web) - Upload improvements - Visual refresh across all platforms - Disable admin setup - Star rating (mobile) - Additional fine-grained permissions (api keys) - Progressive JPEGs - Slideshow loop option (web) - Native HTTP clients for HTTP/2 and HTTP/3 image loading ##### Free Up Space *This feature was requested ages ago. So long in fact, that it has a 3-digit ID ([#165](https://github.com/immich-app/immich/issues/165))! Given the rapid iteration and development pace of the pre-stable era, it was risky to include it in the app due to its bulk-delete nature. But it is now 2026* :smile:*, so here we are.* **Free Up Space** allows you to remove local media files from your device that have already been successfully backed up to your Immich server (and are not in Immich trash). This helps reclaim storage on your mobile device without losing your memories. The feature can be accessed from the user profile panel or from the Settings page in the mobile app. <img width="300" alt="image" src="https://github.com/user-attachments/assets/2985ea6c-4392-414e-aef3-83c70ffe5570" /> <img alt="image" src="https://github.com/user-attachments/assets/cf7b7d2c-5d37-4c13-a6ad-cacb53a71acb" /> There are configuration options and steps to make sure that everything is verified before deleting from the app. 1. **Configuration:** - **Cutoff date:** Free Up Space will only look for photos and videos **on or before** this date. - **Keep albums:** Hold all photos and videos in the selected albums on your device, regardless of other settings. By default, `**WhatsApp**` related albums are selected to be kept on the device. Assets that are not already on the device will not be redownloaded. - **Keep favorites:** This works the same way `**Keep albums**` . By default, favorited assets are preserved on your device. - **Keep on device:** You can choose to restrict removal to `**Always keep**` **All photos** or **All videos**, regardless of other settings. This setting can hamper freeing up space significantly — with 80 GB of videos and 40 GB of photos, selecting `**Always keep photos**` retains thousands of photos on your device. > \[!TIP] > These configurations are persistent to make it convenient for those who perform this task often. 2. **Scan & Review:** Before any files are removed, you are presented with a review screen to confirm which items will be deleted and how much storage will be reclaimed. 3. **Deletion:** Confirmed items are moved to your device's native Trash/Recycle Bin. > \[!NOTE] > **Reclaim storage** > To use the reclaimed space right away, you must manually empty the system/gallery trash outside Immich. For more information about this feature, please read it [here](https://docs.immich.app/features/mobile-app#free-up-space) ##### Non-destructive editing Immich now supports non-destructive photo editing. This means that any edits you make to an asset do not modify the original file; instead, the modifications are stored in the database, and new thumbnails are generated based on those changes. This means you can always revert to the original asset if needed. When you download an edited asset, Immich provides the edited version by default. However, you can choose to download the original version if needed. Immich always generates an edited full-size version based on your full-size quality settings. This occurs regardless of whether the "Enable full-size image generation" setting is enabled or disabled. > \[!NOTE] > **Limitations:** > > - Mobile clients must be updated to v2.5.0 in order view the edited version of an asset. Clients will continue to > see the original asset if on a mobile app version <2.5.0 > - As of this version, the edited download won't include the EXIF metadata of the original asset. This feature will come in future releases. > - Mobile editing still uses the old edit system (saving a new version of the photo). The mobile editor will be upgraded to use the new non-destructive editing system in a future release. You can click on the following icon to enter edit mode <img width="400" alt="image" src="https://github.com/user-attachments/assets/7f2092cf-c149-492c-af08-a04c8de16915" /> Currently, Immich supports the following types of edits: - Cropping - Rotation - Mirroring <img width="800" alt="image" src="https://github.com/user-attachments/assets/b1c0b1e7-5074-4b19-ac23-449931a233f3" /> Opening the editor on an edited asset will load the existing edits back in so you can make adjustments and changes. <img width="800" alt="image" src="https://github.com/user-attachments/assets/0346e1ac-eb8c-490a-8d47-a3b79626b5b6" /> ##### Backup and restore from the web UI Backup and restore are an important part of any self-hosted application; this feature helps you maintain reliable access to your instance during unexpected events, such as database corruption caused by system failure or power loss. Historically, restoring an Immich instance to a specific point required the user to have access to the command line, which proved challenging for many users, especially those new to self-hosting and software maintenance. Now, we have the entire backup and restore pipeline built into Immich, which allows you to quickly restore a database backup directly from the web UI. You can perform the steps either from the `Administration > Maintenance` page, or from a brand new instance on the welcome page. **Restore from Administration's Maintenance page** <img width="800" alt="image" src="https://github.com/user-attachments/assets/7a608442-bd1c-4e0c-b255-1df45699fa9f" /> **Restore from Onboarding page** <img width="800" alt="image" src="https://github.com/user-attachments/assets/6012a0e6-ba32-45d0-aec4-c24d19bd4a25" /> For more detailed steps, please read them in [our documentation](https://docs.immich.app/administration/backup-and-restore) ##### Upload improvement This release also improves foreground upload in the mobile app. The previous implementation improves background uploads but leaves foreground uploads less reliable by leveraging the queue system to offload upload handling to the OS, which can be throttled under specific criteria. We are taking back more control over handling uploads with the *try-and-true* method used in the old timeline, but this time it is supercharged with concurrent uploads and also correctly handles assets with missing file extensions from software such as DJI or Fusion Camera. <img width="300" alt="image" src="https://github.com/user-attachments/assets/87d317ed-933b-48c7-88e3-d267e928b9d1" /> Upload now will also send unique metadata for each asset to the server, so it can be used to quickly retrieve the checksum when reinstalling the app, saving time and CPU resources. This is especially useful for iCloud users, as the hashing process can take a long time. For iOS and iCloud users, it is recommended to go to App Settings > Sync Status and tap the "Sync Cloud IDs" button to backfill the metadata for the uploaded content. You only need to do this once. <img width="300" alt="image" src="https://github.com/user-attachments/assets/0470e707-f913-418c-94a5-3fb83ae95fae" /> ##### Visual refresh across all platforms This release also brings you a refreshed look and feel across the web, mobile app, and the documentation sites, with a new font face ("The-name-must-not-be-named" Sans) that improves reading legibility, especially for numbers and smaller text. <img width="300" alt="image" src="https://github.com/user-attachments/assets/83fc22ab-c3c8-4dfe-99c2-4620c6f03938" /> The UI library (<https://ui.immich.app/>) components have also been added to the web app in more places. You should see a more standardized, coherent, and better hierarchy for UI components across the app. <img width="300" alt="image" src="https://github.com/user-attachments/assets/80157cb0-e77f-4219-9648-373a21ebfd6e" /> All icon buttons now come with a tooltip, so you don't have to guess what function the button serves <img width="300" alt="image" src="https://github.com/user-attachments/assets/df2119dc-d3a9-43ae-a002-593710d3d226" /> ##### Star rating (mobile) Mobile now has the star-rating feature, similar to the web application. If you don't see a star rating on either platform, make sure the feature is enabled [here](https://my.immich.app/user-settings?isOpen=feature+rating). <img width="400" alt="image" src="https://github.com/user-attachments/assets/e6a3e6a4-a18a-41a4-9eb0-845be68904a9" /> ##### Disable admin setup New installs show a welcome page and allow anyone to sign up / register as an admin. To have more control over whether this is allowed or not, we have added the following environment variable: ```typescript IMMICH_ALLOW_SETUP=true|false ``` This is especially useful if you have already initialized Immich and never want this situation to be possible in the future, which can happen if for whatever reason the database is reset. ##### Additional fine-grained permissions (api keys) Some existing endpoints have been assigned fine-grained permissions, allowing the creation of API keys with limited access. The new permissions include:\n - `map.read` - Retrieve a list of latitude and longitude coordinates for every asset with location data - `map.search` - Retrieve location information for latitude & longitude coordinates - `folder.read` - Retrieve information about folders and which assets they contain ##### Progressive JPEGs All image-generation settings now include a new option to enable progressive JPEGs. When enabled, supported browsers will progressively render the image. <img width="800" alt="image" src="https://github.com/user-attachments/assets/ac62bb63-41da-419b-808f-b81ef90f7183" /> ##### Slideshow loop option (web) The slideshow settings on the web now include an option to automatically start the slideshow over. <img width="500" alt="image" src="https://github.com/user-attachments/assets/b9122b7b-ae6f-4536-bf4c-fc295f6bd486" /> ##### Native HTTP clients All remote images are now requested using optimized HTTP clients, meaning images load more quickly and can keep up with your scrolling. Caching is also improved: not only does this make images even snappier to load after being downloaded, it also improves the offline experience with better responsiveness and a larger cache size. *** As always, there are many more QoL improvements, bug fixes, and enhancements in this release. Please find the full release note below ##### Support Immich <p align="center"> <img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExbjY2eWc5Y2F0ZW56MmR4aWE0dDhzZXlidXRmYWZyajl1bWZidXZpcyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/87CKDqErVfMqY/giphy.gif" width="450" title="SUPPORT THE PROJECT!"> </p> If you find the project helpful, you can support Immich by purchasing a product key at <https://buy.immich.app> or our merchandise at <https://immich.store>  ##### What's Changed ##### 🚀 Features - feat: workflow ui by [@alextran1502](https://github.com/alextran1502) in [#24190](https://github.com/immich-app/immich/pull/24190) - feat: disable admin setup by [@jrasm91](https://github.com/jrasm91) in [#24628](https://github.com/immich-app/immich/pull/24628) - feat: free up space by [@alextran1502](https://github.com/alextran1502) in [#24999](https://github.com/immich-app/immich/pull/24999) - feat: use fastlane sigh to manage signing profiles by [@alextran1502](https://github.com/alextran1502) in [#25089](https://github.com/immich-app/immich/pull/25089) - feat: image editing by [@bwees](https://github.com/bwees) in [#24155](https://github.com/immich-app/immich/pull/24155) - feat: add cloud id during native sync by [@shenlong-tanwen](https://github.com/shenlong-tanwen) in [#20418](https://github.com/immich-app/immich/pull/20418) - feat: restore database backups by [@insertish](https://github.com/insertish) in [#23978](https://github.com/immich-app/immich/pull/23978) - feat(mobile): star rating by [@YarosMallorca](https://github.com/YarosMallorca) in [#24457](https://github.com/immich-app/immich/pull/24457) - feat(mobile): scrollbar for album page by [@alextran1502](https://github.com/alextran1502) in [#25507](https://github.com/immich-app/immich/pull/25507) ##### 🌟 Enhancements - feat: focus jumped-to item in timeline by [@bo0tzz](https://github.com/bo0tzz) in [#24738](https://github.com/immich-app/immich/pull/24738) - chore: web editor improvements by [@bwees](https://github.com/bwees) in [#25169](https://github.com/immich-app/immich/pull/25169) - feat: modal routes by [@jrasm91](https://github.com/jrasm91) in [#24726](https://github.com/immich-app/immich/pull/24726) - feat: prefer admin settings page over users page by [@jrasm91](https://github.com/jrasm91) in [#24780](https://github.com/immich-app/immich/pull/24780) - feat: shared link edit by [@jrasm91](https://github.com/jrasm91) in [#24783](https://github.com/immich-app/immich/pull/24783) - feat(mobile): use tabular figures in backup info card by [@wrbl606](https://github.com/wrbl606) in [#24820](https://github.com/immich-app/immich/pull/24820) - feat(mobile): album options to kebab menu by [@idubnori](https://github.com/idubnori) in [#24204](https://github.com/immich-app/immich/pull/24204) - feat: Hide/show controls when zoom state changes by [@Lauritz-Tieste](https://github.com/Lauritz-Tieste) in [#24784](https://github.com/immich-app/immich/pull/24784) - feat(server): Support camera `make`, `model`, and `lensModel` in Storage Template by [@rahul-kumar-saini](https://github.com/rahul-kumar-saini) in [#24650](https://github.com/immich-app/immich/pull/24650) - feat(ml): update ONNX Runtime, OpenVINO and ROCm stack by [@savely-krasovsky](https://github.com/savely-krasovsky) in [#23458](https://github.com/immich-app/immich/pull/23458) - chore(server): Vchord 1.0 support by [@mmomjian](https://github.com/mmomjian) in [#23845](https://github.com/immich-app/immich/pull/23845) - feat(web): Add coordinate pair location searching. by [@GustavJones](https://github.com/GustavJones) in [#24799](https://github.com/immich-app/immich/pull/24799) - feat: show asset owners for editors in shared albums by [@ama156](https://github.com/ama156) in [#24890](https://github.com/immich-app/immich/pull/24890) - feat(web): undo delete single asset by [@YarosMallorca](https://github.com/YarosMallorca) in [#24439](https://github.com/immich-app/immich/pull/24439) - feat(server): implement switchable logging formats (console/json) by [@DanielRamosAcosta](https://github.com/DanielRamosAcosta) in [#24791](https://github.com/immich-app/immich/pull/24791) - chore(web): bump immich/ui for tooltips by [@jrasm91](https://github.com/jrasm91) in [#24632](https://github.com/immich-app/immich/pull/24632) - feat(web): star rating keyboard shortcut by [@cbochs](https://github.com/cbochs) in [#24620](https://github.com/immich-app/immich/pull/24620) - feat: bulk asset metadata endpoints by [@jrasm91](https://github.com/jrasm91) in [#25133](https://github.com/immich-app/immich/pull/25133) - feat(mobile): 2026 font by [@alextran1502](https://github.com/alextran1502) in [#25213](https://github.com/immich-app/immich/pull/25213) - feat(web): search albums by description by [@YarosMallorca](https://github.com/YarosMallorca) in [#25244](https://github.com/immich-app/immich/pull/25244) - feat(web): 2026 font by [@alextran1502](https://github.com/alextran1502) in [#25174](https://github.com/immich-app/immich/pull/25174) - chore: dart http foreground upload by [@alextran1502](https://github.com/alextran1502) in [#24883](https://github.com/immich-app/immich/pull/24883) - feat: update intel compute driver by [@savely-krasovsky](https://github.com/savely-krasovsky) in [#25259](https://github.com/immich-app/immich/pull/25259) - feat: download original asset by [@danieldietzler](https://github.com/danieldietzler) in [#25302](https://github.com/immich-app/immich/pull/25302) - feat: allow /memory?id= in AndroidManifest by [@arne182](https://github.com/arne182) in [#25373](https://github.com/immich-app/immich/pull/25373) - fix: add scoped API permissions to map endpoints by [@meesfrensel](https://github.com/meesfrensel) in [#25423](https://github.com/immich-app/immich/pull/25423) - fix(server): scoped permissions for more endpoints by [@meesfrensel](https://github.com/meesfrensel) in [#25452](https://github.com/immich-app/immich/pull/25452) - feat: generate progressive JPEGs for thumbnails by [@midzelis](https://github.com/midzelis) in [#25463](https://github.com/immich-app/immich/pull/25463) - feat: loop slideshows by [@GeneralZero](https://github.com/GeneralZero) in [#25462](https://github.com/immich-app/immich/pull/25462) - feat(mobile): native clients by [@mertalev](https://github.com/mertalev) in [#21459](https://github.com/immich-app/immich/pull/21459) ##### 🐛 Bug fixes - fix(maintenance): prevent enable/disable maintenance CLI hanging on occasion by [@insertish](https://github.com/insertish) in [#24713](https://github.com/immich-app/immich/pull/24713) - fix(web): display jxl original by [@mertalev](https://github.com/mertalev) in [#24766](https://github.com/immich-app/immich/pull/24766) - fix(web): stale album info by [@jrasm91](https://github.com/jrasm91) in [#24787](https://github.com/immich-app/immich/pull/24787) - fix: album card timezone by [@danieldietzler](https://github.com/danieldietzler) in [#24855](https://github.com/immich-app/immich/pull/24855) - fix(web): let slideshow videos play ([#19601](https://github.com/immich-app/immich/issues/19601)) by [@keanucz](https://github.com/keanucz) in [#24914](https://github.com/immich-app/immich/pull/24914) - fix(server): update exiftool-vendored to v34.3 for correct colon-less timezone parsing by [@dosten](https://github.com/dosten) in [#24979](https://github.com/immich-app/immich/pull/24979) - fix(mobile): hide delete action for remote-only assets by [@skrmc](https://github.com/skrmc) in [#25010](https://github.com/immich-app/immich/pull/25010) - fix: import config from json by [@MontejoJorge](https://github.com/MontejoJorge) in [#25030](https://github.com/immich-app/immich/pull/25030) - fix: search input has incorrect focus state after closing the search filter modal by [@alextran1502](https://github.com/alextran1502) in [#24886](https://github.com/immich-app/immich/pull/24886) - fix(web): duplicate key error and enable expiration editing for expired shared links by [@timonrieger](https://github.com/timonrieger) in [#24686](https://github.com/immich-app/immich/pull/24686) - fix: shared-link-mapper by [@jrasm91](https://github.com/jrasm91) in [#24794](https://github.com/immich-app/immich/pull/24794) - fix(server): migrate motion part of live photo by [@NikhilAlapati](https://github.com/NikhilAlapati) in [#24688](https://github.com/immich-app/immich/pull/24688) - fix(web): use asset date for change date popup when single asset selected by [@majiayu000](https://github.com/majiayu000) in [#25076](https://github.com/immich-app/immich/pull/25076) - fix(web): long text taking more width than expected in duplicate manager by [@HemendraSinghShekhawat](https://github.com/HemendraSinghShekhawat) in [#24547](https://github.com/immich-app/immich/pull/24547) - fix(web): broken asset urls if shared link has photos in name by [@YarosMallorca](https://github.com/YarosMallorca) in [#24451](https://github.com/immich-app/immich/pull/24451) - fix(server): search statistics with personIds returns 500 by [@majiayu000](https://github.com/majiayu000) in [#25074](https://github.com/immich-app/immich/pull/25074) - fix(web): server stats layout by [@meesfrensel](https://github.com/meesfrensel) in [#25085](https://github.com/immich-app/immich/pull/25085) - fix: enter now submits the date modals by [@fabb](https://github.com/fabb) in [#25053](https://github.com/immich-app/immich/pull/25053) - fix(web): improve text contrast in minimized upload panel by [@majiayu000](https://github.com/majiayu000) in [#25075](https://github.com/immich-app/immich/pull/25075) - fix: propagate iCloud Shared Album flag by [@alextran1502](https://github.com/alextran1502) in [#25060](https://github.com/immich-app/immich/pull/25060) - fix: description does not rerender when navigating between assets by [@alextran1502](https://github.com/alextran1502) in [#25137](https://github.com/immich-app/immich/pull/25137) - fix(server): avoid upserting empty metadata array by [@timonrieger](https://github.com/timonrieger) in [#25143](https://github.com/immich-app/immich/pull/25143) - fix(server): Document HTTP 200 response for duplicate uploads in OpenAPI by [@timonrieger](https://github.com/timonrieger) in [#25148](https://github.com/immich-app/immich/pull/25148) - fix(web): person asset count doesn't update when navigating by [@YarosMallorca](https://github.com/YarosMallorca) in [#24438](https://github.com/immich-app/immich/pull/24438) - fix(mobile): remove weird zooming behaviour on videos and play/pause button delay by [@goalie2002](https://github.com/goalie2002) in [#24006](https://github.com/immich-app/immich/pull/24006) - fix: unlock properties after successful sidecar write by [@danieldietzler](https://github.com/danieldietzler) in [#25168](https://github.com/immich-app/immich/pull/25168) - fix(web): show relevant navbar options for partner assets by [@YarosMallorca](https://github.com/YarosMallorca) in [#24832](https://github.com/immich-app/immich/pull/24832) - fix(web): added background gradient for video time visibility by [@HemendraSinghShekhawat](https://github.com/HemendraSinghShekhawat) in [#25138](https://github.com/immich-app/immich/pull/25138) - feat(mobile): do not restore locally deleted assets during trash sync (Android) by [@PeterOmbodi](https://github.com/PeterOmbodi) in [#24218](https://github.com/immich-app/immich/pull/24218) - fix: asset local type casting by [@alextran1502](https://github.com/alextran1502) in [#25214](https://github.com/immich-app/immich/pull/25214) - fix(web): ocr button not clickable for stacked assets by [@YarosMallorca](https://github.com/YarosMallorca) in [#25210](https://github.com/immich-app/immich/pull/25210) - fix(web): Handle upload failures from public users by [@juliancarrivick](https://github.com/juliancarrivick) in [#24826](https://github.com/immich-app/immich/pull/24826) - fix(mobile): prevent system UI from hiding on drag down gesture by [@goalie2002](https://github.com/goalie2002) in [#25240](https://github.com/immich-app/immich/pull/25240) - fix: migration order by [@jrasm91](https://github.com/jrasm91) in [#25249](https://github.com/immich-app/immich/pull/25249) - fix(web): redirect to login by [@jrasm91](https://github.com/jrasm91) in [#25254](https://github.com/immich-app/immich/pull/25254) - fix(mobile): improve asset transition back to timeline by [@goalie2002](https://github.com/goalie2002) in [#24485](https://github.com/immich-app/immich/pull/24485) - fix: dark mode appbar color by [@akashKarmakar02](https://github.com/akashKarmakar02) in [#24976](https://github.com/immich-app/immich/pull/24976) - fix(web): add min-width to setting input field by [@K0lin](https://github.com/K0lin) in [#25317](https://github.com/immich-app/immich/pull/25317) - fix(server): api key update checks by [@jrasm91](https://github.com/jrasm91) in [#25363](https://github.com/immich-app/immich/pull/25363) - fix(mobile): album selector icon visibility by [@ByteSizedMarius](https://github.com/ByteSizedMarius) in [#25311](https://github.com/immich-app/immich/pull/25311) - fix(mobile): indicators not showing on thumbnail tile after asset change in viewer by [@goalie2002](https://github.com/goalie2002) in [#25297](https://github.com/immich-app/immich/pull/25297) - fix(web): handle deletion from asset viewer on map page by [@meesfrensel](https://github.com/meesfrensel) in [#25393](https://github.com/immich-app/immich/pull/25393) - fix: tag update race condition by [@danieldietzler](https://github.com/danieldietzler) in [#25371](https://github.com/immich-app/immich/pull/25371) - fix(web): allow exiting pin setup flow by [@meesfrensel](https://github.com/meesfrensel) in [#25413](https://github.com/immich-app/immich/pull/25413) - fix: upload file without extension by [@alextran1502](https://github.com/alextran1502) in [#25419](https://github.com/immich-app/immich/pull/25419) - fix: incorrect asset viewer scale on image frame update by [@shenlong-tanwen](https://github.com/shenlong-tanwen) in [#25430](https://github.com/immich-app/immich/pull/25430) - fix(mobile): bring back map settings by [@shenlong-tanwen](https://github.com/shenlong-tanwen) in [#25448](https://github.com/immich-app/immich/pull/25448) - fix(web): fix badge value in queues page by [@beinganukul](https://github.com/beinganukul) in [#25445](https://github.com/immich-app/immich/pull/25445) - fix(mobile): backfill asset dimensions to exif table by [@bwees](https://github.com/bwees) in [#25483](https://github.com/immich-app/immich/pull/25483) - fix(mobile): do not try to load video as image by [@mertalev](https://github.com/mertalev) in [#25495](https://github.com/immich-app/immich/pull/25495) ##### 📚 Documentation - fix: product keys wording in commercial guidelines faq by [@bo0tzz](https://github.com/bo0tzz) in [#24765](https://github.com/immich-app/immich/pull/24765) - docs: config options for hardware transcoding by [@Javex](https://github.com/Javex) in [#24853](https://github.com/immich-app/immich/pull/24853) - fix: use my.immich.app as url placeholder in docs by [@bo0tzz](https://github.com/bo0tzz) in [#25153](https://github.com/immich-app/immich/pull/25153) - chore: update Thai README (remove "under active development" lines) by [@ppnplus](https://github.com/ppnplus) in [#25208](https://github.com/immich-app/immich/pull/25208) - fix(docs): add missing mermaid dependency and configuration by [@bdoerfchen](https://github.com/bdoerfchen) in [#25247](https://github.com/immich-app/immich/pull/25247) - chore(docs): update RAM req by [@mmomjian](https://github.com/mmomjian) in [#25344](https://github.com/immich-app/immich/pull/25344) - feat(docs): add Free Up Space section by [@aviv926](https://github.com/aviv926) in [#25253](https://github.com/immich-app/immich/pull/25253) - docs: update README\_de\_DE.md by [@solluh](https://github.com/solluh) in [#25443](https://github.com/immich-app/immich/pull/25443) - fix(docs): document that fullsize thumbnail might redirect to original by [@meesfrensel](https://github.com/meesfrensel) in [#25416](https://github.com/immich-app/immich/pull/25416) - docs: update documentation by [@alextran1502](https://github.com/alextran1502) in [#25440](https://github.com/immich-app/immich/pull/25440) ##### New Contributors - [@wrbl606](https://github.com/wrbl606) made their first contribution in [#24820](https://github.com/immich-app/immich/pull/24820) - [@keanucz](https://github.com/keanucz) made their first contribution in [#24914](https://github.com/immich-app/immich/pull/24914) - [@rahul-kumar-saini](https://github.com/rahul-kumar-saini) made their first contribution in [#24650](https://github.com/immich-app/immich/pull/24650) - [@dosten](https://github.com/dosten) made their first contribution in [#24979](https://github.com/immich-app/immich/pull/24979) - [@GustavJones](https://github.com/GustavJones) made their first contribution in [#24799](https://github.com/immich-app/immich/pull/24799) - [@skrmc](https://github.com/skrmc) made their first contribution in [#25010](https://github.com/immich-app/immich/pull/25010) - [@ama156](https://github.com/ama156) made their first contribution in [#24890](https://github.com/immich-app/immich/pull/24890) - [@DanielRamosAcosta](https://github.com/DanielRamosAcosta) made their first contribution in [#24791](https://github.com/immich-app/immich/pull/24791) - [@NikhilAlapati](https://github.com/NikhilAlapati) made their first contribution in [#24688](https://github.com/immich-app/immich/pull/24688) - [@flpcury](https://github.com/flpcury) made their first contribution in [#24867](https://github.com/immich-app/immich/pull/24867) - [@Javex](https://github.com/Javex) made their first contribution in [#24853](https://github.com/immich-app/immich/pull/24853) - [@majiayu000](https://github.com/majiayu000) made their first contribution in [#25076](https://github.com/immich-app/immich/pull/25076) - [@HemendraSinghShekhawat](https://github.com/HemendraSinghShekhawat) made their first contribution in [#24547](https://github.com/immich-app/immich/pull/24547) - [@cbochs](https://github.com/cbochs) made their first contribution in [#24620](https://github.com/immich-app/immich/pull/24620) - [@fabb](https://github.com/fabb) made their first contribution in [#25053](https://github.com/immich-app/immich/pull/25053) - [@ppnplus](https://github.com/ppnplus) made their first contribution in [#25208](https://github.com/immich-app/immich/pull/25208) - [@juliancarrivick](https://github.com/juliancarrivick) made their first contribution in [#24826](https://github.com/immich-app/immich/pull/24826) - [@bdoerfchen](https://github.com/bdoerfchen) made their first contribution in [#25247](https://github.com/immich-app/immich/pull/25247) - [@akashKarmakar02](https://github.com/akashKarmakar02) made their first contribution in [#24976](https://github.com/immich-app/immich/pull/24976) - [@K0lin](https://github.com/K0lin) made their first contribution in [#25317](https://github.com/immich-app/immich/pull/25317) - [@NAM-MAN](https://github.com/NAM-MAN) made their first contribution in [#25320](https://github.com/immich-app/immich/pull/25320) - [@ByteSizedMarius](https://github.com/ByteSizedMarius) made their first contribution in [#25311](https://github.com/immich-app/immich/pull/25311) - [@arne182](https://github.com/arne182) made their first contribution in [#25373](https://github.com/immich-app/immich/pull/25373) - [@solluh](https://github.com/solluh) made their first contribution in [#25443](https://github.com/immich-app/immich/pull/25443) - [@beinganukul](https://github.com/beinganukul) made their first contribution in [#25445](https://github.com/immich-app/immich/pull/25445) - [@GeneralZero](https://github.com/GeneralZero) made their first contribution in [#25462](https://github.com/immich-app/immich/pull/25462) **Full Changelog**: <https://github.com/immich-app/immich/compare/v2.4.1...v2.5.0> </details> <details> <summary>usememos/memos (ghcr.io/usememos/memos)</summary> ### [`v0.28`](https://github.com/usememos/memos/blob/HEAD/CHANGELOG.md#0280-2026-04-27) ##### Features - **auth:** add SSO user identity linkage ([#5883](https://github.com/usememos/memos/issues/5883)) ([d688914](https://github.com/usememos/memos/commit/d688914b2864791eeadbf21c882608632875f17c)) - **memos:** choose created or updated time for memos ([#5894](https://github.com/usememos/memos/issues/5894)) ([c268551](https://github.com/usememos/memos/commit/c268551a16929a2cbea6891951feff91926bba59)) - redesign account and SSO management ([#5886](https://github.com/usememos/memos/issues/5886)) ([ee17998](https://github.com/usememos/memos/commit/ee1799851e88674a6920c7a56d93428fcf95e662)) ##### Bug Fixes - **auth:** harden authorization and username validation ([#5890](https://github.com/usememos/memos/issues/5890)) ([0fb83a7](https://github.com/usememos/memos/commit/0fb83a745dd5057ade45a3caad2c444af2239113)) - disable modal prop on DropdownMenu to prevent scroll disappearing ([#5861](https://github.com/usememos/memos/issues/5861)) ([d98f665](https://github.com/usememos/memos/commit/d98f6659190b8d1a8252e64549d9120d85e05d33)) - fix legacy username auth flows ([#5885](https://github.com/usememos/memos/issues/5885)) ([30c0611](https://github.com/usememos/memos/commit/30c0611a82f9254952a74650095105254f2940e4)) - **markdown:** split mixed task and bullet lists ([e2c6084](https://github.com/usememos/memos/commit/e2c60845eaff9a78b8d8eb3ccc9a067ef5690976)) - reduce list memo query overhead ([#5880](https://github.com/usememos/memos/issues/5880)) ([5063804](https://github.com/usememos/memos/commit/50638040f618b02b0c6d010e1d41554c75067517)) - **web:** preserve task checkbox state ([#5867](https://github.com/usememos/memos/issues/5867)) ([b5863d7](https://github.com/usememos/memos/commit/b5863d76be3cfbf3e0f8237d8e762122b5a0a679)) ### [`v0.27`](https://github.com/usememos/memos/blob/HEAD/CHANGELOG.md#0271-2026-04-19) ##### Bug Fixes - mixed-case user resource names ([#5853](https://github.com/usememos/memos/issues/5853)) ([01be01f](https://github.com/usememos/memos/commit/01be01f4b7676af41bdd1758b1e9b096aa922546)) - **release:** inject build version into artifacts ([f8a304b](https://github.com/usememos/memos/commit/f8a304bae33086320b39095d631288156eec4249)) - user resource names can be uuidv4 from idp sub claim ([#5856](https://github.com/usememos/memos/issues/5856)) ([bbded58](https://github.com/usememos/memos/commit/bbded584ce85a856d863485768e08b53adec7244)) </details> <details> <summary>haproxy-ingress/charts (haproxy-ingress)</summary> ### [`v0.16.1`](https://github.com/haproxy-ingress/charts/compare/0.16.0...0.16.1) [Compare Source](https://github.com/haproxy-ingress/charts/compare/0.16.0...0.16.1) ### [`v0.16.0`](https://github.com/haproxy-ingress/charts/compare/0.15.3...0.16.0) [Compare Source](https://github.com/haproxy-ingress/charts/compare/0.15.4...0.16.0) ### [`v0.15.4`](https://github.com/haproxy-ingress/charts/compare/0.15.3...0.15.4) [Compare Source](https://github.com/haproxy-ingress/charts/compare/0.15.3...0.15.4) ### [`v0.15.3`](https://github.com/haproxy-ingress/charts/compare/0.15.2...0.15.3) [Compare Source](https://github.com/haproxy-ingress/charts/compare/0.15.2...0.15.3) ### [`v0.15.2`](https://github.com/haproxy-ingress/charts/compare/0.15.1...0.15.2) [Compare Source](https://github.com/haproxy-ingress/charts/compare/0.15.1...0.15.2) ### [`v0.15.1`](https://github.com/haproxy-ingress/charts/compare/0.15.0...0.15.1) [Compare Source](https://github.com/haproxy-ingress/charts/compare/0.15.0...0.15.1) </details> <details> <summary>metallb/metallb (metallb/metallb)</summary> ### [`v0.15.3`](https://github.com/metallb/metallb/releases/tag/v0.15.3) [Compare Source](https://github.com/metallb/metallb/compare/v0.15.2...v0.15.3) See the release notes for the details: <https://metallb.universe.tf/release-notes/#version-0-15-3> </details> <details> <summary>pnpm/pnpm (pnpm)</summary> ### [`v10.33.4`](https://github.com/pnpm/pnpm/compare/v10.33.3...v10.33.4) [Compare Source](https://github.com/pnpm/pnpm/compare/v10.33.3...v10.33.4) ### [`v10.33.3`](https://github.com/pnpm/pnpm/releases/tag/v10.33.3): pnpm 10.33.3 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.33.2...v10.33.3) ##### Patch Changes - When self-updating from v10's `@pnpm/exe` to v11+ on Intel macOS (darwin-x64), `pnpm self-update` now transparently switches to the JS-only `pnpm` package on npm instead of installing `@pnpm/exe@v11+` (which doesn't ship a working binary for Intel Macs because of an upstream Node.js SEA bug — see [#11423](https://github.com/pnpm/pnpm/issues/11423) and [nodejs/node#62893](https://github.com/nodejs/node/issues/62893)). Without this, the self-update would silently leave the user with no working `pnpm` binary. The new install requires Node.js to be available on `PATH`; a warning is printed when the swap happens. All other host/version combinations are unchanged. - `pnpm self-update` (with no version argument) no longer downgrades pnpm when the registry's `latest` dist-tag points to an older release than the currently active version. Run `pnpm self-update latest` to force a downgrade [#11418](https://github.com/pnpm/pnpm/issues/11418).  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.33.2`](https://github.com/pnpm/pnpm/compare/v10.33.1...v10.33.2) [Compare Source](https://github.com/pnpm/pnpm/compare/v10.33.1...v10.33.2) ### [`v10.33.1`](https://github.com/pnpm/pnpm/releases/tag/v10.33.1): pnpm 10.33.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.33.0...v10.33.1) ##### Patch Changes - When a project's `packageManager` field selects pnpm v11 or newer, commands that v10 would have passed through to npm (`version`, `login`, `logout`, `publish`, `unpublish`, `deprecate`, `dist-tag`, `docs`, `ping`, `search`, `star`, `stars`, `unstar`, `whoami`, etc.) are now handed over to the wanted pnpm, which implements them natively. Previously they silently shelled out to npm — making, for example, `pnpm version --help` print npm's help on a project with `packageManager: pnpm@11.0.0-rc.3` [#11328](https://github.com/pnpm/pnpm/issues/11328).  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.33.0`](https://github.com/pnpm/pnpm/releases/tag/v10.33.0): pnpm 10.33 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.32.1...v10.33.0) ##### Minor Changes - Added a new `dedupePeers` setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (`name@version`) instead of full dep paths, eliminating nested suffixes like `(foo@1.0.0(bar@2.0.0))`. This dramatically reduces the number of package instances in projects with many recursive peer dependencies [#11070](https://github.com/pnpm/pnpm/issues/11070). ##### Patch Changes - Fail on incompatible lockfiles in CI when frozen lockfile mode is enabled, while preserving non-frozen CI fallback behavior. - When package metadata is malformed or can't be fetched, the error thrown will now show the originating error. - Fixed intermittent failures when multiple `pnpm dlx` calls run concurrently for the same package. When the global virtual store is enabled, the importer now verifies file content before skipping a rename, avoiding destructive swap-renames that break concurrent processes. Also tolerates EPERM during bin creation on Windows and properly propagates `enableGlobalVirtualStore` through the install pipeline. - Fixed handling of non-string version selectors in `hoistPeers`, preventing invalid peer dependency specifiers. - Improve the non-interactive modules purge error hint to include the `confirmModulesPurge=false` workaround. When pnpm needs to recreate `node_modules` but no TTY is available, the error now suggests either setting `CI=true` or disabling the purge confirmation prompt via `confirmModulesPurge=false`. Adds a regression test for the non-TTY flow. - Fixed false "Command not found" errors on Windows when a command exists in PATH but exits with a non-zero code. Also fixed path resolution for `--filter` contexts where the command runs in a different package directory. - When a pnpm-lock.yaml contains two documents, ignore the first one. pnpm v11 will write two lockfile documents into pnpm-lock.yaml in order to store pnpm version integrities and config dependency resolutions. - Fixed a bug preventing the `clearCache` function returned by `createNpmResolver` from properly clearing metadata cache.  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.32.1`](https://github.com/pnpm/pnpm/releases/tag/v10.32.1): pnpm 10.32.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.32.0...v10.32.1) ##### Patch Changes - Fix a regression where `pnpm-workspace.yaml` without a `packages` field caused all directories to be treated as workspace projects. This broke projects that use `pnpm-workspace.yaml` only for settings (e.g. `minimumReleaseAge`) without defining workspace packages [#10909](https://github.com/pnpm/pnpm/issues/10909).  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.32.0`](https://github.com/pnpm/pnpm/releases/tag/v10.32.0): pnpm 10.32 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.31.0...v10.32.0) ##### Minor Changes - Added `--all` flag to `pnpm approve-builds` that approves all pending builds without interactive prompts [#10136](https://github.com/pnpm/pnpm/issues/10136). ##### Patch Changes - Reverted change related to setting explicitly the npm config file path, which caused regressions. - Reverted fix related to `lockfile-include-tarball-url`. Fixes [#10915](https://github.com/pnpm/pnpm/issues/10915).  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.31.0`](https://github.com/pnpm/pnpm/releases/tag/v10.31.0): pnpm 10.31 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.30.3...v10.31.0) ##### Minor Changes - When pnpm updates the `pnpm-workspace.yaml`, comments, string formatting, and whitespace will be preserved. ##### Patch Changes - Added `-F` as a short alias for the `--filter` option in the help output. - Handle undefined pkgSnapshot in `pnpm why -r` [#10700](https://github.com/pnpm/pnpm/issues/10700). - Fix headless install not being used when a project has an injected self-referencing `file:` dependency that resolves to `link:` in the lockfile. - Fixed a race condition when multiple worker threads import the same package to the global virtual store concurrently. The rename operation now tolerates `ENOTEMPTY`/`EEXIST` errors if another thread already completed the import. - When `lockfile-include-tarball-url` is set to `false`, tarball URLs are now always excluded from the lockfile. Previously, tarball URLs could still appear for packages hosted under non-standard URLs, making the behavior flaky and inconsistent [#6667](https://github.com/pnpm/pnpm/issues/6667). - Fixed `optimisticRepeatInstall` skipping install when `overrides`, `packageExtensions`, `ignoredOptionalDependencies`, `patchedDependencies`, or `peersSuffixMaxLength` changed. - Fixed `pnpm patch-commit` failing with "unable to access '/.config/git/attributes': Permission denied" error in environments where HOME is unset or non-standard (Docker containers, CI systems). The issue occurred because pnpm was setting `HOME` and the Windows user profile env var to empty strings to suppress user git configuration when running `git diff`. This caused git to resolve the home directory (`~`) as root (`/`), leading to permission errors when attempting to access `/.config/git/attributes`. Now uses `GIT_CONFIG_GLOBAL: os.devNull` instead, which is git's proper mechanism for bypassing user-level configuration without corrupting the home directory path resolution. Fixes [#6537](https://github.com/pnpm/pnpm/issues/6537) - Fix `pnpm why -r --parseable` missing dependents when multiple workspace packages share the same dependency [#8100](https://github.com/pnpm/pnpm/issues/8100). - Fix `link-workspace-packages=true` incorrectly linking workspace packages when the requested version doesn't match the workspace package's version. Previously, on fresh installs the version constraint is overridden to `*` in the fallback resolution paths, causing any workspace package with a matching name to be linked regardless of version [#10173](https://github.com/pnpm/pnpm/issues/10173). - Fixed `pnpm update --interactive` table breaking with long version strings (e.g., prerelease versions like `7.0.0-dev.20251209.1`) by dynamically calculating column widths instead of using hardcoded values [#10316](https://github.com/pnpm/pnpm/issues/10316). - Explicitly tell `npm` the path to the global `rc` config file. - The parameter set by the `--allow-build` flag is written to `allowBuilds`. - Fix a bug in which specifying `filter` on `pnpm-workspace.yaml` would cause pnpm to not detect any projects. - Print help message on running pnpm dlx without arguments and exit.  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.30.3`](https://github.com/pnpm/pnpm/releases/tag/v10.30.3): pnpm 10.30.3 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.30.2...v10.30.3) ##### Patch Changes - Fixed version switching via `packageManager` field failing when pnpm is installed as a standalone executable in environments without a system Node.js [#10687](https://github.com/pnpm/pnpm/issues/10687). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.30.2`](https://github.com/pnpm/pnpm/releases/tag/v10.30.2): pnpm 10.30.2 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.30.1...v10.30.2) ##### Patch Changes - Fix auto-installed peer dependencies ignoring overrides when a stale version exists in the lockfile. - Fixed "input line too long" error on Windows when running lifecycle scripts with the global virtual store enabled [#10673](https://github.com/pnpm/pnpm/pull/10673). - Update [@zkochan/js-yaml](https://github.com/zkochan/js-yaml) to fix moderate vulnerability. ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.30.1`](https://github.com/pnpm/pnpm/releases/tag/v10.30.1): pnpm 10.30.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.30.0...v10.30.1) ##### Patch Changes - Use the `/-/npm/v1/security/audits/quick` endpoint as the primary audit endpoint, falling back to `/-/npm/v1/security/audits` when it fails [#10649](https://github.com/pnpm/pnpm/issues/10649). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.30.0`](https://github.com/pnpm/pnpm/releases/tag/v10.30.0): pnpm 10.30 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.29.3...v10.30.0) ##### Minor Changes - `pnpm why` now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies. ##### Patch Changes - Revert `pnpm why` dependency pruning to prefer correctness over memory consumption. Reverted PR: [#7122](https://github.com/pnpm/pnpm/pull/7122). - Optimize `pnpm why` and `pnpm list` performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one [#10596](https://github.com/pnpm/pnpm/pull/10596/changes). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.29.3`](https://github.com/pnpm/pnpm/releases/tag/v10.29.3): pnpm 10.29.3 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.29.2...v10.29.3) ##### Patch Changes - Fixed an out-of-memory error in `pnpm list` (and `pnpm why`) on large dependency graphs by replacing the recursive tree builder with a two-phase approach: a BFS dependency graph followed by cached tree materialization. Duplicate subtrees are now deduplicated in the output, shown as "deduped (N deps hidden)" [#10586](https://github.com/pnpm/pnpm/pull/10586). - Fixed `allowBuilds` not working when set via `.pnpmfile.cjs` [#10516](https://github.com/pnpm/pnpm/issues/10516). - When the [`enableGlobalVirtualStore`](https://pnpm.io/settings#enableglobalvirtualstore) option is set, the `pnpm deploy` command would incorrectly create symlinks to the global virtual store. To keep the deploy directory self-contained, `pnpm deploy` now ignores this setting and always creates a localized virtual store within the deploy directory. - Fixed `minimumReleaseAgeExclude` not being respected by `pnpm dlx` [#10338](https://github.com/pnpm/pnpm/issues/10338). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.29.2`](https://github.com/pnpm/pnpm/releases/tag/v10.29.2): pnpm 10.29.2 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.29.1...v10.29.2) ##### Patch Changes - Reverted a fix shipped in v10.29.1, which caused another issue [#10571](https://github.com/pnpm/pnpm/issues/10571). Reverted fix: Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists [#10497](https://github.com/pnpm/pnpm/issues/10497). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> ### [`v10.29.1`](https://github.com/pnpm/pnpm/releases/tag/v10.29.1): pnpm 10.29.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.28.2...v10.29.1) ##### Minor Changes - The `pnpm dlx` / `pnpx` command now supports the `catalog:` protocol. Example: `pnpm dlx shx@catalog:`. - Support configuring `auditLevel` in the `pnpm-workspace.yaml` file [#10540](https://github.com/pnpm/pnpm/issues/10540). - Support bare `workspace:` protocol without version specifier. It is now treated as `workspace:*` and resolves to the concrete version during publish [#10436](https://github.com/pnpm/pnpm/pull/10436). ##### Patch Changes - Fixed `pnpm list --json` returning incorrect paths when using global virtual store [#10187](https://github.com/pnpm/pnpm/issues/10187). - Fix `pnpm store path` and `pnpm store status` using workspace root for path resolution when `storeDir` is relative [#10290](https://github.com/pnpm/pnpm/issues/10290). - Fixed `pnpm run -r` failing with "No projects matched the filters" when an empty `pnpm-workspace.yaml` exists [#10497](https://github.com/pnpm/pnpm/issues/10497). - Fixed a bug where `catalogMode: strict` would write the literal string `"catalog:"` to `pnpm-workspace.yaml` instead of the resolved version specifier when re-adding an existing catalog dependency [#10176](https://github.com/pnpm/pnpm/issues/10176). - Fixed the documentation URL shown in `pnpm completion --help` to point to the correct page at <https://pnpm.io/completion> [#10281](https://github.com/pnpm/pnpm/issues/10281). - Skip local `file:` protocol dependencies during `pnpm fetch`. This fixes an issue where `pnpm fetch` would fail in Docker builds when local directory dependencies were not available [#10460](https://github.com/pnpm/pnpm/issues/10460). - Fixed `pnpm audit --json` to respect the `--audit-level` setting for both exit code and output filtering [#10540](https://github.com/pnpm/pnpm/issues/10540). - update tar to version 7.5.7 to fix security issue Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: <a href="https://github.com/advisories/GHSA-34x7-hfp2-rc4v">CVE-2026-24842</a> - Fix `pnpm audit --fix` replacing reference overrides (e.g. `$foo`) with concrete versions [#10325](https://github.com/pnpm/pnpm/issues/10325). - Fix `shamefullyHoist` set via `updateConfig` in `.pnpmfile.cjs` not being converted to `publicHoistPattern` [#10271](https://github.com/pnpm/pnpm/issues/10271). - `pnpm help` should correctly report if the currently running pnpm CLI is bundled with Node.js [#10561](https://github.com/pnpm/pnpm/issues/10561). - Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for `node_modules/.bin`, causing binaries to not be found when running commands like `pnpm exec` [#10457](https://github.com/pnpm/pnpm/issues/10457). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> ### [`v10.28.2`](https://github.com/pnpm/pnpm/releases/tag/v10.28.2): pnpm 10.28.2 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.28.1...v10.28.2) ##### Patch Changes - Security fix: prevent path traversal in `directories.bin` field. - When pnpm installs a `file:` or `git:` dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into `node_modules`. This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) and have their contents copied when the package is installed. Note: This only affects `file:` and `git:` dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected. - Fixed optional dependencies to request full metadata from the registry to get the `libc` field, which is required for proper platform compatibility checks [#9950](https://github.com/pnpm/pnpm/issues/9950). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> ### [`v10.28.1`](https://github.com/pnpm/pnpm/releases/tag/v10.28.1): pnpm 10.28.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.28.0...v10.28.1) ##### Patch Changes - Fixed installation of config dependencies from private registries. Added support for object type in `configDependencies` when the tarball URL returned from package metadata differs from the computed URL [#10431](https://github.com/pnpm/pnpm/pull/10431). - Fix path traversal vulnerability in binary fetcher ZIP extraction - Validate ZIP entry paths before extraction to prevent writing files outside target directory - Validate BinaryResolution.prefix (basename) to prevent directory escape via crafted prefix - Both attack vectors now throw `ERR_PNPM_PATH_TRAVERSAL` error - Support plain `http://` and `https://` URLs ending with `.git` as git repository dependencies. Previously, URLs like `https://gitea.example.org/user/repo.git#commit` were not recognized as git repositories because they lacked the `git+` prefix (e.g., `git+https://`). This caused issues when installing dependencies from self-hosted git servers like Gitea or Forgejo that don't provide tarball downloads. Changes: - The git resolver now runs before the tarball resolver, ensuring git URLs are handled by the correct resolver - The git resolver now recognizes plain `http://` and `https://` URLs ending in `.git` as git repositories - Removed the `isRepository` check from the tarball resolver since it's no longer needed with the new resolver order Fixes [#10468](https://github.com/pnpm/pnpm/issues/10468) - `pnpm run -r` and `pnpm run --filter` now fail with a non-zero exit code when no packages have the specified script. Previously, this only failed when all packages were selected. Use `--if-present` to suppress this error [#6844](https://github.com/pnpm/pnpm/issues/6844). - Fixed a path traversal vulnerability in tarball extraction on Windows. The path normalization was only checking for `./` but not `.\`. Since backslashes are directory separators on Windows, malicious packages could use paths like `foo\..\..\.npmrc` to write files outside the package directory. - When running "pnpm exec" from a subdirectory of a project, don't change the current working directory to the root of the project [#5759](https://github.com/pnpm/pnpm/issues/5759). - Fixed a path traversal vulnerability in pnpm's bin linking. Bin names starting with `@` bypassed validation, and after scope normalization, path traversal sequences like `../../` remained intact. - Revert Try to avoid making network calls with preferOffline [#10334](https://github.com/pnpm/pnpm/pull/10334). - Fix `--save-peer` to write valid semver ranges to `peerDependencies` for protocol-based installs (e.g. `jsr:`) by deriving from resolved versions when available and falling back to `*` if none is available [#10417](https://github.com/pnpm/pnpm/issues/10417). - Do not exclude the root workspace project, when it is explicitly selected via a filter [#10465](https://github.com/pnpm/pnpm/pull/10465). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> </details> <details> <summary>bpg/terraform-provider-proxmox (proxmox)</summary> ### [`v0.106.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01060-2026-05-06) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.105.0...v0.106.0) ##### Features - **lxc:** add support for `mknod()` feature ([#2845](https://github.com/bpg/terraform-provider-proxmox/issues/2845)) ([07f91b4](https://github.com/bpg/terraform-provider-proxmox/commit/07f91b4228f6989869c80b2e54f718e5db35e82d)) ##### Bug Fixes - **lxc:** allow disabling feature flags on update ([#2857](https://github.com/bpg/terraform-provider-proxmox/issues/2857)) ([2f3ae58](https://github.com/bpg/terraform-provider-proxmox/commit/2f3ae58a7d8c7414aa1589acb5cb2c37bff0a63e)) - **lxc:** refresh `features`, `start_on_boot`, `hookscript` in read ([#2852](https://github.com/bpg/terraform-provider-proxmox/issues/2852)) ([e316aba](https://github.com/bpg/terraform-provider-proxmox/commit/e316aba0d6040466ae028cef7262efb96be5f539)) - **network:** allow unknown `ports` on linux bridge validate ([#2855](https://github.com/bpg/terraform-provider-proxmox/issues/2855)) ([dacac9c](https://github.com/bpg/terraform-provider-proxmox/commit/dacac9cf581480523c31e5869c91d56cba00bceb)) ##### Miscellaneous - **ci:** Update actions/add-to-project action (v1.0.2 → v2) ([#2860](https://github.com/bpg/terraform-provider-proxmox/issues/2860)) ([5939390](https://github.com/bpg/terraform-provider-proxmox/commit/59393904ad7c17d94dd3c6b59d6768fd91585943)) ### [`v0.105.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01050-2026-05-02) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.104.0...v0.105.0) ##### Features - **core:** add SFTP file upload method ([#2836](https://github.com/bpg/terraform-provider-proxmox/issues/2836)) ([39ca5d3](https://github.com/bpg/terraform-provider-proxmox/commit/39ca5d39951f2d3f6c6ff6bfe1f19d08dfbf1c3d)) - **network:** add `vids` attribute to `proxmox_network_linux_bridge` ([#2841](https://github.com/bpg/terraform-provider-proxmox/issues/2841)) ([f391b1c](https://github.com/bpg/terraform-provider-proxmox/commit/f391b1c214cc86c6d35a037184d401844476650d)) - **sdn:** add support for EVPN controller ([#2839](https://github.com/bpg/terraform-provider-proxmox/issues/2839)) ([ed23beb](https://github.com/bpg/terraform-provider-proxmox/commit/ed23beb315b0afca5ac52bf1eca40a594ec8c0df)) ##### Bug Fixes - **acme:** mark `eab_hmac_key` and `eab_kid` as Sensitive ([#2838](https://github.com/bpg/terraform-provider-proxmox/issues/2838)) ([30051b2](https://github.com/bpg/terraform-provider-proxmox/commit/30051b2909f0c618df25936a5ec52c77435c41e1)) - **ci:** derive bot identity from app-slug output, not /app endpoint ([b801d67](https://github.com/bpg/terraform-provider-proxmox/commit/b801d67a21100832aeadb3911b13b70c709767d5)) - **ci:** read release PR branch from action output, not gh pr view ([52565bb](https://github.com/bpg/terraform-provider-proxmox/commit/52565bbba6f3b082fa05f9bbc6bd589961e16b58)) - **lxc:** gate `host_managed` on PVE 9.1+, not 9.0+ ([#2828](https://github.com/bpg/terraform-provider-proxmox/issues/2828)) ([d348aed](https://github.com/bpg/terraform-provider-proxmox/commit/d348aed3f980ce5d56eb22d1112e51fac9d16361)) - **network:** catch omitted `vlan_aware` in `vids` validator ([#2849](https://github.com/bpg/terraform-provider-proxmox/issues/2849)) ([9e47424](https://github.com/bpg/terraform-provider-proxmox/commit/9e47424a53832906b18a8f5c93d65496261b5efe)) ##### Miscellaneous - **ci:** update goreleaser/goreleaser-action action (v7.1.0 → v7.2.1) ([#2831](https://github.com/bpg/terraform-provider-proxmox/issues/2831)) ([2506f61](https://github.com/bpg/terraform-provider-proxmox/commit/2506f6132e7fc21e0d092be2d75e562d270e5471)) - **ci:** Update JetBrains/qodana-action action (v2025.3.2 → v2026.1.0) ([#2834](https://github.com/bpg/terraform-provider-proxmox/issues/2834)) ([d485cc9](https://github.com/bpg/terraform-provider-proxmox/commit/d485cc9a9eef90e6563e17ab253bd9ac5f152ee7)) - **code:** address Qodana code-quality findings ([#2827](https://github.com/bpg/terraform-provider-proxmox/issues/2827)) ([b0e08d7](https://github.com/bpg/terraform-provider-proxmox/commit/b0e08d72137bb2d391735c1928325602f40b7bb4)) - **core:** add nil-safe helpers for nil to value conversion ([#2829](https://github.com/bpg/terraform-provider-proxmox/issues/2829)) ([03493e9](https://github.com/bpg/terraform-provider-proxmox/commit/03493e988bd0cd51b5ae698faea0286d34c1a2a8)) - **deps:** update golangci/golangci-lint (v2.11.4 → v2.12.1) ([#2844](https://github.com/bpg/terraform-provider-proxmox/issues/2844)) ([c3a14a3](https://github.com/bpg/terraform-provider-proxmox/commit/c3a14a3e69047695df0d221a54797c90d388bc48)) - **deps:** update image golang ([`1e598ea`](https://github.com/bpg/terraform-provider-proxmox/commit/1e598ea) → [`b54cbf5`](https://github.com/bpg/terraform-provider-proxmox/commit/b54cbf5)) ([#2830](https://github.com/bpg/terraform-provider-proxmox/issues/2830)) ([16c2280](https://github.com/bpg/terraform-provider-proxmox/commit/16c228053938f6dd1741690b63a5f9da83bdf21d)) - **deps:** update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.40.0 → v2.40.1) ([#2843](https://github.com/bpg/terraform-provider-proxmox/issues/2843)) ([114ce5a](https://github.com/bpg/terraform-provider-proxmox/commit/114ce5a112be53f2ec4754b661b995fe9ee69178)) - **docs:** configure context7.json indexing with version sync ([ac70974](https://github.com/bpg/terraform-provider-proxmox/commit/ac7097469ee598315f7fe2d8ac8b7dcfeb96efa4)) - **lxc:** restructure container docs for LLM retrieval ([#2833](https://github.com/bpg/terraform-provider-proxmox/issues/2833)) ([7d264d8](https://github.com/bpg/terraform-provider-proxmox/commit/7d264d814ce4eec5952c6b79017d3a9b1c507d38)) ### [`v0.104.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01040-2026-04-25) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.103.0...v0.104.0) ##### Features - **lxc:** add `host_managed` option for container networking ([#2812](https://github.com/bpg/terraform-provider-proxmox/issues/2812)) ([03dcffb](https://github.com/bpg/terraform-provider-proxmox/commit/03dcffbfc15eac84f8f8edfeb605f6bf483ad051)) ##### Bug Fixes - **lxc:** apply disk acl/quota/replicate on container create ([#2824](https://github.com/bpg/terraform-provider-proxmox/issues/2824)) ([0d64b73](https://github.com/bpg/terraform-provider-proxmox/commit/0d64b73018a1698fa630e3958a24849dc20e4cce)) - **vm:** stop re-emitting `format=` on existing `import_from` disks ([#2822](https://github.com/bpg/terraform-provider-proxmox/issues/2822)) ([edfdac6](https://github.com/bpg/terraform-provider-proxmox/commit/edfdac61e99ad2e4474a3fdf9bd06062fb840a28)) - **vm:** treat missing disk volume as not-found during read ([#2821](https://github.com/bpg/terraform-provider-proxmox/issues/2821)) ([07cd772](https://github.com/bpg/terraform-provider-proxmox/commit/07cd77256451af736a07af3439e4480a2267caaf)) ##### Miscellaneous - **ci:** Update googleapis/release-please-action action (v4.4.1 → v5) ([#2820](https://github.com/bpg/terraform-provider-proxmox/issues/2820)) ([c607cbc](https://github.com/bpg/terraform-provider-proxmox/commit/c607cbcb01923bc7a7119b5e4b20ce91992fefbe)) - **ci:** update goreleaser/goreleaser-action action (v7.0.0 → v7.1.0) ([#2823](https://github.com/bpg/terraform-provider-proxmox/issues/2823)) ([4d86ada](https://github.com/bpg/terraform-provider-proxmox/commit/4d86ada87f875905af03b3cdf814d8af0a9c9b79)) - **deps:** update github.com/hashicorp/terraform-plugin-\* ([#2819](https://github.com/bpg/terraform-provider-proxmox/issues/2819)) ([65e1e16](https://github.com/bpg/terraform-provider-proxmox/commit/65e1e164eb214d10249dadaf0bb8101ca7ad481d)) - **deps:** update image golang ([`5f3787b`](https://github.com/bpg/terraform-provider-proxmox/commit/5f3787b) → [`1e598ea`](https://github.com/bpg/terraform-provider-proxmox/commit/1e598ea)) ([#2818](https://github.com/bpg/terraform-provider-proxmox/issues/2818)) ([4e2d74e](https://github.com/bpg/terraform-provider-proxmox/commit/4e2d74e42154bf4b941f8a432f972e466d0cedd0)) - **vm2:** add design for VM Plugin Framework migration ([d824227](https://github.com/bpg/terraform-provider-proxmox/commit/d824227aed86a89b2f2415af69b6d344bd82a6aa)) - **vm2:** audit VM resource implementation ([#2810](https://github.com/bpg/terraform-provider-proxmox/issues/2810)) ([618e0cb](https://github.com/bpg/terraform-provider-proxmox/commit/618e0cb357297c7c77b0778d2483cb3a0969b812)) - **vm2:** mark PR [#1](https://github.com/bpg/terraform-provider-proxmox/issues/1) merged in tracker ([8624144](https://github.com/bpg/terraform-provider-proxmox/commit/862414482b0d94ca5c56211d834b26dbda85990b)) ### [`v0.103.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01030-2026-04-18) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.102.0...v0.103.0) ##### Features - **cluster:** refactoring and improving `proxmox_metrics_server` ([#2805](https://github.com/bpg/terraform-provider-proxmox/issues/2805)) ([354abf4](https://github.com/bpg/terraform-provider-proxmox/commit/354abf450e7d37c0d866a94e9d714a70d1ba5e43)) - **file:** add `file_name_regex` filter to `proxmox_files` data source ([#2802](https://github.com/bpg/terraform-provider-proxmox/issues/2802)) ([c84eca9](https://github.com/bpg/terraform-provider-proxmox/commit/c84eca9d13180c11019ca91262a081506c5f28d6)) - **hw:** add `proxmox_hardware_pci` data source ([#2799](https://github.com/bpg/terraform-provider-proxmox/issues/2799)) ([76618a1](https://github.com/bpg/terraform-provider-proxmox/commit/76618a142c643ecc6820822120c583508ddc5c2f)) ##### Miscellaneous - **cluster:** align cluster\_options with ADR-003/005 ([#2804](https://github.com/bpg/terraform-provider-proxmox/issues/2804)) ([829ba6b](https://github.com/bpg/terraform-provider-proxmox/commit/829ba6bafcf86e740ca3fe09838775390d83efc9)) - **deps:** update image golang ([`fcdb3e4`](https://github.com/bpg/terraform-provider-proxmox/commit/fcdb3e4) → [`5f3787b`](https://github.com/bpg/terraform-provider-proxmox/commit/5f3787b)) ([#2807](https://github.com/bpg/terraform-provider-proxmox/issues/2807)) ([d067ce0](https://github.com/bpg/terraform-provider-proxmox/commit/d067ce083ea1ed5ab849d06253fcc52c4cedd629)) ### [`v0.102.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01020-2026-04-14) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.101.1...v0.102.0) ##### ⚠ BREAKING CHANGES - **lxc:** use computed `cpu.units` value instead of hardcoded 1024 ([#2791](https://github.com/bpg/terraform-provider-proxmox/issues/2791)) ##### Features - **provider:** add `node_address_source` ssh attribute for DNS-based node resolution ([#2792](https://github.com/bpg/terraform-provider-proxmox/issues/2792)) ([87d0abb](https://github.com/bpg/terraform-provider-proxmox/commit/87d0abb07a08f67599051b2711e572f69e292a96)) - **vm:** add `upgrade` attribute to cloud-init initialization block ([#2788](https://github.com/bpg/terraform-provider-proxmox/issues/2788)) ([e828b52](https://github.com/bpg/terraform-provider-proxmox/commit/e828b52f5028b3def9231e2617ced4550a161f84)) - **vm:** wait for guest agent readiness before reboot ([#2790](https://github.com/bpg/terraform-provider-proxmox/issues/2790)) ([40317ec](https://github.com/bpg/terraform-provider-proxmox/commit/40317ec995ba22ed713457502e35277276d8458e)) ##### Bug Fixes - **example:** update /example/\* to use short aliases ([d6f1680](https://github.com/bpg/terraform-provider-proxmox/commit/d6f168092f16e76e3bc4e5cd90e86eb3fdb63815)) - **lxc:** use computed `cpu.units` value instead of hardcoded 1024 ([#2791](https://github.com/bpg/terraform-provider-proxmox/issues/2791)) ([b54e6c5](https://github.com/bpg/terraform-provider-proxmox/commit/b54e6c5ce014a74a7ffe3440800d3e9d6a194b18)) ##### Miscellaneous - **ci:** update actions/create-github-app-token action (v3.0.0 → v3.1.1) ([#2796](https://github.com/bpg/terraform-provider-proxmox/issues/2796)) ([8397ff6](https://github.com/bpg/terraform-provider-proxmox/commit/8397ff69c37d2ea3d67c84897f2046e83746ffc4)) - **ci:** update actions/setup-go digest ([`4b73464`](https://github.com/bpg/terraform-provider-proxmox/commit/4b73464) → [`4a36011`](https://github.com/bpg/terraform-provider-proxmox/commit/4a36011)) ([#2793](https://github.com/bpg/terraform-provider-proxmox/issues/2793)) ([bfbf78c](https://github.com/bpg/terraform-provider-proxmox/commit/bfbf78c3b803c3348d0de7d5f988ac8f15cc17fe)) - **ci:** update actions/upload-artifact digest ([`bbbca2d`](https://github.com/bpg/terraform-provider-proxmox/commit/bbbca2d) → [`043fb46`](https://github.com/bpg/terraform-provider-proxmox/commit/043fb46)) ([#2794](https://github.com/bpg/terraform-provider-proxmox/issues/2794)) ([5c82af8](https://github.com/bpg/terraform-provider-proxmox/commit/5c82af893e3c569fab33933ba575851359171a54)) - **ci:** update googleapis/release-please-action action (v4.4.0 → v4.4.1) ([#2798](https://github.com/bpg/terraform-provider-proxmox/issues/2798)) ([7b10d95](https://github.com/bpg/terraform-provider-proxmox/commit/7b10d9523c68054f5b2e78c2da48c138225c8bb2)) - **code:** update to use Golang 1.26.x ([#2785](https://github.com/bpg/terraform-provider-proxmox/issues/2785)) ([d2f3c70](https://github.com/bpg/terraform-provider-proxmox/commit/d2f3c7039fcffc28060077c8b83a70986f2ea75a)) - **deps:** update image golang ([`2a2b4b5`](https://github.com/bpg/terraform-provider-proxmox/commit/2a2b4b5) → [`fcdb3e4`](https://github.com/bpg/terraform-provider-proxmox/commit/fcdb3e4)) ([#2797](https://github.com/bpg/terraform-provider-proxmox/issues/2797)) ([32d0937](https://github.com/bpg/terraform-provider-proxmox/commit/32d09376caef3019f3dc733be8393cc1ad0227f4)) - **deps:** update module github.com/hashicorp/terraform-plugin-mux (v0.23.0 → v0.23.1) ([#2795](https://github.com/bpg/terraform-provider-proxmox/issues/2795)) ([19925da](https://github.com/bpg/terraform-provider-proxmox/commit/19925da906ed176b96f4550b4f4070adfdba159e)) - **docs:** codify audit-discovered conventions into ADR-003/004/005 ([#2787](https://github.com/bpg/terraform-provider-proxmox/issues/2787)) ([d8c8c75](https://github.com/bpg/terraform-provider-proxmox/commit/d8c8c75a46ff8b1f90dce9067ebc9332b145b3ac)) - **docs:** update links to reference bpg.sh for documentation ([b36528a](https://github.com/bpg/terraform-provider-proxmox/commit/b36528a6faf3012eca92bed4ed5e0ee1acef648f)) - **docs:** update upgrade.md guide ([befb41d](https://github.com/bpg/terraform-provider-proxmox/commit/befb41dc80f73c9e62e2e8199685821a8653aea0)) ### [`v0.101.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01011-2026-04-10) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.101.0...v0.101.1) ##### Bug Fixes - **docs:** add missing examples and import sections for short-name aliases ([#2784](https://github.com/bpg/terraform-provider-proxmox/issues/2784)) ([5f59d52](https://github.com/bpg/terraform-provider-proxmox/commit/5f59d5263d112163ba5fb8eaeff0ff1af459fda7)) ##### Miscellaneous - **ci:** Update actions/github-script action (v8 → v9) ([#2782](https://github.com/bpg/terraform-provider-proxmox/issues/2782)) ([c8c9823](https://github.com/bpg/terraform-provider-proxmox/commit/c8c98237d813d2b1b4963f342d139701a9ef499a)) - **deps:** update image golang (1.26.1 → 1.26.2) ([#2778](https://github.com/bpg/terraform-provider-proxmox/issues/2778)) ([6805a82](https://github.com/bpg/terraform-provider-proxmox/commit/6805a82aae8a84fa7ab10e2ee48113001d2e373a)) - **deps:** update image golang ([`595c784`](https://github.com/bpg/terraform-provider-proxmox/commit/595c784) → [`cd78d88`](https://github.com/bpg/terraform-provider-proxmox/commit/cd78d88)) ([#2777](https://github.com/bpg/terraform-provider-proxmox/issues/2777)) ([ef0c04d](https://github.com/bpg/terraform-provider-proxmox/commit/ef0c04db7285be60474accc6c5caec3a99bf09f2)) - **deps:** update module golang.org/x/crypto (v0.49.0 → v0.50.0) ([#2780](https://github.com/bpg/terraform-provider-proxmox/issues/2780)) ([a963a30](https://github.com/bpg/terraform-provider-proxmox/commit/a963a30ef9dfdeb9988369700053132e44d00c9a)) - **deps:** update module golang.org/x/net (v0.52.0 → v0.53.0) ([#2781](https://github.com/bpg/terraform-provider-proxmox/issues/2781)) ([d167c32](https://github.com/bpg/terraform-provider-proxmox/commit/d167c32feb8cea5eb4dbe3068d5441da534c8300)) ### [`v0.101.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01010-2026-04-09) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.100.0...v0.101.0) ##### ⚠ BREAKING CHANGES - **vm:** fix and improve VM datasources, deprecate SDK datasource ([#2764](https://github.com/bpg/terraform-provider-proxmox/issues/2764)) ##### Features - **core:** surface PVE task warnings from VM/container operations ([#2761](https://github.com/bpg/terraform-provider-proxmox/issues/2761)) ([28850c8](https://github.com/bpg/terraform-provider-proxmox/commit/28850c82c257bed169f0bb878fe92372f37a162a)) - **lxc:** add `cpu.limit` attribute for containers ([#2744](https://github.com/bpg/terraform-provider-proxmox/issues/2744)) ([cb25180](https://github.com/bpg/terraform-provider-proxmox/commit/cb25180262b01eb61fa30194f9926cb1fb016e0a)) - **lxc:** add `full` flag to clone block ([#2755](https://github.com/bpg/terraform-provider-proxmox/issues/2755)) ([f7010e1](https://github.com/bpg/terraform-provider-proxmox/commit/f7010e1de932c2e7c3c3aa4964d67484d5e2bed5)) - **network:** add linux bond interface resource ([5db6deb](https://github.com/bpg/terraform-provider-proxmox/commit/5db6deb0ac7ae3bebb28adce96be8f36b9bc2a1f)), closes [#1980](https://github.com/bpg/terraform-provider-proxmox/issues/1980) ##### Bug Fixes - **docs:** add storage import docs ([#2759](https://github.com/bpg/terraform-provider-proxmox/issues/2759)) ([079902f](https://github.com/bpg/terraform-provider-proxmox/commit/079902ff7733613202269b9d454e98892bf20f4e)) - **hwmapping,ha:** better 'not-found' detection in read and delete ([#2767](https://github.com/bpg/terraform-provider-proxmox/issues/2767)) ([ac53f8c](https://github.com/bpg/terraform-provider-proxmox/commit/ac53f8c19e500395e313171dce43fdc40ff203f5)) - **network:** adjust Linux Bridge name validator to PVE UI constraint ([#2762](https://github.com/bpg/terraform-provider-proxmox/issues/2762)) ([190f7fa](https://github.com/bpg/terraform-provider-proxmox/commit/190f7fab74cc27ebacb267b84307f111779d71aa)) - **network:** improve consistency of linux network interface resources ([#2776](https://github.com/bpg/terraform-provider-proxmox/issues/2776)) ([57a97ce](https://github.com/bpg/terraform-provider-proxmox/commit/57a97ce4cce760756cf63706c5ed583f84faceb2)) - **vm:** fix and improve VM datasources, deprecate SDK datasource ([#2764](https://github.com/bpg/terraform-provider-proxmox/issues/2764)) ([0ce6d0c](https://github.com/bpg/terraform-provider-proxmox/commit/0ce6d0c0b936a6183508c8c41f4260649903057f)) - **vm:** use move\_disk API for EFI disk and TPM state storage migration ([#2757](https://github.com/bpg/terraform-provider-proxmox/issues/2757)) ([c78c873](https://github.com/bpg/terraform-provider-proxmox/commit/c78c8735727f4619981b3548cd1c8b303108cd79)) ##### Miscellaneous - **deps:** update module github.com/hashicorp/go-version (v1.8.0 → v1.9.0) ([#2760](https://github.com/bpg/terraform-provider-proxmox/issues/2760)) ([7362ba5](https://github.com/bpg/terraform-provider-proxmox/commit/7362ba5ed2b2b9790593572c1a82d7feddd487ac)) - **docs:** update terraform local (2.7.0 → 2.8.0) ([#2765](https://github.com/bpg/terraform-provider-proxmox/issues/2765)) ([0424b01](https://github.com/bpg/terraform-provider-proxmox/commit/0424b0169e3041db538b13abca391b148479aaa6)) ### [`v0.100.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01000-2026-04-01) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.99.0...v0.100.0) ##### ⚠ BREAKING CHANGES - **vm:** set power state of VM centrally ([#2508](https://github.com/bpg/terraform-provider-proxmox/issues/2508)) ##### Features - **access:** add short-name aliases for access resources ([#2720](https://github.com/bpg/terraform-provider-proxmox/issues/2720)) ([8b690cf](https://github.com/bpg/terraform-provider-proxmox/commit/8b690cf835a507cf7c631b966815277f0d14fe42)) - **acme:** add short-name aliases for ACME resources ([#2721](https://github.com/bpg/terraform-provider-proxmox/issues/2721)) ([d386759](https://github.com/bpg/terraform-provider-proxmox/commit/d386759ffca09a6d84eb06ff457a64b62022c2a7)) - **cluster:** add short-name aliases for cluster resources ([#2725](https://github.com/bpg/terraform-provider-proxmox/issues/2725)) ([8fafc04](https://github.com/bpg/terraform-provider-proxmox/commit/8fafc043c699ea7cf4f2fefa71f5c8258a61c5da)) - **ha:** add short-name aliases for HA resources ([#2722](https://github.com/bpg/terraform-provider-proxmox/issues/2722)) ([acd0d9f](https://github.com/bpg/terraform-provider-proxmox/commit/acd0d9f7fdc15c3059a6cbeb02e49c1f0a26b532)) - **node:** add short-name aliases for node resources ([#2726](https://github.com/bpg/terraform-provider-proxmox/issues/2726)) ([33914d5](https://github.com/bpg/terraform-provider-proxmox/commit/33914d55808d25d97b9cf8123d54f501640dd290)) - **provider:** add short-name aliases for vm, version, and pool resources ([#2728](https://github.com/bpg/terraform-provider-proxmox/issues/2728)) ([38dca5a](https://github.com/bpg/terraform-provider-proxmox/commit/38dca5a91f1ea739e49e4b97e57d164f5570ad7b)) - **sdn:** add short-name aliases for SDN resources ([#2724](https://github.com/bpg/terraform-provider-proxmox/issues/2724)) ([0028588](https://github.com/bpg/terraform-provider-proxmox/commit/0028588ce3ed6a8808da5c50084755860e43d1ea)) - **storage:** add short-name aliases for storage resources ([#2727](https://github.com/bpg/terraform-provider-proxmox/issues/2727)) ([798f1ea](https://github.com/bpg/terraform-provider-proxmox/commit/798f1ea2f74186659601365589904691b1f91e7d)) ##### Bug Fixes - **cpu:** update docs, tests ([033b8f5](https://github.com/bpg/terraform-provider-proxmox/commit/033b8f5027eb2fdb83686de11bd4b67820201efb)) - **docs:** update broken doc links ([#2754](https://github.com/bpg/terraform-provider-proxmox/issues/2754)) ([b7d0242](https://github.com/bpg/terraform-provider-proxmox/commit/b7d0242a81a6bb3d36662ac1fab8b1dfe1d7eb83)) - **lychee:** update comments for clarity ([6fea54e](https://github.com/bpg/terraform-provider-proxmox/commit/6fea54e47f422cf03d0b3e333ff6eb96840c327c)) - **vm:** mark disk size as computed to prevent passthrough drift ([#2718](https://github.com/bpg/terraform-provider-proxmox/issues/2718)) ([cba4dd6](https://github.com/bpg/terraform-provider-proxmox/commit/cba4dd6936276e73a9411375378c8c05d9a5ddc9)) - **vm:** prevent disk resize revert when combined with config changes ([#2751](https://github.com/bpg/terraform-provider-proxmox/issues/2751)) ([f45cf78](https://github.com/bpg/terraform-provider-proxmox/commit/f45cf78cc7cba91ffe26f91feeb3cfcae5ad8a9a)) - **vm:** set power state of VM centrally ([#2508](https://github.com/bpg/terraform-provider-proxmox/issues/2508)) ([b8ceecd](https://github.com/bpg/terraform-provider-proxmox/commit/b8ceecd5afb2ab799b60dc90672c42538cb925b8)) - **vm:** support fractional cpulimit values ([#2745](https://github.com/bpg/terraform-provider-proxmox/issues/2745)) ([445e47c](https://github.com/bpg/terraform-provider-proxmox/commit/445e47c17c0764b0c1e3f8aadd73e9b505b8c06b)) ##### Miscellaneous - **core:** add migration helpers for resource type name rename (ADR-007) ([#2719](https://github.com/bpg/terraform-provider-proxmox/issues/2719)) ([b2bb732](https://github.com/bpg/terraform-provider-proxmox/commit/b2bb7324d2660cc79b520a02626086ed7971d7b5)) - **deps:** update golangci/golangci-lint (v2.11.3 → v2.11.4) ([#2729](https://github.com/bpg/terraform-provider-proxmox/issues/2729)) ([f95bc46](https://github.com/bpg/terraform-provider-proxmox/commit/f95bc4696720e2cb1bacac517301238a336812eb)) - **dev:** update ADRs and reference examples ([#2752](https://github.com/bpg/terraform-provider-proxmox/issues/2752)) ([15afbe8](https://github.com/bpg/terraform-provider-proxmox/commit/15afbe849fe9594e3be6cb0257b155ef41bcb3e0)) - **dev:** update code-review skill ([a7a489f](https://github.com/bpg/terraform-provider-proxmox/commit/a7a489f2924b70d5758deaebcd374b61653fc733)) - **docs:** document usage of ZFS storage in acc tests ([2eca921](https://github.com/bpg/terraform-provider-proxmox/commit/2eca921f9fde90bec3d883f46dc4b40a80638e04)) - **docs:** update FWK reference examples documentation ([c20d0be](https://github.com/bpg/terraform-provider-proxmox/commit/c20d0be5ab4a632b7c340e3781e7f60250a41d7f)) - **test:** add tier-based and resource-targeted test execution ([#2753](https://github.com/bpg/terraform-provider-proxmox/issues/2753)) ([31b4706](https://github.com/bpg/terraform-provider-proxmox/commit/31b4706600585700a4276c1b680ac3c5f58ef742)) - **test:** improve acceptance test stability and reliability ([#2746](https://github.com/bpg/terraform-provider-proxmox/issues/2746)) ([f54fca2](https://github.com/bpg/terraform-provider-proxmox/commit/f54fca2e1ff119ce4c6733dc9ba1034cc90e050c)) ### [`v0.99.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0990-2026-03-21) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.98.1...v0.99.0) ##### Features - **backup:** add `proxmox_backup_job` resource and `proxmox_backup_jobs` data source ([#2711](https://github.com/bpg/terraform-provider-proxmox/issues/2711)) ([92b3e88](https://github.com/bpg/terraform-provider-proxmox/commit/92b3e8856b1259319c23548fccb585b4c68a7adb)) - **file:** add `proxmox_files` data source ([#2703](https://github.com/bpg/terraform-provider-proxmox/issues/2703)) ([e848a57](https://github.com/bpg/terraform-provider-proxmox/commit/e848a5780816a9c525f6a224f4c0f028b8ec69e9)) - **ha:** add `proxmox_virtual_environment_harule` resource (PVE 9+) ([#2682](https://github.com/bpg/terraform-provider-proxmox/issues/2682)) ([31ab05a](https://github.com/bpg/terraform-provider-proxmox/commit/31ab05ac610c5caf0221cfd3c9b2c362052060d7)) - **provider:** add support for replication ([#2661](https://github.com/bpg/terraform-provider-proxmox/issues/2661)) ([ca9a5f7](https://github.com/bpg/terraform-provider-proxmox/commit/ca9a5f7c0029096790750d0d3f4b57507d57b4ba)) ##### Bug Fixes - **access:** remove overly restrictive `username_claim` validation on openid realm ([#2685](https://github.com/bpg/terraform-provider-proxmox/issues/2685)) ([7782dc5](https://github.com/bpg/terraform-provider-proxmox/commit/7782dc5d033a91dd0f1c962d0a3458c6497072a8)) - **ci:** correct repository reference in sync-docs workflow ([f225107](https://github.com/bpg/terraform-provider-proxmox/commit/f225107457e08a7a5b51fe51c51f3138d898f0b2)) - **ha:** handle nil Strict value in HARule and update API response validation ([3bf1e8c](https://github.com/bpg/terraform-provider-proxmox/commit/3bf1e8c764f009517123d86b7b14f46795927045)) - **lxc:** ignore warnings in container create and clone tasks ([#2701](https://github.com/bpg/terraform-provider-proxmox/issues/2701)) ([7f7e36d](https://github.com/bpg/terraform-provider-proxmox/commit/7f7e36d5a9193a86e17629c1dd58bada22a9ae6a)) - **vm:** reboot after disk resize when disk is not hotpluggable ([#2686](https://github.com/bpg/terraform-provider-proxmox/issues/2686)) ([4ffb2f1](https://github.com/bpg/terraform-provider-proxmox/commit/4ffb2f18688ec4b31e6e301782985a65e009aa67)) - **vm:** skip cloud-init device update when only config changed ([#2709](https://github.com/bpg/terraform-provider-proxmox/issues/2709)) ([46e8362](https://github.com/bpg/terraform-provider-proxmox/commit/46e8362cbce08e7fd0d44538dd43a28a85abbb17)) ##### Miscellaneous - **ci:** Update actions/create-github-app-token action (v2.2.1 → v3.0.0) ([#2698](https://github.com/bpg/terraform-provider-proxmox/issues/2698)) ([7983416](https://github.com/bpg/terraform-provider-proxmox/commit/798341634be600fcb4589138f0f8c6adddf654e7)) - **ci:** Update dorny/paths-filter action (v3.0.2 → v4.0.1) ([#2699](https://github.com/bpg/terraform-provider-proxmox/issues/2699)) ([9828faa](https://github.com/bpg/terraform-provider-proxmox/commit/9828faa09c7bd1642654aa11fc8263a8fa681527)) - **ci:** update jetbrains/qodana-action action (v2025.3.1 → v2025.3.2) ([#2712](https://github.com/bpg/terraform-provider-proxmox/issues/2712)) ([98e9407](https://github.com/bpg/terraform-provider-proxmox/commit/98e9407de5132176ea9c52a0f14296da6f0ef26f)) - **deps:** bump google.golang.org/grpc from 1.79.2 to 1.79.3 ([#2713](https://github.com/bpg/terraform-provider-proxmox/issues/2713)) ([c653d7c](https://github.com/bpg/terraform-provider-proxmox/commit/c653d7c190cdd2f1a0664c23229a4641b69efae3)) - **deps:** update github.com/hashicorp/terraform-plugin-\* ([#2693](https://github.com/bpg/terraform-provider-proxmox/issues/2693)) ([db6522f](https://github.com/bpg/terraform-provider-proxmox/commit/db6522fd4ab9ea54beb1b59ade2835fe47ca6af2)) - **deps:** update golangci/golangci-lint ([#2670](https://github.com/bpg/terraform-provider-proxmox/issues/2670)) ([979ce29](https://github.com/bpg/terraform-provider-proxmox/commit/979ce29246bc6f3ff2b54184b2bffc0e25cf0f5d)) - **deps:** update golangci/golangci-lint (v2.11.2 → v2.11.3) ([#2692](https://github.com/bpg/terraform-provider-proxmox/issues/2692)) ([a737b37](https://github.com/bpg/terraform-provider-proxmox/commit/a737b37cd2cea8aa4c786ba875ba42c995ab58c8)) - **deps:** update image golang ([`c7e98cc`](https://github.com/bpg/terraform-provider-proxmox/commit/c7e98cc) → [`595c784`](https://github.com/bpg/terraform-provider-proxmox/commit/595c784)) ([#2708](https://github.com/bpg/terraform-provider-proxmox/issues/2708)) ([d6339f9](https://github.com/bpg/terraform-provider-proxmox/commit/d6339f9333c18f3127cdf24d31161f5cf2df9341)) - **deps:** update image golang ([`e2ddb15`](https://github.com/bpg/terraform-provider-proxmox/commit/e2ddb15) → [`c7e98cc`](https://github.com/bpg/terraform-provider-proxmox/commit/c7e98cc)) ([#2691](https://github.com/bpg/terraform-provider-proxmox/issues/2691)) ([c33b2ab](https://github.com/bpg/terraform-provider-proxmox/commit/c33b2ab481c76a2d746e89b31267b2ae186a942c)) - **deps:** update module golang.org/x/crypto (v0.48.0 → v0.49.0) ([#2696](https://github.com/bpg/terraform-provider-proxmox/issues/2696)) ([e7484c2](https://github.com/bpg/terraform-provider-proxmox/commit/e7484c292907c35c8444650ad2eea2690de93e9e)) - **deps:** update module golang.org/x/net (v0.51.0 → v0.52.0) ([#2697](https://github.com/bpg/terraform-provider-proxmox/issues/2697)) ([951bc29](https://github.com/bpg/terraform-provider-proxmox/commit/951bc292fc5efb7f420ea0cd21e8811dfdfd726b)) - **dev:** introduce ADR-007 for resource type name migration to shorter prefix ([1c07f6d](https://github.com/bpg/terraform-provider-proxmox/commit/1c07f6d9c958c11dd05721bbfd74bba3155b119a)) ### [`v0.98.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0981-2026-03-09) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.98.0...v0.98.1) ##### Bug Fixes - **pool:** support nested pool IDs in API endpoints ([#2680](https://github.com/bpg/terraform-provider-proxmox/issues/2680)) ([c6c726b](https://github.com/bpg/terraform-provider-proxmox/commit/c6c726b6af4396c870c2572561523634c7634cc4)) - **provider:** preserve null `tos` in ACME account when API returns empty string ([#2672](https://github.com/bpg/terraform-provider-proxmox/issues/2672)) ([f9bbd7d](https://github.com/bpg/terraform-provider-proxmox/commit/f9bbd7dd97a2b459e73b06627e415dc2198fde42)) - **vm:** replace enumerated network and IP config fields with dynamic unmarshaling ([#2679](https://github.com/bpg/terraform-provider-proxmox/issues/2679)) ([e5b2771](https://github.com/bpg/terraform-provider-proxmox/commit/e5b277145c719ce5f99e4e38d2277a87546b921f)) - **vm:** support removal of network devices from VM configuration ([#2674](https://github.com/bpg/terraform-provider-proxmox/issues/2674)) ([9b5a978](https://github.com/bpg/terraform-provider-proxmox/commit/9b5a9786e14e2d852ef362fb238494f54a02405e)) ##### Miscellaneous - **deps:** update image golang (1.26.0 → 1.26.1) ([#2669](https://github.com/bpg/terraform-provider-proxmox/issues/2669)) ([9a8d85b](https://github.com/bpg/terraform-provider-proxmox/commit/9a8d85b43fb51b550e49566257ed670b827572de)) - **docs:** clarify example prerequisites for SSH, node name, timezone, and DHCP ([8f97a34](https://github.com/bpg/terraform-provider-proxmox/commit/8f97a34a7f631d925abec12a0254ddded04e36d9)) - **vm:** deprecate 'enabled' attribute on 'network\_device' block ([#2678](https://github.com/bpg/terraform-provider-proxmox/issues/2678)) ([65b809d](https://github.com/bpg/terraform-provider-proxmox/commit/65b809d6205337f023c78b22f442d2d5e3606530)) ### [`v0.98.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0980-2026-03-06) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.97.1...v0.98.0) ##### Features - **access:** add OpenID Connect realm resource and documentation ([#2655](https://github.com/bpg/terraform-provider-proxmox/issues/2655)) ([51c7535](https://github.com/bpg/terraform-provider-proxmox/commit/51c75354e0aae13c1f7b7e16bf0091b8a5fa526d)) - **lxc:** add support for `entrypoint` attribute ([#2543](https://github.com/bpg/terraform-provider-proxmox/issues/2543)) ([178a8ad](https://github.com/bpg/terraform-provider-proxmox/commit/178a8add4a738c1409184af1983f33966e8c5cb7)) ##### Bug Fixes - **lxc:** wrong mapping of `ignore-unpack-errors` attr in `create` API request ([8fe621d](https://github.com/bpg/terraform-provider-proxmox/commit/8fe621ddd6132c7131fa26e10e81b592241d9c3f)) - **vm:** add `started` attribute to `cloned_vm` resource ([#2666](https://github.com/bpg/terraform-provider-proxmox/issues/2666)) ([d9b292a](https://github.com/bpg/terraform-provider-proxmox/commit/d9b292ab05309e934873ebff8f0d16ef56b2e474)) ##### Miscellaneous - **ci:** Update crazy-max/ghaction-import-gpg action (v6.3.0 → v7.0.0) ([#2665](https://github.com/bpg/terraform-provider-proxmox/issues/2665)) ([e77ea1e](https://github.com/bpg/terraform-provider-proxmox/commit/e77ea1ed79752a5533c9bbf5fb902befac63f691)) - **ci:** Update peter-evans/repository-dispatch action (v3 → v4) ([#2653](https://github.com/bpg/terraform-provider-proxmox/issues/2653)) ([3408558](https://github.com/bpg/terraform-provider-proxmox/commit/34085582164e9c56933ca4c3b781b1492d021317)) - **deps:** bump cloudflare/circl to v1.6.3 ([da4b6ab](https://github.com/bpg/terraform-provider-proxmox/commit/da4b6ab101e6eefc96d450c0b602d8070bd3ff0f)) - **deps:** update image golang ([`9edf713`](https://github.com/bpg/terraform-provider-proxmox/commit/9edf713) → [`fb612b7`](https://github.com/bpg/terraform-provider-proxmox/commit/fb612b7)) ([#2663](https://github.com/bpg/terraform-provider-proxmox/issues/2663)) ([369254f](https://github.com/bpg/terraform-provider-proxmox/commit/369254f78dc25017159e6d9ad4dedb77c6347386)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.14.0 → v7.14.1) ([#2664](https://github.com/bpg/terraform-provider-proxmox/issues/2664)) ([b25f773](https://github.com/bpg/terraform-provider-proxmox/commit/b25f773aaaea96716ab91339a3997a730c070867)) - **docs:** fix broken links ([c792dc9](https://github.com/bpg/terraform-provider-proxmox/commit/c792dc93827658741d5339a90d00422b0daf242c)) - **docs:** remove TOC section from the main documentation page ([d6638f7](https://github.com/bpg/terraform-provider-proxmox/commit/d6638f79e13bc2196728eebc7df253915f0449b1)) - **docs:** update badge links in readme.md ([7de7db1](https://github.com/bpg/terraform-provider-proxmox/commit/7de7db1ad516a874ad3b6189d1e5e8447f8980f7)) - **docs:** update os type `l26` linux kernel range for vm ([#2657](https://github.com/bpg/terraform-provider-proxmox/issues/2657)) ([cdd7356](https://github.com/bpg/terraform-provider-proxmox/commit/cdd7356f5333f516c4edee63530ce4fc9ff76838)) - **docs:** update shields in readme.md ([8988f21](https://github.com/bpg/terraform-provider-proxmox/commit/8988f21eecb56b10a6f4ec7dcb596e45d77fa96b)) - **docs:** update terraform proxmox (0.97.0 → 0.97.1) ([#2648](https://github.com/bpg/terraform-provider-proxmox/issues/2648)) ([6811fb3](https://github.com/bpg/terraform-provider-proxmox/commit/6811fb3b749ff313dfd082b09459b9fe9d3c6eb8)) - **fwk:** standardize model files ([#2651](https://github.com/bpg/terraform-provider-proxmox/issues/2651)) ([911d8d3](https://github.com/bpg/terraform-provider-proxmox/commit/911d8d3430d5f416f24dd6ec3dc018be51694b2e)) ### [`v0.97.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0971-2026-02-27) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.97.0...v0.97.1) ##### Bug Fixes - **firewall:** handle missing security group in `Read` and fix id override `Create` ([#2647](https://github.com/bpg/terraform-provider-proxmox/issues/2647)) ([f526c39](https://github.com/bpg/terraform-provider-proxmox/commit/f526c3992321de337efa4d420549aa2baa9b4e48)) - **hwmapping:** enable nested USB hubs ([#2636](https://github.com/bpg/terraform-provider-proxmox/issues/2636)) ([d42fe74](https://github.com/bpg/terraform-provider-proxmox/commit/d42fe74c75c788a575aee92c4a80da4a18fa22c7)) - **vm,lxc:** add name validation ([#2631](https://github.com/bpg/terraform-provider-proxmox/issues/2631)) ([53cce6f](https://github.com/bpg/terraform-provider-proxmox/commit/53cce6fb4302ab9c0f9f697f24718afc35d3bfe0)) - **vm:** allow adding EFI disk without forcing VM replacement ([#2645](https://github.com/bpg/terraform-provider-proxmox/issues/2645)) ([d636403](https://github.com/bpg/terraform-provider-proxmox/commit/d63640316c1499aa0c61b2ba301470685b4d6b6d)) ##### Miscellaneous - **ci:** Update actions/attest-build-provenance action (v3 → v4) ([#2641](https://github.com/bpg/terraform-provider-proxmox/issues/2641)) ([de5f833](https://github.com/bpg/terraform-provider-proxmox/commit/de5f8334517f44e602fff28e31307d8d0c91eb3f)) - **ci:** update actions/setup-go digest ([`7a3fe6c`](https://github.com/bpg/terraform-provider-proxmox/commit/7a3fe6c) → [`4b73464`](https://github.com/bpg/terraform-provider-proxmox/commit/4b73464)) ([#2643](https://github.com/bpg/terraform-provider-proxmox/issues/2643)) ([9af341a](https://github.com/bpg/terraform-provider-proxmox/commit/9af341a94a2dfbf6e7df9762d94934a9e50d4bf1)) - **ci:** Update actions/upload-artifact action (v6 → v7) ([#2642](https://github.com/bpg/terraform-provider-proxmox/issues/2642)) ([4d84904](https://github.com/bpg/terraform-provider-proxmox/commit/4d84904b5764957ae66a600f3888aa681715e855)) - **ci:** Update hashicorp/setup-terraform action ([#2635](https://github.com/bpg/terraform-provider-proxmox/issues/2635)) ([af078b7](https://github.com/bpg/terraform-provider-proxmox/commit/af078b7dab3638b8d9da87f7acbc59ba1c3170c1)) - **ci:** update lycheeverse/lychee-action action (v2.7.0 → v2.8.0) ([#2638](https://github.com/bpg/terraform-provider-proxmox/issues/2638)) ([5271851](https://github.com/bpg/terraform-provider-proxmox/commit/5271851dc97a143db6a7870cfb8d549d52c2f1fd)) - **deps:** update github.com/hashicorp/terraform-plugin-\* ([#2634](https://github.com/bpg/terraform-provider-proxmox/issues/2634)) ([345f785](https://github.com/bpg/terraform-provider-proxmox/commit/345f785b7026dbeaf87c3751b3531c46380a1f8c)) - **deps:** update image golang ([`c83e68f`](https://github.com/bpg/terraform-provider-proxmox/commit/c83e68f) → [`9edf713`](https://github.com/bpg/terraform-provider-proxmox/commit/9edf713)) ([#2633](https://github.com/bpg/terraform-provider-proxmox/issues/2633)) ([c47a705](https://github.com/bpg/terraform-provider-proxmox/commit/c47a70569b7842ece5bc9e8f6f4c3b17c269dac0)) - **deps:** update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.2 → v2.39.0) ([#2639](https://github.com/bpg/terraform-provider-proxmox/issues/2639)) ([8b3bff1](https://github.com/bpg/terraform-provider-proxmox/commit/8b3bff197e7ea8a5be85effa65759443ef976a8b)) - **deps:** update module golang.org/x/net (v0.50.0 → v0.51.0) ([#2640](https://github.com/bpg/terraform-provider-proxmox/issues/2640)) ([587d1fe](https://github.com/bpg/terraform-provider-proxmox/commit/587d1feb7b8d6492741f9975ba807fef50193e1a)) - **docs:** add vm-lifecycle, multi-node, and upgrade guides ([#2628](https://github.com/bpg/terraform-provider-proxmox/issues/2628)) ([d2b8729](https://github.com/bpg/terraform-provider-proxmox/commit/d2b87294e72181caa12ccae497a3d4bf7837b766)) ### [`v0.97.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0970-2026-02-23) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.96.0...v0.97.0) ##### Features - **lxc:** implement idmap support via SSH config file editing ([#2579](https://github.com/bpg/terraform-provider-proxmox/issues/2579)) ([63334e1](https://github.com/bpg/terraform-provider-proxmox/commit/63334e163fe4562dce7cbfbc446d6a77b5671a62)) ##### Bug Fixes - **ci:** exclude ARM architecture for Windows builds in goreleaser ([9c268a5](https://github.com/bpg/terraform-provider-proxmox/commit/9c268a57504ba61a7516069c4478d88d0e746a86)) - **docs:** clarify SSH password inheritance with API token auth ([#2624](https://github.com/bpg/terraform-provider-proxmox/issues/2624)) ([d453924](https://github.com/bpg/terraform-provider-proxmox/commit/d4539245714a3d243d0343bf7b85e1c3a4451642)) - **firewall:** handle "already exists" error in SG and IPSet create ([#2627](https://github.com/bpg/terraform-provider-proxmox/issues/2627)) ([06f3c6f](https://github.com/bpg/terraform-provider-proxmox/commit/06f3c6f9ff78db56ddcb2db2a7db6f655898a3d1)) - **firewall:** update rules with position awareness ([#2593](https://github.com/bpg/terraform-provider-proxmox/issues/2593)) ([2bd6b98](https://github.com/bpg/terraform-provider-proxmox/commit/2bd6b98a004380e02ff672251cb841dd279a4a07)) - **lxc, vm:** add retries for LXC operations, unify retry logic into shared package ([#2616](https://github.com/bpg/terraform-provider-proxmox/issues/2616)) ([39c0198](https://github.com/bpg/terraform-provider-proxmox/commit/39c01984184eed019dcad8b8f6f4c8660bd05060)) - **storage:** unknown `encryption_key_fingerprint` after PBS apply ([#2625](https://github.com/bpg/terraform-provider-proxmox/issues/2625)) ([82c49fd](https://github.com/bpg/terraform-provider-proxmox/commit/82c49fdc87c182a0d71ed705320c8aa265f8d793)) - **vm:** preserve disk deletions in update request ([#2614](https://github.com/bpg/terraform-provider-proxmox/issues/2614)) ([b12111f](https://github.com/bpg/terraform-provider-proxmox/commit/b12111fa5d29b27349569500675515f140de1da6)) - **vm:** remove duplicate line in ipConfigObjects ([#2618](https://github.com/bpg/terraform-provider-proxmox/issues/2618)) ([0a4ab5b](https://github.com/bpg/terraform-provider-proxmox/commit/0a4ab5beee272c95bb3c9887adcfebf08e4aa3f3)) - **vm:** skip cdrom devices during disk read-back on import ([#2626](https://github.com/bpg/terraform-provider-proxmox/issues/2626)) ([64c2db2](https://github.com/bpg/terraform-provider-proxmox/commit/64c2db25f60c35a1d61bbf9a2eb9ac87cd34ccf2)) ##### Miscellaneous - **ci:** update actions/stale digest ([`9971854`](https://github.com/bpg/terraform-provider-proxmox/commit/9971854) → [`b5d41d4`](https://github.com/bpg/terraform-provider-proxmox/commit/b5d41d4)) ([#2611](https://github.com/bpg/terraform-provider-proxmox/issues/2611)) ([fcead36](https://github.com/bpg/terraform-provider-proxmox/commit/fcead36a03f65c7e538ed6ceb1c2a5af4dcd9ee8)) - **ci:** Update goreleaser/goreleaser-action action (v6.4.0 → v7.0.0) ([#2623](https://github.com/bpg/terraform-provider-proxmox/issues/2623)) ([f7ab67d](https://github.com/bpg/terraform-provider-proxmox/commit/f7ab67de8338be8d9341da1b7de65c44e1f35f92)) - **deps:** update golangci/golangci-lint (v2.9.0 → v2.10.1) ([#2603](https://github.com/bpg/terraform-provider-proxmox/issues/2603)) ([3e64ec4](https://github.com/bpg/terraform-provider-proxmox/commit/3e64ec42e28b962b528fd103107a985637f1e7f8)) - **docs:** update terraform local (2.6.2 → 2.7.0) ([#2612](https://github.com/bpg/terraform-provider-proxmox/issues/2612)) ([6da27f6](https://github.com/bpg/terraform-provider-proxmox/commit/6da27f6042997d8d32062824685ebe95ea5af93d)) ### [`v0.96.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0960-2026-02-18) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.95.0...v0.96.0) ##### Features - **cluster:** add otel options to metrics server resource ([#2595](https://github.com/bpg/terraform-provider-proxmox/issues/2595)) ([32dfac8](https://github.com/bpg/terraform-provider-proxmox/commit/32dfac87b9689a1ad768e8a12e03606ad8398006)) - **network:** add configurable timeout for network reload operations ([#2573](https://github.com/bpg/terraform-provider-proxmox/issues/2573)) ([ed8593d](https://github.com/bpg/terraform-provider-proxmox/commit/ed8593db8de12bbb3ab940ee4db1e887d4205b53)) ##### Bug Fixes - **cluster:** fix `Description` body-building bug and standardize delete handling in options ([#2601](https://github.com/bpg/terraform-provider-proxmox/issues/2601)) ([a704bb1](https://github.com/bpg/terraform-provider-proxmox/commit/a704bb17e7ec78bf7a1bf03451575e95b20aaee3)) - **file:** retry read-back after upload for distributed storage consistency ([#2571](https://github.com/bpg/terraform-provider-proxmox/issues/2571)) ([989a4ba](https://github.com/bpg/terraform-provider-proxmox/commit/989a4bad8fcd93914492a8deb190125dfbc66ad2)) - **hwmapping:** add comment validator, fix acceptance tests ([#2609](https://github.com/bpg/terraform-provider-proxmox/issues/2609)) ([f943051](https://github.com/bpg/terraform-provider-proxmox/commit/f943051bd79bd2f5d9e478eee595c524818fb2dd)) - **network:** properly delete cidr/cidr6 when address is removed from linux ([#2587](https://github.com/bpg/terraform-provider-proxmox/issues/2587)) ([a52a11f](https://github.com/bpg/terraform-provider-proxmox/commit/a52a11ff461d3b2a650cfa61d4dcebcdf1ce45e2)) - **network:** properly delete optional fields when removed from VLAN config ([#2599](https://github.com/bpg/terraform-provider-proxmox/issues/2599)) ([d0f1704](https://github.com/bpg/terraform-provider-proxmox/commit/d0f17048766efdb0a139e13c607e1507acba3c2a)) - **node:** add CPU utilization to node data source ([#2605](https://github.com/bpg/terraform-provider-proxmox/issues/2605)) ([1a1cbbb](https://github.com/bpg/terraform-provider-proxmox/commit/1a1cbbb2b205d9e0cbd2e29eb2c8dfbbb2dec8d9)) - **sdn:** avoid mtu=0 when omitted for sdn zones ([#2584](https://github.com/bpg/terraform-provider-proxmox/issues/2584)) ([66c43d8](https://github.com/bpg/terraform-provider-proxmox/commit/66c43d8366dc2957926887c2ee08d1066d8de781)) - **sdn:** better `apply` resiliency, fix import of a pending zone ([#2610](https://github.com/bpg/terraform-provider-proxmox/issues/2610)) ([a9ea3c1](https://github.com/bpg/terraform-provider-proxmox/commit/a9ea3c14c93877cea587d0cbc8261371a7b40e9a)) - **vm:** clean up orphaned re-import code and clarify `import_from` as create-only ([#2568](https://github.com/bpg/terraform-provider-proxmox/issues/2568)) ([2160f00](https://github.com/bpg/terraform-provider-proxmox/commit/2160f00e624ff83e954574c87dbdb2c542739f4b)) ##### Miscellaneous - **core:** unify Delete field type across API client structs ([#2604](https://github.com/bpg/terraform-provider-proxmox/issues/2604)) ([d6a66f4](https://github.com/bpg/terraform-provider-proxmox/commit/d6a66f445fbb164aae998d5d28e7bb24d121bcdc)) - **deps:** update golangci/golangci-lint (v2.8.0 → v2.9.0) ([#2589](https://github.com/bpg/terraform-provider-proxmox/issues/2589)) ([ee0f07f](https://github.com/bpg/terraform-provider-proxmox/commit/ee0f07f1577f77f19a1c384464eab35441dedc14)) - **deps:** update image golang (1.25.7 → 1.26.0) ([#2590](https://github.com/bpg/terraform-provider-proxmox/issues/2590)) ([8f5d598](https://github.com/bpg/terraform-provider-proxmox/commit/8f5d598b8ac927f430aa87eaaea45ac061d9a7cc)) - **deps:** update module golang.org/x/crypto (v0.47.0 → v0.48.0) ([#2591](https://github.com/bpg/terraform-provider-proxmox/issues/2591)) ([43c295b](https://github.com/bpg/terraform-provider-proxmox/commit/43c295b014118bcf9768ca81fbf1c1daa6ba771a)) - **deps:** update module golang.org/x/net (v0.49.0 → v0.50.0) ([#2592](https://github.com/bpg/terraform-provider-proxmox/issues/2592)) ([7b83dd8](https://github.com/bpg/terraform-provider-proxmox/commit/7b83dd872b9caf49056bea48fa145f1cec9ae898)) - **test:** do not run SDN acceptance tests in parallel ([#2607](https://github.com/bpg/terraform-provider-proxmox/issues/2607)) ([ac1fabd](https://github.com/bpg/terraform-provider-proxmox/commit/ac1fabd6c108da320ef5eda0b7a10563f9870e65)) - **test:** fix parallel VM tests execution ([#2608](https://github.com/bpg/terraform-provider-proxmox/issues/2608)) ([09500be](https://github.com/bpg/terraform-provider-proxmox/commit/09500be52827f7d273058834ae4c660b722ce89c)) ### [`v0.95.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0950-2026-02-08) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.94.0...v0.95.0) ##### ⚠ BREAKING CHANGES - **node:** correct `cpu_count` inconsistency between `_node` and `_nodes` data sources ([#2559](https://github.com/bpg/terraform-provider-proxmox/issues/2559)) ##### Bug Fixes - **docs:** update PR title guidelines for breaking changes and contributor notes ([d884c4a](https://github.com/bpg/terraform-provider-proxmox/commit/d884c4aaccac54ba641ffe3e91dff34bee6dccb2)) - **lxc:** apply start\_on\_boot and features on clone and update ([#2562](https://github.com/bpg/terraform-provider-proxmox/issues/2562)) ([b21616a](https://github.com/bpg/terraform-provider-proxmox/commit/b21616a0bd37e48e18307a9cadd2ca47ef209e7a)) - **node:** correct `cpu_count` inconsistency between `_node` and `_nodes` data sources ([#2559](https://github.com/bpg/terraform-provider-proxmox/issues/2559)) ([c4d8d6b](https://github.com/bpg/terraform-provider-proxmox/commit/c4d8d6b17d7140fcd21e901a817d2688111dd6bf)) - **vm:** apply custom timeouts on update operations ([#2561](https://github.com/bpg/terraform-provider-proxmox/issues/2561)) ([e9bb225](https://github.com/bpg/terraform-provider-proxmox/commit/e9bb22571d1dd1db10fe961b44a0f6dadbab91c1)) - **vm:** correctly update hotpluggable devices ([#2556](https://github.com/bpg/terraform-provider-proxmox/issues/2556)) ([9d4155a](https://github.com/bpg/terraform-provider-proxmox/commit/9d4155aeafad16b31f728df30649c79879685e61)) - **vm:** reboot before disk resize to prevent pending changes from reverting size ([#2563](https://github.com/bpg/terraform-provider-proxmox/issues/2563)) ([3465c84](https://github.com/bpg/terraform-provider-proxmox/commit/3465c84cbc5f8e2f3f79acdf9519aa181eb66607)) ##### Miscellaneous - **ci:** Update actions/checkout action (v4.2.2 → v6.0.2) ([#2554](https://github.com/bpg/terraform-provider-proxmox/issues/2554)) ([9262783](https://github.com/bpg/terraform-provider-proxmox/commit/9262783b80d08a3bd40d81aeaa9d00a37ff02c32)) - **ci:** update actions/checkout digest ([`8e8c483`](https://github.com/bpg/terraform-provider-proxmox/commit/8e8c483) → [`de0fac2`](https://github.com/bpg/terraform-provider-proxmox/commit/de0fac2)) ([#2557](https://github.com/bpg/terraform-provider-proxmox/issues/2557)) ([db2bba1](https://github.com/bpg/terraform-provider-proxmox/commit/db2bba15922b54f28ed06efa4b5d84e41f2e0e13)) - **deps:** update image golang ([`011d6e2`](https://github.com/bpg/terraform-provider-proxmox/commit/011d6e2) → [`cc73743`](https://github.com/bpg/terraform-provider-proxmox/commit/cc73743)) ([#2564](https://github.com/bpg/terraform-provider-proxmox/issues/2564)) ([5b10da9](https://github.com/bpg/terraform-provider-proxmox/commit/5b10da9f2d4a8b9435b776a0c2a5d246372d672e)) - **deps:** update image golang (1.25.6 → 1.25.7) ([#2552](https://github.com/bpg/terraform-provider-proxmox/issues/2552)) ([d148eb0](https://github.com/bpg/terraform-provider-proxmox/commit/d148eb08d3a7fcc26ae02e59058f98e28181d7fe)) - **deps:** update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.1 → v2.38.2) ([#2553](https://github.com/bpg/terraform-provider-proxmox/issues/2553)) ([aa1b8ce](https://github.com/bpg/terraform-provider-proxmox/commit/aa1b8cea32ee5f8c86109f49654c5c8528ed49ca)) - **dev:** update templates and define skills for LLM agent flows ([#2542](https://github.com/bpg/terraform-provider-proxmox/issues/2542)) ([615c670](https://github.com/bpg/terraform-provider-proxmox/commit/615c6705b20d8743ff81f440a89f55ed7a5728aa)) - **docs:** add Architecture Decision Records for the dev process ([#2546](https://github.com/bpg/terraform-provider-proxmox/issues/2546)) ([97317f6](https://github.com/bpg/terraform-provider-proxmox/commit/97317f6ef11a02d13fbdeec447cc48c6f87cbafd)) - **docs:** add notice to enable 'Import' content type to allow its use with file resources ([#2558](https://github.com/bpg/terraform-provider-proxmox/issues/2558)) ([90ce565](https://github.com/bpg/terraform-provider-proxmox/commit/90ce565e7dc855fc9855d3d0f29c3e41504364d9)) - **docs:** fix links in DEBUGGING.md ([8beb699](https://github.com/bpg/terraform-provider-proxmox/commit/8beb699d395d135283874852288335ecc633cdbd)) ### [`v0.94.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0940-2026-02-02) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.93.1...v0.94.0) ##### Features - **firewall:** add `proxmox_virtual_environment_node_firewall` ([#2502](https://github.com/bpg/terraform-provider-proxmox/issues/2502)) ([d45f269](https://github.com/bpg/terraform-provider-proxmox/commit/d45f26920e7ff8266793d885c7ff3dddd6a6651f)) ##### Bug Fixes - **lxc:** provision mount points when cloning containers ([#2529](https://github.com/bpg/terraform-provider-proxmox/issues/2529)) ([67990d7](https://github.com/bpg/terraform-provider-proxmox/commit/67990d72c664a46c496097946ee48eddac29ae1a)), closes [#2518](https://github.com/bpg/terraform-provider-proxmox/issues/2518) [#2507](https://github.com/bpg/terraform-provider-proxmox/issues/2507) - **network:** update reload timeout and retry ([#2510](https://github.com/bpg/terraform-provider-proxmox/issues/2510)) ([f66b9dd](https://github.com/bpg/terraform-provider-proxmox/commit/f66b9dde260d740415990b7fc275f6564fecf712)) - **sdn:** correct EVPN resource handling and improvements to base zone ([#2501](https://github.com/bpg/terraform-provider-proxmox/issues/2501)) ([c159715](https://github.com/bpg/terraform-provider-proxmox/commit/c159715e4341e87168d73f1cc58e9ead2a15be82)) - **storage:** add validator for acceptable values for storage content and update docs ([#2519](https://github.com/bpg/terraform-provider-proxmox/issues/2519)) ([fc8b018](https://github.com/bpg/terraform-provider-proxmox/commit/fc8b0181b87e9c2dcb148fb2c81d92562e6e3230)) - **vm:** add missing cpu types ([#2499](https://github.com/bpg/terraform-provider-proxmox/issues/2499)) ([f51c8df](https://github.com/bpg/terraform-provider-proxmox/commit/f51c8dfd08360808d41201bb81fd2db1896a1238)) - **vm:** handle nil `ip_config` block in cloud-init during clone ([#2527](https://github.com/bpg/terraform-provider-proxmox/issues/2527)) ([4ed5433](https://github.com/bpg/terraform-provider-proxmox/commit/4ed543348ea5357874d8d4415252ceb8c835c3bb)) - **vm:** require reboot for CPU core or socket changes ([#2534](https://github.com/bpg/terraform-provider-proxmox/issues/2534)) ([3ca754c](https://github.com/bpg/terraform-provider-proxmox/commit/3ca754cf73439a9b0e817b07926e91806a42603a)), closes [#2516](https://github.com/bpg/terraform-provider-proxmox/issues/2516) ### [`v0.93.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0931-2026-01-31) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.93.0...v0.93.1) ##### Bug Fixes - **docs:** prevent path traversal in sudoers tee configuration ([#2524](https://github.com/bpg/terraform-provider-proxmox/issues/2524)) ([bd604c4](https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023)) ##### Miscellaneous - **ci:** update actions/checkout action (v6.0.1 → v6.0.2) ([#2521](https://github.com/bpg/terraform-provider-proxmox/issues/2521)) ([84e0b97](https://github.com/bpg/terraform-provider-proxmox/commit/84e0b97aa0d2fbc111e1db5432a97f98ed25ca6b)) - **ci:** update actions/setup-go digest ([`4dc6199`](https://github.com/bpg/terraform-provider-proxmox/commit/4dc6199) → [`7a3fe6c`](https://github.com/bpg/terraform-provider-proxmox/commit/7a3fe6c)) ([#2520](https://github.com/bpg/terraform-provider-proxmox/issues/2520)) ([1a1174c](https://github.com/bpg/terraform-provider-proxmox/commit/1a1174c73ce6089af1c66f006a51ff1acb99699f)) - **deps:** update image golang (1.25.5 → 1.25.6) ([#2504](https://github.com/bpg/terraform-provider-proxmox/issues/2504)) ([3e75bbb](https://github.com/bpg/terraform-provider-proxmox/commit/3e75bbb41f3b967f7602bb38182052518bcedbfd)) - **deps:** update image golang ([`6cc2338`](https://github.com/bpg/terraform-provider-proxmox/commit/6cc2338) → [`8bbd140`](https://github.com/bpg/terraform-provider-proxmox/commit/8bbd140)) ([#2503](https://github.com/bpg/terraform-provider-proxmox/issues/2503)) ([d087c97](https://github.com/bpg/terraform-provider-proxmox/commit/d087c97870d992711a6131ac1913e19af2f936b1)) - **deps:** update module golang.org/x/net (v0.48.0 → v0.49.0) ([#2506](https://github.com/bpg/terraform-provider-proxmox/issues/2506)) ([9fe808a](https://github.com/bpg/terraform-provider-proxmox/commit/9fe808adc8fb8aadf1d68a7540b7a9b205f123b3)) - **docs:** update terraform local (2.6.1 → 2.6.2) ([#2522](https://github.com/bpg/terraform-provider-proxmox/issues/2522)) ([8c64b5e](https://github.com/bpg/terraform-provider-proxmox/commit/8c64b5e0199eb9aad85d41739e3b0d2ef0134f18)) - **docs:** update terraform tls (4.1.0 → 4.2.1) ([#2523](https://github.com/bpg/terraform-provider-proxmox/issues/2523)) ([94d9dd3](https://github.com/bpg/terraform-provider-proxmox/commit/94d9dd3feca1a8ff285de92b58601ff2261b74a3)) ### [`v0.93.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0930-2026-01-12) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.92.0...v0.93.0) ##### Features - **lxc:** add `path_in_datastore` computed attribute for cross-resource refs ([#2493](https://github.com/bpg/terraform-provider-proxmox/issues/2493)) ([616ec37](https://github.com/bpg/terraform-provider-proxmox/commit/616ec379f2052bd1a512e123c0c363ee2cb894aa)) - **lxc:** enable root disk resize without recreate ([#2321](https://github.com/bpg/terraform-provider-proxmox/issues/2321)) ([581782c](https://github.com/bpg/terraform-provider-proxmox/commit/581782c4b12a6e9d35b2734194ee6c05d52c79d8)) - **vm:** add ha-aware migration for ha-managed vms ([#2476](https://github.com/bpg/terraform-provider-proxmox/issues/2476)) ([4f5b4fb](https://github.com/bpg/terraform-provider-proxmox/commit/4f5b4fb27865f1acdd884a040ad8c686a64d5036)) - **vm:** add support for `hotplug` parameter ([#2356](https://github.com/bpg/terraform-provider-proxmox/issues/2356)) ([891fd41](https://github.com/bpg/terraform-provider-proxmox/commit/891fd4185f7dad1d022c90bda137b9aa9c179106)) ##### Bug Fixes - **docs:** improve provider documentation readability and structure ([#2487](https://github.com/bpg/terraform-provider-proxmox/issues/2487)) ([b9457fa](https://github.com/bpg/terraform-provider-proxmox/commit/b9457fa9b3b30c8d5535bedfba40d81dc7a527e2)) - **example:** make lxc container use root provider so it works ([#2458](https://github.com/bpg/terraform-provider-proxmox/issues/2458)) ([7e1a379](https://github.com/bpg/terraform-provider-proxmox/commit/7e1a3796855e390d4afb2885b8d7c8ae10b7ef42)) - **lxc:** allow mounting existing subvol with size argument ([#2491](https://github.com/bpg/terraform-provider-proxmox/issues/2491)) ([0b9e1e0](https://github.com/bpg/terraform-provider-proxmox/commit/0b9e1e08999f044a1613107c3f8eadef60512267)) - **ssh:** harden try\_sudo for PVE 9, improve shell compatibility ([#2480](https://github.com/bpg/terraform-provider-proxmox/issues/2480)) ([f3dd703](https://github.com/bpg/terraform-provider-proxmox/commit/f3dd703f398697f88db5ea369a2b9355d25fdf1a)) - **vm:** prevent initialization drift when cloning VM with user\_account ([#2486](https://github.com/bpg/terraform-provider-proxmox/issues/2486)) ([dbd4fd5](https://github.com/bpg/terraform-provider-proxmox/commit/dbd4fd50526393ae3f1d9dd50ea7ba4439bb6c31)) - **vm:** resizing disk deletes cdrom / cloud-init ([#2484](https://github.com/bpg/terraform-provider-proxmox/issues/2484)) ([ae17149](https://github.com/bpg/terraform-provider-proxmox/commit/ae171496250f17c67436f22aaeccdf975f205c4c)) ##### Miscellaneous - **docs:** minor docs fixes and improvements ([#2481](https://github.com/bpg/terraform-provider-proxmox/issues/2481)) ([b52af8d](https://github.com/bpg/terraform-provider-proxmox/commit/b52af8d7948ebbf3d268699f17fc0d7fcc62eafe)) ### [`v0.92.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0920-2026-01-10) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.91.0...v0.92.0) ##### ⚠ BREAKING CHANGES - The `proxmox_virtual_environment_download_file` resource now checks the upstream URL's Content-Length during every refresh with `overwrite=true` (default). This restores the original behavior from v0.33.0 that was accidentally removed in v0.78.2. Users who want to disable upstream checking should set `overwrite=false`. - The `proxmox_virtual_environment_firewall_options` resource now requires exactly one of `vm_id` or `container_id` to be specified. Previously, configurations with only `node_name` would pass validation but fail at runtime. This change enforces the requirement at validation time. ##### Features - **access:** add LDAP realm and sync resources ([#2454](https://github.com/bpg/terraform-provider-proxmox/issues/2454)) ([085b73b](https://github.com/bpg/terraform-provider-proxmox/commit/085b73b91d5049be878a83dce67059a7bb4ba9c7)), closes [#1871](https://github.com/bpg/terraform-provider-proxmox/issues/1871) - **docs:** add universal LLM Agent instructions and contribution guidelines ([#2473](https://github.com/bpg/terraform-provider-proxmox/issues/2473)) ([16abacc](https://github.com/bpg/terraform-provider-proxmox/commit/16abacc4da7c1075b0bd4f8fb7dbb044ee6bfa01)) ##### Bug Fixes - **api:** detect TFA requirement and return clear error message ([#2477](https://github.com/bpg/terraform-provider-proxmox/issues/2477)) ([876849d](https://github.com/bpg/terraform-provider-proxmox/commit/876849dda5e8340a09028cc9a15dc2880f6c2a41)) - **docs:** clarify documentation workflow for FWK resources ([#2475](https://github.com/bpg/terraform-provider-proxmox/issues/2475)) ([7bd295a](https://github.com/bpg/terraform-provider-proxmox/commit/7bd295ab26022621216085eb63295f876722bcd5)) - **docs:** fix broken links in docs ([#2464](https://github.com/bpg/terraform-provider-proxmox/issues/2464)) ([cdeddf8](https://github.com/bpg/terraform-provider-proxmox/commit/cdeddf86c63231dbc31c5c177f5b2c1430f21326)) - **docs:** update reference to setting up proxmox ([#2455](https://github.com/bpg/terraform-provider-proxmox/issues/2455)) ([3c11ffd](https://github.com/bpg/terraform-provider-proxmox/commit/3c11ffdbb64981eb1330c197530b6f3a13858381)) - **file:** restore upstream URL change detection in `download_file` ([#2474](https://github.com/bpg/terraform-provider-proxmox/issues/2474)) ([ad181ee](https://github.com/bpg/terraform-provider-proxmox/commit/ad181ee835eeecc496fce529ac0f89e09501a277)), closes [#2470](https://github.com/bpg/terraform-provider-proxmox/issues/2470) - **firewall:** make `vm_id`/`container_id` required in VM/Container -level firewall options ([#2453](https://github.com/bpg/terraform-provider-proxmox/issues/2453)) ([5ded5d4](https://github.com/bpg/terraform-provider-proxmox/commit/5ded5d48a16eb001994e1a3c735428a1530e45c8)) - **storage:** prevent "was absent, but now present" error for backups block ([#2465](https://github.com/bpg/terraform-provider-proxmox/issues/2465)) ([501c09b](https://github.com/bpg/terraform-provider-proxmox/commit/501c09b58678c3a51d89285f2af3e4f3fd8b9f20)) - **vm:** allow vcpus hotplug without reboot ([#2466](https://github.com/bpg/terraform-provider-proxmox/issues/2466)) ([f864d36](https://github.com/bpg/terraform-provider-proxmox/commit/f864d36a557f1883e0823e15f6b37826683c5ba2)) - **vm:** correct disk speed settings for multiple disks and update detection ([#2478](https://github.com/bpg/terraform-provider-proxmox/issues/2478)) ([0889c74](https://github.com/bpg/terraform-provider-proxmox/commit/0889c74019c7711616e586a38bcc0e5a98f3d496)) ##### Miscellaneous - **deps:** update golangci/golangci-lint (v2.7.2 → v2.8.0) ([#2472](https://github.com/bpg/terraform-provider-proxmox/issues/2472)) ([5009161](https://github.com/bpg/terraform-provider-proxmox/commit/5009161379f9cb5ef1fa156a22ed262184c1b45b)) - **deps:** Update module github.com/avast/retry-go/v4 (v4.7.0 → v5.0.0) ([#2452](https://github.com/bpg/terraform-provider-proxmox/issues/2452)) ([1f664be](https://github.com/bpg/terraform-provider-proxmox/commit/1f664bed9fc5c15099983728bc5d3068aab0d03a)) - **docs:** remove outdated Ceph handles from `apt_standard_repository` docs ([#2471](https://github.com/bpg/terraform-provider-proxmox/issues/2471)) ([ccbaabd](https://github.com/bpg/terraform-provider-proxmox/commit/ccbaabd28d67596e047478f6518501b645c41fce)), closes [#2421](https://github.com/bpg/terraform-provider-proxmox/issues/2421) - **docs:** update terraform proxmox (0.90.0 → 0.91.0) ([#2459](https://github.com/bpg/terraform-provider-proxmox/issues/2459)) ([d175ef0](https://github.com/bpg/terraform-provider-proxmox/commit/d175ef0dccb529983e1eccf156aabaf38d828445)) ### [`v0.91.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0910-2026-01-03) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.90.0...v0.91.0) ##### Features - **acme:** add support for certificate ordering ([#2292](https://github.com/bpg/terraform-provider-proxmox/issues/2292)) ([a2a970d](https://github.com/bpg/terraform-provider-proxmox/commit/a2a970d06836c7740e1b6b040ebb8cfc622714c6)) - **sdn:** add support for Fabric resources ([#2444](https://github.com/bpg/terraform-provider-proxmox/issues/2444)) ([b223dad](https://github.com/bpg/terraform-provider-proxmox/commit/b223dad82886db6738f1d2a6845720267c1742d4)) - **storage:** add support for provisioning storage types (NFS/CIFS/PBS/Directory/LVM) ([#2130](https://github.com/bpg/terraform-provider-proxmox/issues/2130)) ([f361704](https://github.com/bpg/terraform-provider-proxmox/commit/f361704ccaa7d794d83c6803e120c29f0178640c)) ##### Bug Fixes - **core:** handle scientific notation in CustomInt/CustomInt64 unmarshaling ([#2431](https://github.com/bpg/terraform-provider-proxmox/issues/2431)) ([4baff92](https://github.com/bpg/terraform-provider-proxmox/commit/4baff92038235f7e4e7830a7a9b239c0a1eadf45)) - **vm:** allow TPM state updates in place ([#2446](https://github.com/bpg/terraform-provider-proxmox/issues/2446)) ([f8717c4](https://github.com/bpg/terraform-provider-proxmox/commit/f8717c41a14af6ea1d0dc31cc62f14649fae7653)) ##### Miscellaneous - **code:** cleanup issues reported by static code alalysis ([#2442](https://github.com/bpg/terraform-provider-proxmox/issues/2442)) ([686e575](https://github.com/bpg/terraform-provider-proxmox/commit/686e575fac3ac220cd8e397fa2e41770cf7b2ca3)) - **code:** cleanups and linter rules adjustment ([#2443](https://github.com/bpg/terraform-provider-proxmox/issues/2443)) ([1eee491](https://github.com/bpg/terraform-provider-proxmox/commit/1eee491ebb96f7c27dca9c962157b9af58ea9af3)) - **deps:** update image golang ([`36b4f45`](https://github.com/bpg/terraform-provider-proxmox/commit/36b4f45) → [`b6ba523`](https://github.com/bpg/terraform-provider-proxmox/commit/b6ba523)) ([#2439](https://github.com/bpg/terraform-provider-proxmox/issues/2439)) ([f82f03c](https://github.com/bpg/terraform-provider-proxmox/commit/f82f03c85fa039b705e80eeb6f2fb78859fbab24)) - **deps:** update image golang ([`b6ba523`](https://github.com/bpg/terraform-provider-proxmox/commit/b6ba523) → [`6cc2338`](https://github.com/bpg/terraform-provider-proxmox/commit/6cc2338)) ([#2448](https://github.com/bpg/terraform-provider-proxmox/issues/2448)) ([2b22bde](https://github.com/bpg/terraform-provider-proxmox/commit/2b22bde2cfb804818d2fedd31dded719614859ce)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.12.1 → v7.14.0) ([#2438](https://github.com/bpg/terraform-provider-proxmox/issues/2438)) ([4bdd335](https://github.com/bpg/terraform-provider-proxmox/commit/4bdd335fc66e38069806b9fa03d723c8cb6a307e)) - **deps:** update module github.com/google/go-querystring (v1.1.0 → v1.2.0) ([#2440](https://github.com/bpg/terraform-provider-proxmox/issues/2440)) ([ad6b9b2](https://github.com/bpg/terraform-provider-proxmox/commit/ad6b9b26f0ce37019b54649ba469d983921b67e8)) - **docs:** add guide for creating VMs from compressed cloud images ([#2449](https://github.com/bpg/terraform-provider-proxmox/issues/2449)) ([daa339b](https://github.com/bpg/terraform-provider-proxmox/commit/daa339b063c7ba3614347bc4877ffe2a3e592cd6)) - **docs:** update contributing guidelines and dev setup guides ([#2447](https://github.com/bpg/terraform-provider-proxmox/issues/2447)) ([371e0a1](https://github.com/bpg/terraform-provider-proxmox/commit/371e0a17b63ed1c16a094df220d69718d6695dcf)) - **docs:** update terraform proxmox (0.89.1 → 0.90.0) ([#2435](https://github.com/bpg/terraform-provider-proxmox/issues/2435)) ([975f818](https://github.com/bpg/terraform-provider-proxmox/commit/975f8186e20ad7d296f52a484b7b4dc7ec895f4d)) ### [`v0.90.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0900-2025-12-24) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.89.1...v0.90.0) ##### Features - **cloned\_vm:** add cloned VM resource implementation ([#2424](https://github.com/bpg/terraform-provider-proxmox/issues/2424)) ([88cad5c](https://github.com/bpg/terraform-provider-proxmox/commit/88cad5c006c9d9521ce625b5316373100c1ef60c)) - **provider:** add ContentType in ListDatastoreFiles ([#2423](https://github.com/bpg/terraform-provider-proxmox/issues/2423)) ([773b174](https://github.com/bpg/terraform-provider-proxmox/commit/773b174ce06f482280474211b60e71095b831274)) ##### Miscellaneous - **ci:** Update actions/upload-artifact action (v5 → v6) ([#2419](https://github.com/bpg/terraform-provider-proxmox/issues/2419)) ([3021c54](https://github.com/bpg/terraform-provider-proxmox/commit/3021c540d9fb027a3ebbe97f0b6e17b187d16b9f)) - **ci:** update jetbrains/qodana-action action (v2025.2.3 → v2025.2.4) ([#2426](https://github.com/bpg/terraform-provider-proxmox/issues/2426)) ([5b2e9ea](https://github.com/bpg/terraform-provider-proxmox/commit/5b2e9ea503b2171568743ff3de6cb8e048c5f2dc)) - **ci:** update jetbrains/qodana-action action (v2025.2.4 → v2025.3.1) ([#2434](https://github.com/bpg/terraform-provider-proxmox/issues/2434)) ([db3c5bf](https://github.com/bpg/terraform-provider-proxmox/commit/db3c5bf76878ef95c5030307249325256f9c1b5d)) - **deps:** update image golang ([`20b91ed`](https://github.com/bpg/terraform-provider-proxmox/commit/20b91ed) → [`a22b2e6`](https://github.com/bpg/terraform-provider-proxmox/commit/a22b2e6)) ([#2418](https://github.com/bpg/terraform-provider-proxmox/issues/2418)) ([fa883ec](https://github.com/bpg/terraform-provider-proxmox/commit/fa883ec42276d5cdd36f1e1604f61b14b7d4cc3a)) - **deps:** update image golang ([`a22b2e6`](https://github.com/bpg/terraform-provider-proxmox/commit/a22b2e6) → [`36b4f45`](https://github.com/bpg/terraform-provider-proxmox/commit/36b4f45)) ([#2425](https://github.com/bpg/terraform-provider-proxmox/issues/2425)) ([11fccbe](https://github.com/bpg/terraform-provider-proxmox/commit/11fccbe62eface03b21b16e6deb60efbfc1119ce)) - docs and dev UX improvements ([#2427](https://github.com/bpg/terraform-provider-proxmox/issues/2427)) ([a034e8b](https://github.com/bpg/terraform-provider-proxmox/commit/a034e8b6561b480d7884bf7c90d667f90e06ba32)) ### [`v0.89.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0891-2025-12-09) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.89.0...v0.89.1) ##### Bug Fixes - **vm,lxc:** revert deprecation notice for `pool_id` attribute ([#2405](https://github.com/bpg/terraform-provider-proxmox/issues/2405)) ([af3efa9](https://github.com/bpg/terraform-provider-proxmox/commit/af3efa9b41bfb16463e441aec25a08e86952c8d0)) - **vm:** allow EFI disk parameter updates without VM recreation ([51b8d39](https://github.com/bpg/terraform-provider-proxmox/commit/51b8d39b39821b0692a6c5bb880173463af50e3d)), closes [#1515](https://github.com/bpg/terraform-provider-proxmox/issues/1515) - **vm:** handle disk size mismatch when re-adding removed disk ([#2411](https://github.com/bpg/terraform-provider-proxmox/issues/2411)) ([d7346d4](https://github.com/bpg/terraform-provider-proxmox/commit/d7346d434c88a1262978d3b8137f978406cc41c8)) - **vm:** match CPU type format with PVE ([#2409](https://github.com/bpg/terraform-provider-proxmox/issues/2409)) ([63f22db](https://github.com/bpg/terraform-provider-proxmox/commit/63f22db63782af230cbf7101ecc64af86fb30568)) - **vm:** prevent perpetual diff when using `pool_membership` without `pool_id` ([#2408](https://github.com/bpg/terraform-provider-proxmox/issues/2408)) ([acc95bf](https://github.com/bpg/terraform-provider-proxmox/commit/acc95bf372d270c38e76f47c0f6eb8cacfb97a7b)) - **vm:** prevent unnecessary reboots on hotplug operations ([#2412](https://github.com/bpg/terraform-provider-proxmox/issues/2412)) ([77dc49e](https://github.com/bpg/terraform-provider-proxmox/commit/77dc49ea7cc70b7a43a7fb0cea2a0987338f7297)), closes [#538](https://github.com/bpg/terraform-provider-proxmox/issues/538) - **vm:** retry disk resize on 'does not exist' errors ([#2407](https://github.com/bpg/terraform-provider-proxmox/issues/2407)) ([f5f5437](https://github.com/bpg/terraform-provider-proxmox/commit/f5f5437c9f118690eded006cd3897dc5cce8d75e)) - **vm:** retry HTTP 500 errors when waiting for agent retrieving IPs ([#2410](https://github.com/bpg/terraform-provider-proxmox/issues/2410)) ([c324ef0](https://github.com/bpg/terraform-provider-proxmox/commit/c324ef090127dd934ace863fc2ca5d148430275a)) ##### Miscellaneous - **ci:** update jetbrains/qodana-action action (v2025.2.2 → v2025.2.3) ([#2400](https://github.com/bpg/terraform-provider-proxmox/issues/2400)) ([893fd6d](https://github.com/bpg/terraform-provider-proxmox/commit/893fd6d61fce1d8fd1ebb1468180fe0fb9d09292)) - **deps:** update golangci/golangci-lint (v2.7.1 → v2.7.2) ([#2413](https://github.com/bpg/terraform-provider-proxmox/issues/2413)) ([99e30e1](https://github.com/bpg/terraform-provider-proxmox/commit/99e30e1d1eb9579a03f85e85b1bb2ce709f1a82f)) - **deps:** update module golang.org/x/crypto (v0.45.0 → v0.46.0) ([#2414](https://github.com/bpg/terraform-provider-proxmox/issues/2414)) ([67ac0b1](https://github.com/bpg/terraform-provider-proxmox/commit/67ac0b1b088583f703c6008318a77e26c29544cf)) - **deps:** update module golang.org/x/net (v0.47.0 → v0.48.0) ([#2415](https://github.com/bpg/terraform-provider-proxmox/issues/2415)) ([b0aabfd](https://github.com/bpg/terraform-provider-proxmox/commit/b0aabfda4eed6d3e7d61268b4769a1ba33985d58)) ### [`v0.89.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0890-2025-12-06) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.88.0...v0.89.0) ##### ⚠ BREAKING CHANGES - **vm:** revert cpu.units default to use PVE server default ([#2402](https://github.com/bpg/terraform-provider-proxmox/issues/2402)) ##### Features - **lxc:** add `env` parameter support ([#2383](https://github.com/bpg/terraform-provider-proxmox/issues/2383)) ([ef134fc](https://github.com/bpg/terraform-provider-proxmox/commit/ef134fc7c589cdbf3fa449a13a23355894e4e4a5)) - **oci:** add proxmox\_virtual\_environment\_oci\_image resource for OCI Images Management ([#2373](https://github.com/bpg/terraform-provider-proxmox/issues/2373)) ([86a5bf1](https://github.com/bpg/terraform-provider-proxmox/commit/86a5bf1f35c8b1ca20c285d91421daf815cfe430)) - **sdn:** add possibility to apply SDN changes on a particular actions ([#2386](https://github.com/bpg/terraform-provider-proxmox/issues/2386)) ([01e6433](https://github.com/bpg/terraform-provider-proxmox/commit/01e64339b63f2b33281b98e67072a325afe0ade8)) ##### Bug Fixes - **vm:** do not re-import existing disks during update ([#2401](https://github.com/bpg/terraform-provider-proxmox/issues/2401)) ([0c7fad9](https://github.com/bpg/terraform-provider-proxmox/commit/0c7fad95a2b77c343a245d714f297fd6f0cab24c)) - **vm:** revert cpu.units default to use PVE server default ([#2402](https://github.com/bpg/terraform-provider-proxmox/issues/2402)) ([c9b8a3f](https://github.com/bpg/terraform-provider-proxmox/commit/c9b8a3f3b73aac6dfaa797baf0f5c66fb529e8dc)) ##### Miscellaneous - **ci:** pin dependencies ([#2388](https://github.com/bpg/terraform-provider-proxmox/issues/2388)) ([84bf77d](https://github.com/bpg/terraform-provider-proxmox/commit/84bf77dd350cbd5ca69a954454587fd63e1c8b8d)) - **ci:** update actions/checkout action (v6.0.0 → v6.0.1) ([#2398](https://github.com/bpg/terraform-provider-proxmox/issues/2398)) ([5eb8020](https://github.com/bpg/terraform-provider-proxmox/commit/5eb8020b9e789fc695c18705b9a9e408b87c37f7)) - **ci:** update actions/checkout digest ([`1af3b93`](https://github.com/bpg/terraform-provider-proxmox/commit/1af3b93) → [`8e8c483`](https://github.com/bpg/terraform-provider-proxmox/commit/8e8c483)) ([#2396](https://github.com/bpg/terraform-provider-proxmox/issues/2396)) ([a9926ca](https://github.com/bpg/terraform-provider-proxmox/commit/a9926ca8a6f33b59fc066eca395dee39ca2fb165)) - **ci:** update actions/create-github-app-token action (v2.2.0 → v2.2.1) ([#2399](https://github.com/bpg/terraform-provider-proxmox/issues/2399)) ([2f6c1b4](https://github.com/bpg/terraform-provider-proxmox/commit/2f6c1b4d1179dfc4dd7da71592f2e6b42d80d475)) - **ci:** Update actions/github-script action (v7 → v8) ([#2394](https://github.com/bpg/terraform-provider-proxmox/issues/2394)) ([aaef00e](https://github.com/bpg/terraform-provider-proxmox/commit/aaef00efd2301013b42928412ddda149832c9237)) - **ci:** update actions/stale digest ([`5f858e3`](https://github.com/bpg/terraform-provider-proxmox/commit/5f858e3) → [`9971854`](https://github.com/bpg/terraform-provider-proxmox/commit/9971854)) ([#2397](https://github.com/bpg/terraform-provider-proxmox/issues/2397)) ([cd63393](https://github.com/bpg/terraform-provider-proxmox/commit/cd63393fabebc056ad5c6ff095ac13211b42b85f)) - **ci:** update golangci/golangci-lint-action digest ([`e7fa5ac`](https://github.com/bpg/terraform-provider-proxmox/commit/e7fa5ac) → [`1e7e51e`](https://github.com/bpg/terraform-provider-proxmox/commit/1e7e51e)) ([#2389](https://github.com/bpg/terraform-provider-proxmox/issues/2389)) ([6593102](https://github.com/bpg/terraform-provider-proxmox/commit/6593102295b5c98c85e7eedaf1946ebbfeeb1ab8)) - **deps:** update github.com/hashicorp/terraform-plugin-\* ([#2392](https://github.com/bpg/terraform-provider-proxmox/issues/2392)) ([459cdfc](https://github.com/bpg/terraform-provider-proxmox/commit/459cdfc60641d84f5ec99f00e22be11395ee548b)) - **deps:** update golangci/golangci-lint (v2.6.2 → v2.7.1) ([#2393](https://github.com/bpg/terraform-provider-proxmox/issues/2393)) ([4b5652f](https://github.com/bpg/terraform-provider-proxmox/commit/4b5652fbf957a37fa42bfdda683da0532c90d395)) - **deps:** update image golang (1.25.4 → 1.25.5) ([#2390](https://github.com/bpg/terraform-provider-proxmox/issues/2390)) ([54e6aa5](https://github.com/bpg/terraform-provider-proxmox/commit/54e6aa514d0aa2729b96f5ea1d2b853816e384bb)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.12.0 → v7.12.1) ([#2391](https://github.com/bpg/terraform-provider-proxmox/issues/2391)) ([5952ae7](https://github.com/bpg/terraform-provider-proxmox/commit/5952ae7d9e79a4260eb3833c5dbe08464e6a53ea)) ### [`v0.88.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0880-2025-12-01) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.87.0...v0.88.0) ##### Features - **provider:** add OTel implementation for `metrics` resource ([#2372](https://github.com/bpg/terraform-provider-proxmox/issues/2372)) ([d37a8bb](https://github.com/bpg/terraform-provider-proxmox/commit/d37a8bbb5699c2947506300d594621c4fb699701)) - **vm,lxc:** add `wait_for_ip` configuration for agent/network interfaces ([#2362](https://github.com/bpg/terraform-provider-proxmox/issues/2362)) ([f24add3](https://github.com/bpg/terraform-provider-proxmox/commit/f24add360a7d6ac37d9b23cc9229d533100b6d2c)) - **vm:** support custom cloud init drive file format ([#2375](https://github.com/bpg/terraform-provider-proxmox/issues/2375)) ([ddccd0a](https://github.com/bpg/terraform-provider-proxmox/commit/ddccd0af6fdc086e1d65f7be28bed85b4df2ef57)) ##### Bug Fixes - **apt:** add support for modern APT sources (PVE9+) ([#2376](https://github.com/bpg/terraform-provider-proxmox/issues/2376)) ([6f6edec](https://github.com/bpg/terraform-provider-proxmox/commit/6f6edec253ac73e3a8c132debd3315e25079fd93)) - **disk:** restore updating boot disk. ([#2150](https://github.com/bpg/terraform-provider-proxmox/issues/2150)) ([0da0bcb](https://github.com/bpg/terraform-provider-proxmox/commit/0da0bcb0dc62cc74c944f082c731167ee74ae8b8)) - **example:** comment out otel metrics server resource ([fc94e2a](https://github.com/bpg/terraform-provider-proxmox/commit/fc94e2a601a1570c6de582e22e5b96cb05a4f34f)) - **lxc:** allow container creation/update with correct mountoptions ([#2319](https://github.com/bpg/terraform-provider-proxmox/issues/2319)) ([c2dc3a7](https://github.com/bpg/terraform-provider-proxmox/commit/c2dc3a75385d11eaf9740d4d871c4c6eabcaaab8)) - **lxc:** ignore link-local addresses when waiting for network IPs ([#2357](https://github.com/bpg/terraform-provider-proxmox/issues/2357)) ([8c081f5](https://github.com/bpg/terraform-provider-proxmox/commit/8c081f542f2ecdf1bf3874e2e8696138d705ece4)) - **vm:** convert to template using proper endpoint ([#2340](https://github.com/bpg/terraform-provider-proxmox/issues/2340)) ([5615298](https://github.com/bpg/terraform-provider-proxmox/commit/561529885f2f3651df29122f694fcb983b1a8adf)) - **vm:** prevent state changes after VM import ([#2294](https://github.com/bpg/terraform-provider-proxmox/issues/2294)) ([f0bb501](https://github.com/bpg/terraform-provider-proxmox/commit/f0bb5016dd50036be53d9b67ee2e93c76bdadfba)) ##### Miscellaneous - **ci:** Update actions/checkout action ([#2361](https://github.com/bpg/terraform-provider-proxmox/issues/2361)) ([f5d4676](https://github.com/bpg/terraform-provider-proxmox/commit/f5d467660cdecd04e171fd6242b6049f622e6837)) - **ci:** update actions/create-github-app-token action (v2.1.4 → v2.2.0) ([#2366](https://github.com/bpg/terraform-provider-proxmox/issues/2366)) ([3055dc2](https://github.com/bpg/terraform-provider-proxmox/commit/3055dc28479983f2ce17fa9dca35b26d361f4b3d)) - **ci:** update actions/setup-go digest ([`4469467`](https://github.com/bpg/terraform-provider-proxmox/commit/4469467) → [`4dc6199`](https://github.com/bpg/terraform-provider-proxmox/commit/4dc6199)) ([#2365](https://github.com/bpg/terraform-provider-proxmox/issues/2365)) ([bcce7da](https://github.com/bpg/terraform-provider-proxmox/commit/bcce7da9973843c21b0c56e3a698440cd83c0977)) - **ci:** update golangci/golangci-lint-action digest ([`0a35821`](https://github.com/bpg/terraform-provider-proxmox/commit/0a35821) → [`e7fa5ac`](https://github.com/bpg/terraform-provider-proxmox/commit/e7fa5ac)) ([#2358](https://github.com/bpg/terraform-provider-proxmox/issues/2358)) ([dd416a1](https://github.com/bpg/terraform-provider-proxmox/commit/dd416a1a9739b53e1d7a5b3f1660a4af87704ded)) - **ci:** update jetbrains/qodana-action action (v2025.2.1 → v2025.2.2) ([#2360](https://github.com/bpg/terraform-provider-proxmox/issues/2360)) ([092df22](https://github.com/bpg/terraform-provider-proxmox/commit/092df2280132a7d5acfb636107efe4edb68a3d77)) - **deps:** update golangci/golangci-lint (v2.5.0 → v2.6.2) ([#2304](https://github.com/bpg/terraform-provider-proxmox/issues/2304)) ([0937f2b](https://github.com/bpg/terraform-provider-proxmox/commit/0937f2b5d421d8830b07dfb03285b6e11c5d51e4)) - **deps:** update image golang ([`e68f6a0`](https://github.com/bpg/terraform-provider-proxmox/commit/e68f6a0) → [`f60eaa8`](https://github.com/bpg/terraform-provider-proxmox/commit/f60eaa8)) ([#2359](https://github.com/bpg/terraform-provider-proxmox/issues/2359)) ([b80a193](https://github.com/bpg/terraform-provider-proxmox/commit/b80a1937a70461c6c78de199650b20a2245ce58e)) - **deps:** update image golang ([`f60eaa8`](https://github.com/bpg/terraform-provider-proxmox/commit/f60eaa8) → [`6981837`](https://github.com/bpg/terraform-provider-proxmox/commit/6981837)) ([#2370](https://github.com/bpg/terraform-provider-proxmox/issues/2370)) ([faf56bc](https://github.com/bpg/terraform-provider-proxmox/commit/faf56bce9a5dd09b9ad85351844542e026695816)) - **deps:** Update module github.com/avast/retry-go/v4 (v4.7.0 → v5.0.0) ([#2380](https://github.com/bpg/terraform-provider-proxmox/issues/2380)) ([630240d](https://github.com/bpg/terraform-provider-proxmox/commit/630240d31115bed69e002c61ee4993504663d4b3)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.10.0 → v7.11.0) ([#2379](https://github.com/bpg/terraform-provider-proxmox/issues/2379)) ([5e55d92](https://github.com/bpg/terraform-provider-proxmox/commit/5e55d9272f7bc2f545efd1a4c0f26ad522db8699)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.11.0 → v7.12.0) ([#2384](https://github.com/bpg/terraform-provider-proxmox/issues/2384)) ([2f7bbb1](https://github.com/bpg/terraform-provider-proxmox/commit/2f7bbb11befca972a858ff562d190c1a73d4c75c)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.9.0 → v7.10.0) ([#2371](https://github.com/bpg/terraform-provider-proxmox/issues/2371)) ([d3b4847](https://github.com/bpg/terraform-provider-proxmox/commit/d3b48474b4a2684f0f8678eaa5afb8ba1d2d358e)) - **deps:** update module github.com/hashicorp/go-version (v1.7.0 → v1.8.0) ([#2381](https://github.com/bpg/terraform-provider-proxmox/issues/2381)) ([ad38c5b](https://github.com/bpg/terraform-provider-proxmox/commit/ad38c5befc279c8312c689a8d7c80336a875573f)) - **deps:** update module golang.org/x/crypto (v0.44.0 → v0.45.0) \[security] ([#2348](https://github.com/bpg/terraform-provider-proxmox/issues/2348)) ([78ce72e](https://github.com/bpg/terraform-provider-proxmox/commit/78ce72edc85320c33ed06d719dbc9b27c0ba931d)) - **docs:** update terraform local (2.5.3 → 2.6.1) ([#2367](https://github.com/bpg/terraform-provider-proxmox/issues/2367)) ([d5b3c64](https://github.com/bpg/terraform-provider-proxmox/commit/d5b3c64693dd13d72294c356d3d663852fbe79c9)) - update docs to pve 9.1, fix example tests ([#2350](https://github.com/bpg/terraform-provider-proxmox/issues/2350)) ([6e2a5aa](https://github.com/bpg/terraform-provider-proxmox/commit/6e2a5aa5c806e1f46373f8ff73e59ec221ae8bdd)) - **vm:** refactor network devices update logic ([#2260](https://github.com/bpg/terraform-provider-proxmox/issues/2260)) ([db3d7ec](https://github.com/bpg/terraform-provider-proxmox/commit/db3d7ec9d9a57f72ada7ed88604b609d223b0e98)) ### [`v0.87.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0870-2025-11-20) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.86.0...v0.87.0) ##### Features - **pool:** add `pool_membership` resource ([#2297](https://github.com/bpg/terraform-provider-proxmox/issues/2297)) ([95f180b](https://github.com/bpg/terraform-provider-proxmox/commit/95f180b497f7c82fef4fed565fd79fe5c244292a)) - **sdn:** add support for VNets datasource ([#2299](https://github.com/bpg/terraform-provider-proxmox/issues/2299)) ([c25f19a](https://github.com/bpg/terraform-provider-proxmox/commit/c25f19aa43a7748939dbe35a750cbcee485634a8)) - **vm:** add `purge_on_destroy` and `delete_unreferenced_disks_on_destroy` parameters ([#2345](https://github.com/bpg/terraform-provider-proxmox/issues/2345)) ([05a59aa](https://github.com/bpg/terraform-provider-proxmox/commit/05a59aa507c5c3f1b91adb2c3240a5790313f730)) ##### Bug Fixes - **access:** imported `group` resource missing `group_id` ([#2333](https://github.com/bpg/terraform-provider-proxmox/issues/2333)) ([ee1c525](https://github.com/bpg/terraform-provider-proxmox/commit/ee1c5255259fb81103e3bb3c531ddb421bc384c9)) - **apt:** add missing Ceph Squid ([#2318](https://github.com/bpg/terraform-provider-proxmox/issues/2318)) ([8b9bf62](https://github.com/bpg/terraform-provider-proxmox/commit/8b9bf6240f0f75353d440f367c4b3016f126384c)) - **file:** better error message for unsupported `import` content type ([#2344](https://github.com/bpg/terraform-provider-proxmox/issues/2344)) ([f94e25d](https://github.com/bpg/terraform-provider-proxmox/commit/f94e25de03b3468ccff87cdeb591e13fcc88741e)) - **firewall:** appending a rule without re-creating the whole ruleset ([#2310](https://github.com/bpg/terraform-provider-proxmox/issues/2310)) ([6290cce](https://github.com/bpg/terraform-provider-proxmox/commit/6290ccebc48aa4f5f109762afe3017df95e79b34)) - **lxc:** panic when cloning a container with empty IP config ([#2347](https://github.com/bpg/terraform-provider-proxmox/issues/2347)) ([0a259ca](https://github.com/bpg/terraform-provider-proxmox/commit/0a259ca43a3e0f3404bbf6938bbcf3b6da723a9b)) - **lxc:** race condition in container clone / reboot operations ([#2320](https://github.com/bpg/terraform-provider-proxmox/issues/2320)) ([ce358d5](https://github.com/bpg/terraform-provider-proxmox/commit/ce358d5c782525435b0a6dd66e144511afb6be4a)) - **sdn:** fix subnet datasource IP address datatype ([#2300](https://github.com/bpg/terraform-provider-proxmox/issues/2300)) ([7ffb314](https://github.com/bpg/terraform-provider-proxmox/commit/7ffb31447599630b698101f0aacb58ead54768ed)) - **ssh:** update sudo check logic and cache check results ([#2309](https://github.com/bpg/terraform-provider-proxmox/issues/2309)) ([702500c](https://github.com/bpg/terraform-provider-proxmox/commit/702500cb3be6c0fa53f5c4f8bf105866fc52a1b3)) - **vm:** increase max disk limit to 31 ([#2302](https://github.com/bpg/terraform-provider-proxmox/issues/2302)) ([2ae021a](https://github.com/bpg/terraform-provider-proxmox/commit/2ae021a0c3818b42660591fbe64bdc2560e829a8)) ##### Miscellaneous - **ci:** Update golangci/golangci-lint-action action (v8 → v9) ([#2330](https://github.com/bpg/terraform-provider-proxmox/issues/2330)) ([90810fa](https://github.com/bpg/terraform-provider-proxmox/commit/90810fafacc1de3de8f699836397c3f193aae3a3)) - **ci:** update lycheeverse/lychee-action action (v2.6.1 → v2.7.0) ([#2305](https://github.com/bpg/terraform-provider-proxmox/issues/2305)) ([9a788da](https://github.com/bpg/terraform-provider-proxmox/commit/9a788da00679215aeb74e61e8ca60d48b2892933)) - **deps:** update image golang (1.25.3 → 1.25.4) ([#2328](https://github.com/bpg/terraform-provider-proxmox/issues/2328)) ([90f876f](https://github.com/bpg/terraform-provider-proxmox/commit/90f876f1965dcee836239e03e6e0f43f4876001e)) - **deps:** update image golang ([`6ca9eb0`](https://github.com/bpg/terraform-provider-proxmox/commit/6ca9eb0) → [`e68f6a0`](https://github.com/bpg/terraform-provider-proxmox/commit/e68f6a0)) ([#2335](https://github.com/bpg/terraform-provider-proxmox/issues/2335)) ([5354d6b](https://github.com/bpg/terraform-provider-proxmox/commit/5354d6bd9a69b10105ea66e5edee68e44daadad6)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.8.1 → v7.8.2) ([#2303](https://github.com/bpg/terraform-provider-proxmox/issues/2303)) ([cd9b5fb](https://github.com/bpg/terraform-provider-proxmox/commit/cd9b5fbbb3c98b5e9fb19bfc94db0c13bff222b0)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.8.2 → v7.9.0) ([#2329](https://github.com/bpg/terraform-provider-proxmox/issues/2329)) ([76680dd](https://github.com/bpg/terraform-provider-proxmox/commit/76680dd729875a87d7c7511257ecf5bd28811935)) - **deps:** update module github.com/hashicorp/terraform-plugin-log (v0.9.0 → v0.10.0) ([#2336](https://github.com/bpg/terraform-provider-proxmox/issues/2336)) ([6dd51fd](https://github.com/bpg/terraform-provider-proxmox/commit/6dd51fddc61b8461f721257dae43a1b6ac312ae6)) - **deps:** update module golang.org/x/crypto (v0.43.0 → v0.44.0) ([#2337](https://github.com/bpg/terraform-provider-proxmox/issues/2337)) ([fb3fbfc](https://github.com/bpg/terraform-provider-proxmox/commit/fb3fbfc9e76d1f8ed575f80fc84a2ff9e9b02b9d)) - **deps:** update module golang.org/x/net (v0.46.0 → v0.47.0) ([#2338](https://github.com/bpg/terraform-provider-proxmox/issues/2338)) ([9f57e9f](https://github.com/bpg/terraform-provider-proxmox/commit/9f57e9f92e72bd30601ba2885fe0b23be85b2889)) - **docs:** document auto option for enabling SLAAC in IPv6 config in vm and lxc ([#2317](https://github.com/bpg/terraform-provider-proxmox/issues/2317)) ([e8c70d7](https://github.com/bpg/terraform-provider-proxmox/commit/e8c70d7267bbb6e4e4b2278860c29d1838114a3b)) - **docs:** update the main doc page for consistency ([#2326](https://github.com/bpg/terraform-provider-proxmox/issues/2326)) ([7e4f421](https://github.com/bpg/terraform-provider-proxmox/commit/7e4f421faa84c53eb60dd8b9907912fbeb2c546f)) - **lxc,vm:** add deprecation notice for pool\_id attribute ([#2312](https://github.com/bpg/terraform-provider-proxmox/issues/2312)) ([3c507cc](https://github.com/bpg/terraform-provider-proxmox/commit/3c507ccc31802e5ed5fe0c05f7c07a18153c1893)) ### [`v0.86.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0860-2025-10-28) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.85.1...v0.86.0) ##### Features - **firewall:** ability to import firewall rules & options ([#2269](https://github.com/bpg/terraform-provider-proxmox/issues/2269)) ([dd1afe6](https://github.com/bpg/terraform-provider-proxmox/commit/dd1afe63446bae0487cab6c9344bce74d00bd4bb)) - **firewall:** add ability to import ipsets ([#2280](https://github.com/bpg/terraform-provider-proxmox/issues/2280)) ([33c751d](https://github.com/bpg/terraform-provider-proxmox/commit/33c751d58344b29255dde02256baffbdd88f9149)) - **firewall:** support node-level firewall rules ([#2281](https://github.com/bpg/terraform-provider-proxmox/issues/2281)) ([18c675b](https://github.com/bpg/terraform-provider-proxmox/commit/18c675bf9ada5eae2bf94a00f24800fdb8a5425b)) ##### Bug Fixes - **lxc:** delete dns attributes when set to null ([#2263](https://github.com/bpg/terraform-provider-proxmox/issues/2263)) ([a32988a](https://github.com/bpg/terraform-provider-proxmox/commit/a32988a12897dbffef8bb2d5e5270baa70eaa64f)) - **vm:** correctly detect pool membership for VM ([#2264](https://github.com/bpg/terraform-provider-proxmox/issues/2264)) ([5a5c9c6](https://github.com/bpg/terraform-provider-proxmox/commit/5a5c9c6fceaa25ac6296b87e9651996cc1286982)) ##### Miscellaneous - **ci:** Update actions/upload-artifact action (v4 → v5) ([#2275](https://github.com/bpg/terraform-provider-proxmox/issues/2275)) ([ad4bbd7](https://github.com/bpg/terraform-provider-proxmox/commit/ad4bbd7bb51137c9af6dbaff9fe5d898ffa56c27)) - **ci:** update googleapis/release-please-action action (v4.3.0 → v4.4.0) ([#2273](https://github.com/bpg/terraform-provider-proxmox/issues/2273)) ([0bcba7b](https://github.com/bpg/terraform-provider-proxmox/commit/0bcba7ba09b30a7fb707ac5a4963d27f3dcde1c8)) - **deps:** update image golang ([`7d73c4c`](https://github.com/bpg/terraform-provider-proxmox/commit/7d73c4c) → [`8c945d3`](https://github.com/bpg/terraform-provider-proxmox/commit/8c945d3)) ([#2253](https://github.com/bpg/terraform-provider-proxmox/issues/2253)) ([a2bb9b6](https://github.com/bpg/terraform-provider-proxmox/commit/a2bb9b6eaca00a38f43dd44f09bf76f3a74f5a24)) - **deps:** update image golang ([`8c945d3`](https://github.com/bpg/terraform-provider-proxmox/commit/8c945d3) → [`dd08f76`](https://github.com/bpg/terraform-provider-proxmox/commit/dd08f76)) ([#2270](https://github.com/bpg/terraform-provider-proxmox/issues/2270)) ([4c1514f](https://github.com/bpg/terraform-provider-proxmox/commit/4c1514fb9eb5da7e69be5fc62acf96176402ed22)) - **deps:** update image golang ([`dd08f76`](https://github.com/bpg/terraform-provider-proxmox/commit/dd08f76) → [`6bac879`](https://github.com/bpg/terraform-provider-proxmox/commit/6bac879)) ([#2283](https://github.com/bpg/terraform-provider-proxmox/issues/2283)) ([0c9879a](https://github.com/bpg/terraform-provider-proxmox/commit/0c9879ab0267223b30ae52b738edcbf79e949814)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.8.0 → v7.8.1) ([#2271](https://github.com/bpg/terraform-provider-proxmox/issues/2271)) ([11d4c71](https://github.com/bpg/terraform-provider-proxmox/commit/11d4c7122ba12954ee108de81a037bccaf305e76)) - **deps:** update module github.com/hashicorp/terraform-plugin-framework-timeouts (v0.6.0 → v0.7.0) ([#2274](https://github.com/bpg/terraform-provider-proxmox/issues/2274)) ([b9ccb0d](https://github.com/bpg/terraform-provider-proxmox/commit/b9ccb0dd4f1124f3d358644fbe540ac4270e9b97)) - **deps:** update module github.com/pkg/sftp (v1.13.9 → v1.13.10) ([#2272](https://github.com/bpg/terraform-provider-proxmox/issues/2272)) ([fdbe313](https://github.com/bpg/terraform-provider-proxmox/commit/fdbe313e32896f9bd72df6b9ccf0d1fb811694f6)) - **docs:** update CONTRIBUTING.md ([#2278](https://github.com/bpg/terraform-provider-proxmox/issues/2278)) ([110093b](https://github.com/bpg/terraform-provider-proxmox/commit/110093b4e4407aaa2cd0729a9846fa2c4a9b6c04)) ### [`v0.85.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0851-2025-10-15) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.85.0...v0.85.1) ##### Bug Fixes - **docs:** clarify that ip in ct ip\_config must be in CIDR notation ([#2238](https://github.com/bpg/terraform-provider-proxmox/issues/2238)) ([f3b835f](https://github.com/bpg/terraform-provider-proxmox/commit/f3b835ffa1ac7c5700b6b055d9cda3780afa7b3d)) - **lxc:** DNS / hostname update is not applied ([#2245](https://github.com/bpg/terraform-provider-proxmox/issues/2245)) ([9aa1eaf](https://github.com/bpg/terraform-provider-proxmox/commit/9aa1eafaa6d50c3d1398a23562087032f0eeee0f)) - **sdn:** add missing `dhcp` field to `simple` zone datasource ([#2243](https://github.com/bpg/terraform-provider-proxmox/issues/2243)) ([b4b8d09](https://github.com/bpg/terraform-provider-proxmox/commit/b4b8d091a6c29361825d3df98e565813f59f9ad1)) - **sdn:** handle attribute delete in all SDN resources ([#2248](https://github.com/bpg/terraform-provider-proxmox/issues/2248)) ([50accca](https://github.com/bpg/terraform-provider-proxmox/commit/50accca1161100de60db4505783be21dbff1435e)) - **sdn:** zone: make `nodes` attribute optional ([#2242](https://github.com/bpg/terraform-provider-proxmox/issues/2242)) ([798623b](https://github.com/bpg/terraform-provider-proxmox/commit/798623b63b85245df7be8d6f1bd01a6aa7a7b63a)) ##### Miscellaneous - **deps:** update image golang (1.25.2 → 1.25.3) ([#2246](https://github.com/bpg/terraform-provider-proxmox/issues/2246)) ([3d2092f](https://github.com/bpg/terraform-provider-proxmox/commit/3d2092fe8ec3d078cb0973c672ca87ba582364ed)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.7.3 → v7.8.0) ([#2241](https://github.com/bpg/terraform-provider-proxmox/issues/2241)) ([ecf7920](https://github.com/bpg/terraform-provider-proxmox/commit/ecf79205ac1011e68b193de686ac6eae040fbd91)) - **deps:** update module github.com/hashicorp/terraform-plugin-docs (v0.23.0 → v0.24.0) ([#2247](https://github.com/bpg/terraform-provider-proxmox/issues/2247)) ([6e23c90](https://github.com/bpg/terraform-provider-proxmox/commit/6e23c9056f66f62167410d29040173b90bc6d755)) ### [`v0.85.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0850-2025-10-12) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.84.1...v0.85.0) ##### Features - **sdn:** Add DHCP Config for SDN Simple Zone Resource ([#2210](https://github.com/bpg/terraform-provider-proxmox/issues/2210)) ([f5d3d92](https://github.com/bpg/terraform-provider-proxmox/commit/f5d3d92cced4b1861c82c82ceb6b2bfc10264bd0)) ##### Bug Fixes - **file:** add `import` content type to file datasource ([#2221](https://github.com/bpg/terraform-provider-proxmox/issues/2221)) ([f918bed](https://github.com/bpg/terraform-provider-proxmox/commit/f918bede079db0da790865f6fea4f2c1e9c87a14)) - **vm:** allow cpu units = 1 for cgroups v2 compatibility ([#2237](https://github.com/bpg/terraform-provider-proxmox/issues/2237)) ([3fc688b](https://github.com/bpg/terraform-provider-proxmox/commit/3fc688b7f6f36df62909352eaffe572aa6968e1c)) ##### Miscellaneous - **ci:** update actions/stale digest ([`3a9db7e`](https://github.com/bpg/terraform-provider-proxmox/commit/3a9db7e) → [`5f858e3`](https://github.com/bpg/terraform-provider-proxmox/commit/5f858e3)) ([#2222](https://github.com/bpg/terraform-provider-proxmox/issues/2222)) ([b38066b](https://github.com/bpg/terraform-provider-proxmox/commit/b38066b42d71cd6d549833912b21ecbda27dbacc)) - **ci:** Update peter-evans/create-issue-from-file action (v5.0.1 → v6.0.0) ([#2217](https://github.com/bpg/terraform-provider-proxmox/issues/2217)) ([29748a5](https://github.com/bpg/terraform-provider-proxmox/commit/29748a5afe49938349a8efd819a7e1ca5f178024)) - **deps:** update image golang (1.25.1 → 1.25.2) ([#2228](https://github.com/bpg/terraform-provider-proxmox/issues/2228)) ([9e77057](https://github.com/bpg/terraform-provider-proxmox/commit/9e7705705a8013f5d11016ff1dd2b078518e29da)) - **deps:** update image golang ([`8305f5f`](https://github.com/bpg/terraform-provider-proxmox/commit/8305f5f) → [`ab1f5c4`](https://github.com/bpg/terraform-provider-proxmox/commit/ab1f5c4)) ([#2215](https://github.com/bpg/terraform-provider-proxmox/issues/2215)) ([6a1f972](https://github.com/bpg/terraform-provider-proxmox/commit/6a1f9728f2cbd8736ae5f52292edd50a43ce94b3)) - **deps:** update module github.com/hashicorp/terraform-plugin-framework (v1.16.0 → v1.16.1) ([#2216](https://github.com/bpg/terraform-provider-proxmox/issues/2216)) ([515c6bb](https://github.com/bpg/terraform-provider-proxmox/commit/515c6bb398d4c749bb3c3b300be7b0a1a894ea7a)) - **deps:** update module github.com/hashicorp/terraform-plugin-framework-validators (v0.18.0 → v0.19.0) ([#2230](https://github.com/bpg/terraform-provider-proxmox/issues/2230)) ([761fb70](https://github.com/bpg/terraform-provider-proxmox/commit/761fb709e35a5ca0ae0a928335d6b558bc507a64)) - **deps:** update module github.com/skeema/knownhosts (v1.3.1 → v1.3.2) ([#2229](https://github.com/bpg/terraform-provider-proxmox/issues/2229)) ([b6022d4](https://github.com/bpg/terraform-provider-proxmox/commit/b6022d4d0ab540de628b0078952257586c2ea0fa)) - **deps:** update module golang.org/x/net (v0.44.0 → v0.45.0) ([#2231](https://github.com/bpg/terraform-provider-proxmox/issues/2231)) ([60fdfd6](https://github.com/bpg/terraform-provider-proxmox/commit/60fdfd67d4d4010bfd46ba0ba311777def8231c3)) - **deps:** update module golang.org/x/net (v0.45.0 → v0.46.0) ([#2236](https://github.com/bpg/terraform-provider-proxmox/issues/2236)) ([68bd667](https://github.com/bpg/terraform-provider-proxmox/commit/68bd667b0fa9394569167b4626b3091993d96c38)) ### [`v0.84.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0841-2025-09-29) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.84.0...v0.84.1) ##### Bug Fixes - **api:** handle PVE API's 403 response status ([#2207](https://github.com/bpg/terraform-provider-proxmox/issues/2207)) ([46e8c24](https://github.com/bpg/terraform-provider-proxmox/commit/46e8c24d5bce906e5673e41b7c0151d46180fbe3)) - **sdn:** subnet validation errors when using value interpolation ([#2204](https://github.com/bpg/terraform-provider-proxmox/issues/2204)) ([5f876c0](https://github.com/bpg/terraform-provider-proxmox/commit/5f876c0fbfc06f25cbe18f396a983cd948df60ba)) ##### Miscellaneous - **deps:** update golangci/golangci-lint (v2.4.0 → v2.5.0) ([#2193](https://github.com/bpg/terraform-provider-proxmox/issues/2193)) ([2ab3d94](https://github.com/bpg/terraform-provider-proxmox/commit/2ab3d943d69c0648d749cbc85a279498c3a900ce)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.7.1 → v7.7.3) ([#2203](https://github.com/bpg/terraform-provider-proxmox/issues/2203)) ([3692434](https://github.com/bpg/terraform-provider-proxmox/commit/36924349437a7a0fd19b0c73185fdf5176d4186e)) - **deps:** update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.0 → v2.38.1) ([#2197](https://github.com/bpg/terraform-provider-proxmox/issues/2197)) ([0387296](https://github.com/bpg/terraform-provider-proxmox/commit/0387296c0bc5aa90cb6fd332ed0890ef75d67db0)) ### [`v0.84.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0840-2025-09-22) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.83.2...v0.84.0) ##### Features - **file:** add file datasource ([#2176](https://github.com/bpg/terraform-provider-proxmox/issues/2176)) ([8244813](https://github.com/bpg/terraform-provider-proxmox/commit/8244813b7eae6bb6442fa69f786ab9422ffdadee)) - **sdn:** add support for Subnet resource and datasource ([#2191](https://github.com/bpg/terraform-provider-proxmox/issues/2191)) ([1df305d](https://github.com/bpg/terraform-provider-proxmox/commit/1df305dfb3867f0e0bc207f928745de96db3f7f1)) - **sdn:** add support for VNet resource and datasource ([#2185](https://github.com/bpg/terraform-provider-proxmox/issues/2185)) ([8938d86](https://github.com/bpg/terraform-provider-proxmox/commit/8938d8657157085934adb15680209a374b3bc7b2)) ##### Miscellaneous - **deps:** update github.com/hashicorp/terraform-plugin-\* ([#2187](https://github.com/bpg/terraform-provider-proxmox/issues/2187)) ([09b704a](https://github.com/bpg/terraform-provider-proxmox/commit/09b704ad8e082dde47247f2a9fb64f5af7791a15)) - **deps:** update image golang ([`bb979b2`](https://github.com/bpg/terraform-provider-proxmox/commit/bb979b2) → [`8305f5f`](https://github.com/bpg/terraform-provider-proxmox/commit/8305f5f)) ([#2186](https://github.com/bpg/terraform-provider-proxmox/issues/2186)) ([b70fa62](https://github.com/bpg/terraform-provider-proxmox/commit/b70fa6267037811b650a48baec7bc07ed3b2665d)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.6.0 → v7.7.0) ([#2189](https://github.com/bpg/terraform-provider-proxmox/issues/2189)) ([46dbc68](https://github.com/bpg/terraform-provider-proxmox/commit/46dbc68da70bd4e7600c3d124b39abd07dbbc07e)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.7.0 → v7.7.1) ([#2192](https://github.com/bpg/terraform-provider-proxmox/issues/2192)) ([11f4002](https://github.com/bpg/terraform-provider-proxmox/commit/11f400288b896f8a4570f169651e20dd2cef3e10)) - **deps:** update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.37.0 → v2.38.0) ([#2188](https://github.com/bpg/terraform-provider-proxmox/issues/2188)) ([2b2d619](https://github.com/bpg/terraform-provider-proxmox/commit/2b2d619356fa7a099807c54b0a6a45e78683b15e)) ### [`v0.83.2`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0832-2025-09-14) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.83.1...v0.83.2) ##### Bug Fixes - **firewall:** detect drift when rules are manually deleted ([#2178](https://github.com/bpg/terraform-provider-proxmox/issues/2178)) ([6b84d5a](https://github.com/bpg/terraform-provider-proxmox/commit/6b84d5aa5ecd3ffb71e10050c20f79bc5ce1ff89)) - **firewall:** prevent perpetual plan drift on rule attribute removal ([#2177](https://github.com/bpg/terraform-provider-proxmox/issues/2177)) ([0e72580](https://github.com/bpg/terraform-provider-proxmox/commit/0e725801ee26642dcb872de5b1be58d0a224408e)) - **vm:** disk deletion may reorder disks ([#2174](https://github.com/bpg/terraform-provider-proxmox/issues/2174)) ([e339fef](https://github.com/bpg/terraform-provider-proxmox/commit/e339fef2d042728eaa7594607a89929892513e96)) ##### Miscellaneous - **ci:** update actions/create-github-app-token action (v2.1.1 → v2.1.4) ([#2179](https://github.com/bpg/terraform-provider-proxmox/issues/2179)) ([70cfb58](https://github.com/bpg/terraform-provider-proxmox/commit/70cfb582922e2e31662e580b2f42b124e0d481e2)) - **deps:** update image golang ([`b773c94`](https://github.com/bpg/terraform-provider-proxmox/commit/b773c94) → [`bb979b2`](https://github.com/bpg/terraform-provider-proxmox/commit/bb979b2)) ([#2173](https://github.com/bpg/terraform-provider-proxmox/issues/2173)) ([7944277](https://github.com/bpg/terraform-provider-proxmox/commit/79442773910b4309570aea8e838ea7d3b154e5be)) ### [`v0.83.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0831-2025-09-10) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.83.0...v0.83.1) ##### Bug Fixes - **ci:** update link checker config ([#2151](https://github.com/bpg/terraform-provider-proxmox/issues/2151)) ([e017881](https://github.com/bpg/terraform-provider-proxmox/commit/e017881712ad81767590c4c60877167a28f35a42)) ##### Miscellaneous - **ci:** Update actions/setup-go action (v5 → v6) ([#2154](https://github.com/bpg/terraform-provider-proxmox/issues/2154)) ([16814d4](https://github.com/bpg/terraform-provider-proxmox/commit/16814d469b4601413a9ea3fb9446bb7670884015)) - **ci:** Update actions/stale action (v9 → v10) ([#2155](https://github.com/bpg/terraform-provider-proxmox/issues/2155)) ([87e6392](https://github.com/bpg/terraform-provider-proxmox/commit/87e639232d0228a58bd3060b543e9fc05108d2c3)) - **code:** minor code cleanups ([#2156](https://github.com/bpg/terraform-provider-proxmox/issues/2156))ssh ([9e22c3c](https://github.com/bpg/terraform-provider-proxmox/commit/9e22c3c427086f4780e2ddc226edc3e235c90586)) - **deps:** update image golang (1.25.0 → 1.25.1) ([#2153](https://github.com/bpg/terraform-provider-proxmox/issues/2153)) ([a58bf4f](https://github.com/bpg/terraform-provider-proxmox/commit/a58bf4f9475c33a16f8fcead640976a5fb149cb0)) - **deps:** update image golang ([`a5e935d`](https://github.com/bpg/terraform-provider-proxmox/commit/a5e935d) → [`d6bdb04`](https://github.com/bpg/terraform-provider-proxmox/commit/d6bdb04)) ([#2161](https://github.com/bpg/terraform-provider-proxmox/issues/2161)) ([58d833d](https://github.com/bpg/terraform-provider-proxmox/commit/58d833dfa8996985253bbd75ed50a10f7e9cc0db)) - **deps:** update image golang ([`d6bdb04`](https://github.com/bpg/terraform-provider-proxmox/commit/d6bdb04) → [`b773c94`](https://github.com/bpg/terraform-provider-proxmox/commit/b773c94)) ([#2169](https://github.com/bpg/terraform-provider-proxmox/issues/2169)) ([a979850](https://github.com/bpg/terraform-provider-proxmox/commit/a9798505c828618892f33d4376295c9f6e1850d0)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.5.1 → v7.6.0) ([#2162](https://github.com/bpg/terraform-provider-proxmox/issues/2162)) ([ffdc3a5](https://github.com/bpg/terraform-provider-proxmox/commit/ffdc3a55da085f45132b686dacf26642126ff0ae)) - **deps:** update module golang.org/x/crypto (v0.41.0 → v0.42.0) ([#2163](https://github.com/bpg/terraform-provider-proxmox/issues/2163)) ([4e73d56](https://github.com/bpg/terraform-provider-proxmox/commit/4e73d5610c854cd64e6f4d4cf81b7f534183d9be)) - **deps:** update module golang.org/x/net (v0.43.0 → v0.44.0) ([#2170](https://github.com/bpg/terraform-provider-proxmox/issues/2170)) ([ed366b5](https://github.com/bpg/terraform-provider-proxmox/commit/ed366b55dc8b32b2203ec87213bf76aba6d1860d)) - **docs:** improve `container` documentation ([#2160](https://github.com/bpg/terraform-provider-proxmox/issues/2160)) ([380fd7f](https://github.com/bpg/terraform-provider-proxmox/commit/380fd7fed1d5cfbb9a2c562294a9f2ac127a0a31)) - **docs:** improve `vm.initialization` documentation ([#2158](https://github.com/bpg/terraform-provider-proxmox/issues/2158)) ([29ef9d2](https://github.com/bpg/terraform-provider-proxmox/commit/29ef9d2527132b4e726e222edb958f022260a306)) - **docs:** include vm/lxc lock error details in the README known issues section ([#2166](https://github.com/bpg/terraform-provider-proxmox/issues/2166)) ([1810273](https://github.com/bpg/terraform-provider-proxmox/commit/1810273cebc8de6092b6347c4be0393ad2f9f29b)) - **docs:** update reference to `release-build` in contributing doc ([#2167](https://github.com/bpg/terraform-provider-proxmox/issues/2167)) ([739471a](https://github.com/bpg/terraform-provider-proxmox/commit/739471a9888b264587c42da1d370848b3d95639e)) - **docs:** update sdn\_applier example ([c275e03](https://github.com/bpg/terraform-provider-proxmox/commit/c275e031ffdd9b8fdd46c09d1563be12c713541b)) ### [`v0.83.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0830-2025-08-31) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.82.1...v0.83.0) ##### Features - **sdn:** add custom resource to apply `sdn_*` configurations ([#2127](https://github.com/bpg/terraform-provider-proxmox/issues/2127)) ([e13d7ef](https://github.com/bpg/terraform-provider-proxmox/commit/e13d7ef29985ccd0ba8f79dd0ad658ee6779a8a6)) ##### Bug Fixes - **docs:** correct minor typos / formatting ([#2144](https://github.com/bpg/terraform-provider-proxmox/issues/2144)) ([a2e4ff0](https://github.com/bpg/terraform-provider-proxmox/commit/a2e4ff039450214feb2c32d84e6b18878e1dd804)) ##### Miscellaneous - **ci:** Update actions/attest-build-provenance action (v2 → v3) ([#2142](https://github.com/bpg/terraform-provider-proxmox/issues/2142)) ([f62e69d](https://github.com/bpg/terraform-provider-proxmox/commit/f62e69d160055dc0cbd5a08f5041533c079bd96e)) - **ci:** update googleapis/release-please-action action (v4.2.0 → v4.3.0) ([#2136](https://github.com/bpg/terraform-provider-proxmox/issues/2136)) ([f634b2e](https://github.com/bpg/terraform-provider-proxmox/commit/f634b2eafb631b75c04c91b39d393de6b05e36b0)) - **ci:** update lycheeverse/lychee-action action (v2.5.0 → v2.6.0) ([#2137](https://github.com/bpg/terraform-provider-proxmox/issues/2137)) ([64c1ab3](https://github.com/bpg/terraform-provider-proxmox/commit/64c1ab3148a4d7a5835c5fd957a3009c35f73761)) - **ci:** update lycheeverse/lychee-action action (v2.6.0 → v2.6.1) ([#2138](https://github.com/bpg/terraform-provider-proxmox/issues/2138)) ([7f56290](https://github.com/bpg/terraform-provider-proxmox/commit/7f56290838c363d025719a15f6e25b6e1ec8d49e)) - **deps:** update image golang ([`4859242`](https://github.com/bpg/terraform-provider-proxmox/commit/4859242) → [`5502b0e`](https://github.com/bpg/terraform-provider-proxmox/commit/5502b0e)) ([#2134](https://github.com/bpg/terraform-provider-proxmox/issues/2134)) ([20f41e8](https://github.com/bpg/terraform-provider-proxmox/commit/20f41e86e03f183bcbf295ba56c41c692fcee998)) - **deps:** update image golang ([`91e2cd4`](https://github.com/bpg/terraform-provider-proxmox/commit/91e2cd4) → [`4859242`](https://github.com/bpg/terraform-provider-proxmox/commit/4859242)) ([#2128](https://github.com/bpg/terraform-provider-proxmox/issues/2128)) ([9ae882e](https://github.com/bpg/terraform-provider-proxmox/commit/9ae882e5d7cdb19b54e9be07ba92ef92cab0054c)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.3.0 → v7.4.0) ([#2129](https://github.com/bpg/terraform-provider-proxmox/issues/2129)) ([11b8167](https://github.com/bpg/terraform-provider-proxmox/commit/11b8167fc6488fbeb7b977f0267dcc862ce05e20)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.4.0 → v7.5.1) ([#2143](https://github.com/bpg/terraform-provider-proxmox/issues/2143)) ([2eae3ee](https://github.com/bpg/terraform-provider-proxmox/commit/2eae3eeeeb7c12e407aa21a33e930e8219310b6b)) - **deps:** update module github.com/stretchr/testify (v1.10.0 → v1.11.1) ([#2135](https://github.com/bpg/terraform-provider-proxmox/issues/2135)) ([6b00db6](https://github.com/bpg/terraform-provider-proxmox/commit/6b00db644613520e257c6af90b5f3930cf4a4b8a)) ### [`v0.82.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0821-2025-08-19) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.82.0...v0.82.1) ##### Bug Fixes - **vm:** prevent re-creation of previously imported disks on update ([#2122](https://github.com/bpg/terraform-provider-proxmox/issues/2122)) ([c6c1c18](https://github.com/bpg/terraform-provider-proxmox/commit/c6c1c18a2b7a2ad80006bf5e22afec7dbf98071b)) ##### Miscellaneous - **deps:** update image golang ([`9e56f0d`](https://github.com/bpg/terraform-provider-proxmox/commit/9e56f0d) → [`91e2cd4`](https://github.com/bpg/terraform-provider-proxmox/commit/91e2cd4)) ([#2123](https://github.com/bpg/terraform-provider-proxmox/issues/2123)) ([9d179dd](https://github.com/bpg/terraform-provider-proxmox/commit/9d179dde724604d3b2f297fd805c7c2cb8f723b4)) - **docs:** fix TOC format, cleanup cloud image guide ([#2121](https://github.com/bpg/terraform-provider-proxmox/issues/2121)) ([b321a01](https://github.com/bpg/terraform-provider-proxmox/commit/b321a01b4f142d55afef53eca20c1b183386bc84)) ### [`v0.82.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0820-2025-08-18) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.81.0...v0.82.0) ##### Features - **docs:** update compatibility notes for PVE 9.x ([#2116](https://github.com/bpg/terraform-provider-proxmox/issues/2116)) ([08ea66a](https://github.com/bpg/terraform-provider-proxmox/commit/08ea66a4e0e1c92851c5811bacde075d169fb1cc)) - **lxc:** add `proxmox_virtual_environment_containers` data source ([#2090](https://github.com/bpg/terraform-provider-proxmox/issues/2090)) ([45f2805](https://github.com/bpg/terraform-provider-proxmox/commit/45f28051cd18bbb5838ef0de5eedc41a97ecee3b)) - **lxc:** Add missing configuration options for container rootfs ([#2067](https://github.com/bpg/terraform-provider-proxmox/issues/2067)) ([b2c5012](https://github.com/bpg/terraform-provider-proxmox/commit/b2c50120ea552d078e9634228f8b90b356a163b9)) ##### Bug Fixes - **lxc:** adjust max number of container's IP configs ([#2088](https://github.com/bpg/terraform-provider-proxmox/issues/2088)) ([602568e](https://github.com/bpg/terraform-provider-proxmox/commit/602568e6a64945514b7e3a3294ec8fb1f98b6be8)) - **provider:** parsing PVE version reported by API ([#2115](https://github.com/bpg/terraform-provider-proxmox/issues/2115)) ([f1501e2](https://github.com/bpg/terraform-provider-proxmox/commit/f1501e2655f4d9a246be8fe826a3d385448dce17)) - **vm:** regression: disk re-ordering on re-apply ([#2114](https://github.com/bpg/terraform-provider-proxmox/issues/2114)) ([634ad69](https://github.com/bpg/terraform-provider-proxmox/commit/634ad690fefa719df7be1c7f8962cd4a5bead79a)) ##### Miscellaneous - **ci:** Update actions/checkout action ([#2098](https://github.com/bpg/terraform-provider-proxmox/issues/2098)) ([3855cb2](https://github.com/bpg/terraform-provider-proxmox/commit/3855cb293fd32486eb39aee056c3c526d4f15ba8)) - **ci:** update actions/create-github-app-token action (v2.0.6 → v2.1.0) ([#2095](https://github.com/bpg/terraform-provider-proxmox/issues/2095)) ([6161969](https://github.com/bpg/terraform-provider-proxmox/commit/61619690cce176948e4795a98075c0854a42669b)) - **ci:** update actions/create-github-app-token action (v2.1.0 → v2.1.1) ([#2099](https://github.com/bpg/terraform-provider-proxmox/issues/2099)) ([7f5d771](https://github.com/bpg/terraform-provider-proxmox/commit/7f5d77143a2c3a607ee3f647ad2d9054b9e0d00d)) - **ci:** update goreleaser/goreleaser-action action (v6.3.0 → v6.4.0) ([#2111](https://github.com/bpg/terraform-provider-proxmox/issues/2111)) ([78ce7f0](https://github.com/bpg/terraform-provider-proxmox/commit/78ce7f0db4595ecf00c0420b3d46fe78cda1d204)) - **ci:** update jetbrains/qodana-action action (v2025.1.1 → v2025.2.1) ([#2106](https://github.com/bpg/terraform-provider-proxmox/issues/2106)) ([0dec643](https://github.com/bpg/terraform-provider-proxmox/commit/0dec643b3dc670c48f3f79752cb93519e3515a36)) - **ci:** update lycheeverse/lychee-action action (v2.4.1 → v2.5.0) ([#2096](https://github.com/bpg/terraform-provider-proxmox/issues/2096)) ([7c98464](https://github.com/bpg/terraform-provider-proxmox/commit/7c98464783a70e1ca801765eb5c16fed4ce0f329)) - **deps:** update golangci/golangci-lint (v2.3.0 → v2.3.1) ([#2074](https://github.com/bpg/terraform-provider-proxmox/issues/2074)) ([9947a86](https://github.com/bpg/terraform-provider-proxmox/commit/9947a86106c7215f68183956cf0f2cde209a73fa)) - **deps:** update golangci/golangci-lint (v2.3.1 → v2.4.0) ([#2110](https://github.com/bpg/terraform-provider-proxmox/issues/2110)) ([21bed82](https://github.com/bpg/terraform-provider-proxmox/commit/21bed824e4cc4fd53cc927273798e5c6b757f89d)) - **deps:** update image golang (1.24.5 → 1.24.6) ([#2085](https://github.com/bpg/terraform-provider-proxmox/issues/2085)) ([ac91fe8](https://github.com/bpg/terraform-provider-proxmox/commit/ac91fe8de01fd61ca1015350801ffdb5451d7aa7)) - **deps:** update image golang (1.24.6 → 1.25.0) ([#2107](https://github.com/bpg/terraform-provider-proxmox/issues/2107)) ([9e10206](https://github.com/bpg/terraform-provider-proxmox/commit/9e10206e19b9f3cdf5989bef6956a4a1242a7235)) - **deps:** update image golang ([`10a15b9`](https://github.com/bpg/terraform-provider-proxmox/commit/10a15b9) → [`9e56f0d`](https://github.com/bpg/terraform-provider-proxmox/commit/9e56f0d)) ([#2109](https://github.com/bpg/terraform-provider-proxmox/issues/2109)) ([420add8](https://github.com/bpg/terraform-provider-proxmox/commit/420add86698425afba60ac06b3481b1057da5aee)) - **deps:** update module github.com/hashicorp/terraform-plugin-testing (v1.13.2 → v1.13.3) ([#2113](https://github.com/bpg/terraform-provider-proxmox/issues/2113)) ([1863847](https://github.com/bpg/terraform-provider-proxmox/commit/1863847b5764c5da9ed70d3bd9a3ce087ab185b4)) - **deps:** update module golang.org/x/crypto (v0.40.0 → v0.41.0) ([#2086](https://github.com/bpg/terraform-provider-proxmox/issues/2086)) ([5018b31](https://github.com/bpg/terraform-provider-proxmox/commit/5018b31d2aa72c66771242c0d5463f10ad20f7d0)) - **deps:** update module golang.org/x/net (v0.42.0 → v0.43.0) ([#2087](https://github.com/bpg/terraform-provider-proxmox/issues/2087)) ([5151dcc](https://github.com/bpg/terraform-provider-proxmox/commit/5151dcc7b7832a95312efe5773401e3443d26a1a)) - **docs:** cleanup and update `clone-vm` example ([#2094](https://github.com/bpg/terraform-provider-proxmox/issues/2094)) ([c7cd61a](https://github.com/bpg/terraform-provider-proxmox/commit/c7cd61a2d3aea273df40e86532fa575c0dd95b98)) - **docs:** remove spurious sdn datasource .tf examples ([#2092](https://github.com/bpg/terraform-provider-proxmox/issues/2092)) ([91e0fbf](https://github.com/bpg/terraform-provider-proxmox/commit/91e0fbf676a93dca8659ca55460ba2318b09620e)) </details> <details> <summary>rancher/local-path-provisioner (rancher/local-path-provisioner)</summary> ### [`v0.0.36`](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.36): Local Path Provisioner v0.0.36 [Compare Source](https://github.com/rancher/local-path-provisioner/compare/v0.0.35...v0.0.36) #### What's Changed - chore(ci): bump aquasecurity/trivy-action to v0.35.0 by [@macedogm](https://github.com/macedogm) in [#563](https://github.com/rancher/local-path-provisioner/pull/563) - chore: remove trivy-scan.yaml by [@derekbit](https://github.com/derekbit) in [#565](https://github.com/rancher/local-path-provisioner/pull/565) - chore: pin GH actions to commit sha by [@c3y1huang](https://github.com/c3y1huang) in [#564](https://github.com/rancher/local-path-provisioner/pull/564) - chore: use registry.suse.com/bci/golang by [@derekbit](https://github.com/derekbit) in [#566](https://github.com/rancher/local-path-provisioner/pull/566) - chore: remove dapper by [@derekbit](https://github.com/derekbit) in [#567](https://github.com/rancher/local-path-provisioner/pull/567) - chore: revert to golang:1.26.1-alpine image by [@derekbit](https://github.com/derekbit) in [#568](https://github.com/rancher/local-path-provisioner/pull/568) - chore: update to golang 1.26.2 by [@derekbit](https://github.com/derekbit) in [#570](https://github.com/rancher/local-path-provisioner/pull/570) - fix: update dockerfile by [@derekbit](https://github.com/derekbit) in [#574](https://github.com/rancher/local-path-provisioner/pull/574) - chore: pin kind, kubectl and kustomize versins by [@derekbit](https://github.com/derekbit) in [#575](https://github.com/rancher/local-path-provisioner/pull/575) - fix: qualify image references to avoid short-name resolution and Docker Hub rate limits by [@bejaratommy](https://github.com/bejaratommy) in [#573](https://github.com/rancher/local-path-provisioner/pull/573) - helm: make debug logging configurable via values by [@bejaratommy](https://github.com/bejaratommy) in [#572](https://github.com/rancher/local-path-provisioner/pull/572) - fix: add helper pod template validation by [@derekbit](https://github.com/derekbit) in [#576](https://github.com/rancher/local-path-provisioner/pull/576) - fix: relax helper pod template validation by [@derekbit](https://github.com/derekbit) in [#577](https://github.com/rancher/local-path-provisioner/pull/577) #### New Contributors - [@c3y1huang](https://github.com/c3y1huang) made their first contribution in [#564](https://github.com/rancher/local-path-provisioner/pull/564) - [@bejaratommy](https://github.com/bejaratommy) made their first contribution in [#573](https://github.com/rancher/local-path-provisioner/pull/573) **Full Changelog**: <https://github.com/rancher/local-path-provisioner/compare/v0.0.35...v0.0.36> ### [`v0.0.35`](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35): Local Path Provisioner v0.0.35 [Compare Source](https://github.com/rancher/local-path-provisioner/compare/v0.0.34...v0.0.35) #### What's Changed - Add FOSSA scanning workflow by [@macedogm](https://github.com/macedogm) in [#551](https://github.com/rancher/local-path-provisioner/pull/551) - Build linux/ppc64le images through build on GitHub Actions by [@kishen-v](https://github.com/kishen-v) in [#554](https://github.com/rancher/local-path-provisioner/pull/554) - updated golang to 1.26.0 by [@jgoodall](https://github.com/jgoodall) in [#557](https://github.com/rancher/local-path-provisioner/pull/557) - feat: Allow custom node affinity keys by [@ipantchev](https://github.com/ipantchev) in [#559](https://github.com/rancher/local-path-provisioner/pull/559) - chore: update golang to 1.26.1 by [@derekbit](https://github.com/derekbit) in [#561](https://github.com/rancher/local-path-provisioner/pull/561) - chore(release): bump to v0.0.35 by [@derekbit](https://github.com/derekbit) in [#562](https://github.com/rancher/local-path-provisioner/pull/562) #### New Contributors - [@macedogm](https://github.com/macedogm) made their first contribution in [#551](https://github.com/rancher/local-path-provisioner/pull/551) - [@jgoodall](https://github.com/jgoodall) made their first contribution in [#557](https://github.com/rancher/local-path-provisioner/pull/557) - [@ipantchev](https://github.com/ipantchev) made their first contribution in [#559](https://github.com/rancher/local-path-provisioner/pull/559) **Full Changelog**: <https://github.com/rancher/local-path-provisioner/compare/v0.0.34...v0.0.35> ### [`v0.0.34`](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.34): Local Path Provisioner v0.0.34 [Compare Source](https://github.com/rancher/local-path-provisioner/compare/v0.0.33...v0.0.34) #### What's Changed - fix: mitigate the impact of enforcing a pathPattern prefix by [@mantissahz](https://github.com/mantissahz) in [#547](https://github.com/rancher/local-path-provisioner/pull/547) - fix: read allowUnsafePathPattern from storageclass annotations by [@derekbit](https://github.com/derekbit) in [#548](https://github.com/rancher/local-path-provisioner/pull/548) - chore(release): bump to v0.0.34 by [@derekbit](https://github.com/derekbit) in [#549](https://github.com/rancher/local-path-provisioner/pull/549) - feat: allow specifying additional annotations on StorageClass by [@utkuozdemir](https://github.com/utkuozdemir) in [#550](https://github.com/rancher/local-path-provisioner/pull/550) #### New Contributors - [@utkuozdemir](https://github.com/utkuozdemir) made their first contribution in [#550](https://github.com/rancher/local-path-provisioner/pull/550) **Full Changelog**: <https://github.com/rancher/local-path-provisioner/compare/v0.0.33...v0.0.34> ### [`v0.0.33`](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.33): Local Path Provisioner v0.0.33 [Compare Source](https://github.com/rancher/local-path-provisioner/compare/v0.0.32...v0.0.33) #### What's Changed - fix: don't try to clean up pvs on nodes that are gone by [@marcusramberg](https://github.com/marcusramberg) in [#480](https://github.com/rancher/local-path-provisioner/pull/480) - upgrade go to 1.24.6 by [@lizzzcai](https://github.com/lizzzcai) in [#521](https://github.com/rancher/local-path-provisioner/pull/521) - bump go 1.25 by [@farazkhawaja](https://github.com/farazkhawaja) in [#526](https://github.com/rancher/local-path-provisioner/pull/526) - add storageClass.allowedTopologies in helm chart by [@lizzzcai](https://github.com/lizzzcai) in [#522](https://github.com/rancher/local-path-provisioner/pull/522) - fix(chart): correct ServiceAccount namespace in ClusterRoleBinding by [@J3m3](https://github.com/J3m3) in [#528](https://github.com/rancher/local-path-provisioner/pull/528) - Add common labels to helperPod config map template by [@michaeldvinci](https://github.com/michaeldvinci) in [#519](https://github.com/rancher/local-path-provisioner/pull/519) - chore: update pod\_test.go by [@derekbit](https://github.com/derekbit) in [#531](https://github.com/rancher/local-path-provisioner/pull/531) - fix: give clusterrole update on pvc by [@marcusramberg](https://github.com/marcusramberg) in [#530](https://github.com/rancher/local-path-provisioner/pull/530) - Add support for s390x architecture by [@SanyogDeshmukh](https://github.com/SanyogDeshmukh) in [#534](https://github.com/rancher/local-path-provisioner/pull/534) - feat: add priorityClassName support for provisioner and helper pods by [@dibaro](https://github.com/dibaro) in [#525](https://github.com/rancher/local-path-provisioner/pull/525) - fix: prohibit the reference path in pathPattern by [@mantissahz](https://github.com/mantissahz) in [#542](https://github.com/rancher/local-path-provisioner/pull/542) - chore: explicitly set `hostUsers` by [@jcpunk](https://github.com/jcpunk) in [#541](https://github.com/rancher/local-path-provisioner/pull/541) - fix: podDisruptionBudget renders correctly in all cases by [@jcpunk](https://github.com/jcpunk) in [#540](https://github.com/rancher/local-path-provisioner/pull/540) - chore(release): bump to 0.0.33 by [@derekbit](https://github.com/derekbit) in [#543](https://github.com/rancher/local-path-provisioner/pull/543) #### New Contributors - [@marcusramberg](https://github.com/marcusramberg) made their first contribution in [#480](https://github.com/rancher/local-path-provisioner/pull/480) - [@lizzzcai](https://github.com/lizzzcai) made their first contribution in [#521](https://github.com/rancher/local-path-provisioner/pull/521) - [@farazkhawaja](https://github.com/farazkhawaja) made their first contribution in [#526](https://github.com/rancher/local-path-provisioner/pull/526) - [@J3m3](https://github.com/J3m3) made their first contribution in [#528](https://github.com/rancher/local-path-provisioner/pull/528) - [@michaeldvinci](https://github.com/michaeldvinci) made their first contribution in [#519](https://github.com/rancher/local-path-provisioner/pull/519) - [@SanyogDeshmukh](https://github.com/SanyogDeshmukh) made their first contribution in [#534](https://github.com/rancher/local-path-provisioner/pull/534) - [@dibaro](https://github.com/dibaro) made their first contribution in [#525](https://github.com/rancher/local-path-provisioner/pull/525) **Full Changelog**: <https://github.com/rancher/local-path-provisioner/compare/v0.0.32...v0.0.33> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

renovatebot added 1 commit

2026-04-17 15:02:37 +02:00

Update all non-major dependencies ef79c391c8

renovatebot force-pushed renovate/all-minor-patch from ef79c391c8 to 34c7f1e5fb

2026-04-18 22:46:38 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 34c7f1e5fb to c369082498

2026-04-19 04:32:03 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from c369082498 to b7279221f7

2026-04-22 11:47:15 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from b7279221f7 to ab09e8443f

2026-04-23 14:03:18 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from ab09e8443f to 149b43ec5f

2026-04-23 14:16:27 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 149b43ec5f to 751d84bae7

2026-04-25 18:16:52 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 751d84bae7 to 194477fa5d

2026-04-27 03:17:10 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 194477fa5d to f2f7fdccca

renovate/artifacts Artifact file update failure

2026-05-02 23:17:06 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from f2f7fdccca

renovate/artifacts Artifact file update failure

to 85a1ea0de3

2026-05-03 20:32:14 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 85a1ea0de3 to 8b5ec2d999

2026-05-04 14:01:41 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 8b5ec2d999 to 106853cfd5

2026-05-04 23:47:00 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 106853cfd5 to dfe3d8e8c0

2026-05-05 22:31:41 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from dfe3d8e8c0 to 3b3acb3d75

2026-05-06 14:01:39 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 3b3acb3d75 to 4358a30369

2026-05-06 15:46:26 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 4358a30369 to 7dcd8f3f22

2026-05-08 19:19:03 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 7dcd8f3f22 to 66e819112a

2026-05-08 20:03:11 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 66e819112a to 2915af2449

2026-05-08 21:32:16 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 2915af2449 to 63d608675a

2026-05-10 16:46:31 +02:00

Compare

renovatebot commented

2026-05-10 17:02:05 +02:00

Author

Collaborator

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

### Edited/Blocked Notification Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠️ **Warning**: custom changes will be lost.

This pull request has changes conflicting with the target branch.

k8s/apps/authentik/kustomization.yml
k8s/aut-sys/apps/authentik/kustomization.yml

View command line instructions

Manual merge helper

Use this merge commit message when completing the merge manually.

Merge commit title

Merge pull request 'Update all non-major dependencies' (#37) from renovate/all-minor-patch into main

Merge commit body

Reviewed-on: https://git.hanse.de/lilly/lillinfra/pulls/37

Merge pull request 'Update all non-major dependencies' (#37) from renovate/all-minor-patch into main

Reviewed-on: https://git.hanse.de/lilly/lillinfra/pulls/37

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/all-minor-patch:renovate/all-minor-patch

git switch renovate/all-minor-patch

Merge

Merge the changes and update on Forgejo.

git switch main

git merge --no-ff renovate/all-minor-patch

git switch renovate/all-minor-patch

git rebase main

git switch main

git merge --ff-only renovate/all-minor-patch

git switch renovate/all-minor-patch

git rebase main

git switch main

git merge --no-ff renovate/all-minor-patch

git switch main

git merge --squash renovate/all-minor-patch

git switch main

git merge --ff-only renovate/all-minor-patch

git switch main

git merge renovate/all-minor-patch

git push origin main

No reviewers

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lilly/lillinfra!37

No description provided.

Rows
Columns

Update all non-major dependencies #37

Release Notes

Changes by Kind

Bug or Regression

Other (Cleanup or Flake)

Bug or Regression

Changes by Kind

Feature

Documentation

Bug or Regression

Other (Cleanup or Flake)

Changes since v1.20.0-alpha.1

Feature

Bug or Regression

Other (Cleanup or Flake)

Changed since v1.20.0-alpha.0

Feature

Bug or Regression

Other (Cleanup or Flake)

Added

Changed

Removed

Changes since v1.19.0

Feature

Bug or Regression

Changes by Kind

Other (Cleanup or Flake)

Changes by Kind

Bug or Regression

Changes by Kind

Bug or Regression

Other (Cleanup or Flake)

Changes since v1.19.1

Bug or Regression

Other (Cleanup or Flake)

Bug or Regression

Feature

Bug or Regression

Other (Cleanup or Flake)

Feature

Bug or Regression

Other (Cleanup or Flake)

Changes by Kind

Bug or Regression

Changes by Kind

Bug or Regression

Other (Cleanup or Flake)

Changes since v1.18.3

Bug or Regression

Other (Cleanup or Flake)

Bug or Regression

Other (Cleanup or Flake)

v4.13.2: release

What's Changed

v4.13.1: release

What's Changed

New Contributors

v4.13.0: release

What's Changed

New Contributors

v4.12.1: release

What's Changed

v4.12.0: release

What's Changed

New Contributors

v2.7.5

What's Changed

🐛 Bug fixes

🌐 Translations

v2.7.4

What's Changed

🐛 Bug fixes

v2.7.3

What's Changed

🐛 Bug fixes

📚 Documentation

New Contributors

What's Changed

🐛 Bug fixes

v2.7.0

Changes since `v1.19.0`

Changes since `v1.19.1`

Changes since `v1.18.3`

`v4.13.2`: release

`v4.13.1`: release

`v4.13.0`: release

`v4.12.1`: release

`v4.12.0`: release

`v3.0.0`