Week 7 - February 2026

👋 Welcome

This week in Cloud Native brought a robust wave of innovation and essential updates. We saw significant advancements in AI’s integration with developer tooling, critical security patches across multiple projects, and continuous enhancements to core Kubernetes components and its surrounding ecosystem. From major releases in networking and observability to a strong focus on AI agent security and productivity, the community remains dynamic and forward-looking.

🚀 Notable Releases

Observability & Tracing

• OpenTelemetry Collector v0.145.0 - Introduces ScraperID to logs for improved metrics, logs, and profiles, and fixes the OTLP exporter balancer to use round-robin by default.
• Jaeger v2.15.1 - Includes minor bug fixes and improvements, such as defaulting spankind in the API.
• Jaeger v2.15.0 - A significant release with breaking changes to restrict trace/metric storage configs to a single backend type, and new features like a Grafana dashboard for metrics exporter.
• Grafana Loki v3.6.5 - Adds a new loki health command and updates to Go 1.25.7.
• Inspektor Gadget v0.49.0 - Brings OpenTelemetry profiles support for exporters and includes a security fix for CFLAGS customization vulnerabilities.

Databases

• Vitess v23.0.1 - A patch release incorporating 51 merged Pull Requests with various fixes and improvements.
• Vitess v22.0.3 - Another patch release for the v22 branch, including 40 merged Pull Requests.
• Crate v6.2.1 - A patch release with various fixes and improvements, detailed in its changelog.
• Crate v6.1.3 - A patch release providing further stability and bug fixes for the 6.1 series.
• ScyllaDB Operator v1.19.1 - Focuses on documentation updates, including bringing prom-operator back as a dependency in the installation guide.

Container Runtimes & Build

• CRI-O v1.34.5 - A patch release addressing bug fixes and regressions since v1.34.4.
• CRI-O v1.33.9 - A maintenance release with bug fixes and dependency updates.
• CRI-O v1.32.13 - Provides bug fixes and dependency updates for the v1.32 branch.
• Buildpacks Pack v0.40.0 - Offers CLI for building apps using Cloud Native Buildpacks, with installation instructions updated.
• Buildah v1.43.0 - Notable changes include bumping runc to v1.3.4 and fixing SystemContext encoding issues.

Storage

• Rook v1.19.1 - A patch release primarily focused on feature additions and bug fixes for the Ceph operator, including CSI updates and security improvements.

Networking

• Cilium v1.19.0 - A major release with 2934 new commits and contributions from over 1010 developers, requiring potential upgrade actions for users of Network Policies, Cluster Mesh, LoadBalancer IPAM, or BGP.
• K8gb v0.18.0 - Enhances GSLB reconciliation with hostname filtering, introduces a new Prometheus metric, and includes broad dependency refreshes.

Infrastructure & Policy

• Crossplane v2.1.4 - Backports a fix for shared transitive dependency upgrades and includes security updates.
• Crossplane v2.0.7 - Backports a fix for shared transitive dependency upgrades and contains security updates.
• Crossplane v1.20.5 - Backports a fix for shared transitive dependency upgrades and updates sigstore dependencies to fix CVEs.
• Kyverno v1.17.0 - A new stable release for the Kubernetes native policy engine.

Autoscaling

• KEDA v2.19.0 - Introduces a new Kubernetes Resource Scaler and adds file-based authentication support for ClusterTriggerAuthentication.

Security

• Cert-manager v1.19.3 - Contains three bug fixes, including a critical fix for a MODERATE severity DoS issue (GHSA-gx3x-vq4p-mhhv). All users are advised to upgrade.
• Cert-manager v1.18.5 - Also includes the fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv, along with other bug fixes.
• External Secrets v2.0.0 - A breaking change release that removes the unsupported Alibaba and Device42 providers.
• External Secrets helm-chart-2.0.0 - The Helm chart release corresponding to v2.0.0.
• External Secrets v1.3.2 - A patch release with general improvements and chart updates.
• External Secrets helm-chart-1.3.2 - The Helm chart release corresponding to v1.3.2.
• Backstage v1.47.3 - Contains security fixes for @backstage/plugin-techdocs-node.
• Backstage v1.46.5 - Backports security fixes that were part of the 1.47.3 release.
• Kubescape v4.0.0 - A major release adding a Krew plugin manifest and fixing broken README anchors.
• Trivy v0.69.1 - Includes a fix for misconfigurations when filtering results via .trivyignore and dependency bumps to address CVEs.

Edge Computing

• K3s v1.35.0+k3s3 - Updates Kubernetes to v1.35.0, includes bug fixes, and expands docker upgrade tests.
• K3s v1.34.3+k3s3 - Updates Kubernetes to v1.34.3 and contains various bug fixes.
• K3s v1.33.7+k3s3 - Updates Kubernetes to v1.33.7, fixes issues, and provides an upgrade warning for v1.34.
• K3s v1.32.11+k3s3 - Updates Kubernetes to v1.32.11, addresses multiple issues, and includes a K3s v1.34 upgrade warning.

Service Mesh

• Kuma v2.13.1 - Features security updates, an optimization for MeshTrafficPermission rules, and custom issuer support for cert-manager integration.
• Kuma v2.12.6 - Contains dependency bumps for Envoy and containernetworking/plugins, alongside security updates.
• Kuma v2.11.9 - Includes dependency updates for Envoy and containernetworking/plugins, and security patches.
• Kuma v2.10.10 - Features Envoy dependency bumps, security updates, and a CoreDNS version upgrade.
• Kuma v2.9.11 - Updates Envoy and other dependencies, and includes security-related changes.
• Kuma v2.7.21 - A patch release with Envoy and golang.org/x/crypto dependency bumps, and security updates.
• Meshery v0.8.205 - Enhances default provider behavior in CLI and UI, and includes maintenance updates for CI workflows.
• Meshery v0.8.204 - Fixes typos in Rego policy files, adds a make policy-lint target, and updates npm install commands.
• Meshery v0.8.203 - Initiates migration of docs.meshery.io to Hugo, bumps jsonpath dependency, and refactors CLI error handling.

Serverless

• Nuclio 1.15.16 - Enhances the dashboard with an explicit log proxy kind.
• Nuclio 1.15.15 - Features enhancements to the processor for single-yield EOS, adds Forbidden Service Account Validation, and updates UI dependencies.

📰 This Week in Cloud Native

This week showcased the accelerating integration of Artificial Intelligence into the cloud-native development lifecycle, alongside significant foundational updates. We observed a surge in discussions and new tools centered around AI agents and coding assistants, such as GitHub Copilot, Claude Code, and OpenAI’s Codex. The shift towards AI-driven developer experiences sparked conversations about the “IDEcline,” hinting at a potential re-evaluation of traditional IDEs in favor of more autonomous, agent-managed coding environments. However, this rapid adoption also brought to light critical security considerations, with reports of AI agent hijacking and a strong emphasis on the need for robust sandboxing mechanisms, as highlighted by Docker and HyperVisor isolation efforts.

The core Kubernetes ecosystem continued its steady evolution, with the introduction of the Node Readiness Controller aimed at improving cluster stability and the notable announcement of the planned retirement of Ingress NGINX, signaling potential shifts in traffic management strategies. CNCF projects also made strides, with Dragonfly v2.4.0 bringing a new load-aware scheduling algorithm and Dapr demonstrating its capability to converse with Large Language Models, further simplifying distributed application development. Cloud providers like AWS are also enhancing their Kubernetes offerings, integrating Amazon EKS with CNCF Fluid for deep learning model training and Amazon Q Business for extracting actionable insights from EKS logs.

Security remained a top priority, evidenced by a flurry of stable releases addressing vulnerabilities and introducing new protective measures. Projects like cert-manager released critical patches for DoS issues, while External Secrets saw a major version bump with provider removals, and Kubescape and Trivy received updates focused on security posture management and vulnerability scanning. Observability tools such as OpenTelemetry Collector, Jaeger, and Grafana Loki also delivered enhancements, improving logging, tracing, and monitoring capabilities. Beyond specific projects, there was a broader industry discussion about the need for CISOs to adapt their security strategies to keep pace with the rapid advancements in AI, emphasizing federated security approaches.

The week also saw major cloud providers like Amazon and Alphabet announcing record investments in AI infrastructure, underscoring the strategic importance of AI to their future growth. In the data realm, innovations included Snowflake Postgres with pg_lake for open standards and ScyllaDB leveraging the open-source USearch library for vector search. Community engagement was celebrated through the successful completion of the CNCF LFX Mentorship program and a video highlighting the vibrant KubeCon + CloudNativeCon community, reinforcing the collaborative spirit that drives the cloud-native landscape forward.

💬 Community Buzz

Hacker News was abuzz with the rapid advancements in AI agents, with numerous “Show HN” projects demonstrating innovative approaches to sandboxed execution environments like AgentVM and Docker sandboxes, alongside AI-powered Kubernetes IDEs. The community actively discussed the implications of AI on developer workflows, including tools for local development with Docker Compose on Kubernetes and efforts to track deployment-related incidents. There was also keen interest in self-hosted solutions for log aggregation and artifact management, reflecting a desire for greater control and efficiency in cloud-native operations.

📊 Week in Numbers

• 48 stable releases across 25 projects
• Cilium v1.19.0 saw contributions from over 1010 developers, adding 2934 new commits.
• Cert-manager addressed a MODERATE severity DoS issue, urging all users to upgrade.
• Major cloud providers like Amazon and Alphabet announced record investments in AI infrastructure.

📚 View all articles from this week →