Week 11 - March 2026

This week: 47 releases, 183 news items.

👋 Welcome

This week in Cloud Native saw a strong focus on the evolving relationship between AI and Kubernetes, with discussions around AI platform convergence and agent-based development. Preparations for KubeCon + CloudNativeCon Europe 2026 are ramping up, highlighting key co-located events and community engagement. Meanwhile, a series of important security updates and critical infrastructure news underscored the ongoing need for vigilance in our rapidly advancing ecosystem.

🚀 Notable Releases

Networking & Edge

  • CoreDNS v1.14.2 - This release introduces the proxyproto plugin for Proxy Protocol support, enhances DNS logging and randomness for loop detection (CVE-2026-26018), and includes fixes for an ACL bypass (CVE-2026-26017) and a Kubernetes plugin crash.
  • K3s v1.35.2+k3s1 - Updates Kubernetes to v1.35.2 and includes Rootlesskit reverts, test fixes, and backports.
  • K3s v1.34.5+k3s1 - Updates Kubernetes to v1.34.5 and includes Rootlesskit reverts, test fixes, and backports.
  • K3s v1.33.9+k3s1 - Updates Kubernetes to v1.33.9 and includes Rootlesskit reverts, test fixes, and backports.
  • K3s v1.32.13+k3s1 - Updates Kubernetes to v1.32.13 and includes Rootlesskit reverts, test fixes, and backports.

Observability & Tracing

  • OpenTelemetry Collector v0.147.0 - Enhances the debug exporter to output bucket counts for exponential histogram data and adds metadata_keys configuration to partition batches by client metadata.
  • Jaeger v2.16.0 - Enforces Go version consistency (requiring Go 1.25.7), removes the legacy remote sampling endpoint format, and introduces schemagen for internal extensions.
  • Inspektor Gadget v0.50.0 - Features a new trace_init_module gadget, adds support for filtering containers by image digests, and optimizes socket cleanup.
  • OpenObserve v0.60.4 - Includes fixes for dark mode styles in variable settings, bulk API metrics, and WAL runtime worker configuration.
  • OpenObserve v0.50.6 - Provides fixes for local mode in enrichment table requests, dark mode styles, and bulk API metrics.

Container Runtime & Build

  • CRI-O v1.35.1 - This patch release focuses on bug fixes and dependency updates to improve stability.
  • CRI-O v1.34.6 - A maintenance release addressing bug fixes and dependency updates.
  • CRI-O v1.33.10 - Another patch release providing bug fixes and updated dependencies for an older stable branch.
  • Pack v0.40.1 - A CLI for building applications using Cloud Native Buildpacks, requiring a container runtime like Docker or Podman.

Security & Identity

  • SPIFFE/SPIRE v1.14.2 - Addresses a Server-Side Request Forgery (SSRF) vulnerability in the http_challenge server node attestor plugin and fixes an issue in the x509pop attestor.
  • SPIFFE/SPIRE v1.13.4 - Backports the same security fixes found in v1.14.2 for the http_challenge and x509pop server node attestor plugins.
  • External Secrets Helm Chart v2.1.0 - A new Helm chart release for managing external secrets in Kubernetes.
  • External Secrets v2.1.0 - Updates the Helm chart and includes a fix for Cosign verification.
  • Strimzi Kafka Operator 0.51.0 - Crucially addresses CVE-2026-27133 and CVE-2026-27134, and now officially supports Kubernetes 1.30 and newer.
  • Backstage v1.48.4 - This release delivers important security fixes for @backstage/plugin-techdocs-node, @backstage/integration, and @backstage/plugin-scaffolder-backend.
  • Trivy v0.69.3 - Includes a dependency bump for github.com/go-git/go-git/v5.
  • Dex v2.45.1 - Fixes a MySQL 8.0+ storage migration issue related to the groups reserved word and updates authproxy and oauth to align with the CallbackConnector interface.
  • Nuclio 1.15.20 - Features dashboard enhancements, fixes a race condition in Go runtime panic recovery, and addresses CVE-2026-29042, an OS Command Injection vulnerability in the shell runtime.

Serverless & Runtime

  • Knative Eventing v1.20.2 - Corrects documentation, adds support for Pod default credentials in AWS IntegrationSource and IntegrationSink resources, and ensures event files received by Jobsinks include the Distributed Tracing extension.
  • Dapr Runtime v1.16.10 - This update brings bug fixes, security enhancements, a Go version bump to 1.25.7, an OpenTelemetry SDK update, and Pulsar PubSub validation for JSON messages.

Developer Tools & Ecosystem

  • Telepresence v2.27.1 - Installers now offer the option to run the root daemon as a system service, which removes the need for elevated privileges during use.
  • Meshery v0.8.212 - Addresses a fix for the Debian slim image build.
  • Meshery v0.8.211 - Swaps the Alpine image with Debian:slim, includes UI updates, and reverts a change related to CGO in the server build.
  • Meshery v0.8.210 - This release primarily focuses on fixing a broken UI build.
  • Meshery v0.8.209 - Contains CI fixes for the Hugo-based Dockerfile, disables CGO in the server build, and upgrades Provider UI packages.
  • Meshery v0.8.208 - Restores Next 15 static export compatibility and fixes an issue with Design editing.
  • Meshery v0.8.207 - Updates Kubebuilder/kube-rbac-proxy, synchronizes documentation content, and includes various server-side fixes.
  • Meshery v0.8.206 - Deletes older Kubernetes meshmodel directories, fixes missing favicons, bumps the Meshkit version, and adds fallback logic for intra-page TOC navigation.

Backup & Database

  • Velero v1.18.0 - A major release introducing the capability to process multiple backups concurrently, significantly improving usability for multi-tenant and multi-user scenarios.
  • CrateDB 6.2.2 - A maintenance release for the CrateDB distributed SQL database.

📰 This Week in Cloud Native

The cloud native landscape continues to be shaped by the pervasive influence of AI, with a significant theme this week being the convergence of AI platforms on Kubernetes. Multiple articles discussed how Kubernetes is no longer just for microservices but is becoming the foundational infrastructure for AI workloads, enabling deployment simplicity and resource management. This trend is further amplified by new tools like NanoClaw, Kelos, and VibePod CLI, which allow developers to containerize and orchestrate AI agents within Kubernetes, addressing both security and operational challenges. The launch of OpenAI’s GPT-5.4 also marked a notable development in the AI space, further pushing the boundaries of what these models can achieve.

As the industry looks ahead, preparations for KubeCon + CloudNativeCon Europe 2026 are in full swing. Several CNCF blog posts highlighted co-located events such as KeycloakCon, focusing on identity and access management in cloud native architectures, and Kubernetes on Edge Day, exploring the intersection of cloud native technologies with resource-constrained environments. OSPOlogy Day Cloud Native also featured prominently, emphasizing peer mentoring and group discussions on cloud strategy management and supply chain security. These events underscore a community-driven effort to tackle complex challenges and foster innovation within the cloud native ecosystem. Meshery, a high-velocity CNCF project, also highlighted its expanding ecosystem and community contributions, reflecting the project’s growing importance.

Security and operational resilience remained a critical area of focus. Several notable releases, including Strimzi Kafka Operator, SPIFFE/SPIRE, Backstage, and Nuclio, delivered crucial security fixes addressing vulnerabilities ranging from SSRF to OS Command Injection. On a more alarming note, reports emerged of drone attacks directly impacting two AWS datacenters in the UAE and Bahrain, highlighting the evolving threat landscape for critical cloud infrastructure. Additionally, discussions around unsecured Google API keys for Gemini AI and a cloud vulnerability in APsystems underscored the persistent need for robust security practices across all layers of the cloud native stack.

Beyond the core infrastructure, the developer experience and broader ecosystem trends also saw significant activity. A survey revealed that nearly half of all companies are now using Rust in production, signaling its growing maturity and adoption. The Eclipse Foundation reported impressive growth for Open VSX, hitting 300 million monthly downloads, indicating a thriving marketplace for open-source developer tools. However, there was also news regarding the end-of-support for the AWS Copilot CLI, prompting users to consider alternative deployment strategies. The concept of “vibe coding” and the emergence of new developer tools like TanStack Start and IT-Tools point to a continuous drive for efficiency and innovation in software development workflows.

💬 Community Buzz

Hacker News discussions this week were heavily dominated by the rapid advancements and implications of AI agents. The community explored tools like Kelos and VibePod CLI for orchestrating AI coding agents on Kubernetes, along with security concerns addressed by Agentcheck and autonomous incident response with OnCallMate. There was significant debate around the efficiency and future of Docker, particularly concerning docker pull behavior and new alternatives like Mocker. Beyond tooling, broader conversations touched on AI’s impact on careers and open-source software, with some questioning its long-term effects on learning and development, and concerns about AI astroturfing.

📊 Week in Numbers

  • 35 stable releases across 21 projects
  • Nearly half of all companies now use Rust in production.
  • Eclipse Foundation reports Open VSX hits 300 million monthly downloads.
  • AWS Copilot CLI is scheduled to reach end of support on June 12, 2026.

📚 View all articles from this week →