March 23, 2026

Week 13 - March 2026

This week: 60 releases, 176 news items.

👋 Welcome

This week brought a flurry of activity across the cloud native landscape, with a strong focus on AI integration, critical security enhancements, and significant ecosystem advancements. We saw notable releases across core projects like Kubernetes, Cilium, and Dapr, alongside key announcements from the CNCF highlighting new incubation projects and programs. The community buzz continued to revolve around the evolving role of AI in development and operations, particularly concerning agent-based architectures and GPU infrastructure.

🚀 Notable Releases

Orchestration & Cluster Management

Kubernetes v1.35.3 - A patch release for the latest stable Kubernetes series.
Kubernetes v1.34.6 - Another patch release providing stability improvements for the v1.34 branch.
Kubernetes v1.33.10 - A maintenance update for the v1.33 series, ensuring continued reliability.
Kubernetes-sigs/cluster-api v1.12.4 - This release ensures ReconcilerRateLimiting works consistently with controller runtime ExponentialBackoff and includes several bug fixes.
Kubernetes-sigs/cluster-api v1.11.7 - A maintenance release with bug fixes, including addressing “Failed to exec DockerMachine bootstrap” errors.

Networking & Data Storage

Cilium v1.19.2 - Moves ztunnel daemonset management to Helm and adds rate limiting to the neighbor reconciler.
Cilium v1.18.8 - Enables attaching Cilium’s XDP program on interfaces with jumbo MTU and includes bug fixes for NodePort.
Cilium v1.17.14 - Addresses several bugfixes, including one for NodePort hairpin redirect and Envoy admin socket security.
Etcd-io/etcd v3.6.9 - A patch release for the distributed key-value store, recommending review of the changelog and upgrade guide.
Etcd-io/etcd v3.5.28 - A maintenance release for the v3.5 series, with a focus on stability and bug fixes.
Etcd-io/etcd v3.4.42 - Continues to provide stability for older etcd deployments.
Antrea-io/antrea v2.6.0 - Adds support for multiple flow export destinations via FlowExporterDestination CRDs and IPv6/Dual-Stack for NodePortLocal.
Kubeovn/kube-ovn v1.15.7 - Includes dependency updates for security and fixes for IPAM.
Kubeovn/kube-ovn v1.14.35 - A maintenance release with security updates and general fixes.
Kubeovn/kube-ovn v1.15.6 - Updates for OVN patch compatibility and fixes for BGP speaker IP reading.
Kube-vip/kube-vip v1.1.1 - Fixes BGP route advertisement in control-plane only mode and bumps several dependencies for stability.
Crate/crate 6.2.3 - A patch release for the distributed SQL database, with details available in its release notes.
Scylladb/scylla-operator v1.19.2 - Provides updates and stability for managing ScyllaDB clusters on Kubernetes.

Security

Dapr/dapr v1.17.2 - Includes security fixes by upgrading to Go 1.25.8, a new RavenDB state store component, and bug fixes.
Spiffe/spire v1.14.4 - A patch release for the SPIFFE runtime environment.
Spiffe/spire v1.14.3 - Improves OPA policy evaluation performance, uses standardized PQKEM TLS policy, and reports spire-agent version to the server.
Keycloak/keycloak 26.5.6 - Addresses critical security fixes, including a Blind Server-Side Request Forgery (SSRF) vulnerability.
Kubescape/kubescape v4.0.3 - A patch release with dependency updates and general improvements for Kubernetes security.
Openfga/openfga v1.13.0 - Features AuthZen v1.0 implementation and improvements in observability and error handling.
Openfga/openfga v1.12.1 - Refactors tuple validation and manipulation for performance and updates grpc-go for security.
External-secrets/external-secrets v2.2.0 - A new minor release bringing general improvements and fixes to the external secrets management for Kubernetes.
External-secrets/external-secrets helm-chart-2.2.0 - The Helm chart release accompanying v2.2.0 of the External Secrets operator.
Kubearmor/KubeArmor v1.6.15 - Fixes kernel header path detection and includes non-K8s host and KSP test suites.
Kubewarden/kubewarden-controller v1.33.1 - Fixes chart versions, updates dependencies, and forwards image pull secrets.
Seebom-labs/seebom v0.2.0 - A new minor release for the SBOM management tool, providing updated container images and a Helm chart.

Developer Tools & Runtimes

Backstage/backstage v1.49.2 - A patch release fixing CIMD redirect URI matching.
Backstage/backstage v1.49.1 - Fixes broken API reference links, migrates TechDocs pages to BUI header, and integrates unprocessed entities as a DevTools tab.
Backstage/backstage v1.49.0 - Introduces the New Frontend System as a 1.0 Release Candidate, making it the default for newly created apps.
KubeVirt/kubevirt v1.7.2 - A patch release for the Kubernetes Virtualization project, including 35 changes and stability improvements.
KubeVirt/kubevirt v1.6.4 - Another patch release for KubeVirt, with 108 changes from 25 contributors.
Lima-vm/lima v2.1.0 - Adds experimental support for macOS and FreeBSD guests, and introduces limactl shell --sync for directory synchronization.
Litmuschaos/litmus 3.27.0 - Adds support for targeting Jobs in chaos experiments and fixes a subscriber crash on Workflow ADD events.
Meshery/meshery v0.9.0 - A major release for the cloud native management plane, including fixes for OrgID handling, cluster resync, and dependency bumps.
Fermyon/spin canary - A “canary” release providing the latest features from the main branch for developers to try out.
Ahmetb/kubectx v0.10.0 - Introduces kubectx --shell for isolated shell environments and kubens -f to skip namespace existence checks.

Configuration & Observability

Cloud-custodian/cloud-custodian 0.9.50.0 - Adds ability to normalize tag keys in filters, a start-of-day option for metric filters, and cross-account joint conditions.
Metal3-io/baremetal-operator v0.12.3 - Includes bug fixes for paused annotation handling and provisioner errors, along with CAPI and gRPC bumps.
Metal3-io/baremetal-operator v0.11.6 - Provides similar bug fixes and dependency updates for the v0.11 series.
Open-telemetry/opentelemetry-collector v0.148.0 - A new release with end-user changelog, but notes a known issue regarding Prometheus metrics endpoint label naming.

Registry

Goharbor/harbor v2.15.0 - Introduces new features like tag deletion options for garbage collection and UI for limiting upstream registry connections.

📰 This Week in Cloud Native

The cloud native ecosystem is buzzing with advancements, particularly at the intersection of AI and infrastructure. A major announcement from the CNCF highlighted the General Availability of Dapr Agents v1.0, promising production-grade resiliency and security for enterprise AI agent frameworks. This aligns with a broader trend of integrating AI, as seen with Volcano evolving into an AI-native unified scheduling platform, moving beyond traditional batch workloads to support complex LLM requirements. Kubernetes itself is being positioned as a “glorified host” for AI, with new tools like Agent Sandbox emerging to help run AI agents securely within the orchestration system. The focus on API-first infrastructure, championed by projects like Crossplane, is also gaining traction as a way to manage the underlying resources for AI-assisted development.

Security remains a paramount concern, especially with the rapid adoption of AI and the increasing complexity of software supply chains. The CNCF has partnered with Kusari to advance software supply chain security for cloud native projects, addressing the challenges posed by the vast dependencies in modern applications. Kubernetes is also addressing internal security, with a new focus on securing production debugging, moving away from broad cluster-admin access. Concerns around the security of AI-generated code and the vulnerability of open source packages used by AI agents were raised, with discussions about solutions like Chainguard’s repositories. Furthermore, the Linux kernel’s growing scale is reportedly straining the existing CVE system, highlighting a need for more robust vulnerability management.

The Kubernetes ecosystem continues to mature and expand. A significant development is the release of Ingress2Gateway 1.0, providing a clear migration path for users from Ingress-NGINX to the more powerful and expressive Gateway API. The CNCF also welcomed Metal3, a bare metal project, into its incubation stage, emphasizing its role in foundational infrastructure management for self-hosted Kubernetes. Agones, the open source platform for scaling game servers on Kubernetes, also officially transitioned to the CNCF, marking a new era for multiplayer game infrastructure. These movements, coupled with preparation for KubeCon + CloudNativeCon Europe 2026, including a dedicated Platform Engineering Day, underscore the community’s commitment to evolving and standardizing cloud native practices.

Finally, discussions around cloud sovereignty and cost optimization gained prominence, particularly in Europe. Several reports and open letters from European cloud providers warned the EU about “sovereignty washing” and expressed concerns over dependency on US cloud services. This comes amidst news of Alibaba Cloud raising prices for AI computing and storage, and ongoing conversations about the escalating costs of observability solutions, prompting reflection on scaling strategies from monitoring stacks to comprehensive observability platforms.

💬 Community Buzz

Hacker News was abuzz this week with discussions around AI agents, particularly their sandboxing and security. Several “Show HN” posts introduced new tools for managing GPU infrastructure for AI, like Chamber and vMetal, and monitoring LLM inference clusters with llmtop. The community also debated the impact of AI on coding skills and the future of programming. Docker and container security were also hot topics, with a reported Trivy supply chain attack expanding to compromised Docker images, prompting renewed focus on container hardening and supply chain integrity.

📊 Week in Numbers

45 stable releases across 20 projects
AWS, Anthropic, Google, Microsoft, and OpenAI jointly invested $12.5 million with the Linux Foundation to defend the open source ecosystem from AI threats.

📚 View all articles from this week →