Week 26, Jun 22-28, 2026

👋 Welcome

This week saw a significant number of patch releases across various Cloud Native projects, addressing security vulnerabilities and bug fixes. The Cloud Native community also highlighted developments in AI integration with Kubernetes, advancements in cloud native education, and ongoing discussions around data sovereignty and cloud infrastructure.

🚀 Notable Releases

CI/CD

• Argo CD v3.4.4 - This patch release provides installation manifests and confirms container images are signed by cosign for provenance.
• Argo CD v3.3.12 - A patch release offering installation manifests and signed container images for provenance.

Networking

• Cilium v1.19.5 - Extends troubleshoot commands for kvstore and clustermesh, removes the loadBalancer.standalone option from Helm, and fixes WireGuard MTU calculation.
• Cilium v1.18.11 - Extends troubleshoot commands for kvstore and clustermesh, and fixes weighted backend traffic splitting for TLSRoute passthrough listeners in Gateway API.
• Cilium v1.17.17 - Extends troubleshoot commands for kvstore and clustermesh, and fixes retries for CiliumNode Get errors in multipool configurations.
• Kube-OVN v1.15.15 - Updates containerd dependency to v2.2.5 and includes a fix for reconciling VPC BFD HA chassis on node changes.
• Kube-OVN v1.14.41 - Updates containerd dependency to v2.2.5 and includes a fix for reconciling VPC BFD HA chassis on node changes.

Container Runtime

• containerd v2.3.2 - This patch release includes security updates addressing CVE-2026-50195, CVE-2026-53488, and CVE-2026-53492.
• containerd v2.2.5 - A patch release containing security updates for CVE-2026-50195, CVE-2026-53488, and CVE-2026-53492.
• containerd v2.1.9 - This patch release includes security updates for CVE-2026-50195, CVE-2026-53488, and CVE-2026-53492.
• containerd v2.0.10 - A patch release with security updates for CVE-2026-53488 and CVE-2026-47262.
• containerd v1.7.33 - This patch release includes security updates for CVE-2026-53488 and CVE-2026-47262, and a go-jose security update for CVE-2026-34986.
• Lima v2.1.3 - Includes cherry-picks from the master branch, fixes for containerd.user=true on non-Linux guests, a fallback to scp for copytool with remote sources, and switches the default image to ubuntu-26.04. It also disables ssh.overVsock by default.

Build & Automation

• Dapr Runtime v1.18.1 - Fixes workflow event-timer reminders leaking with repeated event names, addresses sidecars becoming permanently unavailable after configuration reloads, and resolves unnecessary sidecar restarts on operator configuration resyncs.
• Dapr Runtime v1.16.16 - Fixes Sentry failing to sign certificates when the issuer key type does not match the CSR signature algorithm, and resolves Helm downgrade failures on the scheduler StatefulSet storage size from versions 1.17 or 1.18.
• Dapr Runtime v1.17.10 - Fixes resiliency retry matching being ignored on the pubsub publish path, meaning configured httpStatusCodes or gRPCStatusCodes for retries had no effect on Publish or BulkPublish errors.
• Helm v3.21.2 - A patch release that updates Kubernetes client libraries to align with Kubernetes v1.36.
• Helm v4.2.2 - This is a patch release.
• Backstage v1.52.0 - BREAKING CHANGE: The default discovery API implementation in @backstage/plugin-app has changed to FrontendHostDiscovery.
• KubeVirt v1.8.4 - A patch release that includes 31 changes and bug fixes.
• Meshery v1.0.45 - Bumps go.mongodb.org/mongo-driver to 1.17.7, restores gofrs/uuid library usage, and addresses a UI issue preventing the Connections icon from disappearing.
• Meshery v1.0.44 - Bumps github.com/containerd/containerd to 1.7.33, removes obsolete WASM filter startup seeding, and fixes a missing logo for the AWS API Gateway model in the UI.
• Telepresence v2.29.0 - Provides installers that include an option to run the root daemon as a system service, removing the requirement for elevated privileges during use.

Observability

• Prometheus v3.5.4 - This release fixes multiple security issues, including secrets being exposed in plaintext via the /-/config endpoint (GHSA-39j6-789q-qxvh) and bumps golang.org/x/net and OpenTelemetry dependencies to address reported CVEs (GO-2026-5026, GO-2026-4918, GO-2026-4985).
• Inspektor Gadget v0.53.2 - A bugfix release that addresses a container-hook fanotify self-deadlock by caching config.json.

Storage

• Rook v1.20.1 - A patch release focusing on feature additions and bug fixes to the Ceph operator, including adding rook-compatible Ceph CSI driver values to Helm, ensuring require-osd-release is set after major Ceph upgrades, and bumping golang.org/x/crypto to v0.52.0.
• Rook v1.19.7 - A patch release focusing on feature additions and bug fixes to the Ceph operator, including setting the default Ceph version to 19.2.4, configuring Helm ownership for CSI resources, and supporting node labels for OSD device class assignment.
• OpenEBS v4.5.1 - Introduces bug fixes, including a critical issue in Replicated PV Mayastor (issue #2004) that involved unnesting thread fd_group before destroy in interrupt mode, and reverts to ARC descriptor group.

Messaging

• Strimzi Kafka Operator 1.0.1 - Important: This version supports only the v1 CRD API; older v1beta2, v1beta1, and v1alpha1 APIs are no longer supported. Users must convert custom resources and upgrade CRDs before upgrading. Entity Operator cross-namespace watching is now controlled by the STRIMZI_ENTITY_OPERATOR_WATCHED_NAMESPACES environment variable.

Security

• OpenFGA v1.18.0 - Operational warning for MySQL users: This release contains a migration that acquires a shared lock on the tuple and changelog tables, which can be a lengthy process during which Write operations will be blocked. It is recommended to avoid auto-migrations on startup for production instances with large datasets.
• Trivy v0.71.2 - Bumps Alpine Linux to version 3.24.1 and updates several common dependencies.

Orchestration

• Capsule v0.13.6 - Includes bug fixes for webhook release annotation on bounded ResourcePoolClaim, service account validation for tenant owners and tenants, and a racing condition for terminating namespaces.

Chaos Engineering

• Litmus Chaos 3.30.0 - Adds a metrics port to litmusportal-server manifests, updates the Go version in backend tests, and fixes GraphQL endpoint configuration to use ChaosGraphQLEndpoint.

Database

• CrateDB 6.3.4 - This is a patch release. Refer to the project’s release notes for detailed changes.
• CrateDB 6.2.10 - This is a patch release. Refer to the project’s release notes for detailed changes.
• CrateDB 6.1.5 - This is a patch release. Refer to the project’s release notes for detailed changes.

Application Frameworks

• Fermyon Spin Canary - This is a canary release, representing the most recent commits on the main branch. It is not considered stable and is intended for developers to test features that may not be fully implemented.

📰 This Week in Cloud Native

This week, the Cloud Native landscape saw a convergence of AI and infrastructure discussions, significant community announcements from KubeCon + CloudNativeCon India, and continued focus on data sovereignty.

A prominent theme was the integration of AI with Cloud Native platforms. Multiple reports and announcements detailed the use of Kubernetes for building multi-agent AI security platforms and the necessity of robust infrastructure for AI agents. AWS introduced services like “AWS Context” for knowledge graphs and “Kiro” for agentic coding supervision on mobile. Vercel launched “Eve,” an open-source framework treating agents as directories. Discussions also highlighted the challenges of securing AI pipelines, debugging probabilistic AI systems, and the need for a trust layer in AI, with Google, Microsoft, and OpenAI collaborating on specifications for AI behavior. There were also concerns raised about AI dependencies and the potential for “agentjacking” through exposed Sentry keys.

The Cloud Native Computing Foundation (CNCF) made several announcements from KubeCon + CloudNativeCon India. Flipkart was recognized for its Kubernetes and chaos engineering scale. The CNCF’s CARE Program was expanded, allowing a Certified Kubernetes Security Specialist (CKS) certification to extend a Certified Kubernetes Administrator (CKA) certification. A partnership with Udemy was announced to provide unified cloud native training and certification opportunities. New research confirmed India as a significant Cloud Native community with 2.25 million developers, noting rising hybrid cloud adoption and platform engineering maturity. The CNCF also welcomed new Silver members, indicating growing enterprise adoption of Kubernetes for platform engineering and AI workloads.

Discussions around data residency and digital sovereignty continued, with a focus on architectural patterns for cloud native platforms. Reports from Heise Cloud detailed Google Cloud’s timeline for a sovereign cloud in Germany and the EU’s potential classification of AWS and Azure as “Gatekeepers” under the Digital Markets Act, which could impose higher regulations. Concerns were raised about companies underestimating their AI dependencies and the legal implications of cloud provider locations versus actual data sovereignty. Additionally, there were reports on cloud pricing adjustments, with Hetzner increasing server costs and Oracle reducing free-tier resources, alongside predictions from Broadcom about a shift of AI workloads from public to private clouds due to cost.

💬 Community Buzz

On Hacker News this week, discussions frequently revolved around Kubernetes, with topics including job interview experiences, the concept of feedback loops in its operation, and tools for running Kubernetes in the browser or as a self-hosted playground. AI agents were another significant subject, covering agentic testing platforms, open-source frameworks for agents, and the infrastructure required to support them. Other technical discussions included Docker architectures, self-hosted applications, and various aspects of code review and observability.

📊 Numbers of the Week

• Total stable releases: 37 across 20 projects
• Top 3 projects by commits this week:
  1. meshery/meshery — 179 commits
  2. kubernetes/kubernetes — 134 commits
  3. kubevirt/kubevirt — 118 commits
• Top 3 projects by merged pull requests this week:
  1. kubernetes/kubernetes — 72 merged PRs
  2. cilium/cilium — 70 merged PRs
  3. argoproj/argo-cd — 63 merged PRs

📚 View all articles from this week →