Week 28, Jul 6-12, 2026

This week: 52 releases, 174 news items.

👋 Welcome

This week saw a series of maintenance releases across container runtimes, networking, and security projects. Key developments included the graduation of UDPRoute and TCPRoute to GA in Kubernetes Gateway API, updates to several core Cloud Native components, and ongoing discussions around AI infrastructure and data sovereignty.

🚀 Notable Releases

  • CRI-O v1.36.2 - This is a maintenance release with uncategorized changes since v1.36.1.
  • CRI-O v1.35.5 - This is a maintenance release with uncategorized changes since v1.35.4.
  • CRI-O v1.34.10 - This release includes bug fixes and uncategorized changes since v1.34.9.
  • etcd v3.6.13 - This release includes a list of changes detailed in the changelog, with potential breaking changes outlined in the upgrade guide.
  • etcd v3.5.32 - This release includes a list of changes detailed in the changelog, with potential breaking changes outlined in the upgrade guide.
  • Flux v2.9.0 - Introduces a Flux CLI Plugin System with Mirror and Schema plugins, and Server-Side Apply field ignore rules for Kustomization resources.
  • Harbor v2.15.2 - Updates the Go version from 1.25.9 to 1.26.3 and makes the openapi-generator-cli download URL configurable.
  • Istio 1.28.10 - A maintenance release for the 1.28.x series.
  • Open Policy Agent v1.18.2 - Fixes an opa fmt regression introduced in v1.18.0, restoring intended behavior for newlines in single-item collections.
  • Open Policy Agent v1.18.1 - Addresses a memory leak in AnnotationSet via runtime.AddCleanup introduced in OPA v1.17.0.
  • Prometheus v3.13.0 - This Long Term Support (LTS) release fixes a cross-site scripting vulnerability (CVE-2026-44990) in the UI, embeds third-party npm dependency licenses in the binary, and uses SHA-256 for API instead of SHA-1.
  • Karmada v1.18.1 - A maintenance release for the 1.18.x series.
  • Karmada v1.17.4 - A maintenance release for the 1.17.x series.
  • Karmada v1.16.7 - A maintenance release for the 1.16.x series.
  • Kubescape v4.0.10 - Adds an operator remediate CLI subcommand, removes an orphan SecurityException CRD, fixes async scan failures in the Results endpoint, and adds a CEL env builder for the VAP engine.
  • KubeVela v1.9.14 - Fixes preservation of last-applied-configuration for shared resources in applications and prevents an unbounded read in the Terraform remote configuration loader (GHSA-fmgp-q6jx-gg3x).
  • KubeVela v1.10.9 - Fixes status.details CUE import statements compilation and prevents an unbounded read in the Terraform remote configuration loader (GHSA-fmgp-q6jx-gg3x).
  • Lima v2.1.4 - Includes fixes for qemu fallback from hvf to tcg on macOS, updates nerdctl to v2.3.4, and adds support for 9p mounts in FreeBSD-15 templates.
  • Longhorn v1.11.3 - Introduces improvements and bug fixes, including critical stability fixes for v1 volumes not being operable after iSCSI connection issues.
  • NATS Server v2.14.3 - Updates Go version to 1.26.4 and demotes noisy per-connection log lines to debug level.
  • NATS Server v2.12.12 - Updates Go version to 1.25.11, demotes noisy per-connection log lines, and applies writer options consistently for s2_fast compression.
  • OpenFGA v1.18.1 - Adds diagnostic logging in weighted_graph_check, Expand, and ListUsers to surface authorization models that may be affected by future v1 deprecation.
  • Capsule v0.13.8 - Addresses security vulnerabilities GHSA-jr6p-8pjj-mfx6 and GHSA-68cj-mvg9-rgm2, which relate to incomplete fixes for cluster-scoped resource creation and lack of webhook validation for NodeMetadata regex fields.
  • Kube-OVN v1.15.17 - Fixes skipping non-security-group port groups in security group garbage collection and resolves an issue with VPC egress local policy without BFD.
  • KubeArmor v1.7.4 - Includes updates to stable v1.7.3, fixes CI for Red Hat image certification, and updates actions and Go module dependencies.
  • Meshery v1.0.54 - Upgrades to MeshKit v1.0.21, upgrades MeshSync and Operator, and fixes a typo in controller helper symbols.
  • Meshery v1.0.53 - Guards empty design response in mesheryctl apply to prevent index out of range errors and exposes MeshSync, Operator, and Broker configuration.
  • Meshery v1.0.52 - Migrates event streaming from GraphQL to Server-Sent Events (SSE) and adds date-fns dependency.
  • Meshery v1.0.51 - Syncs go.mod, updates schemas to v1.3.22, standardizes “Method Not Allowed” error, and renames Extension to VisualDesignerExtension.
  • Meshery v1.0.50 - Syncs wasm module to MeshKit v1.0.19, removes maintainer assignment, deletes scripts and server/meshmodel directories, and adds AWS VPC core relationship definitions.
  • Submariner v0.20.3 - A maintenance release.
  • Telepresence v2.29.2 - Provides installers with the option to run the root daemon as a system service.
  • Kubernetes Gateway API v1.6.0 - UDPRoute and TCPRoute have graduated to GA (v1 API version). The v1alpha2 versions of these APIs are deprecated.
  • ko v0.19.1 - Fixes YAML encoding to skip when a selector filters all documents and bumps dependencies including Sigstore Rekor from 1.5.1 to 1.5.2.
  • Sigstore Rekor v1.5.3 - Uses bytes.Equal for inclusion proof root hash comparison, returns 499 if the client disconnects instead of 500, and bumps google.golang.org/grpc from 1.80.0 to 1.82.0.
  • Trivy v0.72.0 - This release includes various new features and enhancements detailed in the changelog.

📰 This Week in Cloud Native

The week’s news highlighted continued advancements in Kubernetes capabilities, a significant focus on AI infrastructure and its economic implications, and ongoing discussions around data management and security.

In the Kubernetes ecosystem, Dynamic Resource Allocation (DRA) reached General Availability in Kubernetes v1.35, allowing for more flexible resource management. The etcd-operator project was donated to Cozystack, introducing a new v1alpha2 API for deploying and maintaining etcd clusters. AWS announced Amazon EKS Version Rollback, a new capability for managing cluster upgrades. Additionally, the AWS DevOps Agent can now diagnose Kubernetes control plane performance issues, including 429 throttling. The CNCF re-introduced kpt as a toolchain for infrastructure automation, emphasizing a package-centric approach.

AI and its infrastructure dominated much of the news. Several reports from The New Stack discussed the substantial investments by Microsoft, AWS, and Anthropic in AI infrastructure, often not directly tied to model improvements. Topics included the economic layer of the AI web, the infrastructure lock-in costing AI companies, and the challenges of traditional CI/CD for LLMs. Anthropic released Claude Sonnet 5, Fable 5, and Claude Science, an AI workbench for scientific research. AWS also launched a desktop environment for agents (WorkSpaces) and introduced durable functions in AWS Lambda for building fault-tolerant multi-agent AI workflows. Gartner projected significant changes in the business software market due to the increasing adoption of AI agents.

Regarding data and security, the concept of data sovereignty was explored, shifting the focus from geographical server location to legal jurisdiction over data. AWS introduced Amazon S3 Annotations, allowing teams to attach metadata to S3 buckets. Microsoft announced the upcoming removal of NTLM support in Git (libcurl), impacting Azure DevOps Server customers. A “Cordyceps flaw pattern” and a Codecov supply chain attack were discussed, underscoring CI/CD pipelines as part of the attack surface.

💬 Community Buzz

Hacker News discussions this week centered on porting Kubernetes to the browser, fixing Kubelet memory leaks, and tools for Kubernetes observability and incident investigation. There was also significant engagement around local-first applications, including password managers, clipboard managers, and Docker alternatives for macOS (Apple Container, Dory, Fruitbox, WSL Containers). AI agents and their underlying infrastructure were a recurring theme, with projects focused on shared context, memory, and orchestration for coding agents.

📊 Numbers of the Week

  • Total stable releases: 37 across 22 projects
  • Top 3 projects by commits this week:
    1. meshery/meshery — 212 commits
    2. cilium/cilium — 160 commits
    3. kubernetes/kubernetes — 138 commits
  • Top 3 projects by merged pull requests this week:
    1. keycloak/keycloak — 110 merged PRs
    2. cilium/cilium — 93 merged PRs
    3. kubernetes/kubernetes — 93 merged PRs

📚 View all articles from this week →