v0.11.0

csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.

This release has been built using Go v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729.
This release also includes multiple dependency upgrades for improved security and stability, including updates to Kubernetes utilities, controller-runtime, CSI libraries, and key Go modules (ginkgo, cobra, sync, crypto, and runc).
Thanks to @erikgb for setting up Renovate to automate all the dependency upgrades.

⚠️ csi-driver-spiffe depends on two Kubernetes maintained side-car containers: kubernetes-csi/node-driver-registrar, and kubernetes-csi/livenessprobe, which had not been updated at the time of this release.

OCI_MANAGER_IMAGE: quay.io/jetstack/cert-manager-csi-driver-spiffe
OCI_MANAGER_TAG: v0.11.0
OCI_APPROVER_IMAGE: quay.io/jetstack/cert-manager-csi-driver-spiffe
OCI_APPROVER_TAG: v0.11.0
HELM_CHART_IMAGE: quay.io/jetstack/charts/cert-manager-csi-driver-spiffe
HELM_CHART_VERSION: v0.11.0

New Contributors

• @wallrj-cyberark made their first contribution in #419

Full Changelog: v0.10.1...v0.11.0

v0.10.1

csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.

This release is a patch release, upgrading Go from 1.25.1 to 1.25.3, fixing a range of CVEs: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, and CVE-2025-61725.

Furthermore, additional go dependencies were upgraded where possible.

Full Changelog: v0.10.0...v0.10.1

v0.10.0

csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.

This version upgrades the csi-lib dependency, introducing support for fsGroup.

What's Changed

• Add securityContext.fsGroup support by @inteon in cert-manager/csi-lib#72

Dependency upgrades

• Bump the all group across 1 directory with 2 updates by @dependabot in #308
• Bump github.com/cert-manager/csi-lib from 0.8.1 to 0.9.0 in the all group by @dependabot in #309

Full Changelog: v0.9.2...v0.10.0

v0.9.2

csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.

This release contains miscellaneous bug fixes and dependency updates.
It is built with Go 1.24.4 which fixes the following vulnerabilities: CVE-2025-22874, CVE-2025-0913, and CVE-2025-4673.

helm inspect chart cert-manager-csi-driver-spiffe --repo https://charts.jetstack.io --version v0.9.2

What's Changed

• Bump sidecar image versions in preparation for release by @wallrj in #305

Dependabot

• Bump the all group across 1 directory with 6 updates by @dependabot in #279
• Bump the all group across 1 directory with 6 updates by @dependabot in #304
• Bump the all group across 1 directory with 8 updates by @dependabot in #299

makefile-modules

• [CI] Merge self-upgrade-main into main by @github-actions in #286
• [CI] Merge self-upgrade-main into main by @github-actions in #287
• [CI] Merge self-upgrade-main into main by @github-actions in #288
• [CI] Merge self-upgrade-main into main by @github-actions in #289
• [CI] Merge self-upgrade-main into main by @github-actions in #290
• [CI] Merge self-upgrade-main into main by @github-actions in #291
• [CI] Merge self-upgrade-main into main by @github-actions in #292
• [CI] Merge self-upgrade-main into main by @github-actions in #295
• [CI] Merge self-upgrade-main into main by @github-actions in #298
• [CI] Merge self-upgrade-main into main by @github-actions in #300
• [CI] Merge self-upgrade-main into main by @github-actions in #301
• [CI] Merge self-upgrade-main into main by @github-actions in #303
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #293

New Contributors

• @wallrj made their first contribution in #305

Full Changelog: v0.9.1...v0.9.2

v0.9.1

csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.

This release fixes a mistake in the DaemonSet security context for csi-driver-spiffe. Users should avoid v0.9.0 and use this version instead.

What's Changed

• Fix bad security context on DaemonSet by @SgtCoDFish in #284
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #281
• Add dependency licenses to repo and OCI image by @inteon in #282
• [CI] Merge self-upgrade-main into main by @github-actions in #285

Full Changelog: v0.9.0...v0.9.1

v0.9.0

csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.

v0.9.0 is a release mainly for dependency bumps and fixes for reported CVEs. There's also a minor improvement to logging in certain configurations included via #270.

All users are recommended to upgrade when possible to ensure they're running with the latest updates.

What's Changed

Features / Improvements

• Only watch for runtime configuration if provided by @SgtCoDFish in #270

Makefile Modules Bumps

• Manual makefile-modules upgrade by @SgtCoDFish in #246
• [CI] Merge self-upgrade-main into main by @github-actions in #245
• [CI] Merge self-upgrade-main into main by @github-actions in #248
• [CI] Merge self-upgrade-main into main by @github-actions in #251
• [CI] Merge self-upgrade-main into main by @github-actions in #252
• [CI] Merge self-upgrade-main into main by @github-actions in #253
• [CI] Merge self-upgrade-main into main by @github-actions in #254
• [CI] Merge self-upgrade-main into main by @github-actions in #257
• [CI] Merge self-upgrade-main into main by @github-actions in #259
• [CI] Merge self-upgrade-main into main by @github-actions in #262
• [CI] Merge self-upgrade-main into main by @github-actions in #271
• [CI] Merge self-upgrade-main into main by @github-actions in #272
• [CI] Merge self-upgrade-main into main by @github-actions in #273
• [CI] Merge self-upgrade-main into main by @github-actions in #275
• [CI] Merge self-upgrade-main into main by @github-actions in #276
• [CI] Merge self-upgrade-main into main by @github-actions in #278

Dependency Bumps

• Bump go-jose to v4 to fix CVE-2024-28180 and CVE-2025-27144 by @SgtCoDFish in #260
• Bump the all group across 1 directory with 9 updates by @dependabot in #261
• Bump the all group across 1 directory with 10 updates by @dependabot in #269
• Bump x/net to fix CVE-2025-22872 reported by trivy by @SgtCoDFish in #280
• Bump github.com/onsi/gomega from 1.36.3 to 1.37.0 in the all group by @dependabot in #274
• Bump the all group across 1 directory with 5 updates by @dependabot in #250

Full Changelog: v0.8.2...v0.9.0

v0.8.2

csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.

v0.8.2 is another simple dependency bump update, importantly fixing several CVEs reported by vulnerability scanners. We don't actually believe that csi-driver-spiffe was vulnerable to any of the CVEs though.

What's Changed

Release Process / Admin

• Update OWNERS file to use OWNERS_ALIASES by @inteon in #225
• Add Helm chart OCI release to GH automation by @inteon in #226

Dependency Updates / Fixes

• Bump the all group with 2 updates by @dependabot in #184
• Update busybox sha to match upstream by @inteon in #186
• Update busybox SHAs to match upstream by @SgtCoDFish in #192
• Bump the all group across 1 directory with 13 updates by @dependabot in #213
• Bump the all group across 1 directory with 3 updates by @dependabot in #216
• Update busybox shas due to upstream change by @inteon in #224
• Bump the all group across 1 directory with 5 updates by @dependabot in #229
• Bump the all group across 1 directory with 2 updates by @dependabot in #222
• Fix digests for busybox images by @SgtCoDFish in #242
• Update other images, add release note section by @SgtCoDFish in #243
• Bump the all group across 1 directory with 9 updates by @dependabot in #240

Makefile Modules Updates

• [CI] Merge self-upgrade-main into main by @github-actions in #185
• [CI] Merge self-upgrade-main into main by @github-actions in #187
• [CI] Merge self-upgrade-main into main by @github-actions in #188
• [CI] Merge self-upgrade-main into main by @github-actions in #189
• [CI] Merge self-upgrade-main into main by @github-actions in #191
• [CI] Merge self-upgrade-main into main by @github-actions in #195
• [CI] Merge self-upgrade-main into main by @github-actions in #198
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #199
• [CI] Merge self-upgrade-main into main by @github-actions in #201
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #203
• [CI] Merge self-upgrade-main into main by @github-actions in #206
• [CI] Merge self-upgrade-main into main by @github-actions in #209
• [CI] Merge self-upgrade-main into main by @github-actions in #210
• [CI] Merge self-upgrade-main into main by @github-actions in #211
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #212
• [CI] Merge self-upgrade-main into main by @github-actions in #214
• [CI] Merge self-upgrade-main into main by @github-actions in #217
• [CI] Merge self-upgrade-main into main by @github-actions in #218
• [CI] Merge self-upgrade-main into main by @github-actions in #220
• [CI] Merge self-upgrade-main into main by @github-actions in #221
• [CI] Merge self-upgrade-main into main by @github-actions in #223
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #228
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #230
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #231
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #232
• [CI] Merge self-upgrade-main into main by @github-actions in #237
• [CI] Merge self-upgrade-main into main by @github-actions in #239
• [CI] Merge self-upgrade-main into main by @github-actions in #241

Full Changelog: v0.8.1...v0.8.2

v0.8.1

csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.

v0.8.1 is a simple dependency bump update.

What's Changed

Dependency Bumps

• Bump the all group across 1 directory with 8 updates by @dependabot in #168
• Bump the all group across 1 directory with 2 updates by @dependabot in #172
• Bump the all group across 1 directory with 9 updates by @dependabot in #180
• chore: update csi-node-driver-registrar to v2.12.0 by @ThatsMrTalbot in #183

Makefile Modules Updates

• [CI] Merge self-upgrade-main into main by @github-actions in #169
• [CI] Merge self-upgrade-main into main by @github-actions in #171
• [CI] Merge self-upgrade-main into main by @github-actions in #174
• [CI] Merge self-upgrade-main into main by @github-actions in #176
• [CI] Merge self-upgrade-main into main by @github-actions in #179
• [CI] Merge self-upgrade-main into main by @github-actions in #181
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #182

Full Changelog: v0.8.0...v0.8.1

v0.8.0

csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.

What's Changed

• Bump github.com/cert-manager/cert-manager from 1.15.0 to 1.15.1 in the all group by @dependabot in #158
• chore: update csi-node-driver-registrar by @ThatsMrTalbot in #165

Full Changelog: v0.7.0...v0.8.0

v0.7.0

csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.

What's Changed

• [CI] Merge self-upgrade-main into main by @github-actions in #148
• Bump the all group across 1 directory with 5 updates by @dependabot in #152
• Bump the all group across 1 directory with 8 updates by @dependabot in #157
• [CI] Merge self-upgrade-main into main by @github-actions in #153
• feat: add RBAC for OpenShift SecurityContextConstraints by @ThatsMrTalbot in #159

Full Changelog: v0.6.0...v0.7.0