chore(deps): update module kubevirt.io/kubevirt to v1.8.2 [security] (main)

[redhat-renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change
kubevirt.io/kubevirt	require	minor	v1.7.1 → v1.8.2

---

KubeVirt's authorization mechanism improperly truncates subresource names

CVE-2026-6383 / GHSA-j6cv-3w8p-vrg8

More information

Details

A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources.

Severity

• CVSS Score: 5.4 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-6383
• https://github.com/kubevirt/kubevirt/issues/17337
• https://access.redhat.com/security/cve/CVE-2026-6383
• https://bugzilla.redhat.com/show_bug.cgi?id=2458741
• https://github.com/kubevirt/kubevirt

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

kubevirt/kubevirt (kubevirt.io/kubevirt)

v1.8.2

Compare Source

tag v1.8.2
Tagger: Federico Fossemo ffossemo@redhat.com

This release follows v1.8.1 and consists of 56 changes, contributed by 16 people, leading to 79 files changed, 1909 insertions(+), 413 deletions(-).

The source code and selected binaries are available for download at: https://github.com/kubevirt/kubevirt/releases/tag/v1.8.2.

The primary release artifact of KubeVirt is the git tree. The release tag is
signed and can be verified using git tag -v v1.8.2.

Pre-built containers are published on Quay and can be viewed at: https://quay.io/kubevirt/.

Notable changes

• [PR #​17525][kubevirt-bot] Remove vnc/screenshot from kubevirt.io:edit
• [PR #​17499][kubevirt-bot] Bug-fix: virt-handler now detects when domain-notify.sock is deleted and automatically restarts the notify server.
• [PR #​17465][kubevirt-bot] Fixed SMBIOS system information not being visible inside ARM64 guest VMs
• [PR #​17439][kubevirt-bot] fix hotplug volume status being stuck in Detaching phase
• [PR #​17346][kubevirt-bot] Fixed migration not reporting succeeded when doing compute migration after decentralized live migration
• [PR #​17443][kubevirt-bot] fix: VirtualMachineBackup printer columns (Type, CheckpointName) now display correctly in kubectl output
• [PR #​17436][akalenyu] fix: correctly handle source resolution for disks with a qcow2 overlay, preventing incorrect disk expansion and wrong cache/IO mode detection.
• [PR #​17376][kubevirt-bot] Bug fix: sync-controller healthz server and virt-exportserver now respect TLSConfiguration from the KubeVirt CR.
• [PR #​17428][kubevirt-bot] preserve annotation for restore pvc
• [PR #​17378][laxmi-333] Fix s390x VM creation failure caused by unsupported pcie-root-port controllers from v3 PCI topology changes
• [PR #​17373][kubevirt-bot] Fixes bug in Live NAD Ref Update feature where a VM with no interfaces/networks is unable to start when LiveNADRefUpdate FG is enabled.
• [PR #​17396][dankenigsberg] VMs with backend storage volume use and report the volume name as persistent-state-for-this-vm rather than trying to embed the vm name in the volume name.

Contributors

16 people contributed to this release:

9 Dan Kenigsberg danken@redhat.com
6 Adi Aloni aaloni@redhat.com
4 Ananya Banerjee anbanerj@redhat.com
4 dsanatar dsanatar@redhat.com
2 Laxmi Adavalli laxmi.adavalli@ibm.com
2 bmordeha bmordeha@redhat.com
2 dsionov dsionov@redhat.com
1 Alexander Wels awels@redhat.com
1 Harshitha MS harshitha.ms@ibm.com
1 Jathavedhan M jathavedhan.m@ibm.com
1 Lee Yarwood lyarwood@redhat.com
1 Shubham Pampattiwar spampatt@redhat.com
1 Victor Toso victortoso@redhat.com
1 Xu Han xuhan@redhat.com

Additional Resources

• Mailing list: https://groups.google.com/forum/#!forum/kubevirt-dev
• Slack: https://kubernetes.slack.com/messages/virtualization
• An easy to use demo: https://github.com/kubevirt/demo
• How to contribute
• License

---

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQT336LhfFzgGMwYm4OriYWHZ3eqPAUCaeY3HwAKCRCriYWHZ3eq
PGSmAP9BdAbqV3n230oKiIqg0VByWhO8Zhcg3qO2qEgjNT5WgQD9EFUmN80pc66P
UHXFcVZT8uMxrHUlQM3kqLuHtl80SQY=
=KdHq
-----END PGP SIGNATURE-----

v1.8.1

Compare Source

tag v1.8.1
Tagger: Federico Fossemo ffossemo@redhat.com

This release follows v1.8.0 and consists of 17 changes, contributed by 7 people, leading to 17 files changed, 261 insertions(+), 48 deletions(-).

The source code and selected binaries are available for download at: https://github.com/kubevirt/kubevirt/releases/tag/v1.8.1.

The primary release artifact of KubeVirt is the git tree. The release tag is
signed and can be verified using git tag -v v1.8.1.

Pre-built containers are published on Quay and can be viewed at: https://quay.io/kubevirt/.

Notable changes

• [PR #​17267][kubevirt-bot] bug-fix: restart virt-handler's domain-notify server on unexpected exit.
• [PR #​17236][kubevirt-bot] fix VMExport failure with long PVC names

Contributors

7 people contributed to this release:

6 dsionov dsionov@redhat.com
2 Aneesh Hegde <aneeshhegde7110@​gmail.com>
2 Itamar Holder iholder@redhat.com
1 Lee Yarwood lyarwood@redhat.com
1 RITANKAR SAHA <ritankar.saha786@​gmail.com>

Additional Resources

• Mailing list: https://groups.google.com/forum/#!forum/kubevirt-dev
• Slack: https://kubernetes.slack.com/messages/virtualization
• An easy to use demo: https://github.com/kubevirt/demo
• How to contribute
• License

---

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQT336LhfFzgGMwYm4OriYWHZ3eqPAUCacoligAKCRCriYWHZ3eq
PCkFAPsGWh4VFRkA5Yuk0VxcGZ0ldjHHwslmD0eCtkaoxx65cwEA6uNld5tqURYG
fe+4QDCSpM9YCLa0Wy4S8oLv6MkaeQ4=
=bh4k
-----END PGP SIGNATURE-----

v1.8.0

Compare Source

tag v1.8.0
Tagger: Luboslav Pivarc lpivarc@redhat.com

This release follows v1.7.2 and consists of 1242 changes, contributed by 77 people, leading to 2382 files changed, 186952 insertions(+), 62985 deletions(-).
v1.8.0 is a promotion of release candidate v1.8.0-rc.1 which was originally published 2026-03-22
The source code and selected binaries are available for download at: https://github.com/kubevirt/kubevirt/releases/tag/v1.8.0.

The primary release artifact of KubeVirt is the git tree. The release tag is
signed and can be verified using git tag -v v1.8.0.

Pre-built containers are published on Quay and can be viewed at: https://quay.io/kubevirt/.

Notable changes

API change

• [PR #​17077][kubevirt-bot] VEP-10: Update DRA devices implementation to read from metadata file instead of VMI status
• [PR #​17017][kubevirt-bot] Expose Memory Overhead on VMI Status behind VmiMemoryOverheadReport feature gate
• [PR #​16993][frenzyfriday] Allows the user to update the NAD reference (networkName) of a network on a running VM through Live Migration.
• [PR #​16977][orenc1] Add a new config option to opt-out RBAC aggregation
• [PR #​16687][0xFelix] feat: virtctl gained new virt-template / VirtualMachineTemplate related commands (process, create and convert)
• [PR #​16662][mhenriks] VEP 165: Containerpath Volumes
• [PR #​16426][Acedus] Handle CBT backup abort requests and failures
• [PR #​16820][nirdothan] Support seamless migration with core passt binding (beta).
• [PR #​16655][0xFelix] Support for the deployment of virt-template through virt-operator was added (VEP76)
• [PR #​16802][lyarwood] PrefixTargetName is now allowed as a VolumeNamePolicy for VirtualMachineClone
• [PR #​16579][MarSik] A VMI.spec.domain.rebootPolicy field can be used to control the method the domain uses to handle reboots originating from inside the VM. Either the hypervisor processes the reboot silently behind the scenes (default) or the user can opt-in to a more visible behavior, where the hypervisor terminates the domain and lets kubevirt to handle the restart according to the runStrategy rules.
• [PR #​16653][noamasu] Replaced QuiesceFailed with QuiesceTimeout indication and added 60s Velero pre-backup hook timeout to better handle Windows VSS limitations.
• [PR #​16448][ShellyKa13] Incremental backups supported after VM restart by redefining checkpoints metadata in libvirt
• [PR #​16370][iholder101] Feature gates can now become explicitly disabled using kv.spec.configuration.developerConfiguration.disabledFeatureGates.
• [PR #​16366][elliot-gustafsson] Let libvirt lookup the actual disk size if block device to ensure compatibility with encrypted disks.
• [PR #​16512][awels] Decentralized Live Migration now has a separate condition in VMI and VMIM to indicate any issues
• [PR #​16489][lyarwood] Add new PrefixTargetName VolumeRestorePolicy for VirtualMachineRestore that creates restored volume names using the format {targetVMName}-{volumeName}. This provides predictable, readable names while avoiding collisions when restoring snapshots to different target VMs.
• [PR #​16404][iholder101] Add missing "Direct" and "Extended" options to Hyperv TLBFlush
• [PR #​16585][Sreeja1725] Preserve VM Specific fields during update
• [PR #​16326][harshitgupta1337] Introduce HypervisorConfigurations field in the KubevirtConfiguration CRD.
• [PR #​16220][lyarwood] The DisableMDEVConfiguration feature gate is now deprecated ahead of removal in a future release in favour of a new kubevirt.spec.configuration.mediatedDevicesConfiguration.enabled configurable
• [PR #​16488][lyarwood] VirtualMachineClone API now includes VolumeNamePolicy field to control volume cloning behavior.
• [PR #​15975][sradco] kubevirt_vmi_migration_data_total_bytes is deprecated in favor of kubevirt_vmi_migration_data_bytes_total, in order to comply with the metrics naming conventions.
• [PR #​16285][ShellyKa13] Add support for incremental VM backups
• [PR #​15815][Dsanatar] Add Ephemeral Hotplug Volume Metric and Alert
• [PR #​15992][Aseeef] * Fixed a bug in socket devices that resulted in clusters making use of the Persistent Reservations feature not properly updating their current health.
• [PR #​16174][dominikholler] Update dependecy golang.org/x/crypto to v0.45.0
• [PR #​16081][ShellyKa13] VMBackup: introduce new VM backup API
• [PR #​16173][dominikholler] Update dependecy github.com/opencontainers/selinux to v1.13.0
• [PR #​16122][dasionov] Document allowed values for spec.runStrategy.
• [PR #​15922][ShellyKa13] Introduce new API - UtilityVolumes - direct virt-launcher attachment mechanism
• [PR #​14892][xpivarc] kubevirt.io/cpumanager label is advertised for nodes capable of running dedicated VMs.
• [PR #​15969][Dsanatar] Add RestartRequired when detaching CD-ROMs from a running VM
• [PR #​15957][xpivarc] Introduce a new subresource /evacuate/cancel and virtctl evacuate-cancel command to allow users to cancel the evacuation process for a VirtualMachineInstance (VMI). This clears the evacuationNodeName field in the VMI's status, stopping the automatic creation of migration resources and fully aborting the eviction cycle.
• [PR #​15166][Sreeja1725] Introduce pool.kubevirt.io/v1beta1
• [PR #​15409][noamasu] VMSnapshot: add SourceIndications status field to list snapshot indications with descriptions for clearer meaning.
• [PR #​15767][awels] BugFix: The migration limit was not accurately being used with decentralized live migrations
• [PR #​15638][Sreeja1725] VMPool: Add support for auto-healing startegy
• [PR #​15604][Sreeja1725] VMpool: Add Scale-in strategy support with Proactive, opportunistic modes and statePreservation
• [PR #​15529][Yu-Jack] support v0.32.5 code generator
• [PR #​17058][mhenriks] Fix PCI address stability across upgrades with v3 hotplug port topology
• [PR #​17061][ShellyKa13] fix: Prevent stale VMI backup status update when reusing backup names
• [PR #​17075][kubevirt-bot] Handle migration during backup according to migration priority

Bug fix

• [PR #​16833][akalenyu] BugFix: storage migration fails with Google Cloud NetApp Volumes
• [PR #​16791][lyarwood] Bug fix: VIRT_*_IMAGE environment variable overrides on the virt-operator deployment are now correctly propagated to component deployments (virt-controller, virt-handler, etc.). Previously, changing these env vars had no effect due to the image values being excluded from the install strategy deployment ID hash.
• [PR #​16621][akalenyu] BugFix: vmsnapshot: report volumes being deleted
• [PR #​16229][noamasu] Bugfix: Label memorydump-created PVCs to support CDI WebhookPvcRendering
• [PR #​16637][awels] BugFix: Decentralized live migration between volumes with different volumeModes now successfully completes
• [PR #​16491][lyarwood] virt-operator now configures client rate limiting (default: 200 QPS / 400 burst) to improve reconciliation performance when processing large numbers of objects. Rate limits can be customized via --client-qps and --client-burst flags or VIRT_OPERATOR_CLIENT_QPS and VIRT_OPERATOR_CLIENT_BURST environment variables.
• [PR #​16527][lukashes] Fixed missing object context in client-go log output after changing verbosity.
• [PR #​16463][akalenyu] BugFix: migration metrics missing
• [PR #​16024][Sreeja1725] Scale up KWOK performance test and add virt-controller queue metrics
• [PR #​16355][Sreeja1725] Improve boolean flag formatting to parse it correctly.
• [PR #​16343][ShellyKa13] BugFix: Don't modify VMI CBT status when feature gate is disabled
• [PR #​16060][dasionov] bugfix: prevent cross-vendor migrations
• [PR #​15868][frank-gen] VirtualMachinePool now correctly appends index to CloudInit secret references when appendIndexToSecretRefs: true is set, enabling unique cloud-init configurations for each VM in the pool.
• [PR #​15716][awels] A decentralized live migration failure is properly propagates between source and target
• [PR #​16050][xpivarc] Bug fix: KubeVirt.spec.imagetag installation is working again
• [PR #​17006][kubevirt-bot] BugFix: VMs requiring enlightenment are now able to be live migrated after a decentralized live migration
• [PR #​17267][kubevirt-bot] bug-fix: restart virt-handler's domain-notify server on unexpected exit.
• [PR #​17236][kubevirt-bot] fix VMExport failure with long PVC names

Deprecation

• [PR #​16023][lyarwood] The MultiArchitecture feature gate has been deprecated and is no longer used to determine if VirtualMachines with a differing architecture to the control plane should be rejected by the admission webhooks

SIG-compute

• [PR #​16952][kubevirt-bot] Allow disabling Velero hooks in virt-launcher via Annotation
• [PR #​17018][mresvanis] Add PCIe NUMA-aware topology placement for GPU and host devices behind the PCINUMAAwareTopology feature gate (Alpha). When enabled, devices are automatically placed on PCIe expander buses matching their NUMA affinity for improved performance.
• [PR #​16821][nirdothan] Remove network-attachment-definition get permissions from virt-controller ClusterRole conditioned by a feature gate.
• [PR #​16528][Acedus] Fix: live-migration with CBT no longer fails on virtual disk size evaluation errors.
• [PR #​16582][lyarwood] Add initial CentOS Stream 10 build support with KUBEVIRT_CENTOS_STREAM_VERSION environment variable, these builds will be untested until v1.9.0 and beyond
• [PR #​16666][iholder101] Expose guest panic as a Kubernetes event
• [PR #​16778][Acedus] fix: domain job completion events would not be processed if the domain was paused due to an I/O error.
• [PR #​16642][orelmisan] Existing VMs that retain the legacy ordinal naming scheme for secondary interfaces are automatically upgraded without a reboot.
• [PR #​16705][kubevirt-bot] Updated common-instancetypes bundles to v1.6.0
• [PR #​16600][woojoong88] Fix block volume hotplug breaking autoattachVSOCK
• [PR #​16510][ShellyKa13] Apply CBT to a hotplug volume
• [PR #​16212][Barakmor1] Add target-side premigration hook system
• [PR #​16498][lyarwood] Fix ResourceVersion conflicts in VM reconciliation when instancetype controller modifies Status. The instancetype controller now properly propagates ResourceVersion from PatchStatus responses, preventing conflicts in subsequent UpdateStatus calls.
• [PR #​15113][alromeros] Label memory-dump PVCs to support CDI WebhookPvcRendering
• [PR #​16329][dasionov] Prevent false restart-required conditions when the VM and corresponding VMI already share the same firmware UUID.
• [PR #​16280][Dsanatar] deprecate --persist flag from virtctl add/remove volume
• [PR #​15821][SamAlber] Add event logging for pause and unpause VM operations to align with other VM lifecycle events such as reset
• [PR #​16159][Dsanatar] Don't use attachment pods marked for deletion for hotplug volume status updates.
• [PR #​15949][xpivarc] Migration is using dedicated certificate for mTLS.
• [PR #​16049][fossedihelm] fix: KSM is enabled in case of node pressure within 3 minutes
• [PR #​15694][Barakmor1] Allow migration when host model changes after libvirt upgrade.
• [PR #​15405][dasionov] Reject stop requests for paused VMIs. A paused VMI must be unpaused before it can be stopped.

SIG-storage

• [PR #​16429][Acedus] fix: DataVolumeTemplates with a sourceRef of a DataSource that points to another DataSource now correctly resolves the backing source.
• [PR #​16333][Acedus] fix: ensure VMI CBT state remains disabled when the VM has no CBT matcher.
• [PR #​15913][germag] The EnableVirtioFsConfigVolumes feature has graduated to GA and no longer requires the associated feature gate to be enabled.
• [PR #​15442][Dsanatar] Allow VMExport with PVCs from Completed Pods

SIG-network

• [PR #​16734][orelmisan] An admin can disable the NAD query logic and use network-resources-injector instead to have less API calls
• [PR #​15898][bgartzi] Network downward API network-info includes mac addresses
• [PR #​16453][nirdothan] Macvtap core binding has been removed.
• [PR #​16456][orelmisan] The discontinued core SLIRP binding has been completely removed.
• [PR #​16391][frenzyfriday] Limits the number of guest only interfaces reported on the VMI status to 10. This does not affect the interfaces specified on the spec.
• [PR #​16242][orelmisan] Omit LLA from the status report when using masquerade binding.
• [PR #​17145][kubevirt-bot] Fixed an infinite VMI status update loop between virt-controller and virt-handler that occurred when the VMI spec listed the primary network interface after a secondary one.

SIG-scale

• [PR #​16511][Ronilerr] Refactor doc-generator
• [PR #​15968][sradco] Recording rule kubevirt_vmi_vcpu_count name changes to vmi:kubevirt_vmi_vcpu:count

SIG-observability

• [PR #​16986][kubevirt-bot] Use defined deployment number of replicas as base to fire low count alerts
• [PR #​16987][kubevirt-bot] Subtract non-schedulable nodes from kubevirt_allocatable_nodes
• [PR #​16466][Ronilerr] Fix LowReadyVirtOperatorsCount use running instead of up and changing kubevirt_virt_operator_ready to use sum and * instead of count and +
• [PR #​16645][Ronilerr] Fix grammar mistakes
• [PR #​15278][sradco] Report allocated CPU and memory requests as simplified metrics with source="guest_effective" label , showing final values after applying instance types, preferences, and hierarchy.
• [PR #​16342][sradco] New VirtLauncherPodsStuckFailed alert
• [PR #​15237][sradco] The KubeVirtVMGuestMemoryPressure
• [PR #​16351][sradco] Fix bug in GuestFilesystemAlmostOutOfSpace, that fired for non relevant file system types.
• [PR #​15714][machadovilaca] Add GuestFilesystemAlmostOutOfSpace alerts

Other

• [PR #​16643][kwonkwonn] Bug-fix: Correctly detect CDI and Prometheus crds, preventing to misinterpret with different objects.
• [PR #​16558][fossedihelm] The MigrationPriorityQueue feature gate has been promoted from Alpha to Beta.
• [PR #​14661][oujonny] Add tolerations for unschedulable taints to hot-plug pods
• [PR #​16336][akalenyu] Maintenance: fix release branches potentially failing over identical remote images existing on nodes
• [PR #​16354][akalenyu] Maintenance: windows lane: W/A wrong nfs image SEEK_DATA impl
• [PR #​15863][HarshithaMS005] Test Fix: make Alpine ISO mount checks architecture-agnostic
• [PR #​15374][xpivarc] NodeRestriction: Source of node update is now verified
• [PR #​15934][jschintag] Promote IBM Secure Execution Feature to Beta stage.
• [PR #​15970][jean-edouard] The KubevirtSeccompProfile feature is now in Beta
• [PR #​15960][Barakmor1] promote ImageVolume FG to Beta

Contributors

77 people contributed to this release:

100 Orel Misan omisan@redhat.com
67 Luboslav Pivarc lpivarc@redhat.com
57 dsionov dsionov@redhat.com
51 Shelly Kagan skagan@redhat.com
46 Adi Aloni aaloni@redhat.com
46 Harshit Gupta guptaharshit@microsoft.com
45 Nir Dothan ndothan@redhat.com
40 fossedihelm ffossemo@redhat.com
28 Lee Yarwood lyarwood@redhat.com
28 Michael Henriksen mhenriks@redhat.com
26 Felix Matouschek fmatouschek@redhat.com
19 Alex Kalenyuk akalenyu@redhat.com
19 Itamar Holder iholder@redhat.com
16 Ananya Banerjee anbanerj@redhat.com
16 bmordeha bmordeha@redhat.com
15 Or Shoval oshoval@redhat.com
14 Jed Lejosne jed@redhat.com
14 dsanatar dsanatar@redhat.com
11 Dan Kenigsberg danken@redhat.com
11 svarnam svarnam@nvidia.com
10 Alexander Wels awels@redhat.com
9 Daniel Hiller dhiller@redhat.com
9 Edward Haas edwardh@redhat.com
9 Noam Assouline nassouli@redhat.com
9 machadovilaca machadovilaca@gmail.com
8 Alvaro Romero alromero@redhat.com
8 Beñat Gartzia Arruabarrena bgartzia@redhat.com
7 Shirly Radco sradco@redhat.com
7 Victor Toso victortoso@redhat.com
6 Michail Resvanis mresvani@redhat.com
5 Oren Cohen ocohen@redhat.com
5 Vamsi Krishna Siddu vamsikrishna.siddu@ibm.com
5 YuJack <jk82421@​gmail.com>
4 Brian Carey bcarey@redhat.com
4 Harshitha MS harshitha.ms@ibm.com
4 João Vilaça machadovilaca@gmail.com
4 Laxmi Adavalli laxmi.adavalli@ibm.com
4 Sreeja1725 svarnam@nvidia.com
3 Aneesh Hegde <aneeshhegde7110@​gmail.com>
3 Vladik Romanovsky vromanso@redhat.com
3 avlitman alitman@redhat.com
3 ronilerr rrabinov@redhat.com
2 Arnon Gilboa agilboa@redhat.com
2 Aseef contact@aseef.dev
2 Aseef Imran aimran@redhat.com
2 Aviv Litman alitman@alitman-thinkpadp1gen7.raanaii.csb
2 Brian Carey brian.carey@protonmail.com
2 Jan Schintag jan.schintag@de.ibm.com
2 Javier Cano Cano jcanocan@redhat.com
2 Nestor Acuna Blanco nestor.acuna@ibm.com
2 Renovate Bot renovate@hollyhome.ath.cx
2 Yaroslav Borbat <yaroslav.752@​gmail.com>
2 Zhenchao Liu zhencliu@redhat.com
1 Alay Patel alayp@nvidia.com
1 Andrej Krejcir akrejcir@redhat.com
1 Daniel Blei 36075158+DanielBlei@users.noreply.github.com
1 Denis Ollier dollierp@redhat.com
1 Elliot Gustafsson elliot.gustafsson@fortnox.se
1 Frank Cui yatcui@cisco.com
1 Harshit guptaharshit@microsoft.com
1 Igor Bezukh ibezukh@redhat.com
1 Martin Sivak msivak@redhat.com
1 Matthew Fuller matfuller@microsoft.com
1 Prajna Prabhu pprabhu@redhat.com
1 RITANKAR SAHA <ritankar.saha786@​gmail.com>
1 Ram Lavi ralavi@redhat.com
1 Samuel Albershtein salbersh@redhat.com
1 Thomas-David Griedel <griedel911@​gmail.com>
1 Woojoong Kim woojoongkim@microsoft.com
1 Xu Han xuhan@redhat.com
1 Yegor Lukash yegor.lukash@gmail.com
1 github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com>
1 kwonkwonn <ggiicchh48@​gmail.com>
1 maheshkurund mahesh.kurund@oneconvergence.com
1 oujonny jonny@immerda.ch

Additional Resources

• Mailing list: https://groups.google.com/forum/#!forum/kubevirt-dev
• Slack: https://kubernetes.slack.com/messages/virtualization
• An easy to use demo: https://github.com/kubevirt/demo
• How to contribute
• License

---

-----BEGIN PGP SIGNATURE-----

iHUEABEIAB0WIQQK4GMgftQ8MISyrdLHuzxv+aiWdAUCacKbIQAKCRDHuzxv+aiW
dBGKAQC3u2CQ+szFMdnJCRNmqfOA+0vyFMMw56jvRjPMQCQVOQEAyJI3+J/eUYL1
f69nj6Q5EKs7Z0Ry1fUNfDGj5QNgKbA=
=tZTJ
-----END PGP SIGNATURE-----

v1.7.3

Compare Source

tag v1.7.3
Tagger: Federico Fossemo ffossemo@redhat.com

This release follows v1.7.2 and consists of 54 changes, contributed by 14 people, leading to 68 files changed, 1516 insertions(+), 190 deletions(-).

The source code and selected binaries are available for download at: https://github.com/kubevirt/kubevirt/releases/tag/v1.7.3.

The primary release artifact of KubeVirt is the git tree. The release tag is
signed and can be verified using git tag -v v1.7.3.

Pre-built containers are published on Quay and can be viewed at: https://quay.io/kubevirt/.

Notable changes

• [PR #​17500][kubevirt-bot] Bug-fix: virt-handler now detects when domain-notify.sock is deleted and automatically restarts the notify server.
• [PR #​17464][kubevirt-bot] Fixed SMBIOS system information not being visible inside ARM64 guest VMs
• [PR #​17347][kubevirt-bot] Fixed migration not reporting succeeded when doing compute migration after decentralized live migration
• [PR #​17426][kubevirt-bot] preserve annotation for restore pvc
• [PR #​17377][laxmi-333] Fix s390x VM creation failure caused by unsupported pcie-root-port controllers from v3 PCI topology changes
• [PR #​17404][dankenigsberg] VMs with backend storage volume use and report the volume name as persistent-state-for-this-vm rather than trying to embed the vm name in the volume name.
• [PR #​17227][noamasu] Bugfix: Label memorydump-created PVCs to support CDI WebhookPvcRendering
• [PR #​17271][kubevirt-bot] bug-fix: restart virt-handler's domain-notify server on unexpected exit.
• [PR #​17237][awels] fix VMExport failure with long PVC names
• [PR #​17007][kubevirt-bot] BugFix: VMs requiring enlightenment are now able to be live migrated after a decentralized live migration
• [PR #​16953][alromeros] Bugfix: Allow removing velero hooks from virt-launcher pods

Contributors

14 people contributed to this release:

9 dsionov dsionov@redhat.com
5 Alvaro Romero alromero@redhat.com
4 Alexander Wels awels@redhat.com
4 Dan Kenigsberg danken@redhat.com
2 Lee Yarwood lyarwood@redhat.com
2 Noam Assouline nassouli@redhat.com
2 Xu Han xuhan@redhat.com
2 dsanatar dsanatar@redhat.com
1 Adi Aloni aaloni@redhat.com
1 Harshitha MS harshitha.ms@ibm.com
1 Jathavedhan M jathavedhan.m@ibm.com
1 Laxmi Adavalli laxmi.adavalli@ibm.com

Additional Resources

• Mailing list: https://groups.google.com/forum/#!forum/kubevirt-dev
• Slack: https://kubernetes.slack.com/messages/virtualization
• An easy to use demo: https://github.com/kubevirt/demo
• How to contribute
• License

---

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQT336LhfFzgGMwYm4OriYWHZ3eqPAUCaetplgAKCRCriYWHZ3eq
PJulAQDjS3Yh0TWEIrdyyDBRcGrbG3O8dRlHJ4e2hWkuP4fPcwD+PM8vZhIJAYzR
+9u2XRi28CI/W9s1ZApkjUuTNAbS/Ao=
=4stA
-----END PGP SIGNATURE-----

v1.7.2

Compare Source

tag v1.7.2
Tagger: Federico Fossemo ffossemo@redhat.com

This release follows v1.7.1 and consists of 35 changes, contributed by 10 people, leading to 63 files changed, 2554 insertions(+), 341 deletions(-).

The source code and selected binaries are available for download at: https://github.com/kubevirt/kubevirt/releases/tag/v1.7.2.

The primary release artifact of KubeVirt is the git tree. The release tag is
signed and can be verified using git tag -v v1.7.2.

Pre-built containers are published on Quay and can be viewed at: https://quay.io/kubevirt/.

Notable changes

• [PR #​17144][kubevirt-bot] Fixed an infinite VMI status update loop between virt-controller and virt-handler that occurred when the VMI spec listed the primary network interface after a secondary one.
• [PR #​17023][machadovilaca] Subtract non-schedulable nodes from kubevirt_allocatable_nodes
• [PR #​16380][kubevirt-bot] * Fixed a bug in socket devices that resulted in clusters making use of the Persistent Reservations feature not properly updating their current health.
• [PR #​17059][mhenriks] Fix PCI address stability across upgrades with v3 hotplug port topology
• [PR #​17073][machadovilaca] Use defined deployment number of replicas as base to fire low count alerts
• [PR #​16894][akalenyu] BugFix: storage migration fails with Google Cloud NetApp Volumes
• [PR #​16793][kubevirt-bot] Replaced QuiesceFailed with QuiesceTimeout indication and added 60s Velero pre-backup hook timeout to better handle Windows VSS limitations.

Contributors

10 people contributed to this release:

9 Michael Henriksen mhenriks@redhat.com
6 machadovilaca machadovilaca@gmail.com
2 Alex Kalenyuk akalenyu@redhat.com
2 Aseef Imran aimran@redhat.com
2 Felix Matouschek fmatouschek@redhat.com
2 Noam Assouline nassouli@redhat.com
1 Orel Misan omisan@redhat.com
1 fossedihelm ffossemo@redhat.com

Additional Resources

• Mailing list: https://groups.google.com/forum/#!forum/kubevirt-dev
• Slack: https://kubernetes.slack.com/messages/virtualization
• An easy to use demo: https://github.com/kubevirt/demo
• How to contribute
• License

---

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQT336LhfFzgGMwYm4OriYWHZ3eqPAUCabgh3AAKCRCriYWHZ3eq
PLopAQDACHQRKW8UpOFvYjza9+tp5FleovR3fKaVoRjBfbD+mwD6AmnSXVy3gjhr
6sZUxZ7GBHdZ5B0x2VRCfZS5Rl4KCwE=
=6x7K
-----END PGP SIGNATURE-----

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[redhat-renovate-bot]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: downloading go.uber.org/zap v1.27.0
go: downloading k8s.io/apimachinery v0.34.3
go: downloading github.com/onsi/gomega v1.38.3
go: downloading github.com/google/go-containerregistry v0.20.6
go: downloading k8s.io/api v0.34.3
go: downloading kubevirt.io/kubevirt v1.8.2
go: downloading k8s.io/apiextensions-apiserver v0.34.3
go: downloading golang.org/x/net v0.48.0
go: downloading github.com/tektoncd/pipeline v1.6.1
go: downloading knative.dev/pkg v0.0.0-20250415155312-ed3e2158b883
go: downloading github.com/google/gnostic-models v0.7.1
go: downloading golang.org/x/sync v0.19.0
go: downloading golang.org/x/text v0.32.0
go: downloading golang.org/x/sys v0.39.0
go: downloading golang.org/x/term v0.38.0
go: downloading github.com/docker/cli v28.2.2+incompatible
go: downloading github.com/containerd/stargz-snapshotter/estargz v0.16.3
go: downloading golang.org/x/oauth2 v0.34.0
go: downloading github.com/go-openapi/swag v0.25.4
go: downloading github.com/go-openapi/jsonreference v0.21.4
go: downloading golang.org/x/tools v0.40.0
go: downloading k8s.io/apiserver v0.34.3
go: downloading github.com/klauspost/compress v1.18.0
go: downloading github.com/vbatts/tar-split v0.12.1
go: downloading github.com/go-openapi/swag/cmdutils v0.25.4
go: downloading github.com/go-openapi/swag/conv v0.25.4
go: downloading github.com/go-openapi/swag/fileutils v0.25.4
go: downloading github.com/go-openapi/swag/jsonname v0.25.4
go: downloading github.com/go-openapi/swag/jsonutils v0.25.4
go: downloading github.com/go-openapi/swag/loading v0.25.4
go: downloading github.com/go-openapi/swag/mangling v0.25.4
go: downloading github.com/go-openapi/swag/netutils v0.25.4
go: downloading github.com/go-openapi/swag/stringutils v0.25.4
go: downloading github.com/go-openapi/swag/typeutils v0.25.4
go: downloading github.com/go-openapi/swag/yamlutils v0.25.4
go: downloading github.com/go-openapi/jsonpointer v0.22.4
go: downloading github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/sirupsen/logrus v1.9.3
go: downloading github.com/spf13/cobra v1.9.1
go: downloading github.com/sigstore/sigstore v1.9.5
go: downloading github.com/google/cel-go v0.26.0
go: downloading go.opencensus.io v0.24.0
go: downloading github.com/emicklei/go-restful/v3 v3.13.0
go: downloading github.com/cloudevents/sdk-go/v2 v2.16.1
go: downloading contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d
go: downloading contrib.go.opencensus.io/exporter/prometheus v0.4.2
go: downloading google.golang.org/grpc v1.79.3
go: downloading github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec
go: downloading github.com/secure-systems-lab/go-securesystemslib v0.9.0
go: downloading github.com/sigstore/protobuf-specs v0.4.1
go: downloading golang.org/x/crypto v0.46.0
go: downloading sigs.k8s.io/controller-runtime v0.22.4
go: downloading github.com/census-instrumentation/opencensus-proto v0.4.1
go: downloading google.golang.org/api v0.233.0
go: downloading github.com/prometheus/client_golang v1.22.0
go: downloading github.com/prometheus/statsd_exporter v0.28.0
go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
go: downloading github.com/openzipkin/zipkin-go v0.4.3
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1
go: downloading github.com/prometheus/common v0.62.0
go: downloading golang.org/x/mod v0.31.0
go: downloading github.com/prometheus/client_model v0.6.1
go: downloading github.com/prometheus/procfs v0.15.1
go: downloading github.com/stoewer/go-strcase v1.3.1
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217
go: downloading github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399
go: downloading github.com/go-jose/go-jose/v4 v4.1.4
go: downloading kubevirt.io/api v1.8.2
go: k8s.io/api@v0.36.0 requires go >= 1.26.0 (running go 1.25.8)

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ksimon1 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: redhat-renovate-bot
Once this PR has been reviewed and has the lgtm label, please assign ksimon1 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@redhat-renovate-bot: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/images	95cb182	link	true	/test images
ci/prow/e2e-tests	95cb182	link	true	/test e2e-tests
ci/prow/unit-tests	95cb182	link	true	/test unit-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.