Update Helm release cert-manager to v1.19.1 #1775

renovate-bot · 2025-10-16T15:01:50Z

renovate-bot commented

2025-10-16 15:01:50 +00:00

This PR contains the following updates:

Package	Update	Change
cert-manager (source)	patch	`v1.19.0` -> `v1.19.1`

Release Notes

cert-manager/cert-manager (cert-manager)

`v1.19.1`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We reverted the CRD-based API defaults for Certificate.Spec.IssuerRef and CertificateRequest.Spec.IssuerRef after they were found to cause unexpected certificate renewals after upgrading to 1.19.0. We will try re-introducing these API defaults in cert-manager 1.20.
We fixed a bug that caused certificates to be re-issued unexpectedly if the issuerRef kind or group was changed to one of the "runtime" default values.
We upgraded Go to 1.25.3 to address the following security vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, and CVE-2025-61725.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since v1.19.0:

Bug or Regression

BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8175, @cert-manager-bot)
Bump Go to 1.25.3 to fix a backwards incompatible change to the validation of DNS names in X.509 SAN fields which prevented the use of DNS names with a trailing dot (#8177, @wallrj-cyberark)
Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8178, @cert-manager-bot)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cert-manager](https://cert-manager.io) ([source](https://github.com/cert-manager/cert-manager)) | patch | `v1.19.0` -> `v1.19.1` | --- ### Release Notes <details> <summary>cert-manager/cert-manager (cert-manager)</summary> ### [`v1.19.1`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.1) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.0...v1.19.1) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. We reverted the CRD-based API defaults for `Certificate.Spec.IssuerRef` and `CertificateRequest.Spec.IssuerRef` after they were found to cause unexpected certificate renewals after upgrading to 1.19.0. We will try re-introducing these API defaults in cert-manager `1.20`. We fixed a bug that caused certificates to be re-issued unexpectedly if the `issuerRef` kind or group was changed to one of the "runtime" default values. We upgraded Go to `1.25.3` to address the following security vulnerabilities: `CVE-2025-61724`, `CVE-2025-58187`, `CVE-2025-47912`, `CVE-2025-58183`, `CVE-2025-61723`, `CVE-2025-58186`, `CVE-2025-58185`, `CVE-2025-58188`, and `CVE-2025-61725`. > 📖 Read the [full 1.19 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.19) on the cert-manager.io website before upgrading. Changes since `v1.19.0`: ##### Bug or Regression - BUGFIX: in case kind or group in the `issuerRef` of a Certificate was omitted, upgrading to `1.19.x` incorrectly caused the certificate to be renewed ([#8175](https://github.com/cert-manager/cert-manager/issues/8175), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Bump Go to 1.25.3 to fix a backwards incompatible change to the validation of DNS names in X.509 SAN fields which prevented the use of DNS names with a trailing dot ([#8177](https://github.com/cert-manager/cert-manager/issues/8177), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#8178](https://github.com/cert-manager/cert-manager/issues/8178), [@cert-manager-bot](https://github.com/cert-manager-bot)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added the

automerge

chart

labels 2025-10-16 15:01:50 +00:00

renovate-bot added 1 commit 2025-10-16 15:01:50 +00:00

Update Helm release cert-manager to v1.19.1

renovate/stability-days Updates have met minimum release age requirement

Details

lint-test-helm / helm-lint (pull_request) Successful in 10s

Details

f8f37f910d

renovate-bot scheduled this pull request to auto merge when all checks succeed 2025-10-16 15:01:51 +00:00