alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

chore(deps): update dependency coredns/coredns to v1.14.3 #6210

Merged
renovate-bot merged 1 commits from renovate/unified-coredns into main 2026-04-24 18:09:07 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate-bot commented 2026-04-24 18:08:52 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
coredns/coredns patch 1.14.21.14.3

Release Notes

coredns/coredns (coredns/coredns)

v1.14.3

Compare Source

This release introduces Windows service support, along with full TSIG verification
across DoH, DoH3, QUIC, and gRPC transports, and improved TSIG propagation and DoH
request validation. It also adds optional TLS for the metrics endpoint. Performance
and stability are improved through cache prefetching, QUIC optimizations, and a new
max_age option in the forward plugin. Additional updates include enhanced SVCB/HTTPS
support, improved zone transfer behavior, and various DNSSEC, PROXY protocol, and
concurrency fixes. The release is built with Go 1.26.2, which includes security
fixes addressing CVE-2026-32282, CVE-2026-32289, CVE-2026-33810, CVE-2026-27144,
CVE-2026-27143, CVE-2026-32288, CVE-2026-32283, and CVE-2026-27140, and also includes
fixes for CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-32934, and CVE-2026-35579.

Brought to You By

andreyrusanov-ec
cangming
Cedric Wang
Ilya Kulakov
Ingmar Van Glabbeek
John-Michael Mulesa
JUN YANG
liucongran
Minghang Chen
Peppi-Lotta
rpb-ant
Seena Fallah
Syed Azeez
Umut Polat
Ville Vesilehto
Yong Tang

Noteworthy Changes

  • core: Add full TSIG verification in DoH transport (#​8013)
  • core: Add full TSIG verification in DoH3 transport (#​8044)
  • core: Add full TSIG verification in QUIC transport (ttps://github.com/coredns/coredns/pull/8007)
  • core: Add full TSIG verification in gRPC transport (#​8006)
  • core: Add support for running CoreDNS as a Windows service (#​7962)
  • core: Avoid spawning waiter goroutines when QUIC worker pool is full (#​7927)
  • core: Preserve TSIG status in gRPC transport (#​7943)
  • core: Propagate TSIG secrets to DoT server (#​7928)
  • core: Propagate TSIG status in DoQ transport (#​7947)
  • core: Reject oversized GET dns query parameter of DoH (#​7926)
  • core: Use per-connection local address for PROXY protocol (#​8005)
  • plugin/auto: Resolve symlinked directory before walk (#​8032)
  • plugin/cache: Add an atomic.Bool to singleflight prefetching (#​7963)
  • plugin/cache: Prefetch without holding a client connection (#​7944)
  • plugin/dnssec: Add defensive nil checks (#​7997)
  • plugin/dnssec: Avoid caching empty signing results (#​7996)
  • plugin/dnssec: Return nil from ParseKeyFile on error (#​8000)
  • plugin/dnssec: Return nil sigs on sign error (#​7999)
  • plugin/dnsserver: Allow view server blocks in any declaration order (#​8001)
  • plugin/file: Expand SVCB/HTTPS record support (#​7950)
  • plugin/file: Fix data race in xfr.go (#​8039)
  • plugin/file: Introduce snapshot()/setData() accessors for zone data (#​8040)
  • plugin/file: Protect Zone.Expired with mutex (#​7940)
  • plugin/forward: Add max_age option to enforce an absolute connection lifetime (#​7903)
  • plugin/kubernetes: Record cluster_ip services in dns_programming_duration metric (#​7951)
  • plugin/kubernetes: Sanitize non-UTF-8 host in metrics (#​7998)
  • plugin/metrics: Add optional TLS support to /metrics endpoint (#​7255)
  • plugin/metrics: Allow selectively exporting all Go runtime metrics (#​7990)
  • plugin/ready: fix Reset list of readiness plugins (#​8035)
  • plugin/secondary: Send NOTIFY messages after zone transfer (#​7901)
  • plugin/tls: Add the keylog option to configure TLSConfig.KeyLogWriter (#​7537)
  • plugin/tls: Use temp dir for keylog test path (#​8010)
  • plugin/transfer: Batch AXFR records by message size instead of count (#​8002)
  • plugin/transfer: Fix case-sensitive zone handling for AXFR/IXFR (#​7899)
  • plugin/transfter: Fix longestMatch to select the most specific zone correctly (#​7949)
  • plugin/tsig: Add require_opcode directive for opcode-based TSIG (#​7828)
  • proxyproto: Add UDP session tracking for Cloudflare Spectrum PPv2 (#​7967)

Configuration

📅 Schedule: (in timezone America/Chicago)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [coredns/coredns](https://github.com/coredns/coredns) | patch | `1.14.2` → `1.14.3` | --- ### Release Notes <details> <summary>coredns/coredns (coredns/coredns)</summary> ### [`v1.14.3`](https://github.com/coredns/coredns/releases/tag/v1.14.3) [Compare Source](https://github.com/coredns/coredns/compare/v1.14.2...v1.14.3) This release introduces Windows service support, along with full TSIG verification across DoH, DoH3, QUIC, and gRPC transports, and improved TSIG propagation and DoH request validation. It also adds optional TLS for the metrics endpoint. Performance and stability are improved through cache prefetching, QUIC optimizations, and a new max\_age option in the forward plugin. Additional updates include enhanced SVCB/HTTPS support, improved zone transfer behavior, and various DNSSEC, PROXY protocol, and concurrency fixes. The release is built with Go 1.26.2, which includes security fixes addressing CVE-2026-32282, CVE-2026-32289, CVE-2026-33810, CVE-2026-27144, CVE-2026-27143, CVE-2026-32288, CVE-2026-32283, and CVE-2026-27140, and also includes fixes for CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-32934, and CVE-2026-35579. #### Brought to You By andreyrusanov-ec cangming Cedric Wang Ilya Kulakov Ingmar Van Glabbeek John-Michael Mulesa JUN YANG liucongran Minghang Chen Peppi-Lotta rpb-ant Seena Fallah Syed Azeez Umut Polat Ville Vesilehto Yong Tang #### Noteworthy Changes - core: Add full TSIG verification in DoH transport ([#&#8203;8013](https://github.com/coredns/coredns/pull/8013)) - core: Add full TSIG verification in DoH3 transport ([#&#8203;8044](https://github.com/coredns/coredns/pull/8044)) - core: Add full TSIG verification in QUIC transport (ttps\://github.com/coredns/coredns/pull/8007) - core: Add full TSIG verification in gRPC transport ([#&#8203;8006](https://github.com/coredns/coredns/pull/8006)) - core: Add support for running CoreDNS as a Windows service ([#&#8203;7962](https://github.com/coredns/coredns/pull/7962)) - core: Avoid spawning waiter goroutines when QUIC worker pool is full ([#&#8203;7927](https://github.com/coredns/coredns/pull/7927)) - core: Preserve TSIG status in gRPC transport ([#&#8203;7943](https://github.com/coredns/coredns/pull/7943)) - core: Propagate TSIG secrets to DoT server ([#&#8203;7928](https://github.com/coredns/coredns/pull/7928)) - core: Propagate TSIG status in DoQ transport ([#&#8203;7947](https://github.com/coredns/coredns/pull/7947)) - core: Reject oversized GET dns query parameter of DoH ([#&#8203;7926](https://github.com/coredns/coredns/pull/7926)) - core: Use per-connection local address for PROXY protocol ([#&#8203;8005](https://github.com/coredns/coredns/pull/8005)) - plugin/auto: Resolve symlinked directory before walk ([#&#8203;8032](https://github.com/coredns/coredns/pull/8032)) - plugin/cache: Add an atomic.Bool to singleflight prefetching ([#&#8203;7963](https://github.com/coredns/coredns/pull/7963)) - plugin/cache: Prefetch without holding a client connection ([#&#8203;7944](https://github.com/coredns/coredns/pull/7944)) - plugin/dnssec: Add defensive nil checks ([#&#8203;7997](https://github.com/coredns/coredns/pull/7997)) - plugin/dnssec: Avoid caching empty signing results ([#&#8203;7996](https://github.com/coredns/coredns/pull/7996)) - plugin/dnssec: Return nil from ParseKeyFile on error ([#&#8203;8000](https://github.com/coredns/coredns/pull/8000)) - plugin/dnssec: Return nil sigs on sign error ([#&#8203;7999](https://github.com/coredns/coredns/pull/7999)) - plugin/dnsserver: Allow view server blocks in any declaration order ([#&#8203;8001](https://github.com/coredns/coredns/pull/8001)) - plugin/file: Expand SVCB/HTTPS record support ([#&#8203;7950](https://github.com/coredns/coredns/pull/7950)) - plugin/file: Fix data race in xfr.go ([#&#8203;8039](https://github.com/coredns/coredns/pull/8039)) - plugin/file: Introduce snapshot()/setData() accessors for zone data ([#&#8203;8040](https://github.com/coredns/coredns/pull/8040)) - plugin/file: Protect Zone.Expired with mutex ([#&#8203;7940](https://github.com/coredns/coredns/pull/7940)) - plugin/forward: Add max\_age option to enforce an absolute connection lifetime ([#&#8203;7903](https://github.com/coredns/coredns/pull/7903)) - plugin/kubernetes: Record cluster\_ip services in dns\_programming\_duration metric ([#&#8203;7951](https://github.com/coredns/coredns/pull/7951)) - plugin/kubernetes: Sanitize non-UTF-8 host in metrics ([#&#8203;7998](https://github.com/coredns/coredns/pull/7998)) - plugin/metrics: Add optional TLS support to /metrics endpoint ([#&#8203;7255](https://github.com/coredns/coredns/pull/7255)) - plugin/metrics: Allow selectively exporting all Go runtime metrics ([#&#8203;7990](https://github.com/coredns/coredns/pull/7990)) - plugin/ready: fix Reset list of readiness plugins ([#&#8203;8035](https://github.com/coredns/coredns/pull/8035)) - plugin/secondary: Send NOTIFY messages after zone transfer ([#&#8203;7901](https://github.com/coredns/coredns/pull/7901)) - plugin/tls: Add the keylog option to configure TLSConfig.KeyLogWriter ([#&#8203;7537](https://github.com/coredns/coredns/pull/7537)) - plugin/tls: Use temp dir for keylog test path ([#&#8203;8010](https://github.com/coredns/coredns/pull/8010)) - plugin/transfer: Batch AXFR records by message size instead of count ([#&#8203;8002](https://github.com/coredns/coredns/pull/8002)) - plugin/transfer: Fix case-sensitive zone handling for AXFR/IXFR ([#&#8203;7899](https://github.com/coredns/coredns/pull/7899)) - plugin/transfter: Fix longestMatch to select the most specific zone correctly ([#&#8203;7949](https://github.com/coredns/coredns/pull/7949)) - plugin/tsig: Add require\_opcode directive for opcode-based TSIG ([#&#8203;7828](https://github.com/coredns/coredns/pull/7828)) - proxyproto: Add UDP session tracking for Cloudflare Spectrum PPv2 ([#&#8203;7967](https://github.com/coredns/coredns/pull/7967)) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNCIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhdXRvbWVyZ2UiLCJnaXRodWItcmVsZWFzZXMiXX0=-->
renovate-bot added the automerge label 2026-04-24 18:08:52 +00:00
renovate-bot added 1 commit 2026-04-24 18:08:54 +00:00
chore(deps): update dependency coredns/coredns to v1.14.3
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 1m3s
Details
render-manifests / render-manifests (pull_request) Successful in 1m12s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 1m5s
Details
97ed54a911
renovate-bot scheduled this pull request to auto merge when all checks succeed 2026-04-24 18:09:00 +00:00
renovate-bot merged commit 111b3228fa into main 2026-04-24 18:09:07 +00:00
renovate-bot deleted branch renovate/unified-coredns 2026-04-24 18:09:14 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Renovate
Issue generated by Renovate.
 automerge
This PR will be automerged by Renovate.
 chart
Chart update generated by Renovate.
 docker
Docker update generated by Renovate.
github-actions
Github Action update generated by Renovate.
helm
Helm update generated by Renovate.
image
Image update generated by Renovate.
 stale
PR or Issue that has not been updated recently.
No Label automerge
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-bot renovate-bot alexlebens
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#6210
Delete Branch "renovate/unified-coredns"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?