RepoJournal
Kubernetes

@kubernetes

Container orchestration — what platform teams ship on

Pick a date

  1. Mon 4 may
  2. Tue 5 may
  3. Wed 6 may
  4. Thu 7 may
  5. Fri 8 may
  6. Sat 9 may
  7. Sun 10 may
  8. Mon 11 may
  9. Tue 12 may
  10. Wed 13 may
  11. Thu 14 may
  12. Fri 15 may
  13. Sat 16 may
  14. Sun 17 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

KOPS CLOSES VPC CNI GAP ON RHEL 9, NODE-PROBLEM-DETECTOR PATCHES HIGH-SEVERITY LOGRUS CVE

By RepoJournal · Filed · About Kubernetes

Kubernetes is shipping critical networking fixes for production deployments while closing two high and medium severity vulnerabilities in core observability tooling.

Node-problem-detector merged fixes for a high-severity CVE in logrus [1] and a medium-severity Prometheus vulnerability [2], upgrading the builder image to golang:1.25.9 to ensure the detector runs hardened on every node. This matters: logrus is everywhere in Go observability stacks, and this patch closes GHSA-4f99-4q7p-p3gh before it becomes a chain vector. On the infrastructure side, kops landed a critical fix disabling NetworkManager's cloud-setup service on RHEL 9 [3], which was breaking AWS VPC CNI deployments by installing conflicting source-routing rules that hijacked pod traffic. The same team also fixed VPC CNI support on Debian 11 [4], unblocking two major distro combinations that were previously untested in presubmit. Kops bumped k8s.io dependencies and Go to v1.26.2 [5], keeping the cluster provisioner in sync with the runtime your clusters will run. Documentation updates across the website synced Chinese translations for event-v1 and lease-v1 APIs [6], while enum value fixes landed across the API reference [7] to keep generated docs accurate.

Action items

References

  1. [1] Fix CVEs and update builder image to golang:1.25.9 ↗ kubernetes/node-problem-detector
  2. [2] Fix Grype CVEs: update logrus and prometheus/prometheus kubernetes/node-problem-detector
  3. [3] Disable nm-cloud-setup on RHEL 9 for AWS VPC CNI kubernetes/kops
  4. [4] Fix support for VPC CNI + Debian 11 ↗ kubernetes/kops
  5. [5] Update k8s.io dependencies and Go to v1.26.2 ↗ kubernetes/kops
  6. [6] [zh-cn]sync event-v1 lease-v1 ↗ kubernetes/website
  7. [7] Update API resource reference enum values ↗ kubernetes/website

FAQ

What changed in Kubernetes on May 4, 2026?
Kubernetes is shipping critical networking fixes for production deployments while closing two high and medium severity vulnerabilities in core observability tooling.
What should Kubernetes teams do about it?
Merge node-problem-detector CVE fixes into your monitoring deployment before next rollout • If running kops on RHEL 9 with AWS VPC CNI, update to the latest and redeploy nodes • Pin kops to v1.26.2+ for Go 1.26 compatibility across your fleet
Which Kubernetes repositories shipped on May 4, 2026?
kubernetes/node-problem-detector, kubernetes/kops, kubernetes/website

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.