RepoJournal
Kubernetes

@kubernetes

Container orchestration — what platform teams ship on

Pick a date

The Wire · Showcase

ETCD STREAMING LANDS IN APISERVER, KSM PATCHES CRITICAL GOLANG VULNS

By RepoJournal · Filed · About Kubernetes

Kubernetes apiserver is shipping etcd RangeStream support with proper metrics instrumentation, while kube-state-metrics dropped an emergency security release addressing high-severity Go vulnerabilities.

The apiserver deck landed three interconnected changes that overhaul how list operations work at the etcd layer. First, the FeatureSupportChecker now gates RangeStream availability [1], so clusters on etcd 3.7+ use streaming lists while older deployments fall back to pagination without retry loops. Metrics instrumentation follows: listStream operations now record duration and errors over the full stream consumption [2], not just the initial handshake, giving you real visibility into compaction errors mid-stream. Watch cache architecture got a structural cleanup [3] that separates watch history from storage concerns, aligning the codebase with etcd's own patterns. Meanwhile, kube-state-metrics v2.19.1 [4] ships with Go 1.26.4 and addresses CVE-2026-42504 plus several high-scoring vulnerabilities in golang.org/x/net, oauth2, sys, term, and text. The konnectivity network proxy upgraded to v0.36 [5] across the main repo, adding pending backend request timeout options and enforcing server-ca-cert validation in TCP mode. On the test-infra front, EOL Kubernetes 1.32 jobs are being dropped [6], removing 869 conformance jobs from the grid and fixing recurring kOps CI failures. Documentation updates continue across Japanese and Chinese localization [7], [8], [9].

Action items

References

  1. [1] Merge pull request #139542 from Jefftree/rangestream-feature-support-checker kubernetes/apiserver
  2. [2] Merge pull request #139601 from Jefftree/fix-liststream-metrics kubernetes/apiserver
  3. [3] Merge pull request #139655 from serathius/watchcache-split-structs kubernetes/apiserver
  4. [4] v2.19.1 ↗ kubernetes/kube-state-metrics
  5. [5] Merge pull request #139636 from cheftako/anp-release kubernetes/apiserver
  6. [6] Drop EOL Kubernetes 1.32 e2e jobs ↗ kubernetes/test-infra
  7. [7] [ja] Update i18n/ja.toml ↗ kubernetes/website
  8. [8] [ja] Unify cluster katakana notation ↗ kubernetes/website
  9. [9] [zh-cn]sync preview-locally ↗ kubernetes/website

FAQ

What changed in Kubernetes on June 12, 2026?
Kubernetes apiserver is shipping etcd RangeStream support with proper metrics instrumentation, while kube-state-metrics dropped an emergency security release addressing high-severity Go vulnerabilities.
What should Kubernetes teams do about it?
Upgrade kube-state-metrics to v2.19.1 immediately • Review etcd 3.7+ RangeStream support in your clusters; pagination fallback is automatic • Validate listStream metrics in your observability pipeline
Which Kubernetes repositories shipped on June 12, 2026?
kubernetes/apiserver, kubernetes/kube-state-metrics, kubernetes/test-infra, kubernetes/website

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.