Welcome to the debut episode! Hosts Katie and Jeremy dive into the weekly “firehose” of cloud-native updates to tell platform engineers and SREs what actually matters.
The CNCF Ladder
- Graduated: Industry standards, rock-solid for massive crowds.
- Incubating: Fast-growing projects used in production but still “perfecting the menu”.
- Sandbox: Experimental “pop-ups” worth watching.
Critical Security Alert
- SPIRE v1.14.6: An immediate upgrade is required for those on AWS. This release fixes a critical impersonation bypass for EC2 instances and a TOCTOU (time-of-check to time-of-use) join token exploit.
Major Milestones & Graduated Heavyweights
- Vitess v24.0.0: The “bionic suit for MySQL” introduces Window Function Pushdown for massive performance gains in sharded keyspaces. Note: External decompressors in backups are now opt-in, requiring a migration update.
- containerd v2.3.0: The project’s first Long Term Support (LTS) release. It includes filesystem transfer types, OpenTelemetry trace propagation, and support for integrity-checking via dmverity.
- Knative v1.22.0: Focuses on “hardening the traffic cop” with refactored and standardized TLS across core components, plus graceful shutdowns for WebSockets.
Incubating Stars
- Strimzi v1.0.0: The Kafka operator hits 1.0! It brings support for Kafka 4.1.2 and a “force-renew” for user certificates. Warning: This release removes support for older v1beta1 and v1beta2 APIs.
- NATS v2.14.0: Adds native cron-based scheduling in JetStream, “Fast-Ingest” for batch publishing, and new server-side feature flags.
The Reliability Lightning Round
- etcd v3.6.11: Fixes a quorum bug affecting member addition and a sneaky RBAC bypass involving nested transactions.
- Dapr v1.17.6: Resolves a “dead-letter queue” bug where pub-sub messages were lost during graceful shutdowns.
- Backstage v1.50.4: Hardens the “unprocessed entities” catalog pipeline against malicious data injection.
