Kyverno 1.18 has been released, marking the first release since the project's CNCF graduation. Key highlights include security hardening for HTTP-based policy execution with SSRF mitigations (CVE-2026-4789, CVE-2026-41323) and scoped token authorization. The CLI now supports cleanup policies, HTTP/Envoy authorization policies, and mutateExisting rules. Policy engine improvements include memory-based HPA autoscaling, TLS on metrics endpoints, fine-grained success event filtering, and a new gzip CEL library. The release also introduces a 'main + 1' patch support model, limiting active support to the current and previous release. ClusterPolicy deprecation is on track, with users encouraged to migrate to newer types like ValidatingPolicy, MutatingPolicy, and ImageValidatingPolicy. No breaking changes are included.
Sort: