Nubus for Kubernetes - Release Notes for 1.x

Version 1.13.x

Version 1.13.x#

This page shows the changelog for Nubus for Kubernetes 1.13.x:

Version 1.13.1 - 2025-09-04#

This is the nineteenth production release of Nubus for Kubernetes.

Upgrade path

For the upgrade to version 1.13.1, your deployment must run on version 1.13.0. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see Upgrade in Univention Nubus for Kubernetes - Operation Manual [1].

Migration steps#

There are no necessary migration steps for this release.

Changes#

This section lists the changes in 1.13.1 grouped by component in Nubus for Kubernetes.

Portal Service#

  • Prompt the user for sign-in if the Portal attempts to passively refresh the session with the Identity Provider, but another service provider signed out the user.

  • Add capability to customize the sidebar title. The sidebar title uses the display name configured in the centralNavigation property. For more information, see Configure navigation entries in Univention Nubus for Kubernetes - Nubus Customization and Modification Manual [2].

Provisioning Service#

  • Improve the Provisioning Dispatcher to reconnect to NATS after a connection interruption.

  • Improve the Provisioning UDM transformer to reconnect to NATS after a connection interruption.

Included errata updates#

Update all components in Nubus for Kubernetes to use the UCS 5.2-2 base image and include bug fixes up to UCS 5.2 erratum 167. For UCS errata updates, see Security and bugfix errata for UCS 5.2. Reference date is 14. August 2025.

The errata updates contain fixes for the following CVEs:

gnutls28

Version 1.13.0 - 2025-08-26#

This is the eighteenth production release of Nubus for Kubernetes.

Upgrade path

For the upgrade to version 1.13.0, your deployment must run on version 1.12.0. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see Upgrade in Univention Nubus for Kubernetes - Operation Manual [1].

Release highlights#

Portal sidebar

Shows the common navigation items in a sidebar of the Portal. Other applications can already use the common navigation items themselves. To activate the feature, use the dedicated feature toggle. For more information, see Portal Service.

Migration steps#

This section lists necessary migration steps that may apply to you. You need to run them before the upgrade.

If you are using the NATS persistence configuration, you need to rename the Helm Chart value nats.persistence.storageClass to nats.persistence.storageClassName.

Changes#

This section lists the changes in 1.13.0 grouped by component in Nubus for Kubernetes.

Portal Service#

  • Add left sidebar feature for improved navigation and application access. Nubus controls the sidebar with the feature toggle nubusPortalServer.portalServer.featureToggles.left_sidebar. By default, Nubus has deactivated the left sidebar.

  • Add support to configure the central navigation. Operators can independently configure which tiles the central navigation shows. They can configure the tiles through the centralNavigation property on portal objects. This allows for customized navigation experiences in third-party applications without affecting the main portal view.

    For more information, see Configure navigation entries in Univention Nubus for Kubernetes - Nubus Customization and Modification Manual [2].

  • Fix focus management for screen readers and keyboard users. Users stay within modal dialogs for improved accessibility.

  • Hide empty sidebar if no navigation entries are available, even if Nubus for Kubernetes has activated the left sidebar feature toggle.

Management UI#

Add configurable pod management policy for UMC Server. You can configure the nubusUmcServer.podManagementPolicy Helm Chart value to deploy UMC Server pods in parallel instead of sequentially. Parallel pod deployment improves deployment times for many replicas. The default value is OrderedReady. Another possible value is Parallel.

Provisioning Service#

  • Fix NATS persistence storage class configuration. Renamed the Helm Chart value nubusProvisioning.nats.persistence.storageClass to nubusProvisioning.nats.persistence.storageClassName.

  • Improve atomic subscription handling for NATS. The provisioning API now ensures atomic creation of subscriptions and streams. The Provisioning Dispatcher received hardening against orphan subscriptions.

  • Improve error handling in the Provisioning API. The API now checks for an existing consumer before it attempts to get messages and provides better logging for missing streams.

  • Fix Provisioning UDM Listener initialization to prevent the listener from getting stuck because of failed initialization.

  • UDM Listener doesn’t need direct access to Provisioning API anymore. Thus, it doesn’t need credentials for it. Removed the following unused values:

    • nubusUdmListener.provisioningApi.auth.existingSecret.keyMapping.password

    • nubusUdmListener.provisioningApi.auth.password

    • nubusUdmListener.provisioningApi.auth.username

Styling and Theme#

  • Update portal CSS for improved openDesk compatibility, including adjustments for the waffle icon and CSS variables.

Dependencies and Infrastructure#

  • Update Bitnami Helm chart references because of changes in the Bitnami repository structure. This update ensures compatibility with the latest Bitnami Helm chart organization, but has no user or operator-facing configuration changes.

Included errata updates#

Update all components in Nubus for Kubernetes to use the UCS 5.2-2 base image and include bug fixes up to UCS 5.2 erratum 147. For UCS errata updates, see Security and bugfix errata for UCS 5.2. Reference date is 14. July 2025.

The errata updates contain fixes for the following CVEs:

jpeg-xl
libxml2
icu

  • CVSS score 7.0 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). (CVE-2025-5222)

On this page