Version 1.13.x#
This page shows the changelog for Nubus for Kubernetes 1.13.x:
Version 1.13.0 - 2025-08-26#
This is the eighteenth production release of Nubus for Kubernetes.
Upgrade path
For the upgrade to version 1.13.0, your deployment must run on version 1.12.0. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see Upgrade in Univention Nubus for Kubernetes - Operation Manual [1].
Release highlights#
- Portal sidebar
Shows the common navigation items in a sidebar of the Portal. Other applications can already use the common navigation items themselves. To activate the feature, use the dedicated feature toggle. For more information, see Portal Service.
Migration steps#
This section lists necessary migration steps that may apply to you. You need to run them before the upgrade.
If you are using the NATS persistence configuration,
you need to rename the Helm Chart value
nats.persistence.storageClass
to nats.persistence.storageClassName
.
Changes#
This section lists the changes in 1.13.0 grouped by component in Nubus for Kubernetes.
Portal Service#
Add left sidebar feature for improved navigation and application access. Nubus controls the sidebar with the feature toggle
nubusPortalServer.portalServer.featureToggles.left_sidebar
. By default, Nubus has deactivated the left sidebar.Add support to configure the central navigation. Operators can independently configure which tiles the central navigation shows. They can configure the tiles through the
centralNavigation
property on portal objects. This allows for customized navigation experiences in third-party applications without affecting the main portal view.For more information, see Configure navigation entries in Univention Nubus for Kubernetes - Nubus Customization and Modification Manual [2].
Fix focus management for screen readers and keyboard users. Users stay within modal dialogs for improved accessibility.
Hide empty sidebar if no navigation entries are available, even if Nubus for Kubernetes has activated the left sidebar feature toggle.
Management UI#
Add configurable pod management policy for UMC Server.
You can configure the nubusUmcServer.podManagementPolicy
Helm Chart value
to deploy UMC Server pods in parallel instead of sequentially.
Parallel
pod deployment improves deployment times for many replicas.
The default value is OrderedReady
.
Another possible value is Parallel
.
Provisioning Service#
Fix NATS persistence storage class configuration. Renamed the Helm Chart value
nubusProvisioning.nats.persistence.storageClass
tonubusProvisioning.nats.persistence.storageClassName
.Improve atomic subscription handling for NATS. The provisioning API now ensures atomic creation of subscriptions and streams. The Provisioning Dispatcher received hardening against orphan subscriptions.
Improve error handling in the Provisioning API. The API now checks for an existing consumer before it attempts to get messages and provides better logging for missing streams.
Fix Provisioning UDM Listener initialization to prevent the listener from getting stuck because of failed initialization.
UDM Listener doesn’t need direct access to Provisioning API anymore. Thus, it doesn’t need credentials for it. Removed the following unused values:
nubusUdmListener.provisioningApi.auth.existingSecret.keyMapping.password
nubusUdmListener.provisioningApi.auth.password
nubusUdmListener.provisioningApi.auth.username
Styling and Theme#
Update portal CSS for improved openDesk compatibility, including adjustments for the waffle icon and CSS variables.
Dependencies and Infrastructure#
Update Bitnami Helm chart references because of changes in the Bitnami repository structure. This update ensures compatibility with the latest Bitnami Helm chart organization, but has no user or operator-facing configuration changes.
Included errata updates#
Update all components in Nubus for Kubernetes to use the UCS 5.2-2 base image and include bug fixes up to UCS 5.2 erratum 147. For UCS errata updates, see Security and bugfix errata for UCS 5.2. Reference date is 14. July 2025.
The errata updates contain fixes for the following CVEs:
- jpeg-xl
CVSS score unknown. (CVE-2024-11403, CVE-2024-11498)
CVSS score 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2023-35790)
CVSS score 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). (CVE-2023-0645)
- libxml2
CVSS score 8.1 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). (CVE-2022-49043)
CVSS score 7.8 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N). (CVE-2024-56171, CVE-2025-24928)
CVSS score 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2024-25062)
CVSS score 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2024-34459)
CVSS score 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). (CVE-2023-39615, CVE-2023-45322)
CVSS score 5.6 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L). (CVE-2025-32414)
CVSS score 2.9 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2025-27113, CVE-2025-32415)
- icu
CVSS score 7.0 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). (CVE-2025-5222)