Version 1.18.x#

This page shows the changelog for Nubus for Kubernetes 1.18.x:

Version 1.18.0 - 2026-02-27
Version 1.18.1 - 2026-03-12

Version 1.18.1 - 2026-03-12#

This is the twenty-seventh production release of Nubus for Kubernetes.

Upgrade path

For the upgrade to version 1.18.1, your deployment must run on version 1.17.x or later. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see Upgrade in Univention Nubus for Kubernetes - Operation Manual [1].

Migration steps#

This section lists necessary migration steps that may apply to you. You need to run them before the upgrade. Follow and apply the migration steps outlined in v1.18.0 - Migration steps.

Changes#

This section lists the changes in 1.18.1 grouped by component in Nubus for Kubernetes.

Keycloak Service#

Upgrade Keycloak to version 26.5.5. This includes security fixes for CVE-2026-3047, CVE-2026-3009, CVE-2026-2603, CVE-2026-2092.

Version 1.18.0 - 2026-02-27#

This is the twenty-sixth production release of Nubus for Kubernetes.

Upgrade path

For the upgrade to version 1.18.0, your deployment must run on version 1.17.x. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see Upgrade in Univention Nubus for Kubernetes - Operation Manual [1].

Release highlights#

Ingress controller independent: Nubus for Kubernetes no longer depends on Ingress NGINX. The product now uses controller-independent Ingress objects, so that operators can deploy Nubus with their preferred Ingress controller.
No dependency on cert-manager: Nubus for Kubernetes no longer needs cert-manager deployed in the cluster.
No public S3 bucket required for portal assets: Nubus for Kubernetes now serves portal assets such as images and tiles, directly through the Portal Frontend container instead of a public S3 bucket. This eliminates the need for publicly accessible object storage. Nubus for Kubernetes still requires a private S3 bucket to share the portal configuration between components.

Migration steps#

Run the following migration step before the upgrade:

The nubusKeycloakBootstrap.bootstrap.ldapMappers field changed the type from a list to a dictionary. If you have custom LDAP mappers defined, you must reformat them in your custom_values.yaml values file. For information and configuration steps, see Configure additional LDAP mappers in Univention Nubus for Kubernetes - Operation Manual [1].

Run the following migration step after the upgrade to Nubus 1.18.0 or later:

You can remove the anonymous access settings for the Nubus for Kubernetes bucket on your S3-compatible object storage. This is a security improvement and doesn’t block the upgrade or any future functionality. For more information, see Use external S3-compatible object storage in Univention Nubus for Kubernetes - Operation Manual [1].

Changes#

This section lists the changes in 1.18.0 grouped by component in Nubus for Kubernetes.

Portal Service#

Fix left side-bar navigation to display all the tiles grouped by category.
Serving dynamic portal assets such as portal tiles and background images no longer relies on Ingress NGINX specific annotations. This improves compatibility with other Ingress controllers. The Portal Frontend component now serves these assets. A new sidecar container loads the portal assets from UDM / LDAP and polls for changes.

Added Helm Chart values:
- nubusPortalFrontend.assetLoader.config.pollInterval
- nubusPortalFrontend.assetLoader.image.registry
- nubusPortalFrontend.assetLoader.image.repository
- nubusPortalFrontend.assetLoader.image.tag
- nubusPortalFrontend.assetLoader.image.pullPolicy
- nubusPortalFrontend.udm.auth.username
- nubusPortalFrontend.udm.auth.password
- nubusPortalFrontend.assetLoader.resources.*
- nubusPortalFrontend.assetLoader.readinessProbe.*
- nubusPortalFrontend.assetLoader.livenessProbe.*
Remove Ingress NGINX specific regex path rewrites from the ingress configuration to improve compatibility with other Ingress controllers.

UMC Service#

Remove Ingress NGINX specific regex path rewrites from the ingress configuration to improve compatibility with other Ingress controllers. The service now handles path prefixes such as /univention internally.

UDM HTTP REST API#

Remove Ingress NGINX specific regex path rewrites from the ingress configuration to improve compatibility with other Ingress controllers. The service now handles path prefixes such as /univention internally.

Stack Data#

Remove configuration values for SSL validity checks, which cause false error messages in the portal.

Keycloak Service#

LDAP mappers now include an alwaysReadFromLdap option that allows Keycloak to read LDAP attributes, such as OXContextId, directly from the LDAP directory service, instead of the Keycloak cache. It ensures that Keycloak uses the latest value for attributes that may change in LDAP. For more information and configuration steps, see Configure additional LDAP mappers in Univention Nubus for Kubernetes - Operation Manual [1].

Included errata updates#

Update all components in Nubus for Kubernetes to use the UCS 5.2-4 base image and include bug fixes up to UCS 5.2 erratum 359. For UCS errata updates, see Security and bugfix errata for UCS 5.2. Reference date is 19. February 2026.

The errata updates contain fixes for the following CVEs:

apache2-bin

CVE-2025-55753 (high), CVE-2025-58098 (high), CVE-2025-65082 (medium)
CVE-2025-66200 (medium)

bind9-dnsutils

CVE-2025-13878 (high)

bind9-host

CVE-2025-13878 (high)

bind9-libs

CVE-2025-13878 (high)

curl

CVE-2025-9086 (high)

jaraco.context

CVE-2026-23949 (high)

libc-bin

CVE-2025-4802 (high)
CVE-2025-8058 (unknown)

libc6

CVE-2025-4802 (high)
CVE-2025-8058 (unknown)

libcurl4

CVE-2025-9086 (high)

libglib2.0-0

CVE-2025-14087 (critical)

libgssapi-krb5-2

CVE-2025-3576 (medium)

libk5crypto3

CVE-2025-3576 (medium)

libkrb5-3

CVE-2025-3576 (medium)

libkrb5support0

CVE-2025-3576 (medium)

libldb2

CVE-2018-14628 (medium)
CVE-2025-9640 (medium)

libpq5

CVE-2026-2004 (high), CVE-2026-2005 (high), CVE-2026-2006 (high)
CVE-2025-12818 (medium), CVE-2026-2003 (medium), CVE-2025-12817 (low)

libsqlite3-0

CVE-2025-52099 (unknown)

libssl3

CVE-2025-15467 (critical)
CVE-2025-9230 (high)
CVE-2025-9232 (medium)

libwbclient0

CVE-2018-14628 (medium)
CVE-2025-9640 (medium)

libxml2

CVE-2025-9714 (medium)

libxslt1.1

CVE-2025-7425 (high)

linux-libc-dev

CVE-2023-54285 (high), CVE-2024-46786 (high), CVE-2025-21946 (high)
CVE-2025-22022 (high), CVE-2025-22083 (high), CVE-2025-22107 (high)
CVE-2025-22121 (high), CVE-2025-37899 (high), CVE-2025-37926 (high)
CVE-2025-38022 (high), CVE-2025-38129 (high), CVE-2025-38361 (high)
CVE-2025-38556 (high), CVE-2025-38593 (high), CVE-2025-38718 (high)
CVE-2025-39871 (high), CVE-2025-40149 (high), CVE-2025-68817 (high)
CVE-2025-71162 (high), CVE-2026-22980 (high), CVE-2026-22984 (high)
CVE-2023-52658 (medium), CVE-2023-53421 (medium), CVE-2024-42079 (medium)
CVE-2024-47666 (medium), CVE-2024-49968 (medium), CVE-2025-22090 (medium)
CVE-2025-22111 (medium), CVE-2025-38057 (medium), CVE-2025-38104 (medium)
CVE-2025-38125 (medium), CVE-2025-38232 (medium), CVE-2025-38408 (medium)
CVE-2025-38591 (medium), CVE-2025-38678 (medium), CVE-2025-39721 (medium)
CVE-2025-39805 (medium), CVE-2025-40039 (medium), CVE-2025-40164 (medium)
CVE-2025-68211 (medium), CVE-2025-68214 (medium), CVE-2025-68223 (medium)
CVE-2025-68340 (medium), CVE-2025-68365 (medium), CVE-2025-68725 (medium)
CVE-2025-71147 (medium), CVE-2025-71149 (medium), CVE-2025-71150 (medium)
CVE-2025-71154 (medium), CVE-2025-71163 (medium), CVE-2026-22976 (medium)
CVE-2026-22977 (medium), CVE-2026-22979 (medium), CVE-2026-22982 (medium)
CVE-2026-22990 (medium), CVE-2026-22991 (medium), CVE-2026-22992 (medium)
CVE-2026-22994 (medium), CVE-2026-22997 (medium), CVE-2026-22998 (medium)
CVE-2026-22999 (medium), CVE-2026-22978 (low), CVE-2025-40083 (unknown)
CVE-2025-40110 (unknown), CVE-2025-40211 (unknown), CVE-2025-40214 (unknown)
CVE-2025-40215 (unknown), CVE-2025-40248 (unknown), CVE-2025-40252 (unknown)
CVE-2025-40253 (unknown), CVE-2025-40254 (unknown), CVE-2025-40257 (unknown)
CVE-2025-40258 (unknown), CVE-2025-40259 (unknown), CVE-2025-40261 (unknown)
CVE-2025-40262 (unknown), CVE-2025-40263 (unknown), CVE-2025-40264 (unknown)
CVE-2025-40269 (unknown), CVE-2025-40271 (unknown), CVE-2025-40272 (unknown)
CVE-2025-40273 (unknown), CVE-2025-40275 (unknown), CVE-2025-40277 (unknown)
CVE-2025-40278 (unknown), CVE-2025-40279 (unknown), CVE-2025-40280 (unknown)
CVE-2025-40281 (unknown), CVE-2025-40282 (unknown), CVE-2025-40283 (unknown)
CVE-2025-40284 (unknown), CVE-2025-40285 (unknown), CVE-2025-40286 (unknown)
CVE-2025-40288 (unknown), CVE-2025-40292 (unknown), CVE-2025-40293 (unknown)
CVE-2025-40294 (unknown), CVE-2025-40297 (unknown), CVE-2025-40301 (unknown)
CVE-2025-40304 (unknown), CVE-2025-40306 (unknown), CVE-2025-40308 (unknown)
CVE-2025-40309 (unknown), CVE-2025-40312 (unknown), CVE-2025-40313 (unknown)
CVE-2025-40314 (unknown), CVE-2025-40315 (unknown), CVE-2025-40317 (unknown)
CVE-2025-40318 (unknown), CVE-2025-40319 (unknown), CVE-2025-40321 (unknown)
CVE-2025-40322 (unknown), CVE-2025-40323 (unknown), CVE-2025-40324 (unknown)
CVE-2025-40331 (unknown), CVE-2025-40341 (unknown), CVE-2025-40342 (unknown)
CVE-2025-40343 (unknown), CVE-2025-40345 (unknown), CVE-2025-40360 (unknown)
CVE-2025-40363 (unknown), CVE-2025-68168 (unknown), CVE-2025-68171 (unknown)
CVE-2025-68173 (unknown), CVE-2025-68176 (unknown), CVE-2025-68177 (unknown)
CVE-2025-68185 (unknown), CVE-2025-68191 (unknown), CVE-2025-68192 (unknown)
CVE-2025-68194 (unknown), CVE-2025-68200 (unknown), CVE-2025-68204 (unknown)
CVE-2025-68217 (unknown), CVE-2025-68218 (unknown), CVE-2025-68220 (unknown)
CVE-2025-68227 (unknown), CVE-2025-68229 (unknown), CVE-2025-68231 (unknown)
CVE-2025-68233 (unknown), CVE-2025-68237 (unknown), CVE-2025-68238 (unknown)
CVE-2025-68241 (unknown), CVE-2025-68244 (unknown), CVE-2025-68245 (unknown)
CVE-2025-68246 (unknown), CVE-2025-68254 (unknown), CVE-2025-68255 (unknown)
CVE-2025-68256 (unknown), CVE-2025-68257 (unknown), CVE-2025-68258 (unknown)
CVE-2025-68259 (unknown), CVE-2025-68261 (unknown), CVE-2025-68263 (unknown)
CVE-2025-68264 (unknown), CVE-2025-68266 (unknown), CVE-2025-68282 (unknown)
CVE-2025-68283 (unknown), CVE-2025-68284 (unknown), CVE-2025-68285 (unknown)
CVE-2025-68286 (unknown), CVE-2025-68287 (unknown), CVE-2025-68288 (unknown)
CVE-2025-68289 (unknown), CVE-2025-68290 (unknown), CVE-2025-68291 (unknown)
CVE-2025-68295 (unknown), CVE-2025-68301 (unknown), CVE-2025-68302 (unknown)
CVE-2025-68303 (unknown), CVE-2025-68307 (unknown), CVE-2025-68308 (unknown)
CVE-2025-68310 (unknown), CVE-2025-68312 (unknown), CVE-2025-68321 (unknown)
CVE-2025-68325 (unknown), CVE-2025-68327 (unknown), CVE-2025-68328 (unknown)
CVE-2025-68330 (unknown), CVE-2025-68331 (unknown), CVE-2025-68332 (unknown)
CVE-2025-68335 (unknown), CVE-2025-68336 (unknown), CVE-2025-68337 (unknown)
CVE-2025-68339 (unknown), CVE-2025-68343 (unknown), CVE-2025-68344 (unknown)
CVE-2025-68345 (unknown), CVE-2025-68346 (unknown), CVE-2025-68347 (unknown)
CVE-2025-68349 (unknown), CVE-2025-68354 (unknown), CVE-2025-68362 (unknown)
CVE-2025-68363 (unknown), CVE-2025-68364 (unknown), CVE-2025-68366 (unknown)
CVE-2025-68367 (unknown), CVE-2025-68369 (unknown), CVE-2025-68371 (unknown)
CVE-2025-68372 (unknown), CVE-2025-68380 (unknown), CVE-2025-68724 (unknown)
CVE-2025-68727 (unknown), CVE-2025-68728 (unknown), CVE-2025-68732 (unknown)
CVE-2025-68733 (unknown), CVE-2025-68734 (unknown), CVE-2025-68740 (unknown)
CVE-2025-68742 (unknown), CVE-2025-68746 (unknown), CVE-2025-68753 (unknown)
CVE-2025-68757 (unknown), CVE-2025-68758 (unknown), CVE-2025-68759 (unknown)
CVE-2025-68764 (unknown), CVE-2025-68765 (unknown), CVE-2025-68766 (unknown)
CVE-2025-68767 (unknown), CVE-2025-68769 (unknown), CVE-2025-68771 (unknown)
CVE-2025-68772 (unknown), CVE-2025-68773 (unknown), CVE-2025-68774 (unknown)
CVE-2025-68776 (unknown), CVE-2025-68777 (unknown), CVE-2025-68778 (unknown)
CVE-2025-68780 (unknown), CVE-2025-68781 (unknown), CVE-2025-68782 (unknown)
CVE-2025-68783 (unknown), CVE-2025-68785 (unknown), CVE-2025-68786 (unknown)
CVE-2025-68787 (unknown), CVE-2025-68788 (unknown), CVE-2025-68789 (unknown)
CVE-2025-68795 (unknown), CVE-2025-68796 (unknown), CVE-2025-68797 (unknown)
CVE-2025-68798 (unknown), CVE-2025-68799 (unknown), CVE-2025-68800 (unknown)
CVE-2025-68801 (unknown), CVE-2025-68803 (unknown), CVE-2025-68804 (unknown)
CVE-2025-68806 (unknown), CVE-2025-68808 (unknown), CVE-2025-68813 (unknown)
CVE-2025-68814 (unknown), CVE-2025-68815 (unknown), CVE-2025-68816 (unknown)
CVE-2025-68818 (unknown), CVE-2025-68819 (unknown), CVE-2025-68820 (unknown)
CVE-2025-68821 (unknown), CVE-2025-71064 (unknown), CVE-2025-71066 (unknown)
CVE-2025-71069 (unknown), CVE-2025-71071 (unknown), CVE-2025-71075 (unknown)
CVE-2025-71077 (unknown), CVE-2025-71078 (unknown), CVE-2025-71079 (unknown)
CVE-2025-71081 (unknown), CVE-2025-71082 (unknown), CVE-2025-71083 (unknown)
CVE-2025-71084 (unknown), CVE-2025-71085 (unknown), CVE-2025-71086 (unknown)
CVE-2025-71087 (unknown), CVE-2025-71088 (unknown), CVE-2025-71091 (unknown)
CVE-2025-71093 (unknown), CVE-2025-71094 (unknown), CVE-2025-71095 (unknown)
CVE-2025-71096 (unknown), CVE-2025-71097 (unknown), CVE-2025-71098 (unknown)
CVE-2025-71102 (unknown), CVE-2025-71104 (unknown), CVE-2025-71105 (unknown)
CVE-2025-71108 (unknown), CVE-2025-71111 (unknown), CVE-2025-71112 (unknown)
CVE-2025-71113 (unknown), CVE-2025-71114 (unknown), CVE-2025-71116 (unknown)
CVE-2025-71118 (unknown), CVE-2025-71119 (unknown), CVE-2025-71120 (unknown)
CVE-2025-71121 (unknown), CVE-2025-71123 (unknown), CVE-2025-71125 (unknown)
CVE-2025-71126 (unknown), CVE-2025-71127 (unknown), CVE-2025-71130 (unknown)
CVE-2025-71131 (unknown), CVE-2025-71132 (unknown), CVE-2025-71133 (unknown)
CVE-2025-71136 (unknown), CVE-2025-71137 (unknown), CVE-2025-71180 (unknown)
CVE-2025-71182 (unknown), CVE-2025-71183 (unknown), CVE-2025-71185 (unknown)
CVE-2025-71186 (unknown), CVE-2025-71189 (unknown), CVE-2025-71190 (unknown)
CVE-2025-71191 (unknown), CVE-2025-71192 (unknown), CVE-2025-71194 (unknown)
CVE-2025-71196 (unknown), CVE-2025-71197 (unknown), CVE-2025-71199 (unknown)
CVE-2025-71200 (unknown), CVE-2025-71203 (unknown), CVE-2025-71204 (unknown)
CVE-2025-71223 (unknown), CVE-2025-71229 (unknown), CVE-2025-71230 (unknown)
CVE-2025-71231 (unknown), CVE-2025-71234 (unknown), CVE-2026-23001 (unknown)
CVE-2026-23003 (unknown), CVE-2026-23005 (unknown), CVE-2026-23006 (unknown)
CVE-2026-23010 (unknown), CVE-2026-23011 (unknown), CVE-2026-23019 (unknown)
CVE-2026-23020 (unknown), CVE-2026-23021 (unknown), CVE-2026-23025 (unknown)
CVE-2026-23026 (unknown), CVE-2026-23027 (unknown), CVE-2026-23028 (unknown)
CVE-2026-23029 (unknown), CVE-2026-23030 (unknown), CVE-2026-23031 (unknown)
CVE-2026-23033 (unknown), CVE-2026-23037 (unknown), CVE-2026-23038 (unknown)
CVE-2026-23047 (unknown), CVE-2026-23049 (unknown), CVE-2026-23054 (unknown)
CVE-2026-23056 (unknown), CVE-2026-23058 (unknown), CVE-2026-23060 (unknown)
CVE-2026-23061 (unknown), CVE-2026-23063 (unknown), CVE-2026-23064 (unknown)
CVE-2026-23068 (unknown), CVE-2026-23069 (unknown), CVE-2026-23071 (unknown)
CVE-2026-23073 (unknown), CVE-2026-23074 (unknown), CVE-2026-23075 (unknown)
CVE-2026-23076 (unknown), CVE-2026-23078 (unknown), CVE-2026-23080 (unknown)
CVE-2026-23083 (unknown), CVE-2026-23084 (unknown), CVE-2026-23085 (unknown)
CVE-2026-23086 (unknown), CVE-2026-23087 (unknown), CVE-2026-23089 (unknown)
CVE-2026-23090 (unknown), CVE-2026-23091 (unknown), CVE-2026-23093 (unknown)
CVE-2026-23095 (unknown), CVE-2026-23096 (unknown), CVE-2026-23097 (unknown)
CVE-2026-23098 (unknown), CVE-2026-23099 (unknown), CVE-2026-23101 (unknown)
CVE-2026-23102 (unknown), CVE-2026-23103 (unknown), CVE-2026-23105 (unknown)
CVE-2026-23107 (unknown), CVE-2026-23108 (unknown), CVE-2026-23110 (unknown)
CVE-2026-23116 (unknown), CVE-2026-23119 (unknown), CVE-2026-23120 (unknown)
CVE-2026-23121 (unknown), CVE-2026-23124 (unknown), CVE-2026-23125 (unknown)
CVE-2026-23126 (unknown), CVE-2026-23128 (unknown), CVE-2026-23133 (unknown)
CVE-2026-23139 (unknown), CVE-2026-23140 (unknown), CVE-2026-23142 (unknown)
CVE-2026-23144 (unknown), CVE-2026-23145 (unknown), CVE-2026-23146 (unknown)
CVE-2026-23150 (unknown), CVE-2026-23156 (unknown), CVE-2026-23164 (unknown)
CVE-2026-23167 (unknown), CVE-2026-23168 (unknown), CVE-2026-23170 (unknown)
CVE-2026-23172 (unknown), CVE-2026-23179 (unknown), CVE-2026-23181 (unknown)
CVE-2026-23196 (unknown), CVE-2026-23212 (unknown), CVE-2026-23215 (unknown)
CVE-2026-23217 (unknown), CVE-2026-23223 (unknown), CVE-2026-23224 (unknown)
CVE-2026-23225 (unknown)

nginx

CVE-2025-53859 (low)

nginx-common

CVE-2025-53859 (low)

openssl

CVE-2025-15467 (critical)

perl-base

CVE-2023-31484 (high)
CVE-2025-40909 (medium)

postgresql-client-15

CVE-2026-2004 (high), CVE-2026-2005 (high), CVE-2026-2006 (high)
CVE-2025-12818 (medium), CVE-2026-2003 (medium), CVE-2025-12817 (low)

pyasn1

CVE-2026-23490 (high)

python3-ldb

CVE-2018-14628 (medium)
CVE-2025-9640 (medium)

python3-pil

CVE-2026-25990 (high)

python3-pyasn1

CVE-2026-23490 (high)

python3-samba

CVE-2018-14628 (medium)
CVE-2025-9640 (medium)

python3-wheel

CVE-2026-24049 (medium)

python3-wheel-whl

CVE-2026-24049 (medium)

rsync

CVE-2025-10158 (medium)

samba-libs

CVE-2018-14628 (medium)
CVE-2025-9640 (medium)

wheel

CVE-2026-24049 (medium)

Nubus for Kubernetes - Release Notes for 1.x

Version 1.18.x

Contents

Version 1.18.x#

Version 1.18.1 - 2026-03-12#

Migration steps#

Changes#

Keycloak Service#

Version 1.18.0 - 2026-02-27#

Release highlights#

Migration steps#

Changes#

Portal Service#

UMC Service#

UDM HTTP REST API#

Stack Data#

Keycloak Service#

Included errata updates#