Version 1.19.x

This page shows the changelog for Nubus for Kubernetes 1.19.x:

• Version 1.19.0 - 2026-03-31

Version 1.19.0 - 2026-03-31

This is the twenty-eighth production release of Nubus for Kubernetes.

Upgrade path

For the upgrade to version 1.19.0, your deployment must run on version 1.18.x. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see Upgrade in Univention Nubus for Kubernetes - Operation Manual [1].

Release highlights

Triage high CVEs across all components

Nubus for Kubernetes 1.19.0 includes triage through VEX information, as well as dependency updates, to address high-severity CVEs across all components.

Migration steps

You need to apply the following steps before you run the upgrade:

Upgrade OX Consumer at least to 0.36.0

If you have the OX Consumer deployed in your environment, upgrade it to at least version 0.36.0 before you upgrade to Nubus for Kubernetes 1.19.0. The fields of UDM objects returned by the Provisioning Service have changed, and the OX Consumer must be at version 0.36.0 or later to handle them correctly. For installation instructions that also apply to the upgrade, see Install consumer in OX App Suite packaged integration for Nubus for Kubernetes [2].

Changes

This section lists the changes in 1.19.0 grouped by component in Nubus for Kubernetes.

Portal Service

• If you have the portal configured to immediately redirect to the Keycloak login, the self-service /passwordreset modal now redirects to the /newpassword modal instead of the Keycloak login page.

Stack Data

Nubus no longer writes temporary LDAP objects, such as lock objects, to the transaction log database. This prevents the transaction log from filling up during failed operations, for example when attempting to create a user with a username that already exists.

Provisioning Service

The fields of UDM objects returned by the Provisioning Service have changed:

uuid:

Removed.

id:

Added. Contains the unique identifier of the object, stored in the univentionObjectIdentifier attribute.

This change only affects Provisioning Consumers that evaluate UDM objects from the data in Event objects. This change doesn’t affect UDM objects returned by the UDM HTTP REST API. For more information, see UDM object in Event objects in Nubus - Customization and Modification Manual [3].

Included errata updates

Update all components in Nubus for Kubernetes to use the UCS 5.2-5 base image and include bug fixes up to UCS 5.2 erratum 386. For UCS errata updates, see Security and bugfix errata for UCS 5.2. Reference date is 26. March 2026.

The errata updates contain fixes for the following CVEs: The errata updates contain fixes for the following CVEs:

Jinja2

• CVE-2025-27516 (high)

aiohttp

• CVE-2024-52303 (high), CVE-2024-52304 (high), CVE-2025-53643 (high)

• CVE-2025-69223 (high), CVE-2025-69227 (high), CVE-2025-69228 (high)

ajv

• CVE-2025-69873 (low)

axios

• CVE-2025-58754 (high)

• CVE-2026-25639 (high)

• CVE-2025-27152 (medium)

brace-expansion

• CVE-2025-5889 (low)

keycloak-services

• CVE-2026-2575 (medium), CVE-2026-3190 (medium), CVE-2026-1035 (low)

• CVE-2026-3911 (low)

minimatch

• CVE-2026-26996 (high)

• CVE-2026-27903 (high)

• CVE-2026-27904 (high)

nanoid

• CVE-2024-55565 (medium)

nginx

• CVE-2026-1642 (medium)

nginx-common

• CVE-2026-1642 (medium)

orjson

• CVE-2025-67221 (high)

postcss

• CVE-2023-44270 (medium)

pydantic

• CVE-2024-3772 (high)

python-multipart

• CVE-2026-24486 (high)

runtime

• CVE-2025-27789 (medium)

serialize-javascript

• CVE-2020-7660 (high)

• CVE-2019-16769 (medium)

starlette

• CVE-2023-29159 (high)

• CVE-2025-62727 (high)

tornado

• CVE-2024-52804 (high), CVE-2025-47287 (high), CVE-2025-67725 (high)

• CVE-2025-67726 (high)

urllib3

• CVE-2023-43804 (high), CVE-2025-66418 (high), CVE-2025-66471 (high)

• CVE-2026-21441 (high), CVE-2025-50182 (medium)