.. SPDX-FileCopyrightText: 2025 Univention GmbH .. .. SPDX-License-Identifier: AGPL-3.0-only .. _v1.16.x: ************** Version 1.16.x ************** This page shows the changelog for Nubus for Kubernetes 1.16.x: * :ref:`v1.16.0` .. _v1.16.0: Version 1.16.0 - 2025-12-15 =========================== This is the twenty-fourth production release of Nubus for Kubernetes. .. admonition:: Upgrade path For the upgrade to version 1.16.0, your deployment must run on version 1.15.x. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see :external+uv-nubus-kubernetes-operation:ref:`nubus-upgrade` in :cite:t:`uv-nubus-kubernetes-operation`. .. _v1.16.0-highlights: Release highlights ------------------ SBOM/VEX attestation for all container images All images are now accompanied by a verified SBOM (Software Bill of Materials), which provides a comprehensive list of components and dependencies used in the container images. VEX (Vulnerability Exploitation :spelling:word:`eXchange`) information is also provided, enabling users to quickly identify potential vulnerabilities and take informed decisions about the urgency of updating to a new version. Triage of the VEX information is still work in progress. Univention continues to enhance the SBOM and VEX offerings, providing more detailed information and improving the user experience. .. _v1.16.0-migration-steps: Migration steps --------------- This section lists necessary migration steps that may apply to you. You need to run them **before** the upgrade. No migration steps are required for this release. .. _v1.16.0-changes: Changes ------- This section lists the changes in 1.16.0 grouped by component in Nubus for Kubernetes. .. _v1.16.0-changes-management-ui: Management UI ~~~~~~~~~~~~~ * The *Management UI* now uses an internally maintained *Memcached* deployment instead of the Bitnami *Memcached* Helm Chart. This transition doesn't require configuration changes. .. _v1.16.0-changes-provisioning: Provisioning Service ~~~~~~~~~~~~~~~~~~~~ * Adjust the policy for the ``incoming`` stream between the *UDM Transformer* and the *Provisioning Dispatcher*, to use *Interest* mode instead of *WorkQueue* mode. This change allows the *Provisioning* to work in Nubus for UCS. The system automatically migrates existing streams during the update by sealing the old stream, draining pending messages, and recreating it with the new policy. * Improve performance when handling large messages, particularly in scenarios involving group messages with extensive member lists. * Update the bundled *NATS* to version 2.12.2. .. _v1.16.0-changes-keycloak: Keycloak ~~~~~~~~ * Upgrade Keycloak to version ``26.4.6``. This includes a security fix for :uv:cve:`2025-13467`. .. _v1.16.0-changes-portal-service: Portal Service ~~~~~~~~~~~~~~ * Address a critical accessibility issue affecting visually impaired users when navigating modals. Previously, elements under the modal remained focus-able, causing difficulties for users with a screen reader. .. _v1.16.0-changes-documentation: Documentation ~~~~~~~~~~~~~ * The :cite:t:`uv-nubus-kubernetes-operation` includes SMTP server configuration for email sending. Various components in Nubus for Kubernetes require an SMTP server for sending email notifications, such as password reset emails and account verification. * For requirements, see :external+uv-nubus-kubernetes-operation:ref:`requirements-smtp`. * For configuration details, see :external+uv-nubus-kubernetes-operation:ref:`conf-smtp`. .. _v1.16.0-changes-dependencies: Included errata updates ----------------------- Update all components in Nubus for Kubernetes to use the UCS 5.2-3 base image and include bug fixes up to :uv:erratum:`5.2x298`. For UCS errata updates, see `Security and bugfix errata for UCS 5.2 `_. Reference date is 28. November 2025. The errata updates contain fixes for the following CVEs: :program:`lasso` * :uv:cve:`2025-47151` * :uv:cve:`2025-46404` * :uv:cve:`2025-46705` :program:`libxml2` * :uv:cve:`2025-49794` * :uv:cve:`2025-49796` * :uv:cve:`2025-6021`