.. SPDX-FileCopyrightText: 2026 Univention GmbH .. .. SPDX-License-Identifier: AGPL-3.0-only .. _v1.19.x: ************** Version 1.19.x ************** This page shows the changelog for Nubus for Kubernetes 1.19.x: * :ref:`v1.19.0` * :ref:`v1.19.1` .. _v1.19.1: Version 1.19.1 - 2026-04-21 =========================== This is the twenty-ninth production release of Nubus for Kubernetes. .. admonition:: Upgrade path For the upgrade to version 1.19.1, your deployment must run on version 1.18.x or 1.19.0. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see :external+uv-nubus-kubernetes-operation:ref:`nubus-upgrade` in :cite:t:`uv-nubus-kubernetes-operation`. .. _v1.19.1-migration-steps: Migration steps --------------- This section lists necessary migration steps that may apply to you. You need to run them before the upgrade. Follow and apply the migration steps outlined in :ref:`v1.19.0 - Migration steps `. .. _v1.19.1-changes: Changes ------- This section lists the changes in 1.19.1 grouped by component in Nubus for Kubernetes. .. _v1.19.1-changes-keycloak-service: Keycloak service ~~~~~~~~~~~~~~~~ Upgrade Keycloak to version 26.6.1. This includes fixes for the following security findings: * :uv:cve:`2025-14083` * :uv:cve:`2026-1002` * :uv:cve:`2026-3429` * :uv:cve:`2026-3872` * :uv:cve:`2026-4282` * :uv:cve:`2026-4325` * :uv:cve:`2026-4366` * :uv:cve:`2026-4633` * :uv:cve:`2026-4634` * :uv:cve:`2026-4636` .. _v1.19.0: Version 1.19.0 - 2026-03-31 =========================== This is the twenty-eighth production release of Nubus for Kubernetes. .. admonition:: Upgrade path For the upgrade to version 1.19.0, your deployment must run on version 1.18.x. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see :external+uv-nubus-kubernetes-operation:ref:`nubus-upgrade` in :cite:t:`uv-nubus-kubernetes-operation`. .. _v1.19.0-highlights: Release highlights ------------------ Triage high CVEs across all components Nubus for Kubernetes 1.19.0 includes triage through VEX information, as well as dependency updates, to address high-severity CVEs across all components. .. _v1.19.0-migration-steps: Migration steps --------------- You need to apply the following steps **before** you run the upgrade: Upgrade OX Consumer at least to 0.36.0 If you have the *OX Consumer* deployed in your environment, upgrade it to at least version 0.36.0 before you upgrade to Nubus for Kubernetes 1.19.0. The fields of *UDM objects* returned by the *Provisioning Service* have changed, and the *OX Consumer* must be at version 0.36.0 or later to handle them correctly. For installation instructions that also apply to the upgrade, see :external+uv-packaged-integration-ox:ref:`user-provisioning-installation` in :cite:t:`uv-packaged-integration-ox`. .. _v1.19.0-changes: Changes ------- This section lists the changes in 1.19.0 grouped by component in Nubus for Kubernetes. .. _v1.19.0-changes-portal-service: Portal Service ~~~~~~~~~~~~~~ * If you have the portal configured to immediately redirect to the Keycloak login, the self-service ``/passwordreset`` modal now redirects to the ``/newpassword`` modal instead of the Keycloak login page. .. _v1.19.0-changes-stack-data: Stack Data ~~~~~~~~~~ Nubus no longer writes temporary LDAP objects, such as lock objects, to the transaction log database. This prevents the transaction log from filling up during failed operations, for example when attempting to create a user with a username that already exists. Provisioning Service ~~~~~~~~~~~~~~~~~~~~ The fields of *UDM objects* returned by the *Provisioning Service* have changed: :``uuid``: Removed. :``id``: Added. Contains the unique identifier of the object, stored in the ``univentionObjectIdentifier`` attribute. This change only affects *Provisioning Consumers* that evaluate *UDM objects* from the data in *Event objects*. This change doesn't affect *UDM objects* returned by the *UDM HTTP REST API*. For more information, see :external+uv-nubus-customization:ref:`customization-api-provisioning-udm-object` in :cite:t:`uv-nubus-customization`. Included errata updates ----------------------- Update all components in Nubus for Kubernetes to use the UCS 5.2-5 base image and include bug fixes up to :uv:erratum:`5.2x386`. For UCS errata updates, see `Security and bugfix errata for UCS 5.2 `_. Reference date is 26. March 2026. The errata updates contain fixes for the following CVEs: The errata updates contain fixes for the following CVEs: :program:`Jinja2` * :uv:cve:`2025-27516` (high) :program:`aiohttp` * :uv:cve:`2024-52303` (high), :uv:cve:`2024-52304` (high), :uv:cve:`2025-53643` (high) * :uv:cve:`2025-69223` (high), :uv:cve:`2025-69227` (high), :uv:cve:`2025-69228` (high) :program:`ajv` * :uv:cve:`2025-69873` (low) :program:`axios` * :uv:cve:`2025-58754` (high) * :uv:cve:`2026-25639` (high) * :uv:cve:`2025-27152` (medium) :program:`brace-expansion` * :uv:cve:`2025-5889` (low) :program:`keycloak-services` * :uv:cve:`2026-2575` (medium), :uv:cve:`2026-3190` (medium), :uv:cve:`2026-1035` (low) * :uv:cve:`2026-3911` (low) :program:`minimatch` * :uv:cve:`2026-26996` (high) * :uv:cve:`2026-27903` (high) * :uv:cve:`2026-27904` (high) :program:`nanoid` * :uv:cve:`2024-55565` (medium) :program:`nginx` * :uv:cve:`2026-1642` (medium) :program:`nginx-common` * :uv:cve:`2026-1642` (medium) :program:`orjson` * :uv:cve:`2025-67221` (high) :program:`postcss` * :uv:cve:`2023-44270` (medium) :program:`pydantic` * :uv:cve:`2024-3772` (high) :program:`python-multipart` * :uv:cve:`2026-24486` (high) :program:`runtime` * :uv:cve:`2025-27789` (medium) :program:`serialize-javascript` * :uv:cve:`2020-7660` (high) * :uv:cve:`2019-16769` (medium) :program:`starlette` * :uv:cve:`2023-29159` (high) * :uv:cve:`2025-62727` (high) :program:`tornado` * :uv:cve:`2024-52804` (high), :uv:cve:`2025-47287` (high), :uv:cve:`2025-67725` (high) * :uv:cve:`2025-67726` (high) :program:`urllib3` * :uv:cve:`2023-43804` (high), :uv:cve:`2025-66418` (high), :uv:cve:`2025-66471` (high) * :uv:cve:`2026-21441` (high), :uv:cve:`2025-50182` (medium)