v0.25.1

[gardener/external-dns-management]

🐛 Bug Fixes

• [USER] Ensure ignored entries are not deleted on cleanup in an edge case. by @MartinWeindel [#505]

🏃 Others

• [USER] [provider type openstack-designate] Allow secret key authURL as alias of OS_AUTH_URL by @MartinWeindel [#504]
• [OPERATOR] Bump openstack-designate provider library gophercloud from version v0.24.0 to v2.7.0. by @MartinWeindel [#481]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.25.1

Container (OCI) Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.25.1

v0.25.0

[gardener/external-dns-management]

✨ New Features

• [USER] [alicloud-dns] Add support for weighted routing policy. More details see https://github.com/gardener/external-dns-management/tree/master/docs/alicloud-dns#routing-policy by @MartinWeindel [#461]

🐛 Bug Fixes

• [USER] Fix update of status for source DNSEntries if they are very old, as the heuristics for old entries without generateName field did not work. by @MartinWeindel [#466]

🏃 Others

• [DEVELOPER] cleanup: drop unused (and outdated) script by @ccwienk [#465]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.25.0

Container (OCI) Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.25.0

v0.24.0

[gardener/external-dns-management]

🛡️ Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2025-47282: Malicious google credential in DNS secret can lead to privilege escalation

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed.

Affected Versions:

• external-dns-management < 0.23.6

Fixed Versions:

• external-dns-management >= 0.23.6

CVSS Rating: Critical (9.9) CVSS:3.0/av:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

🏃 Others

• [OPERATOR] DNSOwner resources are now completely ignored by @MartinWeindel [#446]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.24.0

Container (OCI) Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.24.0

v0.23.6

[gardener/external-dns-management]

🛡️ Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2025-47282: Malicious google credential in DNS secret can lead to privilege escalation

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed.

Affected Versions:

• external-dns-management < 0.23.6

Fixed Versions:

• external-dns-management >= 0.23.6

CVSS Rating: Critical (9.9) CVSS:3.0/av:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

✨ New Features

• [USER] Introduce values reconcile and full for annotation dns.gardener.cloud/ignore. While the value reconcile (and its already existing alias true) only ignore reconciliation but not deletion to avoid orphan DNS records, the value full also ignores the records on deletion. by @MartinWeindel [#455]

🏃 Others

• [OPERATOR] Ensure valid project_id for google-clouddns provider. by @MartinWeindel [#459]
• [OPERATOR] Periodic feedback events on errors every 15 minutes. by @MartinWeindel [#458]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.23.6

Container (OCI) Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.23.6

v0.23.4

[gardener/external-dns-management]

🐛 Bug Fixes

• [USER] Fix source controllers for source resources with very long names to avoid missing updates from the target DNSEntries. by @MartinWeindel [#440]
• [OPERATOR] Make stale status more robust for resolved targets on DNS server failure. by @MartinWeindel [#434]

🏃 Others

• [OPERATOR] Update base image from debian11 to debian12 by @MartinWeindel [#443]
• [OPERATOR] Drop obsolete permissions; delete obsolete cleanup of CRDs by @MartinWeindel [#445]
• [OPERATOR] [cloudflare provider] Fix for updating and deleting DNS records by @MartinWeindel [#433]
• [OPERATOR] Fix region for aws-route53 provider using webidentity by @MartinWeindel [#430]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.23.4

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.23.4

v0.23.1

[gardener/external-dns-management]

✨ New Features

• [OPERATOR] Introduce multi-arch build for linux/arm64 images. by @marc1404 [#413]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.23.1

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.23.1

v0.23.0

[gardener/external-dns-management]

⚠️ Breaking Changes

• [USER] The creation and management of metadata DNS records holding the owner identifier for each DNSEntry has been removed. These metadata DNS records will be removed automatically.
  For more details, please see https://github.com/gardener/external-dns-management/tree/master?tab=readme-ov-file#important-note-support-for-owner-identifiers-is-discontinued by @MartinWeindel [#403]

🐛 Bug Fixes

• [OPERATOR] Ignore TTL on comparing alias records for remote provider by @MartinWeindel [#411]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.23.0

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.23.0

v0.22.2

[gardener/external-dns-management]

🐛 Bug Fixes

• [OPERATOR] Deletion of source DNSEntries must wait for completed deletion of target entries. by @MartinWeindel [#407]

🏃 Others

• [OPERATOR] introduce dns.gardener.cloud/target-hard-ignore annotation by @MartinWeindel [#404]
• [OPERATOR] Use AWS SDK v2 for the aws-route53 provider by @MartinWeindel [#400]
• [OPERATOR] Bumps golang from 1.23.3 to 1.23.4. by @dependabot[bot] [#401]
• [OPERATOR] Remove annotation gardener.cloud/operation=reconcile on reconciliation by @MartinWeindel [#406]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.22.2

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.22.2

v0.22.1

[gardener/external-dns-management]

📰 Noteworthy

• [OPERATOR] gosec was introduced for Static Application Security Testing (SAST). by @MartinWeindel [#394]

🏃 Others

• [OPERATOR] Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [#398]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.22.1

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.22.1

v0.22.0

[gardener/external-dns-management]

✨ New Features

• [OPERATOR] Adds PowerDNS as additional provider by @simcod [#390]
• [OPERATOR] The Helm chart is published as OCI artifacts now. by Rafael Franzke <[email protected]> [$9216e85f29cab534dc8284e54ed081249a1e4299]

🏃 Others

• [OPERATOR] Bumps golang from 1.23.1 to 1.23.2. by @dependabot[bot] [#393]
• [OPERATOR] Bumps golang from 1.23.0 to 1.23.1. by @dependabot[bot] [#392]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.22.0

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.22.0