# Release notes for Serving 1.9 ###### tags: `Release Notes` `Serving` # Changelog since 1.8 ## 🚨 Breaking or Notable - Knative will now _warn_ (but not error) when creating or updating a PodSpec where containers have additional privilege due to unset SecurityContext values. Explicitly setting these values to any setting, including high-privilege ones, will disable this warning. These fields are: - `runAsNonRoot` (empty means `false`) - `allowPrivilegeEscalation` (empty means `true`) - `seccompProfile.type` (empty string means `Unconfined`) - `capabilities.drop` (default maintains privileges, use `ALL` to drop unneeded linux capabilities) (#13399, @evankanderson) ## 💫 New Features & Changes - Net-contour respects the `internal-encryption` Knative configuration, and encrypts traffic from Contour controlled Envoy to Activator. Requires Contour 1.24.0 or greater (#819, @KauzClay) - Adds the `secure-pod-defaults` feature, which is defaulted to Disabled in this release. When enabled, containers described by users will have best-practice SecurityContext features enabled unless insecure settings are specifically requested. (#13398, @evankanderson) - Work around for cert-manager not allowing us to create certs for 64+ bytes name ksvc (#13569, @KauzClay and @dprotaso) - Autoscaler now runs a single leader election go routine (#13585, @dprotaso) ### Small Improvements - Add `app` label to Service selector for `webhook` and `domainmapping-webhook`. (#13265, @a7i) - Upgrade tests now stream logs from user and system namespace. The logs are printed on failure. (#13587, @mgencur) - net-kourier deployments now have Prometheus scraping annotations (#978, @evankanderson) - net-kourier deployments now have resource requests and limits ### Bug or Regression - Changes to Pod or Revision-level defaults during Knative upgrades will no longer be attempted (and failed) when supplying your own Revision name. (#13565, @evankanderson) - net-contour would erroneously redirect cluster-local endpoints to HTTPS URLs when AutoTLS was enabled _and_ `default-tls-secret` was set. (@jsanin-vmw) - Improved truncation of long generated names, which would sometimes produce invalid kubernetes resource names. (#847, @KauzClay) ## Dependencies ### Added _Nothing has changed._ ### Changed - go.uber.org/goleak: v1.1.12 → v1.2.0 - k8s.io/api: v0.25.2 → v0.25.4 - k8s.io/apiextensions-apiserver: v0.25.2 → v0.25.4 - k8s.io/apimachinery: v0.25.2 → v0.25.4 - k8s.io/apiserver: v0.25.2 → v0.25.4 - k8s.io/client-go: v0.25.2 → v0.25.4 - k8s.io/code-generator: v0.25.2 → v0.25.4 - k8s.io/component-base: v0.25.2 → v0.25.4 - k8s.io/gengo: 397b4ae → fad74ee - k8s.io/klog/v2: 0990e81 → 9ae4992 - k8s.io/utils: ee6ede2 → 8e77b1f - knative.dev/caching: ce26e92 → 7a31fde - knative.dev/control-protocol: 3e2f878 → cffe208 - knative.dev/hack: 3fdc50b → c7cfcb0 - knative.dev/networking: 58f3e62 → db2bcbe - knative.dev/pkg: b78020c → 247510c - knative.dev/reconciler-test: 090970c → 894bc70 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.32 → v0.0.33 ### Removed _Nothing has changed._ # Release notes for Eventing 1.9 ###### tags: `Release Notes` `Eventing` # Changelog since 1.8 ## 🚨 Breaking or Notable ## 💫 New Features & Changes - 📄 ApiServerSource can specify a selector to target one or more namespaces. If the selector is missing, it will default to targeting the namespace in which the source resides (#6665, @gab-satchi) ## Bug fixes - 🐛 Fixes an issue where creating a Trigger before a RabbitMQ Broker could create an invalid Trigger. (#1018, @gab-satchi) ## Dependencies ### Added _Nothing has changed._ ### Changed - github.com/cloudevents/sdk-go/observability/opencensus/v2: [v2.12.0 → v2.13.0](https://github.com/cloudevents/sdk-go/observability/opencensus/v2/compare/v2.12.0...v2.13.0) - github.com/cloudevents/sdk-go/sql/v2: [52b1227 → v2.13.0](https://github.com/cloudevents/sdk-go/sql/v2/compare/52b1227...v2.13.0) - github.com/cloudevents/sdk-go/v2: [v2.12.0 → v2.13.0](https://github.com/cloudevents/sdk-go/v2/compare/v2.12.0...v2.13.0) - go.uber.org/goleak: v1.1.11 → v1.2.0 - k8s.io/api: v0.25.2 → v0.25.4 - k8s.io/apiextensions-apiserver: v0.25.2 → v0.25.4 - k8s.io/apimachinery: v0.25.2 → v0.25.4 - k8s.io/apiserver: v0.25.2 → v0.25.4 - k8s.io/client-go: v0.25.2 → v0.25.4 - k8s.io/code-generator: v0.25.2 → v0.25.4 - k8s.io/component-base: v0.25.2 → v0.25.4 - k8s.io/gengo: 397b4ae → fad74ee - k8s.io/klog/v2: 0990e81 → 9ae4992 - k8s.io/utils: ee6ede2 → 8e77b1f - knative.dev/hack/schema: 3fdc50b → c7cfcb0 - knative.dev/hack: 3fdc50b → c7cfcb0 - knative.dev/pkg: 714b763 → 247510c - knative.dev/reconciler-test: f3175ad → 476a442 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.32 → v0.0.33 ### Removed _Nothing has changed._ # Release notes for Functions & Client 1.9 ###### tags: `Release Notes` `Eventing` # Changelog Since 1.8 # Changelog since 1.8 ## 🚨 Breaking or Notable ## 💫 New Features & Changes - The springboot function templates have been updated to use Spring Boot 3.0 and the new Spring 6.0 AOT support. Note: this requires Java 17 when building locally. (#1509, @trisberg) - Node.js and TypeScript functions now support ESM modules (#1468, @lance) - `quickstart` plugin will now create a local registry. (#376, @ehudyonasi) ## Small Improvements - Updated `springboot` function templates to use Spring Boot version 2.7.7 (#1502, @trisberg) - Updates the quickstart version of Kubernetes to v1.25.3. Also updates the recommended versions of kind and minikube to 0.16 and 1.28, respectively. (#368, @psschwei) - `quickstart` will exit quickly if Knative namespace already exist in cluster. (#379, @ehudyonasi) ### Bug or Regression - Fix: envvar parsing for pack tekton task when envvar contains the `=` char (#1512, @matejvasek) - Fixes a bug preventing autoscaling options from being applied (#1482, @zroubalik) - Fixes a bug where --path was sometimes not evaluated. (#1519, @lkingland) ### Other (Cleanup or Flake) - Fixes an issue for developers where code in the test package would not be fully supported by some IDEs (#1503, @lkingland) - Update the error message when neither the --registry flag nor the FUNC_REGISTRY environment variable are set (#1510, @lance) ## Dependencies ### Added - cloud.google.com/go/accessapproval: v1.5.0 - cloud.google.com/go/accesscontextmanager: v1.4.0 - cloud.google.com/go/aiplatform: v1.24.0 - cloud.google.com/go/analytics: v0.12.0 - cloud.google.com/go/apigateway: v1.4.0 - cloud.google.com/go/apigeeconnect: v1.4.0 - cloud.google.com/go/appengine: v1.5.0 - cloud.google.com/go/area120: v0.6.0 - github.com/juju/ratelimit: [v1.0.1](https://github.com/juju/ratelimit/tree/v1.0.1) - github.com/julz/importas: [841f0c0](https://github.com/julz/importas/tree/841f0c0) - github.com/k0kubun/colorstring: [9440f19](https://github.com/k0kubun/colorstring/tree/9440f19) - github.com/kulti/thelper: [v0.4.0](https://github.com/kulti/thelper/tree/v0.4.0) - github.com/kunwardeep/paralleltest: [v1.0.3](https://github.com/kunwardeep/paralleltest/tree/v1.0.3) - github.com/kyoh86/exportloopref: [v0.1.8](https://github.com/kyoh86/exportloopref/tree/v0.1.8) - github.com/ldez/gomoddirectives: [v0.2.2](https://github.com/ldez/gomoddirectives/tree/v0.2.2) - github.com/ldez/tagliatelle: [v0.2.0](https://github.com/ldez/tagliatelle/tree/v0.2.0) - github.com/letsencrypt/pkcs11key/v4: [v4.0.0](https://github.com/letsencrypt/pkcs11key/v4/tree/v4.0.0) - github.com/lufia/plan9stats: [39d0f17](https://github.com/lufia/plan9stats/tree/39d0f17) - github.com/mbilski/exhaustivestruct: [v1.2.0](https://github.com/mbilski/exhaustivestruct/tree/v1.2.0) - github.com/mgechev/dots: [e955255](https://github.com/mgechev/dots/tree/e955255) - github.com/mgechev/revive: [v1.1.2](https://github.com/mgechev/revive/tree/v1.1.2) - github.com/mohae/deepcopy: [c48cc78](https://github.com/mohae/deepcopy/tree/c48cc78) - github.com/moricho/tparallel: [v0.2.1](https://github.com/moricho/tparallel/tree/v0.2.1) - github.com/mozilla/scribe: [fb71baf](https://github.com/mozilla/scribe/tree/fb71baf) - github.com/mwitkow/go-proto-validators: [v0.2.0](https://github.com/mwitkow/go-proto-validators/tree/v0.2.0) - github.com/nishanths/exhaustive: [v0.2.3](https://github.com/nishanths/exhaustive/tree/v0.2.3) - github.com/nishanths/predeclared: [v0.2.1](https://github.com/nishanths/predeclared/tree/v0.2.1) - github.com/otiai[10](https://github.com/knative/func/actions/runs/4027570154/jobs/6923452890#step:6:11)/curr: [v1.0.0](https://github.com/otiai10/curr/tree/v1.0.0) - github.com/otiai10/mint: [v1.3.1](https://github.com/otiai10/mint/tree/v1.3.1) - github.com/pelletier/go-buffruneio: [v0.2.0](https://github.com/pelletier/go-buffruneio/tree/v0.2.0) - github.com/polyfloyd/go-errorlint: [910bb79](https://github.com/polyfloyd/go-errorlint/tree/910bb79) - github.com/pseudomuto/protoc-gen-doc: [v1.3.2](https://github.com/pseudomuto/protoc-gen-doc/tree/v1.3.2) - github.com/pseudomuto/protokit: [v0.2.0](https://github.com/pseudomuto/protokit/tree/v0.2.0) - github.com/quasilyte/go-ruleguard/dsl: [v0.3.10](https://github.com/quasilyte/go-ruleguard/dsl/tree/v0.3.10) - github.com/quasilyte/go-ruleguard/rules: [545e0d2](https://github.com/quasilyte/go-ruleguard/rules/tree/545e0d2) - github.com/quasilyte/regex/syntax: [30656e2](https://github.com/quasilyte/regex/syntax/tree/30656e2) - github.com/rs/cors: [v1.7.0](https://github.com/rs/cors/tree/v1.7.0) - github.com/ryanrolds/sqlclosecheck: [v0.3.0](https://github.com/ryanrolds/sqlclosecheck/tree/v0.3.0) - github.com/sanposhiho/wastedassign/v2: [v2.0.6](https://github.com/sanposhiho/wastedassign/v2/tree/v2.0.6) - github.com/shazow/go-diff: [b6b7b67](https://github.com/shazow/go-diff/tree/b6b7b67) - github.com/shirou/gopsutil/v3: [v3.21.10](https://github.com/shirou/gopsutil/v3/tree/v3.21.10) - github.com/sivchari/tenv: [v1.4.7](https://github.com/sivchari/tenv/tree/v1.4.7) - github.com/sonatard/noctx: [v0.0.1](https://github.com/sonatard/noctx/tree/v0.0.1) - github.com/src-d/gcfg: [v1.4.0](https://github.com/src-d/gcfg/tree/v1.4.0) - github.com/ssgreg/nlreturn/v2: [v2.2.1](https://github.com/ssgreg/nlreturn/v2/tree/v2.2.1) - github.com/sylvia7788/contextcheck: [v1.0.4](https://github.com/sylvia7788/contextcheck/tree/v1.0.4) - github.com/tenntenn/modver: [v1.0.1](https://github.com/tenntenn/modver/tree/v1.0.1) - github.com/tenntenn/text/transform: [7eef5[12](https://github.com/knative/func/actions/runs/4027570154/jobs/6923452890#step:6:13)](https://github.com/tenntenn/text/transform/tree/7eef512) - github.com/tklauser/go-sysconf: [v0.3.9](https://github.com/tklauser/go-sysconf/tree/v0.3.9) - github.com/tklauser/numcpus: [v0.3.0](https://github.com/tklauser/numcpus/tree/v0.3.0) - github.com/tomarrell/wrapcheck/v2: [v2.4.0](https://github.com/tomarrell/wrapcheck/v2/tree/v2.4.0) - github.com/tomasen/realip: [f0c99a9](https://github.com/tomasen/realip/tree/f0c99a9) - github.com/tommy-muehle/go-mnd/v2: [v2.4.0](https://github.com/tommy-muehle/go-mnd/v2/tree/v2.4.0) - github.com/viki-org/dnscache: [c70c1f2](https://github.com/viki-org/dnscache/tree/c70c1f2) - github.com/xo/terminfo: [ca9a967](https://github.com/xo/terminfo/tree/ca9a967) - github.com/yeya24/promlinter: [v0.1.0](https://github.com/yeya24/promlinter/tree/v0.1.0) - github.com/yudai/gojsondiff: [v1.0.0](https://github.com/yudai/gojsondiff/tree/v1.0.0) - github.com/yudai/golcs: [ecda9a5](https://github.com/yudai/golcs/tree/ecda9a5) - github.com/yudai/pp: [v2.0.1+incompatible](https://github.com/yudai/pp/tree/v2.0.1) - go.mozilla.org/mozlog: 4bb[13](https://github.com/knative/func/actions/runs/4027570154/jobs/6923452890#step:6:14)13 - go.uber.org/tools: 2cfd3[21](https://github.com/knative/func/actions/runs/4027570154/jobs/6923452890#step:6:22) - gopkg.in/natefinch/npipe.v2: c1b8fa8 - gopkg.in/src-d/go-billy.v4: v4.3.2 - gopkg.in/src-d/go-git-fixtures.v3: v3.5.0 - gopkg.in/src-d/go-git.v4: v4.13.1 - mvdan.cc/gofumpt: v0.1.1