Releases: tektoncd/hub
v1.23.5
Hub v1.23.5 π
Full Changelog: v1.23.4...v1.23.5
v1.22.8
Hub v1.22.8 π
Full Changelog: v1.22.7...v1.22.8
v1.19.3
Hub v1.19.3 π
This release includes important security updates across the API, DB, UI, and Swagger components. It updates the Go toolchain used in the API and DB Dockerfiles, upgrades key Go dependencies, and fixes multiple critical and high-severity CVEs.
π§ Go Version Upgrade
The Go version used in the API and DB Dockerfiles has been updated:
- From: golang:1.22.3-alpine3.18 To: golang:1.23-alpine3.20
π CVEs Fixed in API
CVE-2025-22869 β
CVE-2025-27144 β π₯ High
CVE-2025-22868 β π₯ High
π CVEs Fixed in UI & Swagger
CVE-2025-9287 β
CVE-2025-7783 β
CVE-2025-6545 β
CVE-2025-9288 β
CVE-2025-6547 β
CVE-2025-66031 β
CVE-2025-12816 β π₯ High
CVE-2025-64756 β π₯ High
CVE-2025-58754 β π₯ High
CVE-2024-21538 β π₯ High
CVE-2024-52798 β π₯ High
CVE-2025-59343 β π₯ High
Full Changelog: v1.19.2...v1.19.3
v1.18.3
Hub v1.18.3 π
This patch release fixes multiple critical and high-severity CVEs in the UI and Swagger components. Several vulnerable transitive dependencies have been upgraded to ensure better security and stability.
π CVEs Fixed
CVE-2025-9287 β
CVE-2025-7783 β
CVE-2025-6545 β
CVE-2025-9288 β
CVE-2025-6547 β
CVE-2025-66031 β
CVE-2025-12816 β π₯ High
CVE-2025-64756 β π₯ High
CVE-2025-58754 β π₯ High
CVE-2024-21538 β π₯ High
CVE-2024-52798 β π₯ High
CVE-2025-59343 β π₯ High
CVE-2024-21536 β π₯ High
Full Changelog: v1.18.2...v1.18.3
v1.17.2
Hub v1.17.2 π
This patch fixes several critical and high-severity CVEs in the UI and Swagger components. It includes updates to multiple transitive dependencies to improve overall security and stability.
π CVEs Fixed
CVE-2025-9287 β
CVE-2025-7783 β
CVE-2025-6545 β
CVE-2025-9288 β
CVE-2025-6547 β
CVE-2025-66031 β
CVE-2025-12816 β π₯ High
CVE-2025-64756 β π₯ High
CVE-2025-58754 β π₯ High
CVE-2024-21538 β π₯ High
CVE-2024-52798 β π₯ High
CVE-2025-59343 β π₯ High
CVE-2024-21536 β π₯ High
Full Changelog: v1.17.1...v1.17.2
v1.16.3
Hub v1.16.3 π
This patch release addresses multiple critical and high-severity CVEs affecting the UI and Swagger components.
π CVEs Fixed
CVE-2025-9287 β
CVE-2025-7783 β
CVE-2025-6545 β
CVE-2025-9288 β
CVE-2025-6547 β
CVE-2025-66031 β
CVE-2025-12816 β π₯ High
CVE-2025-64756 β π₯ High
CVE-2025-58754 β π₯ High
CVE-2024-21538 β π₯ High
CVE-2024-52798 β π₯ High
CVE-2025-59343 β π₯ High
CVE-2024-21536 β π₯ High
Full Changelog: v1.16.2...v1.16.3
v1.22.7
Hub v1.22.7 π
This patch release addresses several vulnerabilities in the UI and Swagger components, and also resolves the config.js redirection issue using a static NGINX fragment in the UI.
Full Changelog: v1.22.6...v1.22.7
v1.21.1
Hub v1.21.1 π
This patch release resolves several critical and high-severity CVEs affecting the UI and Swagger components. It includes updates to key transitive dependencies such as node-forge, cipher-base, form-data, axios, glob, and pbkdf2 to ensure improved security and stability.
Security Fixes
The following vulnerabilities have been addressed in this release:
CVE-2025-9287 β Critical
CVE-2025-7783 β Critical
CVE-2025-12816 β High
CVE-2025-64756 β High
CVE-2025-58754 β High
CVE-2025-6545 β Critical
CVE-2025-9288 β Critical
Full Changelog: v1.21.0...v1.21.1
v1.20.2
Hub v1.20.2 π
This release addresses several critical and high-severity CVEs impacting the UI and Swagger components. The updates strengthen the security posture of the project by upgrading vulnerable transitive dependencies.
π Security Fixes
The following vulnerabilities have been fixed:
CVE-2025-9287 β
CVE-2025-7783 β
CVE-2025-12816 β π₯ High
CVE-2025-64756 β π₯ High
CVE-2025-58754 β π₯ High
CVE-2025-6545 β
CVE-2025-9288 β
Full Changelog: v1.20.1...v1.20.2
v1.23.4
Hub v1.23.4 π
Full Changelog: v1.23.3...v1.23.4