0.26.8

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.8

Chart changes

• cap-app-proxy & cap-app-proxy-init: fix: bump app proxy with revert of git provider new support for 0.26 (#1079)

0.27.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.2

Chart changes

• fix: deleted git-source appears in application dashboard (#1075)

0.27.1

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.1

Chart changes

• cap-app-proxy & cap-app-proxy-init: fix security vulnerability in qs library CVE-2025-15284

0.27.0

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.0

Breaking Changes

Argo Rollouts Removed

Argo Rollouts controller has been removed from the gitops-runtime helm chart (#1051). If you depend on Argo Rollouts, you will need to install it separately.

Argo Events Removed

Argo Events controller has been removed from the gitops-runtime helm chart (#1057). If you depend on Argo Events, you will need to install it separately.

Runtime Redis Disabled by Default

Redis is now disabled by default (#927). Set redis-ha.enabled: true if needed.

What's New

Enhanced Runtime Uninstallation & Cleanup

We have significantly improved the uninstallation process to ensure a "zero-footprint" state:

• Shared Configuration Cleanup - The uninstallation now includes the ability to clean up the desired state stored in the Internal Shared Configuration Repository
• Cluster Hygiene - Improved command execution ensures that no stale runtime components or orphan resources remain on your cluster

ArgoCD Sync & Deletion Guardrails

The App-proxy now supports native ArgoCD resource annotations for Confirmation on Delete and Prune. This acts as a safety gate, requiring manual confirmation in the UI before a sync operation can delete or prune a specific resource (#1046).

• Sync Options - Prune Confirmation support
• Application Deletion - Added support for confirmation prompts before deleting an entire application

Improved Installation Wizard

The newest runtime installation flow features a drastically improved UX and ease of use.

• Expanded Git Support - Full support for Bitbucket, Bitbucket Server, and GitLab is now integrated into the streamlined installation wizard

Other Improvements

• Run without Redis - The runtime can now operate without Redis configured, providing more flexible deployment options (#919)
• MRC change revisions annotations - New support for MRC change revisions annotations in cf-argocd-extras (#1005)
• Event-reporter enhancements - Added deleted field to app event payload for better tracking (#1039)
• Checksum annotations - Config changes now trigger proper pod restarts (#938)
• Namespace-scoped Argo Workflows - Argo Workflows now runs namespace-scoped by default (#920)

Bug Fixes

• Fixed transient error handling on app sync failure (#922)
• Fixed issue where simple runtime applications ended up being out-of-sync
• Removed git commit statuses from gitops-operator (#940)

Security

• Fixed security vulnerabilities in argo-workflows (#1047, #948)

0.26.7

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.7

Chart changes

• enrichment-images: fixed security vulnerabilities CVE-2025-15284, CVE-2025-14104, CVE-2025-66382, CVE-2025-13836 and CVE-2025-13837

0.26.6

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.6

Chart changes

• updated argo-cd to 3.2.3 (#1036)
• app-proxy: fixed security vulnerabilities CVE-2025-61729 and CVE-2025-61727 (#1048)
• app-proxy-init: fixed security vulnerabilities CVE-2016-2781 and CVE-2024-10041 (#1048)
• cf-argocd-extras: fixed security vulnerabilities CVE-2025-58181, CVE-2025-13281, CVE-2025-61727 and CVE-2025-61729 (#1033)
• kubectl: fixed security vulnerabilities CVE-2025-47912, CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189 and CVE-2025-61723 for redis-secret-init job (#1040)
• sealed-secrets-controller: fixed security vulnerabilities CVE-2025-47912, CVE-2025-58181, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61727 and CVE-2025-61729 (#1038)

0.26.5

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.5

Chart changes

• fix(codefresh-gitops-operator): security vulnerability CVE-2025-66626 (#1026)

0.26.4

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.4

Chart changes

• fix(codefresh-tunnel-client): security vulnerabilities CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-46394, CVE-2024-58251 (#1025)
• chore: update argocd to v3.2.2 (#1020)

0.26.3

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.3

Chart changes

• fix: security fixes for enrichment images (CVE-2025-64756, CVE-2025-65945, CVE-2025-66031, CVE-2025-12816, CVE-2025-8291, CVE-2025-6075, CVE-2025-12084) (#1012)
• fix: cap-app-proxy SA should get argo-server Role to handle Workflow resources (#1009)
• updated nats-server-config-reloader (#1004)

app-proxy changes

update image to 5f0a3d5

• feat: simplify clusters add/remove logic (#1001)

0.26.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.2

Chart changes

• build: upgrade argo-workflows (#998)