Merge pull request #1727 from cert-manager/patch_release

inteon · web-flow · commit 02a168cd15a5 · 2025-07-02T16:34:06.000+02:00
Add patch releases v1.17.4 and v1.18.2
diff --git a/content/docs/releases/release-notes/release-notes-1.17.md b/content/docs/releases/release-notes/release-notes-1.17.md
@@ -120,6 +120,18 @@ And finally, thanks to the cert-manager steering committee for their feedback in
 - [@ianarsenault](https://github.com/ianarsenault)
 - [@TrilokGeer](https://github.com/TrilokGeer)
 
+## `v1.17.4`
+
+We fixed a bug in the CSR's name constraints construction (only applies if you have enabled the `NameConstraints` feature gate).
+
+Changes since `v1.17.3`:
+
+### Bug or Regression
+
+- BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints ([`#7832`][#7832])
+
+[#7832]: https://github.com/cert-manager/cert-manager/issues/7832
+
 ## `v1.17.3`
 
 This patch release addresses several vulnerabilities reported by the Trivy
diff --git a/content/docs/releases/release-notes/release-notes-1.18.md b/content/docs/releases/release-notes/release-notes-1.18.md
@@ -194,6 +194,21 @@ And finally, thanks to the cert-manager steering committee for their feedback in
 - [@TrilokGeer](https://github.com/TrilokGeer)
 
 
+## `v1.18.2`
+
+We fixed a bug in the CSR's name constraints construction (only applies if you have enabled the `NameConstraints` feature gate).
+We dropped the new `global.rbac.disableHTTPChallengesRole` Helm option due to a bug we found, this feature will be released in `v1.19` instead.
+
+Changes since `v1.18.1`:
+
+### Bug or Regression
+
+- BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints ([`#7833`][#7833])
+- Reverted adding the `global.rbac.disableHTTPChallengesRole` Helm option. ([`#7837`][#7837])
+
+[#7833]: https://github.com/cert-manager/cert-manager/issues/7833
+[#7837]: https://github.com/cert-manager/cert-manager/issues/7837
+
 ## `v1.18.1`
 
 We have added a new feature gate `ACMEHTTP01IngressPathTypeExact`, to allow
diff --git a/content/docs/variables.json b/content/docs/variables.json
@@ -1,3 +1,3 @@
 {
-  "cert_manager_latest_version": "v1.18.0"
+  "cert_manager_latest_version": "v1.18.2"
 }
diff --git a/content/v1.17-docs/variables.json b/content/v1.17-docs/variables.json
@@ -1,3 +1,3 @@
 {
-  "cert_manager_latest_version": "v1.17.3"
+  "cert_manager_latest_version": "v1.17.4"
 }

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`{`
`2`		`- "cert_manager_latest_version": "v1.18.0"`
	`2`	`+ "cert_manager_latest_version": "v1.18.2"`
`3`	`3`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`{`
`2`		`- "cert_manager_latest_version": "v1.17.3"`
	`2`	`+ "cert_manager_latest_version": "v1.17.4"`
`3`	`3`	`}`