v0.7.4

Maintenance release. Contains fixes for CVE-2025-47907 and GHSA-2464-8j7c-4cjm. Note that CAPMOX is not affected by the former as it does not use any of the affected routines.

CAPMOX now requires Go 1.24.6 (or higher).

What's Changed

Bugfixes

• Add missing RBAC for patching Cluster #520

Misc

• build(deps): bump golang.org/x/tools from 0.34.0 to 0.35.0 #511
• go: bump to 1.24 #507
• update go and go-viper/mapstructure/v2

Full Changelog: v0.7.3...v0.7.4

v0.7.3

Interim maintenance release. Contains a bugfix and a fix for CVE-2025-22868: https://github.com/ionos-cloud/cluster-api-provider-proxmox/security/dependabot/12
We believe exploitability is low in this case as CAPMOX does not make use of OAuth2 and the package is only pulled in as an indirect dependency.

What's Changed

Bugfix

• Missing RBAC for patching Cluster #520

Misc

• Bump golang.org/x/oauth2 to 0.28.0

Full Changelog: v0.7.2...v0.7.3

v0.7.2

Interim maintenance release. Contains fixes for two mild security issues with low impact and low exploitability:

https://github.com/ionos-cloud/cluster-api-provider-proxmox/security/dependabot/10
https://github.com/ionos-cloud/cluster-api-provider-proxmox/security/dependabot/11

What's Changed

Features

• Support for linked clones @LukasK32 #478

Bugfixes

• Failed Cluster with missing credentialsRef never reconciles #484 #486

Misc

• Docs for the new v0.7 features #453
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 #503
• Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 #498
• Lots of dependency updates

New Contributors

• @LukasK32 made their first contribution in #478

Full Changelog: v0.7.1...v0.7.2

v0.7.1

This is a security and a bugfix update.

No features were added.

Some CAPMOX setups may be vulnerable to CVE-2025-22871 aka GO-2025-3563. This release bumps the minimum Go version to 1.23.8 which has the fix.

We have also identified bug #484 which may not always get triggered but when it does the cluster remains stuck in a Failed state. This release contains the fix.

What's Changed

• Bump the minimum Go version to 1.23.8 to deal with GO-2025-3563
• Fix #484

Full Changelog: v0.7.0...v0.7.1

v0.7.0

CAPMOX now supports Go 1.23, CAPI 1.9, Kubernetes 1.31.

The 0.7 branch is likely to be the the end of v1alpha1. We will be focusing on v1alpha2 for 0.8.0.

We would like to extend our gratitude to the external contributors and our whole community. You are the proof that the corporate-led open source model works.

What's Changed

Features

• Optional TLS certificate checking @Luzifer #336
• Support for restricted pod security profile @rybnico #358
• Add kubernetes-version/injectKubernetesVersion to Metadata @rybnico #360
• Vmtemplate selection based on tags #343
• Support for overriding allowed nodes when provisioning #423
• Leader election lease related flags @nikParasyr #421
• Custom machine tags #158
• IP pool support #429

Bugfixes

• Fail-fast e2e behavior @MCMXCIII #359
• Add tag validation to MatchTags #410

Misc

• Refactoring: move NetworkConfigData out of cloudinit pkg #378
• Scan container images with Trivy #368
• Improvements to workflow security, thanks @avivkeller for the report

New Contributors

• @Luzifer made their first contribution in #336
• @MCMXCIII made their first contribution in #359
• @nikParasyr made their first contribution in #421
• @avivkeller reported the workflow vulnerabilities

Full Changelog: v0.6.2...v0.7.0

v0.6.2

This is a security update

We are releasing this update out of abundance of caution.
We believe CAPMOX code itself does not use golang.org/x/crypto in an exploitable manner but a dependency might.

See https://github.com/ionos-cloud/cluster-api-provider-proxmox/security/dependabot/7

What's Changed

• build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 #365

Full Changelog: v0.6.1...v0.6.2

v0.6.1

This is a bugfix release. No features were added.

What's Changed

• bootstrap: default to format=cloud-config #355

Full Changelog: v0.6.0...v0.6.1

v0.6.0

Note: This release does not yet include the planned API changes. We decided to postpone them for now.

This release adds support for Flatcar.
provider-id has been made optional to address issues found by Talos users, amongst others.
Externally-managed control plane support improves Kamaji support.
There are also a number of tooling and testing improvements that help us keep the code nice and tidy.
CAPMOX now supports Go 1.22, CAPI 1.8, Kubernetes 1.30.

We are very happy to see great engagement from the community and would like to thank all the external contributors who submitted requests, features, bug fixes (and reports!) for this release.

What's Changed

Features

• cloud-init: Add provider-id to metadata by @ekarlso in #292
• Support toggling provisioning checks by @ekarlso in #290
• feat: support for externally managed control plane by @prometherion in #106
• feat: Add ability to specify range of VM IDs to use by @rybnico in #286

Bugfixes

• Fix CNI cluster templates #264
• Check if VM exists before deletion by @rybnico in #278
• fix/cluster state failed reconcile #317
• Add Option to control the injection of provider-id to metadata #347

Misc

• Updating Development.md to include remote debugging by @justinas-b in #254
• Adding Finalizer on Secret by @erwin-kok in #279
• Add documentation for Proxmox RBAC with least privileges by @rybnico in #307
• Improve docker build workflow in forks by @isZumpo in #337

New Contributors

• @justinas-b made their first contribution in #254
• @rybnico made their first contribution in #278
• @ekarlso made their first contribution in #292
• @erwin-kok made their first contribution in #279
• @prometherion made their first contribution in #106

Full Changelog: v0.5.1...v0.6.0

v0.5.1

This is a maintenance and bugfix release. No features were added.

What's Changed

Bugfixes

• cluster-template-external-creds: Fix name of the Secret by @tbabej #233
• mockery fixes #235 #236
• api/v1alpha1/proxmoxcluster_types: validate controlplane port #241
• Use cluster namespace if no namespace provided in credentials Ref #248
• Remove unnecessary config #244

New Contributors

• @tbabej made their first contribution in #233

Full Changelog: v0.5.0...v0.5.1

v0.5.0

This release adds support for external credentials allowing for handling multiple Proxmox VE clusters.
It also adds support for setting the metric on gateways allowing for using multiple gateways.
CAPMOX now supports CAPI 1.7.2.

What's Changed

Features

• 🔥 Add external credentials #215
• Add metric annotation support to IPPool objects #228

Bugfixes

• refactor: remove duplicate line in yamllint config file by @jonasrdl in #204
• Fix ipv4config error in example cluster-class by @isZumpo in #209

Misc

• CAPI 1.7.2 #222

New Contributors

• @jonasrdl made their first contribution in #204
• @isZumpo made their first contribution in #209

Full Changelog: v0.4.0...v0.5.0