Merge e9941653dc into ce7b7612ae

chore(main): release 0.11.1
Signed-off-by: Peggie <info@cloudnative-pg.io>
2026-03-09 12:12:21 +01:00 · 2026-03-06 09:51:44 +00:00 · 2026-03-06 10:51:40 +01:00 · 2026-03-06 10:37:54 +01:00 · 2026-03-06 12:42:04 +11:00
6 changed files with 18 additions and 7 deletions
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@ -51,10 +51,12 @@ jobs:
      # We use a GitHub token with write permissions to create the release,
      # otherwise we won't be able to trigger a new run when pushing on main.
      - name: Run release-please
+        env:
+          REPO_URL: ${{ github.repository }}
        run: |
          npx release-please release-pr \
            --token="${{ secrets.REPO_PAT }}" \
-            --repo-url="${{ github.repository }}"
+            --repo-url="${REPO_URL}"
          npx release-please github-release \
            --token="${{ secrets.REPO_PAT }}" \
-            --repo-url="${{ github.repository }}"
+            --repo-url="${REPO_URL}"
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@ -1,3 +1,3 @@
 {
-  ".": "0.11.0"
+  ".": "0.11.1"
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,14 @@
 # Changelog

+## [0.11.1](https://github.com/cloudnative-pg/plugin-barman-cloud/compare/v0.11.0...v0.11.1) (2026-03-06)
+
+
+### Bug Fixes
+
+* **deps:** Update all non-major go dependencies ([#751](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/751)) ([5001fe7](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/5001fe783130fb57a3881da3e4f534a658e3b654))
+* **deps:** Update module github.com/cert-manager/cert-manager to v1.19.3 [security] ([#775](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/775)) ([79238f5](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/79238f5772cbf7e98a51a636d3661a6828c444be))
+* **security:** Harden GitHub Actions workflows against expression injection ([#773](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/773)) ([ce7b761](https://github.com/cloudnative-pg/plugin-barman-cloud/commit/ce7b7612aeab6b7b4cfdccc540640829b67d7ac6))
+
 ## [0.11.0](https://github.com/cloudnative-pg/plugin-barman-cloud/compare/v0.10.0...v0.11.0) (2026-01-30)


--- a/go.mod
+++ b/go.mod
@ -5,7 +5,7 @@ go 1.25.0
 toolchain go1.25.6

 require (
-	github.com/cert-manager/cert-manager v1.19.2
+	github.com/cert-manager/cert-manager v1.19.3
 	github.com/cloudnative-pg/api v1.28.0
 	github.com/cloudnative-pg/barman-cloud v0.4.1-0.20260108104508-ced266c145f5
 	github.com/cloudnative-pg/cloudnative-pg v1.28.0
--- a/go.sum
+++ b/go.sum
@ -12,8 +12,8 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
-github.com/cert-manager/cert-manager v1.19.2 h1:jSprN1h5pgNDSl7HClAmIzXuTxic/5FXJ32kbQHqjlM=
-github.com/cert-manager/cert-manager v1.19.2/go.mod h1:e9NzLtOKxTw7y99qLyWGmPo6mrC1Nh0EKKcMkRfK+GE=
+github.com/cert-manager/cert-manager v1.19.3 h1:3d0Nk/HO3BOmAdBJNaBh+6YgaO3Ciey3xCpOjiX5Obs=
+github.com/cert-manager/cert-manager v1.19.3/go.mod h1:e9NzLtOKxTw7y99qLyWGmPo6mrC1Nh0EKKcMkRfK+GE=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudnative-pg/api v1.28.0 h1:xElzHliO0eKkVQafkfMhDJo0aIRCmB1ItEt+SGh6B58=
--- a/internal/cnpgi/metadata/constants.go
+++ b/internal/cnpgi/metadata/constants.go
@ -43,7 +43,7 @@ const (
 // Data is the metadata of this plugin.
 var Data = identity.GetPluginMetadataResponse{
 	Name:          PluginName,
-	Version:       "0.11.0", // x-release-please-version
+	Version:       "0.11.1", // x-release-please-version
 	DisplayName:   "BarmanCloudInstance",
 	ProjectUrl:    "https://github.com/cloudnative-pg/plugin-barman-cloud",
 	RepositoryUrl: "https://github.com/cloudnative-pg/plugin-barman-cloud",
Author	SHA1	Message	Date
Peggie	d21440ac2b	Merge `e9941653dc` into `ce7b7612ae`	2026-03-06 09:51:44 +00:00
Peggie	e9941653dc	chore(main): release 0.11.1 Signed-off-by: Peggie <info@cloudnative-pg.io>	2026-03-06 10:51:40 +01:00
Marco Nenciarini	ce7b7612ae	fix(security): harden GitHub Actions workflows against expression injection (#773 ) Some checks failed release-please / release-please (push) Failing after 3s Details Move `${{ }}` expressions from `run:` blocks into step-level `env:` blocks, then reference them as properly-quoted shell variables. Part of cloudnative-pg/cloudnative-pg#10113 Assisted-by: Claude Opus 4.6 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>	2026-03-06 10:37:54 +01:00
renovate[bot]	79238f5772	fix(deps): update module github.com/cert-manager/cert-manager to v1.19.3 [security] (#775 ) Some checks failed release-please / release-please (push) Failing after 4s Details This PR contains the following updates: \| Package \| Change \| [Age](https://docs.renovatebot.com/merge-confidence/) \| [Confidence](https://docs.renovatebot.com/merge-confidence/) \| \|---\|---\|---\|---\| \| [github.com/cert-manager/cert-manager](https://redirect.github.com/cert-manager/cert-manager) \| `v1.19.2` → `v1.19.3` \| ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcert-manager%2fcert-manager/v1.19.3?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcert-manager%2fcert-manager/v1.19.2/v1.19.3?slim=true) \| ### GitHub Vulnerability Alerts #### [CVE-2026-25518](https://redirect.github.com/cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv) ### Impact The cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in Denial of Service (DoS) of the cert-manager controller. The issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor. ### Patches The vulnerability was introduced in cert-manager v1.18.0 and has been patched in cert-manager v1.19.3 and v1.18.5, which are the supported minor releases at the time of publishing. cert-manager versions prior to v1.18.0 are unaffected. ### Workarounds - Using DNS-over-HTTPS reduces the risk of DNS traffic being intercepted and modified. - Note that DNS-over-HTTPS does not prevent the risk of an attacker-controlled authoritative DNS server. ### Resources - Fix for cert-manager 1.18: [https://github.com/cert-manager/cert-manager/pull/8467](https://redirect.github.com/cert-manager/cert-manager/pull/8467) - Fix for cert-manager 1.19: [https://github.com/cert-manager/cert-manager/pull/8468](https://redirect.github.com/cert-manager/cert-manager/pull/8468) - Fix for master branch: [https://github.com/cert-manager/cert-manager/pull/8469](https://redirect.github.com/cert-manager/cert-manager/pull/8469) ### Credits Huge thanks to Oleh Konko (@1seal) for reporting the issue, providing a detailed PoC and an initial patch! --- ### Release Notes <details> <summary>cert-manager/cert-manager (github.com/cert-manager/cert-manager)</summary> ### [`v1.19.3`](https://redirect.github.com/cert-manager/cert-manager/releases/tag/v1.19.3) [Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.19.2...v1.19.3) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This release contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release. #### Changes by Kind ##### Bug or Regression - Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#8415](https://redirect.github.com/cert-manager/cert-manager/issues/8415), [@cert-manager-bot](https://redirect.github.com/cert-manager-bot)) - Fixed an issue where HTTP-01 challenges failed when the Host header contained an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#8436](https://redirect.github.com/cert-manager/cert-manager/issues/8436), [@cert-manager-bot](https://redirect.github.com/cert-manager-bot)) - Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#8468](https://redirect.github.com/cert-manager/cert-manager/issues/8468), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump go to 1.25.6 ([#8459](https://redirect.github.com/cert-manager/cert-manager/issues/8459), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish)) </details> --- ### Configuration 📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻ Rebasing: Never, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/cloudnative-pg/plugin-barman-cloud). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41NS40IiwidXBkYXRlZEluVmVyIjoiNDMuNTUuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21hdGVkIiwibm8taXNzdWUiXX0=--> Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-06 12:42:04 +11:00