mirror of https://github.com/cloudnative-pg/plugin-barman-cloud.git synced 2026-03-09 12:12:21 +01:00

Barman Cloud CNPG-I backup plugin

backup barman-cloud cloudnativepg cnpg-i plugin postgresql recovery

Go to file

renovate[bot] 79238f5772 Some checks failed release-please / release-please (push) Failing after 4s Details fix(deps): update module github.com/cert-manager/cert-manager to v1.19.3 [security] (#775 ) This PR contains the following updates: \| Package \| Change \| [Age](https://docs.renovatebot.com/merge-confidence/) \| [Confidence](https://docs.renovatebot.com/merge-confidence/) \| \|---\|---\|---\|---\| \| [github.com/cert-manager/cert-manager](https://redirect.github.com/cert-manager/cert-manager) \| `v1.19.2` → `v1.19.3` \| ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcert-manager%2fcert-manager/v1.19.3?slim=true) \| ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcert-manager%2fcert-manager/v1.19.2/v1.19.3?slim=true) \| ### GitHub Vulnerability Alerts #### [CVE-2026-25518](https://redirect.github.com/cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv) ### Impact The cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in Denial of Service (DoS) of the cert-manager controller. The issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor. ### Patches The vulnerability was introduced in cert-manager v1.18.0 and has been patched in cert-manager v1.19.3 and v1.18.5, which are the supported minor releases at the time of publishing. cert-manager versions prior to v1.18.0 are unaffected. ### Workarounds - Using DNS-over-HTTPS reduces the risk of DNS traffic being intercepted and modified. - Note that DNS-over-HTTPS does not prevent the risk of an attacker-controlled authoritative DNS server. ### Resources - Fix for cert-manager 1.18: [https://github.com/cert-manager/cert-manager/pull/8467](https://redirect.github.com/cert-manager/cert-manager/pull/8467) - Fix for cert-manager 1.19: [https://github.com/cert-manager/cert-manager/pull/8468](https://redirect.github.com/cert-manager/cert-manager/pull/8468) - Fix for master branch: [https://github.com/cert-manager/cert-manager/pull/8469](https://redirect.github.com/cert-manager/cert-manager/pull/8469) ### Credits Huge thanks to Oleh Konko (@1seal) for reporting the issue, providing a detailed PoC and an initial patch! --- ### Release Notes <details> <summary>cert-manager/cert-manager (github.com/cert-manager/cert-manager)</summary> ### [`v1.19.3`](https://redirect.github.com/cert-manager/cert-manager/releases/tag/v1.19.3) [Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.19.2...v1.19.3) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This release contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release. #### Changes by Kind ##### Bug or Regression - Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#8415](https://redirect.github.com/cert-manager/cert-manager/issues/8415), [@cert-manager-bot](https://redirect.github.com/cert-manager-bot)) - Fixed an issue where HTTP-01 challenges failed when the Host header contained an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#8436](https://redirect.github.com/cert-manager/cert-manager/issues/8436), [@cert-manager-bot](https://redirect.github.com/cert-manager-bot)) - Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#8468](https://redirect.github.com/cert-manager/cert-manager/issues/8468), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump go to 1.25.6 ([#8459](https://redirect.github.com/cert-manager/cert-manager/issues/8459), [@SgtCoDFish](https://redirect.github.com/SgtCoDFish)) </details> --- ### Configuration 📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻ Rebasing: Never, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/cloudnative-pg/plugin-barman-cloud). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41NS40IiwidXBkYXRlZEluVmVyIjoiNDMuNTUuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21hdGVkIiwibm8taXNzdWUiXX0=--> Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>		2026-03-06 12:42:04 +11:00
.github/workflows	fix: resolve WAL archiving performance and memory issues (#746 )	2026-01-29 16:43:55 +01:00
api/v1	feat(ip): assign copyright to the Linux Foundation (#571 )	2025-10-07 18:06:06 +02:00
cmd/manager	feat(ip): assign copyright to the Linux Foundation (#571 )	2025-10-07 18:06:06 +02:00
config	feat: add support for DefaultAzureCredential authentication mechanism (#681 )	2026-01-08 14:58:27 +01:00
containers	chore(deps): refresh pip-compile outputs (#754 )	2026-02-02 11:21:04 +01:00
dagger	feat(ip): assign copyright to the Linux Foundation (#571 )	2025-10-07 18:06:06 +02:00
hack	docs(apidoc): filter Optional markers from validation column (#723 )	2026-02-04 13:46:51 +01:00
internal	chore(main): release 0.11.0 (#717 )	2026-01-30 16:32:12 +01:00
kubernetes	fix: controller and sidecar containers run as non-root (#225 )	2025-03-23 17:00:52 +01:00
logo	Initial commit	2024-09-24 14:52:25 +02:00
scripts	feat(ip): assign copyright to the Linux Foundation (#571 )	2025-10-07 18:06:06 +02:00
test/e2e	chore(deps): update fsouza/fake-gcs-server docker tag to v1.53.0 (#755 )	2026-02-02 12:03:29 +01:00
web	docs(release): documentation for release 0.11.0 (#749 )	2026-01-30 15:06:29 +01:00
.dockerignore	chore: scaffold (#2 )	2024-09-26 11:52:56 +02:00
.gitignore	ci: add e2e kustomization.yaml to .gitignore (#112 )	2024-12-16 11:04:39 +01:00
.golangci.yml	chore(deps): update golangci/golangci-lint docker tag to v2.2.1 (#430 )	2025-07-01 17:34:08 +02:00
.release-please-manifest.json	chore(main): release 0.11.0 (#717 )	2026-01-30 16:32:12 +01:00
.spellcheck.yaml	chore: limit the spellchecking to a fixed list of directories (#294 )	2025-05-05 10:21:18 +02:00
.wordlist.txt	feat: add support for DefaultAzureCredential authentication mechanism (#681 )	2026-01-08 14:58:27 +01:00
CHANGELOG.md	chore(main): release 0.11.0 (#717 )	2026-01-30 16:32:12 +01:00
CODE_OF_CONDUCT.md	Initial commit	2024-09-24 14:52:25 +02:00
CODEOWNERS	Initial commit	2024-09-24 14:52:25 +02:00
commitlint.config.js	ci: warn on long commit body line (#12 )	2024-09-27 10:07:47 +02:00
CONTRIBUTING.md	docs: add CONTRIBUTING.md file	2026-03-02 17:03:09 +11:00
go.mod	fix(deps): update module github.com/cert-manager/cert-manager to v1.19.3 [security] (#775 )	2026-03-06 12:42:04 +11:00
go.sum	fix(deps): update module github.com/cert-manager/cert-manager to v1.19.3 [security] (#775 )	2026-03-06 12:42:04 +11:00
GOVERNANCE.md	Initial commit	2024-09-24 14:52:25 +02:00
LICENSE	Initial commit	2024-09-24 14:52:25 +02:00
Makefile	fix: add cluster/finalizers update permission (#465 )	2025-08-14 22:55:25 +02:00
manifest.yaml	feat: add support for DefaultAzureCredential authentication mechanism (#681 )	2026-01-08 14:58:27 +01:00
PROJECT	chore: scaffold (#2 )	2024-09-26 11:52:56 +02:00
README.md	docs: release procedure (#373 )	2025-05-29 17:52:44 +02:00
release-please-config.json	ci: update version in metadata (#229 )	2025-03-25 17:21:56 +01:00
RELEASE-PROCEDURE.md	docs: release procedure (#373 )	2025-05-29 17:52:44 +02:00
renovate.json5	fix: resolve WAL archiving performance and memory issues (#746 )	2026-01-29 16:43:55 +01:00
Taskfile.yml	docs(apidoc): filter Optional markers from validation column (#723 )	2026-02-04 13:46:51 +01:00

README.md

Barman Cloud CNPG-I plugin for CloudNativePG

The documentation for the Barman Cloud Plugin for CloudNativePG is available at https://cloudnative-pg.io/plugin-barman-cloud.

The Barman Cloud CNPG-I plugin is a component of the CloudNativePG project and adheres to the same community-driven governance model under the CNCF.

CNCF logo

CloudNativePG was originally built and sponsored by EDB.

Postgres, PostgreSQL, and the Slonik Logo are trademarks or registered trademarks of the PostgreSQL Community Association of Canada, and used with their permission.