Download Latest Version
v1.19.1 source code.tar.gz (3.3 MB)
Get an email when there's a new version of cert-manager
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| cert-manager.yaml | 2025-10-15 | 1.0 MB | |
| cert-manager.crds.yaml | 2025-10-15 | 969.8 kB | |
| README.md | 2025-10-15 | 1.5 kB | |
| v1.19.1 source code.tar.gz | 2025-10-15 | 3.3 MB | |
| v1.19.1 source code.zip | 2025-10-15 | 4.3 MB | |
| Totals: 5 Items | 9.6 MB | 3 | |
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
We reverted the CRD-based API defaults for Certificate.Spec.IssuerRef and CertificateRequest.Spec.IssuerRef after they were found to cause unexpected certificate renewals after upgrading to 1.19.0. We will try re-introducing these API defaults in cert-manager 1.20.
We fixed a bug that caused certificates to be re-issued unexpectedly if the issuerRef kind or group was changed to one of the "runtime" default values.
We upgraded Go to 1.25.3 to address the following security vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, and CVE-2025-61725.
📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.
Changes since v1.19.0:
Bug or Regression
- BUGFIX: in case kind or group in the
issuerRefof a Certificate was omitted, upgrading to1.19.xincorrectly caused the certificate to be renewed (#8175, @cert-manager-bot) - Bump Go to 1.25.3 to fix a backwards incompatible change to the validation of DNS names in X.509 SAN fields which prevented the use of DNS names with a trailing dot (#8177, @wallrj-cyberark)
- Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8178, @cert-manager-bot)