Download Latest Version
metal-amd64.iso (540.4 MB)
Get an email when there's a new version of cozystack
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-05-14 | 3.2 kB | |
| v1.2.4 source code.tar.gz | 2026-05-14 | 5.0 MB | |
| v1.2.4 source code.zip | 2026-05-14 | 7.0 MB | |
| openapi.json | 2026-05-14 | 2.5 MB | |
| cozypkg-checksums.txt | 2026-05-14 | 564 Bytes | |
| cozypkg-windows-arm64.tar.gz | 2026-05-14 | 17.2 MB | |
| cozypkg-darwin-amd64.tar.gz | 2026-05-14 | 20.0 MB | |
| cozypkg-darwin-arm64.tar.gz | 2026-05-14 | 18.6 MB | |
| cozypkg-linux-amd64.tar.gz | 2026-05-14 | 19.0 MB | |
| cozypkg-linux-arm64.tar.gz | 2026-05-14 | 17.2 MB | |
| cozypkg-windows-amd64.tar.gz | 2026-05-14 | 19.1 MB | |
| initramfs-metal-amd64.xz | 2026-05-14 | 146.9 MB | |
| kernel-amd64 | 2026-05-14 | 21.6 MB | |
| nocloud-amd64.raw.xz | 2026-05-14 | 335.7 MB | |
| metal-amd64.raw.xz | 2026-05-14 | 335.7 MB | |
| metal-amd64.iso | 2026-05-14 | 521.5 MB | |
| cozystack-operator-hosted.yaml | 2026-05-14 | 2.5 kB | |
| cozystack-operator-generic.yaml | 2026-05-14 | 2.6 kB | |
| cozystack-operator-talos.yaml | 2026-05-14 | 2.5 kB | |
| cozystack-crds.yaml | 2026-05-14 | 19.1 kB | |
| Totals: 20 Items | 1.5 GB | 0 | |
v1.2.4 (2026-05-14)
A patch release with bug fixes and security updates.
Features and Improvements
No notable features in this patch release.
Security
This release includes important security fixes:
- Talos upgrade to v1.12.7 addressing CVE-2026-31431 (#2545, backport [#2548]).
- Fix for IDOR in TenantNamespace Get and Watch handlers (#2471, backport [#2523]).
Operators should follow normal upgrade procedures to pick up these fixes.
Fixes
-
fix(mariadb): remove duplicate template key in backup CronJob: Removes the duplicate
template:key in the MariaDB backup CronJob, which causedyaml: unmarshal errors: line 17: mapping key "template" already defined at line 14and prevented MariaDB instances from deploying withbackup.enabled: true. Minimal backport — only the dup-key removal from [#2279]; the breaking service-naming changes in the original PR were intentionally omitted from this patch. (@sircthulhu in [#2279], minimal backport by @kvaps in [#2652]). -
fix(harbor): remove incorrect tenant module flags: Removes incorrect tenant module flags that could prevent Harbor from configuring tenant-scoped modules correctly after upgrades. (@kvaps in [#2444], backport [#2451]).
-
fix(etcd): remove destructive post-upgrade cert-regeneration hook: Removes a post-upgrade hook that could regenerate certificates and overwrite existing credentials, preventing potential service disruption after upgrades. (@myasnikovdaniil in [#2462], backport [#2512]).
-
fix(api): prevent IDOR in TenantNamespace Get and Watch handlers: Fixes an Insecure Direct Object Reference allowing cross-tenant access to TenantNamespace Get/Watch paths. (@IvanHunters in [#2471], backport [#2523]).
-
fix(talos): bump Talos to v1.12.7 (CVE-2026-31431): Upgrades bundled Talos to address CVE-2026-31431. (@kvaps in [#2545], backport [#2548]).
-
fix(platform): migrate ACME HTTP-01 to ingressClassName API: Migrates ACME HTTP-01 handling to use the newer ingressClassName API. (@myasnikovdaniil in [#2438]).
-
fix(ci): pass app token to Publish draft release step: CI fix ensuring the release draft publish step receives the application token. (@myasnikovdaniil in [#2532], backport [#2573]).
Documentation
No documentation changes in the website repository were detected between v1.2.3 and v1.2.4.
Contributors
Thanks to everyone who contributed to this patch release:
Full Changelog: https://github.com/cozystack/cozystack/compare/v1.2.3...v1.2.4
