Download Latest Version
v1.20.7 source code.tar.gz (14.9 MB)
Get an email when there's a new version of Crossplane Kubernetes
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-04-20 | 3.8 kB | |
| v2.0.8 source code.tar.gz | 2026-04-20 | 15.0 MB | |
| v2.0.8 source code.zip | 2026-04-20 | 15.7 MB | |
| Totals: 3 Items | 30.7 MB | 1 | |
v2.0.8 is a patch release scoped to fixing issues reported by users of Crossplane v2.0 and fixing security related issues in Crossplane's dependencies.
🎉 Highlights
-
Dependency upgrades work correctly with
ImageConfigprefix rewriting: Packages installed via anImageConfigprefix rewrite were previously not being upgraded when their dependencies changed, leaving users stuck on stale versions of dependent packages. Dependency upgrades now behave as expected when prefix rewrites are in use. Backported in [#7278], originally fixed in [#7233]. -
Composition functions can now select all resources of a given kind: When a composition function returned a
Requirements.ResourceSelectorwith onlyapiVersionandkindset (nomatchNameormatchLabels), Crossplane previously rejected this as an invalid request. A selector with no match field is now correctly interpreted as "all resources of that kind". Backported in [#7248], originally fixed in [#7241].
This release also bumps Go to 1.25.9 and pulls in security related updates for a number of Crossplane's upstream dependencies, including go-git, go-jose, cloudflare/circl, moby/spdystream, sigstore/timestamp-authority, docker/cli, and the OpenTelemetry OTLP HTTP trace exporter
What's Changed
- build: mitigate potential script injection in promote workflow (release-2.0) by @jbw976 in https://github.com/crossplane/crossplane/pull/7170
- [Backport release-2.0] fix: adding required permissions to top level and jobs in the workflow by @jbw976 in https://github.com/crossplane/crossplane/pull/7186
- chore(deps): update module github.com/cloudflare/circl to v1.6.3 [security] (release-2.0) by @crossplane-renovate[bot] in https://github.com/crossplane/crossplane/pull/7180
- Backport [#7233] to release-2.0 by @adamwg in https://github.com/crossplane/crossplane/pull/7278
- chore(deps): update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to v1.43.0 [security] (release-2.0) by @crossplane-renovate[bot] in https://github.com/crossplane/crossplane/pull/7288
- chore(deps): update module github.com/go-jose/go-jose/v4 to v4.1.4 [security] (release-2.0) by @crossplane-renovate[bot] in https://github.com/crossplane/crossplane/pull/7264
- [Backport release-2.0] ci: drop Trivy vulnerability scanning by @phisco in https://github.com/crossplane/crossplane/pull/7301
- chore(deps): bump Go to 1.25.9 [security] (release-2.0) by @phisco in https://github.com/crossplane/crossplane/pull/7304
- fix(deps): update module github.com/go-git/go-git/v5 to v5.17.1 [security] (release-2.0) by @crossplane-renovate[bot] in https://github.com/crossplane/crossplane/pull/7139
- chore(deps): update module github.com/moby/spdystream to v0.5.1 [security] (release-2.0) by @crossplane-renovate[bot] in https://github.com/crossplane/crossplane/pull/7315
- chore(deps): update module github.com/docker/cli to v29.2.0+incompatible [security] (release-2.0) by @crossplane-renovate[bot] in https://github.com/crossplane/crossplane/pull/7195
- chore(deps): update module github.com/sigstore/timestamp-authority/v2 to v2.0.6 [security] (release-2.0) by @crossplane-renovate[bot] in https://github.com/crossplane/crossplane/pull/7316
- [Backport release-2.0] Support ResourceSelector with no match field by @negz in https://github.com/crossplane/crossplane/pull/7248
- fix(deps): update module github.com/go-git/go-git/v5 to v5.18.0 [security] (release-2.0) by @crossplane-renovate[bot] in https://github.com/crossplane/crossplane/pull/7327
- Bump crossplane-runtime to v2.0.8 by @lsviben in https://github.com/crossplane/crossplane/pull/7330
Full Changelog: https://github.com/crossplane/crossplane/compare/v2.0.7...v2.0.8
