v1.10.4

🔧 Kargo v1.10.4 brings a focused set of bug fixes, performance improvements, and a meaningful new enhancement to controller observability.

🐛 Bug Fixes

• Login failures for users with diacritics in their name (#6189): Users whose OIDC
  familyName contained accented characters (e.g. umlauts, diacritics) could be silently
  logged out. JWTs use base64URL encoding, not standard base64 — certain byte sequences
  were failing to decode. The UI now correctly uses base64URL for JWT parsing.

• ForeignFieldError on Warehouse watch events in the UI (#6209): The UI was applying a
  redundant transformation to Warehouse subscription data in watch stream handlers, causing a
  ForeignFieldError on deserialization. Removing the duplicate step resolves the error.

• Freight clone missing artifacts in the assembly UI (#6246): When cloning an existing piece of
  Freight to assemble a new one, artifacts that had aged out of the Warehouse's
  discoveredArtifacts rolling window were not shown as selectable options. The assembly UI now
  ensures any artifacts from the source Freight that are absent from discovered results are
  included, so users can always select the original versions.

• Freight timeline scroll on right caret click (#6269): The freight timeline now reliably
  scrolls when the right caret is clicked.

⚡ Performance Improvements

• Management controller RBAC efficiency (#6194, #6210): The project and service account
  management controllers were performing unnecessary RBAC writes on every reconciliation.
  Two improvements address this: switching from a Create → AlreadyExists → Update pattern
  to server-side apply (eliminating a high volume of 409 errors in clusters with many
  projects), and skipping RBAC re-ensures when nothing has changed. Together these
  significantly reduce API server load.

• UI reduces backend payload with warehouse filtering (#6161): The UI now passes active
  warehouse filters to the backend when querying Freight and Stages, so the server-side filter
  applies to the initial data fetch rather than filtering client-side. Live watchers are also
  scoped to the active warehouse filter, reducing unnecessary data over watch streams.

✨ Enhancements

• Controller heartbeats and liveness in the UI (#6184): Kargo controllers now emit
  periodic heartbeats via Kubernetes Lease objects (renewed every 10 seconds and deleted
  on graceful shutdown). A new GET /v1beta1/system/controller-heartbeats endpoint exposes
  the liveness state of all controllers. The UI uses this when loading the pipeline DAG: if a
  Stage's assigned controller has a stale or missing heartbeat, the Stage's synthesized phase
  is shown as Failed with a tooltip explaining that its controller is not responding.

• Pagination shown on single-page stage list (#6198): Pagination controls now appear
  consistently in the stage list view, even when all stages fit on a single page.

💙 Special Thanks

A warm welcome to first-time contributor @anaplan-kh, who tracked down and fixed the JWT
base64URL issue that was silently logging out users with diacritics in their name!

Full Changelog: v1.10.3...v1.10.4

v1.10.3

What's Changed

• chore(backport release-1.10): fix(ci): make apko base image build work with nonroot container user by @akuitybot in #6182
• chore(backport release-1.10): feat: API support for filtering Stages/Freight by Warehouse names by @akuitybot in #6181
• chore(backport release-1.10): refactor: refactor list stages' warehouse filter for consistency by @akuitybot in #6183
• chore(backport release-1.10): docs: note label support varies by Git provider in git-open-pr step by @akuitybot in #6191
• chore(backport release-1.10): feat(ui): UI perf improvements in the project details by @akuitybot in #6195

Full Changelog: v1.10.2...v1.10.3

v1.10.2

Fixes GHSA-g7gw-m874-7rmf

v1.9.8

Fixes GHSA-g7gw-m874-7rmf

v1.8.13

Fixes GHSA-g7gw-m874-7rmf

v1.7.10

Fixes GHSA-g7gw-m874-7rmf

v1.10.1

What's Changed

• chore(backport release-1.10): fix(ui): preserve filters when switching tabs in promote drawer by @akuitybot in #6113
• chore(backport release-1.10): feat: 1.10 release notes by @akuitybot in #6132
• chore(backport release-1.10): fix: cli and server to match openapi spec by @akuitybot in #6136
• chore(backport release-1.10): fix(ui): optimize DAG view rendering performance by @akuitybot in #6141
• chore(backport release-1.10): fix(rbac): add missing release namespace to Role and RoleBinding resources by @akuitybot in #6131
• chore(backport release-1.10): fix(docs): use numeric sorting for version selector dropdown by @akuitybot in #6139

Full Changelog: v1.10.0...v1.10.1

v1.9.7

What's Changed

• chore(backport release-1.9): fix: dangling webhook receivers after delete from spec by @akuitybot in #6095
• chore: lock 1.9 docs into 1.9.6 charts, latest 1.9.x scripts, etc. by @krancour in #6111
• chore(backport release-1.9): fix(ui): preserve filters when switching tabs in promote drawer by @akuitybot in #6112
• chore(backport release-1.9): fix(ui): optimize DAG view rendering performance by @jessesuen in #6143

Full Changelog: v1.9.6...v1.9.7

v1.10.0

🧬 Kargo v1.10.0 is here! This release is packed with a host of UI and quality-of-life enhancements. The goal for this release was "evolution, not revolution." Highlights are below.

🚨 Breaking Changes

• The optional second arugment for freightMetadata that was deprecated in v1.8.0 has now been removed. If you were using this argument before, use either dot notation (freightMetadata(freightName).keyName) or map access syntax (freightMetadata(freightName)['key-name']) to access specific values

⚠️ New Deprecations

• git-push Default Integration Policy Changing in v1.12.0: The git-push step now supports four configurable push integration policies that control how remote changes are integrated before pushing: AlwaysRebase, RebaseOrMerge, RebaseOrFail, and AlwaysMerge. The current default remains AlwaysRebase (i.e. the current behavior), but the default will change to RebaseOrMerge in v1.12.0. RebaseOrMerge uses signature-trust analysis to prefer rebase when safe but falls back to a merge commit when a rebase would alter commit signature semantics. If you rely on the current unconditional rebase behavior, set the policy explicitly via the [controller.gitClient.pushIntegrationPolicy](https://docs.kargo.io/operator-guide/advanced-installation/common configurations#push-integration-policy) Helm value before upgrading to v1.12.0.

• SSH URLs and SSH Private Keys for Git Repositories: SSH-based Git credentials are deprecated and scheduled for removal in v1.13.0. SSH keys cannot authenticate to git provider APIs, forcing users to maintain two sets of credentials. Use HTTPS URLs with a personal access token or equivalent instead. See #5858 for details.

• createTargetBranch Option in git-open-pr Promotion Step: The createTargetBranch option has been deprecated as the feature never worked. It is scheduled for removal in v1.12. See #5847 for details.

• git-commit Step author Field: The author configuration block (including name, email, and signingKey) on the git-commit step is deprecated and scheduled for removal in v1.12.0. Authorship and signing configuration should be set in the git-clone step or via ClusterConfig instead, as git-clone is the single authority for work tree identity and signing configuration. All downstream steps inherit from it.

🪜 New and Improved Promotion Steps

New Steps

• argocd-wait: Blocks a promotion until one or more Argo CD Applications reach desired health, sync, and operation statuses. Unlike argocd-update (which can already wait), argocd-wait is useful when you need to gate on Argo CD application health without triggering a sync -- for example, waiting for a separate deployment tool to finish before proceeding. (docs)

• oci-push: Copies or retags OCI artifacts (container images and Helm charts) between registries, with support for single images, multi-arch image indexes, and OCI Helm charts. Supports optional annotation injection and shares credential resolution with the existing oci-download step. (docs)

• git-tag: Creates annotated or lightweight Git tags, with optional GPG signing. Pair with git-push (which now supports pushing tags) to tag a verified build only after it passes promotion through a testing Stage. (docs)

• github-push: An alternative to git-push that replays commits through the GitHub REST API, enabling GitHub's native commit verification ("Verified" badge) when authenticating with a GitHub App installation token. Trust is determined by GPG signature status: commits signed by a trusted key are verified by GitHub, while untrusted commits preserve their original attribution. Supports the same push integration policies as git-push. (docs)

• fail: Unconditionally fails the promotion with a configurable message. Combined with conditional step execution (if: expressions), this provides a clean way to fail a promotion pipeline based on evaluated conditions. (docs)

• set-freight-alias: Assigns a custom, human-readable alias to a piece of Freight during a promotion pipeline, improving visibility in the UI -- especially useful in pre-processing Stages where a meaningful name can be set before downstream promotions begin. (docs)

• toml-parse / toml-update: Parse and update TOML files, complementing the existing JSON and YAML equivalents. The update step modifies scalar values in-place while preserving all other bytes. Useful for kcl.mod files or other TOML-based configuration. (toml-parse, toml-update)

Improvements to Existing Steps

• git-merge-pr: Now supports a mergeMethod field, allowing you to choose between merge, squash, and rebase strategies when merging pull requests. (docs)

• git-open-pr: Detects when there are no commits between source and target branches and skips gracefully rather than failing the promotion. git-wait-for-pr is also skipped in that case. This prevents promotions from failing unnecessarily in multi-stage pipelines where some Stages have no effective diff to promote. (docs)

📦 Warehouse Improvements

• since Date Limiter for Git Subscriptions: A new since field limits commit discovery to commits newer than a specified date, directly addressing performance problems in monorepos with large commit histories where unbounded git log operations were a primary source of slowness. (docs)

• Chart Subscription TLS Skip: Chart subscriptions now support insecureSkipTLSVerify, matching the option already available on Git and image subscriptions. Useful for internal registries with self-signed or custom CA certificates. (docs)

• Webhook Path Filtering: GitHub push-event webhooks now evaluate each Warehouse's includePaths/excludePaths against the files changed in a push before marking it for refresh, rather than refreshing all Warehouses and filtering later during reconciliation. This can dramatically reduce unnecessary refresh traffic in monorepo environments with many Warehouses. (docs)

🔄 Shared Resource Replication

Secrets and ConfigMaps in the shared resources namespace can now be automatically replicated to all Project namespaces by annotating them with kargo.akuity.io/replicate-to: "*". This enables workloads in Project namespaces (such as Argo Rollouts AnalysisTemplate Jobs) to consume shared resources that would otherwise require cross-namespace references. Replicated resources are immutable and cleaned up automatically when the source is deleted or the annotation is removed. (docs)

🖥️ UI Improvements

• "My Projects" Filter: The project list now defaults to showing only projects where you've been explicitly mapped via OIDC claims, making it easier to find your projects in large organizations.

• Page Titles: Browser tabs now reflect the current context (project name, Stage name, etc.) so you can distinguish between multiple Kargo tabs at a glance.

• Version-Matched CLI Downloads: The CLI download page now links to the specific version of Kargo currently running rather than always pointing to "latest," preventing inadvertent version mismatches.

• Git Commit Deep Links for Self-Hosted Providers: Commit links now work correctly for self-hosted GitHub Enterprise and GitLab instances, not just github.com and gitlab.com.

• Inline Promotion Step Errors: Errors are now displayed directly beneath the failed step with the step highlighted in red, rather than only in a disconnected banner. Skipped steps are visually muted.

• Smooth Freight List Scrolling: The freight list now scrolls smoothly rather than jumping between positions.

• Improved Status Colors: Non-failed, non-errored statuses now show a neutral color instead of potentially misleading indicators.

⎈ Helm Chart Improvements

• priorityClassName Configuration: Operators can now assign scheduling priority to Kargo components, preventing them from being evicted in favor of higher-priority workloads when resources are constrained.

• Startup Probe for Large Clusters: The API server now has a startup probe with a 5-minute window, preventing the pod from being killed before its initial cache sync completes in large clusters with many resources.

• Certificate Group Enforcement: The group field on cert-manager Certificate resources is now explicitly set, preventing renewal failures that could occur after approximately one year.

🔧 API & Developer Experience

• REST API Client Module: The generated Go cl...

v1.10.0-rc.8

v1.10.0-rc.8