Cluster Shield Release Notes
Here are the most recent release notes for Cluster Shield. Review the entries to learn about the latest features, defect fixes, and known issues.
1.23.0 May 28, 2026
Supported shield chart version: 1.42.0
Enhancements
- The audit feature can now poll Kubernetes audit events from CloudWatch Logs when running on EKS nodes. Authentication is handled automatically via IRSA if the
cluster-shieldServiceAccount is annotated with the appropriate IAM role. Follow the dedicated documentation to set this up.
Defect Fixes
- Fixed an issue which could cause Container Vulnerability Management feature to terminate unexpectedly.
Vulnerability Fixes
This release addresses the following vulnerabilities:
- CVE-2026-33811
- CVE-2026-33814
- CVE-2026-33997
- CVE-2026-34040
- CVE-2026-39820
- CVE-2026-39836
- CVE-2026-41567
- CVE-2026-42151
- CVE-2026-42154
- CVE-2026-42306
- CVE-2026-39823
- CVE-2026-39825
- CVE-2026-39826
- CVE-2026-40179
- CVE-2026-41568
- CVE-2026-42499
- CVE-2026-44903
1.22.0 April 24, 2026
Supported shield chart version: 1.35.0
Defect Fixes
- Fixed an issue causing Admission Controller to incorrectly handle Image Signature Verification due to incorrect evaluation of the certificate timestamp.
- Fixed an issue causing Admission Controller not to correctly evaluate Image Signature Validation policies when the scope was set to the whole infrastructure.
Vulnerability Fixes
This release addresses the following vulnerabilities:
- CVE-2026-27135
- CVE-2026-32280
- CVE-2026-32281
- CVE-2026-32283
- CVE-2026-33216
- CVE-2026-33218
- CVE-2026-34986
- CVE-2026-39883
- CVE-2026-4424
- CVE-2026-4519
- CVE-2026-32282
- CVE-2026-32288
- CVE-2026-32289
- CVE-2026-33215
- CVE-2026-33217
- CVE-2026-33219
- CVE-2026-33222
- CVE-2026-33223
- CVE-2026-33246
- CVE-2026-33247
- CVE-2026-33248
- CVE-2026-33249
- CVE-2026-5121
1.21.0 March 26, 2026
Supported shield chart version: 1.31.0
Defect Fixes
- Fixed a bug which could cause a
fatal error: concurrent map writeserror when analyzing Pythonuv.lockfiles. - Fixed a bug where RHEL EUS distributions were incorrectly identified as standard RHEL.
- Resolved an issue where the Kubernetes Lease resource created using Helm was missing standard Kubernetes labels:
app.kubernetes.io/nameapp.kubernetes.io/instanceapp.kubernetes.io/version
Vulnerability Fixes
This release addresses the following vulnerabilities:
- CVE-2026-33186
- CVE-2026-27141
- CVE-2026-4111
- CVE-2025-14831
- CVE-2025-15366
- CVE-2025-15367
- CVE-2026-0865
- CVE-2026-1299
- CVE-2026-25679
- CVE-2026-27142
- CVE-2025-9820
- CVE-2026-27139
1.20.0 February 26, 2026
Supported shield chart version: 1.30.0
Enhancements
- Lease resources are no longer managed by the Helm chart and are now created directly by Cluster Shield with an
ownerReferenceconfigured. Their lifecycle is delegated to Kubernetes garbage collection, ensuring automatic cleanup when the owning component is removed. This improves upgrade reliability, prevents orphaned resources, reduces operational complexity, and aligns resource management with native Kubernetes behavior for more predictable deployments.
Defect Fixes
Vulnerability Fixes
This release addresses the following vulnerabilities:
- CVE-2025-68121
- CVE-2025-15467
- CVE-2026-24051
- CVE-2025-11187
- CVE-2025-12084
- CVE-2025-14104
- CVE-2025-69419
- CVE-2025-9086
- CVE-2026-0915
- CVE-2026-23831
- CVE-2026-24117
- CVE-2026-24137
- CVE-2026-24686
- CVE-2025-15281
- CVE-2025-15468
- CVE-2025-15469
- CVE-2025-66199
- CVE-2025-68160
- CVE-2025-69418
- CVE-2025-69420
- CVE-2025-69421
- CVE-2026-0861
- CVE-2026-22795
1.19.0 January 29, 2026
Supported shield chart version: 1.27.0
Defect Fixes
- Fixed an issue in Response Actions where the Volume Snapshot action failed for deployments with multiple pods sharing the same Persistent Volume Claim (PVC). The action now deduplicates shared PVCs, preventing the
too many matching PVCs founderror.
Vulnerability Fixes
This release addresses the following vulnerabilities:
