Next Release Preview
Please make a pull request to describe any changes you wish to highlight in the next release of Spinnaker. These notes will be prepended to the release changelog.
Coming Soon in Release 2026.0.0
Images
The spinnaker project will be moving docker images from Google’s artifact registry to GHCR going forward. This should save the project significantly on network and storage costs, while also allowing unlimited downloads. As such we’ve started publishing all images to the github packages pages . 2026.0.0 should be the last release consuming images from google artifact registry. Going forward, halyard and other images will start pulling from GHCR instead (incoming PRs shortly on this change). Please update any allowlists, rules, and mirrors to start using GHCR as a package repository. For more information, please join
slack and we’ll answer any questions!
Security fixes
We have HIGH level vulnerabilities in spinnaker tied to user input validation handling on URL calls. Specifically, see the advisories page for more information: https://github.com/spinnaker/spinnaker/security/advisories/ Please upgrade to a supported release as soon as possible.
GHA support for fiat group integration
Thanks to https://github.com/spinnaker/spinnaker/pull/7337 you can now use GitHub Apps to authentication and sync group information for fiat. This is expected to unblock later usage of this same logic in ohter areas at a future date but this ONLY works for FIAT for group information at this point in time. For more information on configuration, please see the documentation .
Clouddriver
https://github.com/spinnaker/spinnaker/pull/7356 adds a way to configure artifact support in clouddriver at build time to reduce image size and dependencies. Previously, support for all artifact types was included in clouddriver, with config flags to enable individual types (e.g. artifacts.bitbucket.enabled, artifacts.gcs.enabled, artifacts.github.enabled, etc.). This PR introduces a new gradle property: artifactTypes that defaults to include all artifact types at build time. There’s no change for the clouddriver artifacts that the Spinnaker project publishes, but the flexibility is there for those who build clouddriver on their own.
artifactTypes=bitbucket,custom,docker,embedded,front50,gcs,github,gitlab,gitrepo,helm,http,ivy,jenkins,kubernetes,maven,oracle,s3
Change the value of artifactTypes to include a subset. Note that the kubernetes cloud provider uses kubernetes artifacts. So, if the kubernetes cloud provider is enabled, kubernetes artifacts are included even if kubernetes isn’t present in artifactTypes. Similarly for the cloudfoundry cloud provider and maven artifacts.