This document describes AAD Pod Identity project release management, which talks about cadence.
❗ IMPORTANT: As mentioned in the announcement, we are planning to replace AAD Pod Identity with Azure Workload Identity. Going forward, we will no longer add new features to this project in favor of Azure Workload Identity. However, we will continue patching critical bugs and security vulnerabilities until further notice.
1.8 will be the last major and minor release of AAD Pod Identity. We will not release a new major or minor version of AAD Pod Identity. However, we will continue publishing patch releases the first week of every month to fix critical bugs and security vulnerabilities until further notice.
We use trivy to scan the base image for known vulnerabilities. When a vulnerability is detected and has a fixed version, we will update the image to include the fix. For vulnerabilities that are not in a fixed version, there is nothing that can be done immediately. Fixable CVE patches will be part of the patch releases published first week of every month until further notice.