Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

Latest commit

 

History

History
16 lines (9 loc) · 1.39 KB

RELEASE.md

File metadata and controls

16 lines (9 loc) · 1.39 KB

Release Management

Overview

This document describes AAD Pod Identity project release management, which talks about cadence.

❗ IMPORTANT: As mentioned in the announcement, we are planning to replace AAD Pod Identity with Azure Workload Identity. Going forward, we will no longer add new features to this project in favor of Azure Workload Identity. However, we will continue patching critical bugs and security vulnerabilities until further notice.

Release Cadence

1.8 will be the last major and minor release of AAD Pod Identity. We will not release a new major or minor version of AAD Pod Identity. However, we will continue publishing patch releases the first week of every month to fix critical bugs and security vulnerabilities until further notice.

Security Vulnerabilities

We use trivy to scan the base image for known vulnerabilities. When a vulnerability is detected and has a fixed version, we will update the image to include the fix. For vulnerabilities that are not in a fixed version, there is nothing that can be done immediately. Fixable CVE patches will be part of the patch releases published first week of every month until further notice.