0.27.0

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.0

Breaking Changes

Argo Rollouts Removed

Argo Rollouts controller has been removed from the gitops-runtime helm chart (#1051). If you depend on Argo Rollouts, you will need to install it separately.

Argo Events Removed

Argo Events controller has been removed from the gitops-runtime helm chart (#1057). If you depend on Argo Events, you will need to install it separately.

Runtime Redis Disabled by Default

Redis is now disabled by default (#927). Set redis-ha.enabled: true if needed.

What's New

Enhanced Runtime Uninstallation & Cleanup

We have significantly improved the uninstallation process to ensure a "zero-footprint" state:

• Shared Configuration Cleanup - The uninstallation now includes the ability to clean up the desired state stored in the Internal Shared Configuration Repository
• Cluster Hygiene - Improved command execution ensures that no stale runtime components or orphan resources remain on your cluster

ArgoCD Sync & Deletion Guardrails

The App-proxy now supports native ArgoCD resource annotations for Confirmation on Delete and Prune. This acts as a safety gate, requiring manual confirmation in the UI before a sync operation can delete or prune a specific resource (#1046).

• Sync Options - Prune Confirmation support
• Application Deletion - Added support for confirmation prompts before deleting an entire application

Improved Installation Wizard

The newest runtime installation flow features a drastically improved UX and ease of use.

• Expanded Git Support - Full support for Bitbucket, Bitbucket Server, and GitLab is now integrated into the streamlined installation wizard

Other Improvements

• Run without Redis - The runtime can now operate without Redis configured, providing more flexible deployment options (#919)
• MRC change revisions annotations - New support for MRC change revisions annotations in cf-argocd-extras (#1005)
• Event-reporter enhancements - Added deleted field to app event payload for better tracking (#1039)
• Checksum annotations - Config changes now trigger proper pod restarts (#938)
• Namespace-scoped Argo Workflows - Argo Workflows now runs namespace-scoped by default (#920)

Bug Fixes

• Fixed transient error handling on app sync failure (#922)
• Fixed issue where simple runtime applications ended up being out-of-sync
• Removed git commit statuses from gitops-operator (#940)

Security

• Fixed security vulnerabilities in argo-workflows (#1047, #948)

0.26.7

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.7

Chart changes

• enrichment-images: fixed security vulnerabilities CVE-2025-15284, CVE-2025-14104, CVE-2025-66382, CVE-2025-13836 and CVE-2025-13837

0.26.6

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.6

Chart changes

• updated argo-cd to 3.2.3 (#1036)
• app-proxy: fixed security vulnerabilities CVE-2025-61729 and CVE-2025-61727 (#1048)
• app-proxy-init: fixed security vulnerabilities CVE-2016-2781 and CVE-2024-10041 (#1048)
• cf-argocd-extras: fixed security vulnerabilities CVE-2025-58181, CVE-2025-13281, CVE-2025-61727 and CVE-2025-61729 (#1033)
• kubectl: fixed security vulnerabilities CVE-2025-47912, CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189 and CVE-2025-61723 for redis-secret-init job (#1040)
• sealed-secrets-controller: fixed security vulnerabilities CVE-2025-47912, CVE-2025-58181, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61727 and CVE-2025-61729 (#1038)

0.26.5

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.5

Chart changes

• fix(codefresh-gitops-operator): security vulnerability CVE-2025-66626 (#1026)

0.26.4

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.4

Chart changes

• fix(codefresh-tunnel-client): security vulnerabilities CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-46394, CVE-2024-58251 (#1025)
• chore: update argocd to v3.2.2 (#1020)

0.26.3

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.3

Chart changes

• fix: security fixes for enrichment images (CVE-2025-64756, CVE-2025-65945, CVE-2025-66031, CVE-2025-12816, CVE-2025-8291, CVE-2025-6075, CVE-2025-12084) (#1012)
• fix: cap-app-proxy SA should get argo-server Role to handle Workflow resources (#1009)
• updated nats-server-config-reloader (#1004)

app-proxy changes

update image to 5f0a3d5

• feat: simplify clusters add/remove logic (#1001)

0.26.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.2

Chart changes

• build: upgrade argo-workflows (#998)

0.26.1

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.1

Chart changes

• chore(CR-31388): updated gitops-operator with security fixes (#983)
• chore: security fixes for k8s client in Argo Rollouts v1.7.2 (#987)
• updated cli-v2 for fixing CVE-2024-25621 "github.com/containerd/containerd" (#994)
• chore(CR-31776): updated cap-app-proxy (#985)

0.26.0

Installation

To install this version of the gitops-runtime Helm chart:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.26.0

---

⚠️ Breaking Changes

This release introduces several significant architectural changes.
Please review carefully before upgrading.

• Transition to OSS Argo CD

  • Completed migration from Codefresh Argo CD fork to official OSS Argo CD
  • All Codefresh-specific Argo CD values removed
  • Review custom Argo CD configurations for upstream compatibility

• Argo Events deprecated

  • All Argo Events resources removed
  • The Argo Events controller has been retained to ensure proper cleanup of any previously deployed Argo Events resources in your cluster

• New Event Reporting Architecture

  • cf-argocd-extras and EventBus (NATS) removed
  • Replaced with:
    • argo-gateway (formerly sources-server)
    • cluster-event-reporter
    • runtime-event-reporter
  • Improves scalability and reliability

• Argo Workflows namespace-scoped by default

• Argo Rollouts disabled by default

• Argo CD auth values relocated to:

global.integrations.argo-cd.server.auth

---

⚠️ Migration Actions

ACR Controller Users – Argo CD Notifications Update (Needs Verification)

Replace:

app.status.operationState.operation.sync.changeRevisionWith

With:

app.status.operationState?.syncResult?.revision

---

Chart Changes

• External Argo CD support via .values.global.integrations
• Telemetry added
• App-Proxy reliability improvements (tini, git timeouts, logs in non-controller namespaces, CORS fix, Kubernetes compatibility fix)
• Dedicated Redis for argo-gateway & event reporters
• Checksum annotations for automatic restarts
• Improved debugging (timestamps + debug flag in gitops-operator)
• Conditional RGS controller registration
• Branch data added to PR info
• Argo CD → OSS 3.2.x
• Sealed Secrets controller updated
• Migration to bitnamilegacy repo
• Security patches for enrichment images, Argo Workflows, Argo Events, and Argo Rollouts

0.25.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.25.2

Chart changes

• chore: fix security vulnerabilities for argo-workflows (#955)