Releases: zarf-dev/zarf
Releases · zarf-dev/zarf
v0.77.0
0.77.0 (2026-05-28)
⚠ BREAKING CHANGES
Features
- allow pulling images by index sha (#4879) (945a26d)
- find-images: 4509 include archives in find image (#4551) (058754e)
- init: prefer injector image without imagePullSecrets (#4935) (e46fa25)
- release: signed init packages (#4934) (158acbc)
- sign: support for keyless signing and offline verification (#4891) (d0b8665)
Bug Fixes
Full Changelog: v0.77.0-rc1...v0.77.0
Verifying Init Packages
The init packages in this release are signed with keyless Sigstore signing. Verify with:
amd64:
zarf package verify zarf-init-amd64-v0.77.0.tar.zst \
--certificate-identity "https://github.com/zarf-dev/zarf/.github/workflows/release.yml@refs/tags/v0.77.0" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com"arm64:
zarf package verify zarf-init-arm64-v0.77.0.tar.zst \
--certificate-identity "https://github.com/zarf-dev/zarf/.github/workflows/release.yml@refs/tags/v0.77.0" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com"See RELEASES.md for details.
v0.77.0-rc1
v0.77.0-rc1
This tag was signed with the committer’s verified signature.
AustinAbro321
Austin Abro
What's Changed
🚀 Updates
- chore(ci): bump action dependencies and pin versions by @brandtkeller in #4904
- chore(deps): limit dependencies in favor of built-ins or core libs by @soltysh in #4901
- chore(deps): bump golang.org/x/(crypto|net|sys) by @soltysh in #4924
- chore: remove [ALPHA] from features by @AustinAbro321 in #4916
- feat(sign): support for keyless signing and offline verification by @brandtkeller in #4891
- feat(find-images): 4509 include archives in find image by @chaospuppy in #4551
- ci(signing): add nightly check for trusted root updates by @brandtkeller in #4933
- feat(release): signed init packages by @brandtkeller in #4934
- feat!: allow pulling images by index sha by @AustinAbro321 in #4879
- fix(signing)!: resolve auth flow for CI environments by @brandtkeller in #4939
- feat(init): prefer injector image without imagePullSecrets by @AustinAbro321 in #4935
📦 Dependencies
- chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 by @dependabot[bot] in #4911
- chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 in the actions-organization group across 1 directory by @dependabot[bot] in #4910
- chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by @dependabot[bot] in #4930
- chore(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 by @dependabot[bot] in #4929
- chore(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 by @dependabot[bot] in #4928
- chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 by @dependabot[bot] in #4927
- chore(deps): bump docker/login-action from 4.1.0 to 4.2.0 by @dependabot[bot] in #4926
Full Changelog: v0.76.0...v0.77.0-rc1
Verifying Init Packages
The init packages in this release are signed with keyless Sigstore signing. Verify with:
amd64:
zarf package verify zarf-init-amd64-v0.77.0-rc1.tar.zst \
--certificate-identity "https://github.com/zarf-dev/zarf/.github/workflows/release.yml@refs/tags/v0.77.0-rc1" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com"arm64:
zarf package verify zarf-init-arm64-v0.77.0-rc1.tar.zst \
--certificate-identity "https://github.com/zarf-dev/zarf/.github/workflows/release.yml@refs/tags/v0.77.0-rc1" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com"See RELEASES.md for details.
Contributors
soltysh, dependabot, and 3 other contributors
Assets 19
v0.76.0
0.76.0 (2026-05-14)
⚠ BREAKING CHANGES
- sign: align signing and verification flags to cosign (#4880)
Features
- add OCI support for Argo CD sources (#4354) (6b54e0a)
- implement import logic for Zarf Values (#4427) (fde1211)
- sign: align signing and verification flags to cosign (#4880) (04fb929)
- values: package inspect values feature support (#4867) (2a3ef1b)
- verify dynamic path fields in package config are clean (#4883) (579ec27)
Bug Fixes
- add cluster timeout cluster.New in dev deploy (#4882) (fe7fc39)
- deploy: scope installedCharts by namespace override (#4873) (6c6ee8c)
- init: skip namespace agent labels when agent is disabled (#4851) (8ed2439)
- variables: file variable substitution alignment (#4866) (a16872c)
What's Changed
🚀 Updates
- chore(main): release 0.76.0 by @zarf-release-please[bot] in #4868
Full Changelog: v0.76.0-rc1...v0.76.0
v0.76.0-rc1
v0.76.0-rc1
This tag was signed with the committer’s verified signature.
brandtkeller
Brandt Keller
What's Changed
🚀 Updates
- ci: speed up windows tests by @AustinAbro321 in #4862
- chore(go): update go version by @brandtkeller in #4864
- fix(variables): file variable substitution alignment by @brandtkeller in #4866
- fix(deploy): scope installedCharts by namespace override by @mjnagel in #4873
- fix(init): skip namespace agent labels when agent is disabled by @rift0nix in #4851
- feat: implement import logic for Zarf Values by @Racer159 in #4427
- test: improve OCI unit testing by @AustinAbro321 in #4876
- feat(values): package inspect values feature support by @brandtkeller in #4867
- fix: add cluster timeout cluster.New in dev deploy by @AustinAbro321 in #4882
- feat: verify dynamic path fields in package config are clean by @AustinAbro321 in #4883
- feat: add OCI support for Argo CD sources by @robinlieb in #4354
- feat(sign)!: align signing and verification flags to cosign by @brandtkeller in #4880
- chore(deps): bump helm to v4.2.0 by @brandtkeller in #4902
📦 Dependencies
- chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 in the actions-organization group by @dependabot[bot] in #4853
- chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 by @dependabot[bot] in #4871
- chore(deps): bump github.com/distribution/distribution/v3 from 3.1.0 to 3.1.1 by @dependabot[bot] in #4874
- chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4 by @dependabot[bot] in #4888
- chore(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 by @dependabot[bot] in #4886
- chore(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 by @dependabot[bot] in #4887
- chore(deps): bump github.com/go-git/go-billy/v5 from 5.8.0 to 5.9.0 by @dependabot[bot] in #4897
New Contributors
Full Changelog: v0.75.1...v0.76.0-rc1
Contributors
Racer159, mjnagel, and 5 other contributors
Assets 19
v0.75.1
0.75.1 (2026-04-30)
Features
- parse multi doc zarf.yaml files (#4827) (44ae0e2)
- stop adding Zarf service default values to state when the service does not exist (#4832) (c4a06fb)
- verfication: trusted root fetch command (#4829) (73825da)
Bug Fixes
- create: built package path separators (#4857) (48574c2)
- ensure zarf say honors no-color (#4850) (f9748d5)
- template: add to dissallowed functions (#4848) (cedec4d)
What's Changed
🚀 Updates
- chore(main): release 0.75.1 by @zarf-release-please[bot] in #4833
Full Changelog: v0.75.1-rc2...v0.75.1
v0.75.1-rc2
v0.75.1-rc2
This tag was signed with the committer’s verified signature.
AustinAbro321
Austin Abro
What's Changed
🚀 Updates
- ci(release): update cosign version by @AustinAbro321 in #4861
Full Changelog: v0.75.1-rc1...v0.75.1-rc2
Contributors
AustinAbro321
Assets 19
v0.75.0
0.75.0 (2026-04-16)
⚠ BREAKING CHANGES
- remove 0.27.0 layout shim (#4826)
- deploy: introduce connected mode (#4685)
- only pull required layers during OCI deploy (#4699)
Features
- deploy: introduce connected mode (#4685) (bb4083d)
- init: adopt arbitrarily named gitea PVC (#4808) (d874d5c)
- tls: support for tls generation with duration (#4769) (1fd32d5)
Bug Fixes
- cache: support for default sdk cache path (#4765) (7b0e330)
- only pull required layers during OCI deploy (#4699) (05a3a36)
- remove 0.27.0 layout shim (#4826) (6106d17)
- verify: deprecate PublicKeyPath in favor of VerifyBlobOptions (#4782) (2e8e58a)
What's Changed
🚀 Updates
- docs: move x-mdx to documentation by @wcrum in #4753
- fix!: only pull required layers during OCI deploy by @AustinAbro321 in #4699
- docs: update CONTRIBUTING to point to the correct slack channel by @leppeK in #4812
- fix(verify): deprecate PublicKeyPath in favor of VerifyBlobOptions by @brandtkeller in #4782
- fix(cache): support for default sdk cache path by @brandtkeller in #4765
- feat(tls): support for tls generation with duration by @brandtkeller in #4769
- feat(deploy)!: introduce connected mode by @AustinAbro321 in #4685
- fix!: remove 0.27.0 layout shim by @AustinAbro321 in #4826
- feat(init): adopt arbitrarily named gitea PVC by @leppeK in #4808
- chore(main): release 0.75.0 by @zarf-release-please[bot] in #4809
📦 Dependencies
- chore(deps): bump github.com/fluxcd/source-controller/api from 1.8.1 to 1.8.2 by @dependabot[bot] in #4798
- chore(deps): bump helm.sh/helm/v4 from 4.1.3 to 4.1.4 by @dependabot[bot] in #4815
- chore(deps): bump defu from 6.1.4 to 6.1.6 in /site by @dependabot[bot] in #4784
- chore(deps): bump vite from 6.4.1 to 6.4.2 in /site by @dependabot[bot] in #4789
- chore(deps): bump lodash and @astrojs/language-server in /site by @dependabot[bot] in #4777
- chore(deps-dev): bump yaml from 2.8.2 to 2.8.3 in /site by @dependabot[bot] in #4750
- chore(deps): bump smol-toml from 1.6.0 to 1.6.1 in /site by @dependabot[bot] in #4748
- chore(deps): bump devalue from 5.6.3 to 5.6.4 in /site by @dependabot[bot] in #4708
- chore(deps-dev): bump undici from 7.18.2 to 7.24.2 in /site by @dependabot[bot] in #4713
- chore(deps): bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 by @dependabot[bot] in #4818
- chore(deps): bump the actions-organization group with 2 updates by @dependabot[bot] in #4817
- chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 in /site by @dependabot[bot] in #4749
- chore(deps): bump github.com/docker/cli from 29.3.1+incompatible to 29.4.0+incompatible by @dependabot[bot] in #4797
- chore(deps): bump lodash-es from 4.17.23 to 4.18.1 in /site by @dependabot[bot] in #4776
Full Changelog: v0.74.2...v0.75.0
Contributors
leppeK, dependabot, and 3 other contributors
Assets 19
v0.74.2
0.74.2 (2026-04-08)
What's Changed
🚀 Updates
- chore(dependencies): update init package registry image from 3.0.0 to 3.1.0 by @AustinAbro321 in #4792
- fix: git host matching by @AustinAbro321 in #4801
- fix: sanitize inspect output path by @AustinAbro321 in #4793
- chore(main): release 0.74.2 by @zarf-release-please[bot] in #4802
📦 Dependencies
- chore(deps): bump github.com/fatih/color from 1.18.0 to 1.19.0 by @dependabot[bot] in #4778
- chore(deps): bump github.com/fluxcd/source-controller/api from 1.8.0 to 1.8.1 by @dependabot[bot] in #4779
- chore(deps): bump actions/setup-go from 6.3.0 to 6.4.0 in the actions-organization group by @dependabot[bot] in #4785
- chore(deps): bump docker/login-action from 4.0.0 to 4.1.0 by @dependabot[bot] in #4786
- chore(deps): bump github.com/moby/moby/client from 0.3.0 to 0.4.0 by @dependabot[bot] in #4787
- chore(deps): bump github.com/distribution/distribution/v3 from 3.0.1-0.20250417064513-e016d9595f53 to 3.1.0 by @dependabot[bot] in #4788
- chore(deps): bump github.com/sigstore/cosign/v3 from 3.0.5 to 3.0.6 by @dependabot[bot] in #4790
- chore(deps): bump github.com/google/go-containerregistry from 0.21.3 to 0.21.4 by @dependabot[bot] in #4791
Full Changelog: v0.74.1...v0.74.2
Contributors
dependabot and AustinAbro321
Assets 19
v0.74.1
0.74.1 (2026-04-02)
Features
- enable plugin support for vender-ed kubectl (#4705) (d812a6b)
- introduce page for schema on docs site (#4732) (1d193d0)
- state: deprecate "nodeport" in registry info in favor of "node" (#4729) (c8dd855)
Bug Fixes
- cache: sbom cachepath existence (#4762) (8785473)
- set transport in
zarf tools registry catalogwhen mtls is enabled (#4728) (b8e38ec) - values with zarf dev find-images (#4734) (78b7202)
What's Changed
🚀 Updates
- fix: set transport in
zarf tools registry catalogwhen mtls is enabled by @AustinAbro321 in #4728 - feat: introduce page for schema on docs site by @AustinAbro321 in #4732
- fix(cache): sbom cachepath existence by @brandtkeller in #4762
- feat(state): deprecate "nodeport" in registry info in favor of "node" by @AustinAbro321 in #4729
- fix: values with zarf dev find-images by @AustinAbro321 in #4734
- feat: enable plugin support for vender-ed kubectl by @a1994sc in #4705
- chore(main): release 0.74.1 by @zarf-release-please[bot] in #4736
📦 Dependencies
- chore(deps): bump h3 from 1.15.5 to 1.15.9 in /site by @dependabot[bot] in #4737
- chore(deps): bump the k8s group across 1 directory with 7 updates by @dependabot[bot] in #4730
- chore(deps): bump the actions-organization group with 2 updates by @dependabot[bot] in #4740
- chore(deps): bump github/codeql-action from 4.32.6 to 4.34.1 by @dependabot[bot] in #4741
- chore(deps): bump codecov/codecov-action from 5.5.2 to 5.5.3 by @dependabot[bot] in #4742
- chore(deps): bump github.com/anchore/syft from 1.42.1 to 1.42.3 by @dependabot[bot] in #4738
- chore(deps): bump astro from 5.16.11 to 5.18.1 in /site by @dependabot[bot] in #4755
- chore(deps): bump codecov/codecov-action from 5.5.3 to 6.0.0 by @dependabot[bot] in #4759
- chore(deps): bump github/codeql-action from 4.34.1 to 4.35.1 by @dependabot[bot] in #4760
- chore(deps): bump github.com/go-git/go-git/v5 from 5.17.0 to 5.17.1 by @dependabot[bot] in #4763
- chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.25.0 to 1.26.0 by @dependabot[bot] in #4757
- chore(deps): bump the cosign-providers group across 1 directory with 4 updates by @dependabot[bot] in #4770
- chore(deps): bump github.com/docker/cli to 29.3.0+incompatible by @dependabot[bot] in #4692
- chore(deps): bump github.com/google/go-containerregistry from 0.21.1 to 0.21.3 by @dependabot[bot] in #4721
- chore(deps): bump github.com/mikefarah/yq/v4 from 4.50.1 to 4.52.5 by @dependabot[bot] in #4758
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.23.1 to 0.23.3 by @dependabot[bot] in #4775
- chore(deps): bump github.com/go-git/go-git/v5 from 5.17.1 to 5.17.2 by @dependabot[bot] in #4773
Full Changelog: v0.74.0...v0.74.1
Contributors
a1994sc, dependabot, and 2 other contributors
Assets 19
v0.74.0
0.74.0 (2026-03-19)
⚠ BREAKING CHANGES
What's Changed
🚀 Updates
- chore(test): update external testing for local development by @brandtkeller in #4638
- chore(deps): update k9s to v0.50.18 by @brandtkeller in #4648
- fix: close leaked file handles in
pull_test.goHTTP handlers by @joonas in #4657 - fix: close chunk file descriptors per iteration in
SplitFileby @joonas in #4656 - feat: add retries on create operations by @mjnagel in #4664
- feat: update kubectl vender logic by @a1994sc in #4676
- feat(connect): create zarf connect resource sub-command by @AustinAbro321 in #4683
- feat(publish): support for tag specification by @brandtkeller in #4641
- test: fix registry flake by @AustinAbro321 in #4700
- feat(state): remove architecture field by @AustinAbro321 in #4701
- fix(deploy)!: override actions wait commands by @brandtkeller in #4531
- fix(agent): support create idempotency for mutation operations by @brandtkeller in #4691
- feat(init): clarify --registry-secret or --registry-url by @bm54cloud in #4694
- feat!: upgrade to Helm 4 by @AustinAbro321 in #4350
- fix: set field manager once during pre-run to avoid data race by @AustinAbro321 in #4707
- docs(install): add conda-forge community install method by @connor-stewarty in #4706
- docs: add 2026 community meeting notes link by @nick-adkins in #4715
- feat(init): enable switching between nodeport and proxy mode by @AustinAbro321 in #4608
- feat: use Zarf Package Config as image config by @AustinAbro321 in #4675
- feat: use legacy Helm wait + reconciliation Healthchecks by @AustinAbro321 in #4720
- feat: stop managing scale down policy in CLI by @AustinAbro321 in #4725
- docs(registry-proxy): describe registry proxy in init package docs by @AustinAbro321 in #4622
- chore(main): release 0.74.0 by @zarf-release-please[bot] in #4682
📦 Dependencies
- chore(deps): bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.0 by @dependabot[bot] in #4677
- chore(deps): bump svgo from 4.0.0 to 4.0.1 in /site by @dependabot[bot] in #4686
- chore(deps): bump dompurify from 3.3.1 to 3.3.2 in /site by @dependabot[bot] in #4689
- chore(deps): bump the actions-organization group with 3 updates by @dependabot[bot] in #4660
- chore(deps): bump github/codeql-action from 4.32.4 to 4.32.6 by @dependabot[bot] in #4696
- chore(deps): bump the actions-organization group with 2 updates by @dependabot[bot] in #4695
- chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 by @dependabot[bot] in #4697
- chore(deps): bump the actions-organization group with 2 updates by @dependabot[bot] in #4714
- chore(deps): bump the golang group across 1 directory with 2 updates by @dependabot[bot] in #4718
- chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 by @dependabot[bot] in #4724
New Contributors
- @bm54cloud made their first contribution in #4694
- @connor-stewarty made their first contribution in #4706
Full Changelog: v0.73.1...v0.74.0
Contributors
joonas, a1994sc, and 7 other contributors