Response To CVE-2019-25210

Thu, Mar 14, 2024

CVE-2019-25210 was recently filed against the Helm project. This action was completed without engaging the Helm project and working through the documented security process and team. The Helm project was given no notice before the disclosure was released which resulted in the inability to provide an appropriate statement beforehand. This post serves as the response from the Helm project. Not A Vulnerability In Helm The Helm project rejects this disclosure’s assertion of a vulnerability within Helm. Read More…

Helm 3.13

Fri, Sep 29, 2023

Helm 3.13 brings some significant and useful changes for Helm users. This ranges from longtime bugs being fixed to some new features that can have an impact on performance. Dry-run & Template Can Connect To Servers The dry-run feature on install and upgrade, and Helm template has not been able to communicate with Kubernetes servers. This is for security and because Helm template was designed for template rendering alone. With Helm 3. Read More…

The Helm OCI MediaTypes

Mon, May 15, 2023

Helm introduced full support for storing charts within OCI registries as a distribution method beginning in version 3.8, and while this feature has been available for some time now, there is more underneath the hood than one may realize to make this capability all possible. A number of concepts, working in unison, make it possible to store content aside from traditional container images within OCI registries. This article will explore one of these important concepts, Media Types, their purpose, and how Helm’s own set of Media Types make it possible to extend the storage of charts beyond standard chart repositories to OCI registries. Read More…

Helm Completes Fuzzing Security Audit

Fri, Mar 31, 2023

In the past year, the team at Ada Logics has worked on integrating continuous fuzzing into the Helm core project. This was an effort focused on improving the security posture of Helm and ensuring a continued good experience for Helm users. The fuzzing integration involved enrolling Helm in the OSS-Fuzz project and writing a set of fuzzers that further enriches the test coverage of Helm. In total, 38 fuzzers were written, and nine bugs were found (with eight fixed so far), demonstrating the work’s value for Helm both short term and long term. Read More…

Karen Chu Joins Helm Org Maintainers

Tue, Jan 11, 2022

The Helm organization is thrilled to introduce Karen Chu as the latest member of the Helm org maintainers. She will be the ninth committee member. Karen has been active in the Helm ecosystem since day one when Rimas, Jack, and I first started the project. She was instrumental in Helm's early branding, organized both of the Helm Summits, and leads Helm's community management team. You may also know her from her Helm-adjacent work as the co-creator of the Illustrated Children's Guide to Kubernetes series or her role as a CNCF ambassador. Read More…

Martin Hickey Joins Helm Org Maintainers

Thu, Jun 24, 2021

Meet Helm's newest org maintainer: Martin Hickey. Martin has been a longtime Helm project maintainer. He was instrumental in the development of Helm 3, and has been one of the most active maintainers on the project. He is also one of the creators of the Helm 2-to-3 migration plugin. This week, the Helm maintainers voted to elect Martin onto the Helm Org Maintainers board. In this new role, Martin will help shape not just Helm, but the many projects that are hosted together with Helm. Read More…