fluxcd/flux2 Release Notes

v2.5.0 (2025-02-20)

## Highlights

Flux v2.5.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release,
please refer to the [Announcing Flux 2.5 GA blog post](https://fluxcd.io/blog/2025/02/flux-v2.5.0/).

Overview of the new features:

- Support for GitHub App authentication (`GitRepository` and `ImageUpdateAutomation` API)
- Custom Health Checks using CEL (`Kustomization` API)
- Fine-grained control of garbage collection (`Kustomization` API)
- Enable decryption of secrets generated by Kustomize components (`Kustomization` API)
- Support for custom event metadata from annotations (`Alert` API)
- Git commit status updates for Flux Kustomizations with OCIRepository sources (`Alert` API)
- Resource filtering using CEL for webhook receivers (`Receiver` API)
- Debug commands for Flux Kustomizations and HelmReleases (Flux CLI)

❤️ Big thanks to all the Flux contributors that helped us with this release!

### Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

| Kubernetes version | Minimum required |
|--------------------|------------------|
| `v1.30`            | `>= 1.30.0`      |
| `v1.31`            | `>= 1.31.0`      |
| `v1.32`            | `>= 1.32.0`      |

> [!NOTE]
> Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
> Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
> [ControlPlane](https://control-plane.io/enterprise-for-flux-cd/) that provide enterprise support for Flux.

### OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using
[Flux Operator](https://operatorhub.io/operator/flux-operator).
The operator allows the configuration of Flux multi-tenancy lockdown, network policies,
persistent storage, sharding, vertical scaling and the synchronization
of the cluster state from Git repositories, OCI artifacts and S3-compatible storage.

## Upgrade procedure

Upgrade Flux from `v2.4.0` to `v2.5.0` by following the [upgrade guide](https://fluxcd.io/flux/installation/upgrade/).

There are no new API versions in this release, so no changes are required in the YAML manifests containing Flux resources.

## Components changelog

- source-controller [v1.5.0](https://github.com/fluxcd/source-controller/blob/v1.5.0/CHANGELOG.md)
- kustomize-controller [v1.5.0](https://github.com/fluxcd/kustomize-controller/blob/v1.5.0/CHANGELOG.md)
- notification-controller [v1.5.0](https://github.com/fluxcd/notification-controller/blob/v1.5.0/CHANGELOG.md)
- helm-controller [v1.2.0](https://github.com/fluxcd/helm-controller/blob/v1.2.0/CHANGELOG.md)
- image-reflector-controller [v0.34.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.34.0/CHANGELOG.md)
- image-automation-controller [v0.40.0](https://github.com/fluxcd/image-automation-controller/blob/v0.40.0/CHANGELOG.md)

## CLI Changelog

- PR #5204 - @stefanprodan - Update kubectl in flux-cli image
- PR #5203 - @stefanprodan - Update flux-cli image
- PR #5200 - @stefanprodan - Update Kubernetes min supported version to 1.30
- PR #5199 - @matheuscscp - Update integration tests dependencies for Flux 2.5
- PR #5195 - @fluxcdbot - Update toolkit components
- PR #5192 - @fluxcdbot - Update toolkit components
- PR #5190 - @dependabot[bot] - build(deps): bump github.com/distribution/distribution/v3 from 3.0.0-rc.2 to 3.0.0-rc.3
- PR #5188 - @matheuscscp - Upgrade pkg/runtime
- PR #5187 - @stefanprodan - Update conformance test suite
- PR #5181 - @dependabot[bot] - build(deps): bump the ci group across 1 directory with 13 updates
- PR #5176 - @YvanGuidoin - fix: align `flux diff` skipping with kustomize-controller
- PR #5175 - @stefanprodan - Update dependencies
- PR #5151 - @stefanprodan - [RFC-0009] Custom Health Checks using CEL expressions
- PR #5146 - @sjorsholtrop-ritense - Improve "flux resume" error message on non-existent object
- PR #5142 - @matheuscscp - Fix create command always using imageRepositoryType
- PR #5137 - @scottrigby - Add OpenShift 4.16 & 4.17 to conformance testing
- PR #5117 - @stefanprodan - Implement `flux debug kustomization` command
- PR #5114 - @stefanprodan - Update dependencies to Kubernetes 1.32.0 and Go 1.23.0
- PR #5111 - @stefanprodan - Run conformance tests for Kubernetes 1.32.0
- PR #5107 - @darkowlzz - workflows: Use setup-terraform to install latest
- PR #5106 - @stefanprodan - Implement `flux debug helmrelease` command
- PR #5105 - @stefanprodan - Update `fluxcd/pkg` dependencies
- PR #5104 - @dependabot[bot] - build(deps): bump the ci group across 1 directory with 11 updates
- PR #5103 - @dipti-pai - [RFC-007] Flux cli support for GitHub app authentication
- PR #5099 - @bkreitch - fix misplaced quotes
- PR #5073 - @mloskot - docs: Mention Flux upgrade guide in release notes
- PR #5071 - @milas - fix: skip remote Kustomizations on recursive diff
- PR #5068 - @h3nryc0ding - fix(cli): confusing error message for missing kind
- PR #5060 - @jdewinne - Use replicated-actions in conformance tests

v2.4.0 (2024-09-30)

## Highlights

Flux v2.4.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a comprehensive overview of new features and API changes included in this release, please refer to the [Announcing Flux 2.4 GA blog post](https://fluxcd.io/blog/2024/09/flux-v2.4.0/).

This release marks the General Availability (GA) of Flux Bucket API. The `Bucket` v1 API comes with new features including: proxy support, mTLS and custom STS configuration for AWS S3 and MinIO LDAP authentication.

The `GitRepository` v1 API gains support for OIDC authentication. Starting with this version, you can authenticate against Azure DevOps repositories using AKS Workload Identity.

The `OCIRepository` v1beta2 API gains support for proxy configuration thus allowing dedicated HTTP/S Proxy authentication on multi-tenant Kubernetes clusters.

The `HelmRelease` v2 API gains support for disabling JSON schema validation of the Helm release values during installation and upgrade. And allows adopting existing Kubernetes resources during Helm release installation.

The Flux controllers are now built with Go 1.23 and their dependencies have been updated to Kubernetes 1.31, Helm 3.16, SOPS 3.9 Cosign 2.4 and Notation 1.2.

❤️ Big thanks to all the Flux contributors that helped us with this release!

### Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

| Kubernetes version | Minimum required |
|--------------------|------------------|
| `v1.29`            | `>= 1.29.0`      |
| `v1.30`            | `>= 1.30.0`      |
| `v1.31`            | `>= 1.31.0`      |

> [!NOTE]
> Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
> Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
> [ControlPlane](https://control-plane.io/enterprise-for-flux-cd/) that provide enterprise support for Flux.

### OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using [Flux Operator](https://operatorhub.io/operator/flux-operator). 
The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts and S3-compatible storage.

## API changes

### Bucket v1

The [Bucket](https://fluxcd.io/flux/components/source/buckets/) kind was promoted from v1beta2 to v1 (GA).

The v1 API is backwards compatible with v1beta2.

New fields:

- `.spec.proxySecretRef` allows configuring HTTP/S Proxy authentication for the S3-compatible storage service.
- `.spec.certSecretRef` allows custom TLS client certificate and CA for secure communication with the S3-compatible storage service.
- `.spec.sts` allows custom STS configuration for AWS S3 and MinIO LDAP authentication.

### GitRepository v1

The [GitRepository](https://fluxcd.io/flux/components/source/gitrepositoies/) kind gains new optional fields with no breaking changes.

New fields:

- `.spec.provider` allows specifying an OIDC provider used for authentication purposes. Currently, only the `azure` provider is supported.

### OCIRepository v1beta2

The [OCIRepository](https://fluxcd.io/flux/components/source/ocirepositoies/) kind gains new optional fields with no breaking changes.

New fields:

- `.spec.proxySecretRef` allows configuring HTTP/S Proxy authentication for the container registry service.

### HelmRelease v2

The [HelmRelease](https://fluxcd.io/flux/components/helm/helmreleases/) kind gains new optional fields with no breaking changes.

New fields:

- `.spec.install.disableSchemaValidation` allows  disabling the JSON schema validation of the Helm release values during installation.
- `.spec.upgrade.disableSchemaValidation` allows  disabling the JSON schema validation of the Helm release values during upgrade.

## Upgrade procedure

Upgrade Flux from `v2.3.0` to `v2.4.0` either by [rerunning bootstrap](https://fluxcd.io/flux/installation/#bootstrap-upgrade) or by using the [Flux GitHub Action](https://github.com/fluxcd/flux2/tree/main/action).

To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

1. Set  `apiVersion: source.toolkit.fluxcd.io/v1` in the YAML files that contain `Bucket` definitions.
2. Commit, push and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually.
It is advised to not delay this procedure as the deprecated versions will be removed after 6 months.

## Components changelog

- source-controller [v1.4.0](https://github.com/fluxcd/source-controller/blob/v1.4.0/CHANGELOG.md) [v1.4.1](https://github.com/fluxcd/source-controller/blob/v1.4.1/CHANGELOG.md)
- kustomize-controller [v1.4.0](https://github.com/fluxcd/kustomize-controller/blob/v1.4.0/CHANGELOG.md)
- notification-controller [v1.4.0](https://github.com/fluxcd/notification-controller/blob/v1.4.0/CHANGELOG.md)
- helm-controller [v1.1.0](https://github.com/fluxcd/helm-controller/blob/v1.1.0/CHANGELOG.md)
- image-reflector-controller [v0.33.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.33.0/CHANGELOG.md)
- image-automation-controller [v0.39.0](https://github.com/fluxcd/image-automation-controller/blob/v0.39.0/CHANGELOG.md)

### New Documentation

- [Bucket v1 specification](https://fluxcd.io/flux/components/source/buckets/)
- [Azure DevOps OIDC auth configuration](https://fluxcd.io/flux/components/source/gitrepositories/#provider)

## CLI Changelog

- PR #5014 - @stefanprodan - Update Kubernetes dependencies to v1.31.1
- PR #5011 - @stefanprodan - Remove TLS deprecated flags from `flux create secret`
- PR #5010 - @stefanprodan - Add `flux create secret proxy` command
- PR #5009 - @stefanprodan - Add `--proxy-secret-ref` to `flux create source` commands
- PR #5008 - @stefanprodan - Promote `bucket` commands to GA
- PR #5007 - @stefanprodan - Run conformance tests for Kubernetes 1.29-1.31
- PR #5005 - @fluxcdbot - Update toolkit components
- PR #5004 - @fluxcdbot - Update source-controller to v1.4.1
- PR #4986 - @dipti-pai - [RFC-0007] Add `--provider` flag to `flux create source git`
- PR #4970 - @JasonTheDeveloper - Update notaryproject/notation-go to 1.2.1
- PR #4967 - @mxtw - tests: use tempdir to avoid manual gc
- PR #4959 - @stefanprodan - Fix GitHub bootstrap for repositories with custom properties 
- PR #4948 - @harshitasao - fix: fixed GHA token-permission and pinned dependencies issue
- PR #4939 - @bkreitch - Recursively diff Kustomizations
- PR #4936 - @stefanprodan - Build with Go 1.23
- PR #4934 - @stefanprodan - Update dependencies to Kubernetes v1.31.0
- PR #4922 - @bkreitch - Stop spinner on cancel of flux diff kustomization
- PR #4918 - @matheuscscp - Fix reconcile helmrelease command description
- PR #4892 - @stefanprodan - Run conformance tests for Kubernetes v1.31
- PR #4871 - @harshitasao - changed the scorecard badge link to the standard format
- PR #4866 - @nagyv - Introduce visibility flag for bootstrap gitlab
- PR #4863 - @stefanprodan - Update conformance tests to Kubernetes v1.30.2
- PR #4845 - @stefanprodan - Run ARM64 e2e tests on GitHub runners
- PR #4842 - @stefanprodan - Add `part-of` label to controllers base
- PR #4835 - @stefanprodan - ci: Adapt config to GoRelease v2
- PR #4806 - @dipti-pai - [RFC] Passwordless authentication for Git repositories

v2.3.0 (2024-05-13)

## Highlights

Flux v2.3.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a comprehensive overview of new features and API changes included in this release, please refer to the [Announcing Flux 2.3 GA blog post](https://fluxcd.io/blog/2024/05/flux-v2.3.0/).

This release marks the General Availability (GA) of Flux Helm features and APIs, including helm-controller, the `HelmRelease`, `HelmChart`, and `HelmRepository` APIs.

The `HelmRepository` v2 API comes with new features, such as the ability to reference Helm charts from `OCIRepository` sources, reuse existing `HelmChart` resources, and verify the integrity of Helm chart artifacts signed with Notary Notation.

❤️ Big thanks to all the Flux contributors that helped us with this release!

### Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

| Kubernetes version | Minimum required |
|--------------------|------------------|
| `v1.28`            | `>= 1.28.0`      |
| `v1.29`            | `>= 1.29.0`      |
| `v1.30`            | `>= 1.30.0`      |

> [!NOTE]
> Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
> Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
> [ControlPlane](https://control-plane.io/enterprise-for-flux-cd/) that provide enterprise support for Flux.

## API changes

### HelmRelease v2

The [HelmRelease](https://fluxcd.io/flux/components/helm/helmreleases/) kind was promoted from v2beta2 to v2 (GA).

The v2 API is backwards compatible with v2beta2, with the exception of the deprecated fields which have been removed.

Removed fields:

- `.spec.chart.spec.valuesFile` replaced by `.spec.chart.spec.valuesFiles`.
- `.spec.postRenderers.kustomize.patchesJson6902` replaced by `.spec.postRenderers.kustomize.patches`.
- `.spec.postRenderers.kustomize.patchesStrategicMerge` replaced by `.spec.postRenderers.kustomize.patches`.
- `.status.lastAppliedRevision` replaced by `.status.history.chartVersion`.

New fields:

- `.spec.chartRef` allows referencing chart artifacts from `OCIRepository` and `HelmChart` objects.
- `.spec.chart.spec.ignoreMissingValuesFiles` allows ignoring missing values files instead of failing to reconcile.

### HelmChart v1

The [HelmChart](https://fluxcd.io/flux/components/source/helmcharts/) kind was promoted from v1beta2 to v1 (GA).

The v1 API is backwards compatible with v1beta2, with the exception of the deprecated fields which have been removed.

Removed fields:

- `.spec.valuesFile` replaced by `.spec.chart.valuesFiles`.

New fields:

- `.spec.ignoreMissingValuesFiles` allows ignoring missing values files instead of failing to reconcile.
- `.spec.verify.provider: notation` verify the signature of a Helm OCI artifacts using Notation trust policy and CA certificate.

### HelmRepository v1

The [HelmRepository](https://fluxcd.io/flux/components/source/helmrepositories/) kind was promoted from v1beta2 to v1 (GA).

The v1 API is backwards compatible with v1beta2.

### OCIRepository v1beta2

The [OCIRepository](https://fluxcd.io/flux/components/source/ocirepositoies/) kind gains new optional fields with no breaking changes.

New fields:

- `.spec.ref.semverFilter` allows filtering the tags based on regular expressions before applying the semver range.
- `.spec.verify.provider: notation` verify the signature of OCI artifacts using Notation trust policy and CA certificate.

### Kustomization v1

The Flux [Kustomization](https://fluxcd.io/flux/components/kustomize/kustomizations/) kind gains new optional fields with no breaking changes.

New fields:

- `.spec.namePrefix` allows setting a name prefix for the generated resources.
- `.spec.nameSuffix` allows setting a name suffix for the generated resources.

### ImageUpdateAutomation v1beta2

The [ImageUpdateAutomation](https://fluxcd.io/flux/components/image/imageupdateautomations/) kind was promoted from v1beta1 to v1beta2.

The v1beta2 API is backwards compatible with v1beta1.

Deprecated fields:

- `Updated` template data has been deprecated in favour of `Changed` that is designed to accommodate for all the types of updates made.

New fields:

- `.spec.policySelector` allows filtering `ImagePolicy` based on labels.

### Receiver v1

The [Receiver](https://fluxcd.io/flux/components/notification/receivers/) kind gains new optional fields with no breaking changes.

New fields:

- `.spec.type: cdevents` allows receiving, validating and filtering of CDEvents.

## Upgrade procedure

Upgrade Flux from `v2.x` to `v2.3.0` either by [rerunning bootstrap](https://fluxcd.io/flux/installation/#bootstrap-upgrade) or by using the [Flux GitHub Action](https://github.com/fluxcd/flux2/tree/main/action).

For more details, please refer to the upgrade guide from the [Announcing Flux 2.3 GA blog post](https://fluxcd.io/blog/2024/05/flux-v2.3.0/#installing-or-upgrading-flux).

## Components changelog

- source-controller [v1.3.0](https://github.com/fluxcd/source-controller/blob/v1.3.0/CHANGELOG.md)
- kustomize-controller [v1.3.0](https://github.com/fluxcd/kustomize-controller/blob/v1.3.0/CHANGELOG.md)
- notification-controller [v1.3.0](https://github.com/fluxcd/notification-controller/blob/v1.3.0/CHANGELOG.md)
- helm-controller [v1.0.0](https://github.com/fluxcd/helm-controller/blob/v1.0.0/CHANGELOG.md) [v1.0.1](https://github.com/fluxcd/helm-controller/blob/v1.0.1/CHANGELOG.md)
- image-reflector-controller [v0.32.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.32.0/CHANGELOG.md)
- image-automation-controller [v0.38.0](https://github.com/fluxcd/image-automation-controller/blob/v0.38.0/CHANGELOG.md)

### New Documentation

- [HelmRelease v2 specification](https://fluxcd.io/flux/components/helm/helmreleases/)
- [ImageUpdateAutomation v1beta2 specification](https://fluxcd.io/flux/components/image/imageupdateautomations/)
- [Oracle VBS bootstrap guide](https://fluxcd.io/flux/installation/bootstrap/oracle-vbs-git-repositories/)
- [Azure DevOps bootstrap guide for SSH RSA SHA-2](https://fluxcd.io/flux/installation/bootstrap/azure-devops/#bootstrap-using-ssh-keys)
- [OpenShift installation guide and SCC configuration](https://fluxcd.io/flux/installation/configuration/openshift/)
- [Air-gapped installation guide for private container registries](https://fluxcd.io/flux/installation/configuration/air-gapped/#bootstrap-flux-and-authenticate-to-a-private-container-registry)
- [Bootstrap with Terraform examples](https://github.com/fluxcd/terraform-provider-flux/tree/main/examples)
- [Flux hub-and-spoke example repository](https://github.com/fluxcd/flux2-hub-spoke-example)
- [Flux CD Architecture Overview blog post](https://control-plane.io/posts/fluxcd-architecture-overview/)

## CLI Changelog

- PR #4783 - @stefanprodan - ci: Consolidate conformance tests
- PR #4781 - @stefanprodan - Set Kubernetes 1.28 as min required version
- PR #4780 - @stefanprodan - Update helm-controller to v1.0.1
- PR #4779 - @fluxcdbot - Update toolkit components
- PR #4778 - @darkowlzz - tests/integration: Run flux check after installation
- PR #4777 - @stefanprodan - Add k3s to the conformance test suite
- PR #4775 - @stefanprodan - Update `HelmRelease` API to v2 (GA)
- PR #4773 - @makkes - Add `(create|delete|export) source chart` commands
- PR #4771 - @matheuscscp - Add 2.3.x release label
- PR #4770 - @stefanprodan - Update Flux architecture diagram
- PR #4769 - @frekw - Add `--reproducible` flag to `flux push artifact`
- PR #4768 - @stefanprodan - Improve end-to-end test workflow
- PR #4766 - @souleb - Add support for HelmRelease v2 in `flux reconcile` and `flux create`
- PR #4764 - @stefanprodan - ci: Adapt image automation test to v1beta2
- PR #4759 - @stefanprodan - Update Helm Source APIs to v1 (GA) 
- PR #4754 - @stefanprodan - Add `--ssh-hostkey-algos` flag to bootstrap command
- PR #4747 - @stefanprodan - Update dependencies to Kubernetes 1.30
- PR #4746 - @swade1987 - Specifying go version in setup-go github action.
- PR #4736 - @dependabot[bot] - build(deps): bump the ci group with 4 updates
- PR #4735 - @JasonTheDeveloper - feat(secret): add create notation secret handler
- PR #4734 - @stefanprodan - Run conformance tests for Kubernetes 1.30.0
- PR #4729 - @stefanprodan - Add OpenShift to the conformance test suite
- PR #4728 - @toomaj - bootstrap: Add support for Git HTTP/S authorization header
- PR #4727 - @makkes - Add flags for issuer/subject OCI signature verification
- PR #4717 - @hawwwdi - Set `GOMAXPROCS` and `GOMEMLIMIT` to all Flux controllers
- PR #4710 - @stefanprodan - Add `flux envsubst` command
- PR #4709 - @stefanprodan - Add `--strict-substitute` flag to `flux build ks` and `flux diff ks` 
- PR #4706 - @stefanprodan - Add `--registry-creds` flag to bootstrap and install commands
- PR #4705 - @stefanprodan - Update dependencies to Kustomize v5.4.0
- PR #4701 - @fluxcdbot - Update toolkit components
- PR #4699 - @stefanprodan - Update dependencies to Go 1.22 and Kubernetes 1.29.3
- PR #4689 - @makkes - Pin envtest version
- PR #4687 - @carlpett - Add permissions required for flow control
- PR #4678 - @darkowlzz - Update `ImageUpdateAutomation` API to v1beta2
- PR #4666 - @stefanprodan - Mark RFC-0006 as implementable
- PR #4657 - @stefanprodan - ci: Include all go modules in snyk testing
- PR #4654 - @stefanprodan - Remove deprecated e2e tests
- PR #4629 - @rishinair11 - Fix a typo in `--force` flag description
- PR #4620 - @stefanprodan - Update Equinix ARM64 GitHub runners
- PR #4610 - @takp - Fix typo in build.go
- PR #4589 - @stefanprodan - Update dependencies
- PR #4583 - @fluxcdbot - Update toolkit components
- PR #4575 - @stefanprodan - Update dependencies to Kubernetes v1.28.6
- PR #4558 - @twinguy - `flux check` should error on unrecognised args
- PR #4557 - @twinguy - `flux stats` should error on unrecognised args
- PR #4553 - @twinguy - Properly detect unexpected arguments during uninstall
- PR #4534 - @adamkenihan - [RFC-0006] Flux-CDEvent Receiver

v2.2.3 (2024-02-05)

## Highlights

Flux v2.2.3 is a patch release which comes with various fixes and improvements. Users are encouraged to upgrade for the best experience.

:bulb: For upgrading to Flux v2.2, please see [the procedure documented in 2.2.0](https://github.com/fluxcd/flux2/releases/tag/v2.2.0).

This release updates the Kubernetes dependencies to v1.28.6 and various other dependencies to their latest version to patch upstream CVEs.

All controllers are built with Go 1.21.6 using Alpine Linux 3.19.1 base image.

> [!NOTE]
> Due to breaking changes in [Helm v3.14.0](https://github.com/helm/helm/releases/tag/v3.14.0), the helm-controller version included in this patch release comes with Helm SDK v3.13.3.
> A preview build of the helm-controller with the latest Helm SDK is available at [helm-controller#879](https://github.com/fluxcd/helm-controller/pull/879).

Fixes:

- Reconciling empty directories and directories without Kubernetes manifests no longer results in an error. This regressing bug was introduced with the kustomize-controller upgrade to Kustomize v5.3 and has been fixed in this patch release.
- The regression due to which `Roles` and `ClusterRoles` with aggregated roles were continuous reconciled by kustomize-controller has been fixed.
- Fix the Git revision displaying when notification-controller sends alerts to Grafana.
- The HelmRelease status reporting has been improved by ensuring that the stale failure conditions get updated after failure recovery.

See the components changelog for a full list of bug fixes.

## Components changelog

- source-controller [v1.2.4](https://github.com/fluxcd/source-controller/blob/v1.2.4/CHANGELOG.md)
- kustomize-controller [v1.2.2](https://github.com/fluxcd/kustomize-controller/blob/v1.2.2/CHANGELOG.md)
- notification-controller [v1.2.4](https://github.com/fluxcd/notification-controller/blob/v1.2.4/CHANGELOG.md)
- helm-controller [v0.37.4](https://github.com/fluxcd/helm-controller/blob/v0.37.4/CHANGELOG.md)
- image-reflector-controller [v0.31.2](https://github.com/fluxcd/image-reflector-controller/blob/v0.31.2/CHANGELOG.md)
- image-automation-controller [v0.37.1](https://github.com/fluxcd/image-automation-controller/blob/v0.37.1/CHANGELOG.md)

## CLI Changelog

- PR #4589 - @stefanprodan - Update dependencies
- PR #4585 - @dependabot[bot] - build(deps): bump the ci group with 3 updates
- PR #4583 - @fluxcdbot - Update toolkit components
- PR #4575 - @stefanprodan - Update dependencies to Kubernetes v1.28.6
- PR #4573 - @dependabot[bot] - build(deps): bump the ci group with 5 updates
- PR #4558 - @twinguy - `flux check` should error on unrecognised args
- PR #4557 - @twinguy - `flux stats` should error on unrecognised args
- PR #4554 - @dependabot[bot] - build(deps): bump the ci group with 3 updates
- PR #4553 - @twinguy - Properly detect unexpected arguments during uninstall
- PR #4535 - @dependabot[bot] - build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7
- PR #4533 - @darkowlzz - tests/int: Add separate resource cleanup step

v2.2.0 (2023-12-12)

## Highlights

Flux v2.2.0 is a feature release. Users are encouraged to upgrade for the best experience.

The Flux CLI and controllers have been updated to Kustomize v5.3.0 and Kubernetes v1.28.4.

Flux helm-controller's reconciliation model underwent a significant overhaul, addressing persistent issues such as the automatic recovery of releases stuck in a pending state. In addition, it improves the observability of the release status, and it introduces the ability to enable drift detection on a per-object basis. For more details on the helm-controller improvements, please see the [Announcing Flux 2.2 GA blog post](https://fluxcd.io/blog/2023/12/flux-v2.2.0/).

The Flux CLI can now be used to force or reset the reconciliation state of a `HelmRelease` v2beta2 object using `flux reconcile hr --force` and `flux reconcile hr --reset`.

Flux CLI comes with support for bootstrapping [Gitea](https://fluxcd.io/flux/installation/bootstrap/gitea/) repositories and adds guardrails to `flux install` and `flux bootstrap` to protect users from destructive operations. The `flux version` and `flux check` commands now print the Flux distribution version deployed on the cluster.

The Flux alerting capabilities have been extended with [NATS](https://fluxcd.io/flux/components/notification/provider/#nats) and [Bitbucket Server & Data Center](https://fluxcd.io/flux/components/notification/provider/#bitbucket-serverdata-center) support.

Starting with this release, Flux minor versions are benchmark to measure the Mean Time To Production (MTTP). The results for this version can be found at
[github.com/fluxcd/flux-benchmark](https://github.com/fluxcd/flux-benchmark/blob/main/RESULTS.md#flux-v220).

:heart: Big thanks to all the Flux contributors that helped us with this release!

### Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

| Kubernetes version | Minimum required |
|--------------------|------------------|
| `v1.26`            | `>= 1.26.0`      |
| `v1.27`            | `>= 1.27.1`      |
| `v1.28`            | `>= 1.28.0`      |

Note that Flux may work on older versions of Kubernetes e.g. 1.25, but we don't recommend running end-of-life versions in production nor do we offer support for these versions.

## API changes

### HelmRelease v2beta2

The [HelmRelease](https://fluxcd.io/flux/components/helm/helmreleases/) kind was promoted from v2beta1 to v2beta2.

The v2beta2 API is backwards compatible with v2beta1, the v2beta1 API is deprecated and will be removed in a future release.

Deprecated fields:

- The `.patchesStrategicMerge` and `.patchesJson6902` Kustomize post-rendering fields have been deprecated in favor of `.patches`.
- The `.status.lastAppliedRevision` and `.status.lastReleaseRevision` fields have been deprecated in favor of `.status.history`.
- The `.status.lastAttemptedValuesChecksum` has been deprecated in favor of `.status.lastAttemptedConfigDigest`.

New fields:

- Drift detection and correction is now enabled on a per-release basis using the `.spec.driftDetection.mode` field.
- Ignoring specific fields during drift detection and correction is now supported using the `.spec.driftDetection.ignore`
- Helm tests can now be selectively run using the `.spec.test.filters` field.
- A history of metadata from Helm releases up to the previous successful release is now available in the `.status.history` field. This includes any Helm test results when enabled.
- The `.status.lastHandledForceAt` and `.status.lastHandledResetAt` fields have been introduced to track the last time a force upgrade or reset was handled.

### Alert and Provider v1beta3

The [Alert](https://fluxcd.io/flux/components/notification/alerts/) and [Provider](https://fluxcd.io/flux/components/notification/providers/) kinds were promoted from v1beta2 to v1beta3.

The v1beta3 API is backwards compatible with v1beta2, the `.status` field was removed making the resources static objects. Any errors encountered while sending notifications are now recorded as Kubernetes Events associated with the Alert objects.

### Bucket v1beta2

A new field, `.spec.prefix`, has been added to the [Bucket](https://fluxcd.io/flux/components/source/buckets/) API, which enables server-side filtering of files if the object's `.spec.provider` is set to `generic`, `aws` or `gcp`.

### OCIRepository and HelmChart v1beta2

Two new fields, `.spec.verify.matchOIDCIdentity.issuer` and `.spec.verify.matchOIDCIdentity.subject` have been added to the [HelmChart](https://fluxcd.io/flux/components/source/helmcharts/) and [OCIRepository](https://fluxcd.io/flux/components/source/ocirepositories/) APIs. If the image has been keylessly signed via Cosign, these fields can be used to verify the OIDC issuer of the Fulcio certificate and the
OIDC identity's subject respectively.

### HelmRepository and ImageRepository v1beta2

A new boolean field, `.spec.insecure`, has been introduced to the
[HelmRepository](https://fluxcd.io/flux/components/source/helmrepositories/) and [ImageRepository](https://fluxcd.io/flux/components/image/imagerepositories/) APIs, which allows connecting to a non-TLS HTTP container registry. For HelmRepositories it is only considered if the object's `.spec.type` is set to `oci`.

From this release onwards, HelmRepository objects of type OCI are treated as static objects, i.e. they have an empty status.

## Upgrade procedure

Upgrade Flux from `v2.x` to `v2.2.0` either by [rerunning bootstrap](https://fluxcd.io/flux/installation/#bootstrap-upgrade) or by using the [Flux GitHub Action](https://github.com/fluxcd/flux2/tree/main/action).

To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

1. Set  `apiVersion: helm.toolkit.fluxcd.io/v2beta2` in the YAML files that contain `HelmRelease` definitions.
2. Set  `apiVersion: notification.toolkit.fluxcd.io/v1beta3` in the YAML files that contain `Alert` and `Provider` definitions.
3. Commit, push and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually. It is advised to not delay this procedure as the deprecated versions will be removed after 6 months.

### New Documentation

- [HelmRelease v2beta2 specification](https://fluxcd.io/flux/components/helm/helmreleases/)
- [Enable in-memory kustomize builds guide](https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-in-memory-kustomize-builds)

## Components changelog

- source-controller [v1.2.2](https://github.com/fluxcd/source-controller/blob/v1.2.2/CHANGELOG.md)
- kustomize-controller [v1.2.0](https://github.com/fluxcd/kustomize-controller/blob/v1.2.0/CHANGELOG.md)
- notification-controller [v1.2.2](https://github.com/fluxcd/notification-controller/blob/v1.2.2/CHANGELOG.md)
- helm-controller [v0.37.0](https://github.com/fluxcd/helm-controller/blob/v0.37.0/CHANGELOG.md)
- image-reflector-controller [v0.31.1](https://github.com/fluxcd/image-reflector-controller/blob/v0.31.1/CHANGELOG.md)
- image-automation-controller [v0.37.0](https://github.com/fluxcd/image-automation-controller/blob/v0.37.0/CHANGELOG.md)

## CLI Changelog

- PR #4467 - @stefanprodan - Drop support for Kubernetes EOL versions
- PR #4465 - @stefanprodan - build: Update alpine and kubectl in flux-cli image
- PR #4464 - @souleb - Update go-git-providers to v0.19.2
- PR #4463 - @stefanprodan - Update Git dependencies
- PR #4461 - @fluxcdbot - Update toolkit components
- PR #4455 - @chewong - Fix typos in flux bootstrap documentation
- PR #4454 - @fluxcdbot - Update toolkit components
- PR #4437 - @stefanprodan - Add force and reset flags to `flux reconcile hr`
- PR #4433 - @darkowlzz - Update Helm OCI RFC - static HelmRepository design
- PR #4424 - @somtochiama - Show distribution name in flux check and flux version
- PR #4422 - @somtochiama -  bootstrap: More details for `context deadline exceeded` error
- PR #4416 - @stefanprodan - Update dependencies to Kubernetes v1.28
- PR #4409 - @somtochiama - Make events cmd work well with lowercased and only kind selector
- PR #4404 - @VinGarcia - Fix flux install command so it returns an error when unexpected arguments are passed
- PR #4402 - @mclarke47 - fix build_artifact.go typo
- PR #4388 - @stefanprodan - [RFC-0003] OIDC identity matching for keyless verification
- PR #4382 - @darkowlzz - tests/int: Set exit code 1 on tf destroy fail
- PR #4380 - @hiddeco - Tweak permissions on created files
- PR #4355 - @somtochiama - Confirm before overriding installation by another manager
- PR #4345 - @somtochiama - Prevent `flux install` from overriding bootrapped cluster
- PR #4332 - @matheuscscp - Add CLI flags for OCIRepository signature verification
- PR #4329 - @hiddeco - Address various issues throughout code base
- PR #4324 - @somtochiama - bootstrap: Fix error msg when the Git token doesn't match the repo owner
- PR #4323 - @stefanprodan - e2e: Update Go dependencies
- PR #4317 - @Jaykul - Correct "sync" to "component" in log lines
- PR #4313 - @fluxcdbot - Update toolkit components
- PR #4311 - @darkowlzz - Check readiness of Flux kinds using kstatus
- PR #4298 - @darkowlzz - Add support for HelmRepo OCI and NC v1beta3 static objects
- PR #4296 - @Skarlso - fix: only wait for changeset if the result is not empty
- PR #4285 - @matheuscscp - Add badge for SLSA Level 3
- PR #4284 - @errordeveloper - Make `flux pull` work for OCI artifacts produced by other tools
- PR #4270 - @Azhovan - feat: add bootstrap gitea command
- PR #4255 - @hiddeco - tests/azure: update controller dependencies
- PR #4251 - @fluxcdbot - Update toolkit components
- PR #4238 - @makkes - Upgrade github.com/fluxcd/pkg/{git,git/gogit}
- PR #4233 - @sonbui00 - chore: remove support armv6h for aur package
- PR #4228 - @sonbui00 - Improve AUR package templates
- PR #4226 - @somtochiama - Update description of kubeconfig specific flag
- PR #4198 - @makkes - Add 2.1.x backport label
- PR #4197 - @stefanprodan - Fix links to fluxcd.io

v2.1.1 (2023-09-19)

## Highlights

Flux `v2.1.1` is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience. 

### Fixes

- Use auto lookup strategy for Buckets to widen support for S3-compatible object storage services (`source-controller`).
- Fix Secret type check for HelmRepositories TLS certs referred in `.spec.secretRef` (`source-controller`).
- Fix the branch name reporting when the push branch is the same as the checkout branch (`image-automation-controller`).
- Restore Helm logs inclusion in failure events (`helm-controller`).
- Fix the impersonation of the default service account when diffing HelmReleases (`helm-controller`).
- Check source for `nil` artifact before loading Helm charts (`helm-controller`).
- Update the description of Kubernetes specific flag to distinguish them from Flux bootstrap flags (`flux` CLI).

## Components changelog

- source-controller [v1.1.1](https://github.com/fluxcd/source-controller/blob/v1.1.1/CHANGELOG.md)
- helm-controller [v0.36.1](https://github.com/fluxcd/helm-controller/blob/v0.36.1/CHANGELOG.md)
- image-automation-controller [v0.36.1](https://github.com/fluxcd/image-automation-controller/blob/v0.36.1/CHANGELOG.md)

## CLI Changelog

- PR #4255 - @hiddeco - tests/azure: update controller dependencies
- PR #4251 - @fluxcdbot - Update toolkit components
- PR #4246 - @dependabot[bot] - build(deps): bump the ci group with 4 updates
- PR #4238 - @makkes - Upgrade github.com/fluxcd/pkg/{git,git/gogit}
- PR #4233 - @sonbui00 - chore: remove support armv6h for aur package
- PR #4228 - @sonbui00 - Improve AUR package templates
- PR #4227 - @dependabot[bot] - build(deps): bump the ci group with 3 updates
- PR #4226 - @somtochiama - Update description of kubeconfig specific flag
- PR #4222 - @dependabot[bot] - build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/integration
- PR #4221 - @dependabot[bot] - build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/azure
- PR #4215 - @dependabot[bot] - build(deps): bump the ci group with 4 updates
- PR #4213 - @dependabot[bot] - build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in /tests/integration
- PR #4212 - @dependabot[bot] - build(deps): bump github.com/docker/docker from 23.0.1+incompatible to 23.0.3+incompatible in /tests/integration
- PR #4198 - @makkes - Add 2.1.x backport label
- PR #4197 - @stefanprodan - Fix links to fluxcd.io
- PR #4195 - @dependabot[bot] - build(deps): bump the ci group with 2 updates

v2.1.0 (2023-08-24)

## Highlights

Flux v2.1.0 is a feature release. Users are encouraged to upgrade for the best experience.

The [Flux APIs](#api-changes) were extended with new opt-in features in a backwards-compatible manner.

The Flux Git capabilities have been improved with support for Git push options, Git refspec, Gerrit, HTTP/S and SOCKS5 proxies.

The Flux alerting capabilities have been extended with [Datadog](https://fluxcd.io/flux/components/notification/provider/#pagerduity) support.

The Flux controllers come with performance improvements when reconciling Helm repositories with large indexes (80% memory reduction), and when reconciling Flux Kustomizations with thousands of resources (x4 faster server-side apply). The load distribution has been improved when reconciling Flux objects in parallel to reduce CPU and memory spikes.

:heart: Big thanks to all the Flux contributors that helped us with this release!

## Deprecations

Flux v2.1.0 comes with support for Kubernetes TLS Secrets when referring to secrets containing TLS certs, and deprecates the usage of `caFile`, `keyFile` and `certFile` keys.

For more details about the TLS changes please see the [Kubernetes TLS Secrets section](#kubernetes-tls-secrets).

Flux v2.1.0 comes with major improvements to the Prometheus monitoring stack. Starting with this version, Flux is leveraging the `kube-state-metrics` CRD exporter to report metrics containing rich information about Flux reconciliation status e.g. Git revision, Helm chart version, OCI artifacts digests, etc. The `gotk_reconcile_condition` metrics was deprecated in favor of the `gotk_resource_info`.

For more details about the new monitoring stack please see the [Flux Prometheus metrics documentation](https://fluxcd.io/flux/monitoring/metrics) and the [flux2-monitoring-example repository](https://github.com/fluxcd/flux2-monitoring-example).

## API changes

### GitRepository v1

The [GitRepository](https://fluxcd.io/flux/components/source/gitrepositories/) API was extended with the following fields:

- `.spec.proxySecretRef.name` is an optional field used to specify the name of a Kubernetes Secret that contains the HTTP/S or SOCKS5 proxy settings.
- `.spec.verify.mode` now support one of the following values `HEAD`, `Tag`, `TagAndHEAD`.

### Kustomization v1

The [Kustomization](https://fluxcd.io/flux/components/kustomize/kustomization/) API was extended with two apply policies `IfNotPresent` and `Ignore`.

Changing the apply behaviour for specific Kubernetes resources, can be done using the following annotations:

| Annotation                          | Default    | Values                                                         | Role            |
|-------------------------------------|------------|----------------------------------------------------------------|-----------------|
| `kustomize.toolkit.fluxcd.io/ssa`   | `Override` | - `Override`
- `Merge`
- `IfNotPresent`
- `Ignore` | Apply policy    |
| `kustomize.toolkit.fluxcd.io/force` | `Disabled` | - `Enabled`
- `Disabled`                                   | Recreate policy |
| `kustomize.toolkit.fluxcd.io/prune` | `Enabled`  | - `Enabled`
- `Disabled`                                   | Delete policy   |

The `IfNotPresent` policy instructs the controller to only apply the Kubernetes resources if they are not present on the cluster.
This policy can be used for Kubernetes `Secrets` and `ValidatingWebhookConfigurations` managed by cert-manager,
where Flux creates the resources with fields that are later on mutated by other controllers.

### ImageUpdateAutomation v1beta1

The [ImageUpdateAutomation](https://fluxcd.io/flux/components/image/imageupdateautomations/) was extended with the following fields:

- `.spec.git.push.refspec` is an optional field used to specify a Git refspec used when pushing commits upstream.
- `.spec.git.push.options` is an optional field used to specify the Git push options to be sent to the Git server when pushing commits upstream.

### Kubernetes TLS Secrets

All the Flux APIs that accept TLS data have been modified to adopt Secrets of type
`kubernetes.io/tls`. This includes:
* **HelmRepository**: The field `.spec.secretRef` has been deprecated in favor of a new field [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/helmrepositories/#cert-secret-reference).
* **OCIRepository**: Support for the `caFile`, `keyFile` and `certFile` keys in the Secret specified in [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/ocirepositories/#cert-secret-reference) have been deprecated in favor of `ca.crt`, `tls.key` and `tls.crt`.
* **ImageRepository**: Support for the`caFile`, `keyFile` and `certFile` keys in the Secret specified in [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/imagerepositories/#cert-secret-reference) have been deprecated in favor of `ca.crt`, `tls.key` and `tls.crt`.
* **GitRepository**: CA certificate can now be provided in the Secret specified in `.spec.secretRef` using the `ca.crt` key, which takes precedence over the `caFile` key.

## Upgrade procedure

Upgrade Flux from `v2.0.x` to `v2.1.0` either by [rerunning bootstrap](https://fluxcd.io/flux/installation/#bootstrap-upgrade) or by using the [Flux GitHub Action](https://github.com/fluxcd/flux2/tree/main/action).

To upgrade Flux from `v0.x` to `v2.1.0` please follow the [Flux GA upgrade procedure](https://github.com/fluxcd/flux2/releases/tag/v2.0.0#upgrade).

## Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

| Kubernetes version | Minimum required |
|--------------------|------------------|
| `v1.25`            | `>= 1.25.0`      |
| `v1.26`            | `>= 1.26.0`      |
| `v1.27`            | `>= 1.27.1`      |
| `v1.28`            | `>= 1.28.0`      |

Note that Flux may work on older versions of Kubernetes e.g. 1.21, but we don't recommend running end-of-life versions in production nor do we offer support for these versions.

## New Documentation

- [Flux installation](https://fluxcd.io/flux/installation/)
- [Flux bootstrap](https://fluxcd.io/flux/installation/bootstrap/)
- [Flux configuration](https://fluxcd.io/flux/installation/configuration/)
- [Flux Prometheus metrics](https://fluxcd.io/flux/monitoring/metrics/)
- [Flux custom Prometheus metrics](https://fluxcd.io/flux/monitoring/custom-metrics/)
- [Flux logs](https://fluxcd.io/flux/monitoring/logs/)
- [Flux events](https://fluxcd.io/flux/monitoring/events/)

## Components changelog

- source-controller [v1.1.0](https://github.com/fluxcd/source-controller/blob/v1.1.0/CHANGELOG.md)
- kustomize-controller [v1.1.0](https://github.com/fluxcd/kustomize-controller/blob/v1.1.0/CHANGELOG.md)
- notification-controller [v1.1.0](https://github.com/fluxcd/notification-controller/blob/v1.1.0/CHANGELOG.md)
- helm-controller [v0.36.0](https://github.com/fluxcd/helm-controller/blob/v0.36.0/CHANGELOG.md)
- image-reflector-controller [v0.30.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.30.0/CHANGELOG.md)
- image-automation-controller [v0.36.0](https://github.com/fluxcd/image-automation-controller/blob/v0.36.0/CHANGELOG.md)

## CLI Changelog

- PR #4189 - @hiddeco - Update dependencies
- PR #4186 - @fluxcdbot - Update toolkit components
- PR #4183 - @somtochiama - Fix autocompletion for helm chart
- PR #4182 - @hiddeco - manifestgen/install: use clean default HTTP client
- PR #4181 - @hiddeco - cmd/events: handle error value
- PR #4180 - @stefanprodan - Fix controller version info
- PR #4177 - @stefanprodan - Set min value for the `--ssh-rsa-bits` flag
- PR #4176 - @hiddeco - ci: disable fail-fast for ARM end-to-end
- PR #4175 - @hiddeco - build: update securejoin dependency
- PR #4169 - @darkowlzz - Add monitoring configuration deprecation notice
- PR #4167 - @dependabot[bot] - build(deps): bump the ci group with 2 updates
- PR #4166 - @stefanprodan - e2e: Add Kubernetes v1.28.0 to conformance tests
- PR #4151 - @hiddeco - ci: enable security-and-quality CodeQL query
- PR #4147 - @aryan9600 - Adopt Kubernetes style TLS Secrets and add relevant flags
- PR #4142 - @dependabot[bot] - build(deps): bump the ci group with 2 updates
- PR #4140 - @somtochiama - Disable azure e2e test
- PR #4134 - @sestegra - monitoring: add OCIRepository in cluster dashboard and new source panels in control-plane dashboard
- PR #4131 - @mraerino - Fix selection of kustomization resource from multi doc yaml
- PR #4126 - @stefanprodan - Set Kubernetes min version to 1.25
- PR #4077 - @dependabot[bot] - build(deps): bump the ci group with 2 updates
- PR #4068 - @stefanprodan - Update dependencies
- PR #4065 - @hiddeco - action: support `openssl` and `sha256sum`
- PR #4062 - @souleb - diff: Take into account the server-side inventory for local Flux Kustomizations
- PR #4061 - @hiddeco - action: re-allow configuration of non-default token
- PR #4057 - @fluxcdbot - Update toolkit components
- PR #4052 - @stefanprodan - docs: Link to the Flux GitHub Action documentation
- PR #4051 - @hiddeco - action: use `$RUNNER_TOOL_CACHE`, support MacOS and Windows, validate checksum
- PR #4046 - @stefanprodan - ci: backport: set write permissions
- PR #4043 - @stefanprodan - ci: release: extract the image tag from GITHUB_REF
- PR #4041 - @hiddeco - ci: release: disable interpretation backslash esc

v2.0.1 (2023-07-11)

## Highlights

Flux `v2.0.1` is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience. 

:bulb: For upgrading from Flux `v0.x`, please see [the procedure documented in 2.0.0](https://github.com/fluxcd/flux2/releases/tag/v2.0.0).

### Fixes

- Fix AWS auth for cross-region ECR repositories (`source-controller`, `image-reflector-controller`).
- Prevent spurious alerts for skipped resources (`kustomize-controller`).
- List removed resources for `flux diff ks --kustomization-file` (`flux` CLI).
- Fix SLSA provenance generation for the Flux CLI binaries.

## Components changelog

- source-controller [v1.0.1](https://github.com/fluxcd/source-controller/blob/v1.0.1/CHANGELOG.md)
- kustomize-controller [v1.0.1](https://github.com/fluxcd/kustomize-controller/blob/v1.0.1/CHANGELOG.md)
- image-reflector-controller [v0.29.1](https://github.com/fluxcd/image-reflector-controller/blob/v0.29.1/CHANGELOG.md)

## CLI Changelog

- PR #4068 - @stefanprodan - Update dependencies
- PR #4065 - @hiddeco - action: support `openssl` and `sha256sum`
- PR #4062 - @souleb - diff: Take into account the server-side inventory for local Flux Kustomizations
- PR #4061 - @hiddeco - action: re-allow configuration of non-default token
- PR #4057 - @fluxcdbot - Update toolkit components
- PR #4052 - @stefanprodan - docs: Link to the Flux GitHub Action documentation
- PR #4051 - @hiddeco - action: use `$RUNNER_TOOL_CACHE`, support MacOS and Windows, validate checksum
- PR #4046 - @stefanprodan - ci: backport: set write permissions
- PR #4043 - @stefanprodan - ci: release: extract the image tag from GITHUB_REF
- PR #4041 - @hiddeco - ci: release: disable interpretation backslash esc

## New Documentation

- [Flux GitHub Action](https://fluxcd.io/flux/flux-gh-action/)
- [SLSA provenance verification](https://fluxcd.io/flux/security/slsa-assessment/#provenance-verification)

v2.0.0 (2023-07-05)

## Highlights

This is the first General Availability (GA) release of Flux v2.

Flux v2.0.0 comes with the promotion of the [GitOps related APIs to v1](#api-changes) and adds [horizontal scaling & sharding capabilities](https://fluxcd.io/flux/cheatsheets/sharding/) to Flux controllers. The Git bootstrap capabilities provided by the [Flux CLI](https://fluxcd.io/flux/installation/#bootstrap) and by [Flux Terraform Provider](https://fluxcd.io/flux/installation/#bootstrap-with-terraform) are now considered stable and production ready.

Starting with this version, the build, release and provenance portions of the Flux project supply chain [provisionally meet SLSA Build Level 3](https://fluxcd.io/flux/security/slsa-assessment/).

Flux GA is fully integrated with Kubernetes Workload Identity for AWS, Azure and Google Cloud to facilitate [passwordless authentication](https://fluxcd.io/flux/security/contextual-authorization) to OCI sources (container images, OCI artifacts, Helm charts).

The Flux alerting capabilities have been extended with [PagerDuty](https://fluxcd.io/flux/components/notification/provider/#pagerduity) and [Google Pub/Sub](https://fluxcd.io/flux/components/notification/provider/#google-pubsub) support. The improved Alert v1beta2 API provides better control over [events filtering](https://fluxcd.io/flux/components/notification/alert/#event-inclusion) and allows users to enrich the alerts with [custom metadata](https://fluxcd.io/flux/components/notification/alert/#event-metadata).

## Supported versions

Starting with this version, the Flux CLI and the GA components (source-controller, kustomize-controller and notification-controller) follow the release cadence and support pledge documented in the [Flux release specification](https://fluxcd.io/flux/releases/).

### Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

| Kubernetes version | Minimum required |
|--------------------|------------------|
| `v1.24`            | `>= 1.24.0`      |
| `v1.25`            | `>= 1.25.0`      |
| `v1.26`            | `>= 1.26.0`      |
| `v1.27`            | `>= 1.27.1`      |

Note that Flux may work on older versions of Kubernetes e.g. 1.19, but we don't recommend running end-of-life versions in production nor do we offer support for these versions.

### Flux ecosystem support

The following (open-source) extensions & integrations are compatible with this Flux release, starting from the specified minimum version or higher.

| Type        | Project                                                                | Version |
|-------------|---------------------------------------------------------------------|-------------|
| Flux Web UI      | [weave-gitops](https://github.com/weaveworks/weave-gitops)          | `0.26.0`      |
| Terraform integration | [tf-controller](https://github.com/weaveworks/tf-controller) | `0.15.0`      |

## API changes

### GitRepository v1

The [GitRepository](https://fluxcd.io/flux/components/source/gitrepositories/) kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

The v1 API is backwards compatible with v1beta2, except for the following:

- the deprecated field `.spec.gitImplementation` was removed
- the unused field `.spec.accessFrom` was removed
- the deprecated field `.status.contentConfigChecksum` was removed
- the deprecated field `.status.artifact.checksum` was removed
- the `.status.url` was removed (replaced by `.status.artifact.url`)

### Kustomization v1

The [Kustomization](https://fluxcd.io/flux/components/kustomize/kustomization/) kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

A new optional field `.spec.commonMetadata` was added to the API for setting labels and/or annotations to all resources part of a Kustomization.

The v1 API is backwards compatible with v1beta2, except for the following:

- the deprecated field `.spec.validation` was removed
- the deprecated field `.spec.patchesStrategicMerge` was removed (replaced by `.spec.patches`)
- the deprecated field `.spec.patchesJson6902 ` was removed (replaced by `.spec.patches`)

### Receiver v1

The [Receiver](https://fluxcd.io/flux/components/notification/receiver/) kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

The v1 API is backwards compatible with v1beta2, except for the following:

- the deprecated field `.status.url` was removed (replaced by `.status.webhookPath`)

## Upgrade procedure

Upgrade Flux from `v0.x` to `v2.0.0` either by [rerunning bootstrap](https://fluxcd.io/flux/installation/#bootstrap-upgrade) or by using the [Flux GitHub Action](https://github.com/fluxcd/flux2/tree/main/action).

To upgrade the APIs from v1beta2, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

1. Remove the deprecated fields from the `GitRepository` and `Kustomization` definitions.
2. Commit, push and reconcile the fields removal changes.
3. Set  `apiVersion: source.toolkit.fluxcd.io/v1` in the YAML files that contain `GitRepository` definitions.
4. Set  `apiVersion: kustomize.toolkit.fluxcd.io/v1` in the YAML files that contain Flux `Kustomization` definitions.
5. Set  `apiVersion: notification.toolkit.fluxcd.io/v1` in the YAML files that contain `Receiver` definitions.
6. Update the API version of  `GitRepository` and `Kustomization` objects present in the `.spec.resources` list of `Receiver` definitions.
7. Commit, push and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually. It is advised to not delay this procedure as the beta versions will be removed after 6 months.

### New Documentation

- [Release cadence and support](https://fluxcd.io/flux/releases/)
- [SLSA Assessment](https://fluxcd.io/flux/security/slsa-assessment/)
- [Controller sharding and horizontal scaling](https://fluxcd.io/flux/cheatsheets/sharding/)
- [GitRepository v1 specification](https://fluxcd.io/flux/components/source/gitrepositories/)
- [Kustomization v1 specification](https://fluxcd.io/flux/components/kustomize/kustomization/)
- [Receiver v1 specification](https://fluxcd.io/flux/components/notification/receiver/)

:heart: Big thanks to all the Flux contributors that helped us reach this milestone!
:clap: And a special shoutout to the Flux community who supported us over the years!

## Components changelog

- source-controller [v1.0.0](https://github.com/fluxcd/source-controller/blob/v1.0.0/CHANGELOG.md)
- kustomize-controller [v1.0.0](https://github.com/fluxcd/kustomize-controller/blob/v1.0.0/CHANGELOG.md)
- notification-controller [v1.0.0](https://github.com/fluxcd/notification-controller/blob/v1.0.0/CHANGELOG.md)
- helm-controller [v0.35.0](https://github.com/fluxcd/helm-controller/blob/v0.35.0/CHANGELOG.md)
- image-reflector-controller [v0.29.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.29.0/CHANGELOG.md)
- image-automation-controller [v0.35.0](https://github.com/fluxcd/image-automation-controller/blob/v0.35.0/CHANGELOG.md)

## CLI Changelog

- PR #4035 - @stefanprodan - Update dependencies
- PR #4033 - @stefanprodan - docs: link to releases spec from website
- PR #4031 - @stefanprodan - Run conformance tests for Kubernetes v1.27.3
- PR #4029 - @stefanprodan - Run e2e tests on release branches
- PR #4028 - @makkes - Annotate errors from go-git-providers
- PR #4027 - @hiddeco - Update go-git to unreleased v5.8.0
- PR #4023 - @stefanprodan - Add backport GitHub Action workflow
- PR #4020 - @stefanprodan - Set minimum supported version to Kubernetes 1.24.0
- PR #4018 - @stefanprodan - docs: Fix the `flux push` example for ECR
- PR #4015 - @stefanprodan - Align `go.mod` version with Kubernetes (Go 1.20)
- PR #4008 - @stefanprodan - Add SLSA3 generators to release workflow
- PR #4006 - @fluxcdbot - Update toolkit components
- PR #4002 - @makkes - Don't log errors with missing CRDs for "get * all" commands
- PR #3990 - @aryan9600 - RFC-0004: add section about proxy
- PR #3976 - @darklore - Use equivalent and shorter way to generate shell completions
- PR #3955 - @somtochiama - Fix 'patchesJson6902' is deprecated' warning
- PR #3945 - @makkes - Make `flux logs` more lenient

v2.0.0-rc.5 (2023-06-01)

## Highlights

This is the 5th release candidate of Flux v2.0 GA. Users are advised to upgrade from older versions to `v2.0.0-rc.5` as soon as possible.

Flux `v2.0.0-rc.5` addresses a regression that was introduced in `v2.0.0-rc.4`. This regression caused a disruption in the compatibility with Git servers utilizing v2 of the wire protocol, such as Azure Devops and AWS CodeCommit.

:bulb: For upgrading from v0.x, please see [the procedure documented in RC.1](https://github.com/fluxcd/flux2/releases/tag/v2.0.0-rc.1).

⚠️ Note that [`v2.0.0-rc.4`](https://github.com/fluxcd/flux2/releases/tag/v2.0.0-rc.1) updated all components to use [Kustomize v5](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.0.0) and [controller-runtime v0.15](https://github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.15.0), both of which contain breaking changes.

### Fixes and improvements

- Fix support for Git v2 servers.
- Suppress misleading error message `[controller-runtime] log.SetLogger(...) was never called...` (CLI).
- Include both revision and token in event metadata, if present (helm-controller).
- Update source-controller to patch a vulnerability in Sigstore (CVE-2023-33199)

## Components Changelog
- source-controller [v1.0.0-rc.5](https://github.com/fluxcd/source-controller/blob/v1.0.0-rc.5/CHANGELOG.md)
- image-automation-controller [v0.34.1](https://github.com/fluxcd/image-automation-controller/blob/v0.34.1/CHANGELOG.md)
- helm-controller [v0.34.1](https://github.com/fluxcd/helm-controller/blob/v0.34.1/CHANGELOG.md)

## CLI Changelog
- PR #3943 - @fluxcdbot - Update toolkit components, and git/go-git to v0.12.0
- PR #3940 - @somtochiama - Set controller runtime logger in Azure e2e tests
- PR #3938 - @aryan9600 - e2e: Run e2e Azure tests for PRs to main if tests or wofklow changes
- PR #3932 - @aryan9600 - Set `controller-runtime` logger to a null logger

v2.0.0-rc.4 (2023-05-29)

## Highlights

This is the 4nd release candidate of Flux v2.0 GA. Users are advised to upgrade from older versions to `v2.0.0-rc.4` as soon as possible.

Flux v2.0.0-rc.4 comes with support for **Kustomize 5.0**, **Helm 3.12** and **Cosign 2.0**.

:bulb: For upgrading from v0.x, please see [the procedure documented in RC.1](https://github.com/fluxcd/flux2/releases/tag/v2.0.0-rc.1).

⚠️ Note that Kustomize v5 contains breaking changes, please consult their [changelog](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.0.0) for more details.

⚠️ The GitOps Toolkit and the Flux controllers have been updated to [controller-runtime v0.15](https://github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.15.0) which contains breaking changes that could affect 3rd-party controllers that integrate with Flux.

### Fixes and improvements

- Full support for Azure Workload Identity when connecting Flux to Azure Container Registry, Azure Blog Storage and Azure Key Vault.
- New command `flux reconcile source chart` for pulling Helm OCI charts on-demand from container registries (CLI).
- Retry OCI operations on network errors for `flux push artifact` (CLI).
- Support annotated Git tags with `.spec.ref.name` in `GitRepository` (source-controller).
- Fix pulling Helm OCI charts from ACR when using Azure OIDC (source-controller).
- Fix incorrect rate limiting for `HelmRelease` events (notification-controller).
- All components have been updated to patch vulnerabilities in Docker (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842) and Sigstore (CVE-2023-30551).

## Components changelog

- source-controller [v1.0.0-rc.4](https://github.com/fluxcd/source-controller/blob/v1.0.0-rc.4/CHANGELOG.md)
- kustomize-controller [v1.0.0-rc.4](https://github.com/fluxcd/kustomize-controller/blob/v1.0.0-rc.4/CHANGELOG.md)
- notification-controller [v1.0.0-rc.4](https://github.com/fluxcd/notification-controller/blob/v1.0.0-rc.4/CHANGELOG.md)
- helm-controller [v0.34.0](https://github.com/fluxcd/helm-controller/blob/v0.34.0/CHANGELOG.md)
- image-reflector-controller [v0.28.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.28.0/CHANGELOG.md)
- image-automation-controller [v0.34.0](https://github.com/fluxcd/image-automation-controller/blob/v0.34.0/CHANGELOG.md)

## CLI Changelog

- PR #3929 - @stefanprodan - Update Git packages
- PR #3928 - @stefanprodan - Update kubectl to v1.27.2 in flux-cli image
- PR #3927 - @dependabot[bot] - build(deps): bump github/codeql-action from 2.3.3 to 2.3.5
- PR #3926 - @dependabot[bot] - build(deps): bump snyk/actions from 806182742461562b67788a64410098c9d9b96adb to b98d498629f1c368650224d6d212bf7dfa89e4bf
- PR #3924 - @hgranillo - Fix break lines in create helmrelease and source
- PR #3922 - @fluxcdbot - Update toolkit components
- PR #3918 - @somtochiama - Retry oci push operations
- PR #3910 - @stefanprodan - Update Kubernetes to v1.27 and Kustomize to v5.0
- PR #3903 - @dependabot[bot] - build(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.5
- PR #3902 - @dependabot[bot] - build(deps): bump actions/setup-go from 4.0.0 to 4.0.1
- PR #3901 - @dependabot[bot] - build(deps): bump helm/kind-action from 1.5.0 to 1.7.0

v2.0.0-rc.3 (2023-05-12)

## Highlights

This is the 3rd release candidate of Flux v2.0 GA. Users are advised to upgrade from `v0.41` and older versions to `v2.0.0-rc.3` as soon as possible.

Flux v2.0.0-rc.3 comes with security improvements, new features and fixes to issues reported for RC.2.

:bulb: For upgrading from v0.x, please see [the procedure documented in RC.1](https://github.com/fluxcd/flux2/releases/tag/v2.0.0-rc.1).

:warning: Note that Kubernetes 1.27.0 contains a regression bug that affects Flux, it is recommended to upgrade Kubernetes to 1.27.1 or newer.

### Fixes and improvements

- Fix bootstrap on GKE (RC.2 regression due to insufficient quota for critical pods).
- All controller base images have been updated to Alpine 3.18.
- All components have been updated to patch CVE-2023-2253 and CVE-2023-1732 (note that Flux is not affected, these CVEs are for packages used in tests).
- Verify artifacts integrity, issue warning events and remove tempered artifacts from storage forcing a re-download (source-controller).
- Files with executable permissions are now archived with their mode set to `0o744`, allowing CI system to run them (source-controller).
- The `Alert` v1beta2 API has a new optional field `.spec.eventMetadata` that allows users to enrich the alerts with information about the cluster name, region, environment, etc. (notification-controller).
- Improve the detection of values changes for HelmReleases by stable sorting them by key (helm-controller).

## Components changelog

- source-controller [v1.0.0-rc.3](https://github.com/fluxcd/source-controller/blob/v1.0.0-rc.3/CHANGELOG.md)
- kustomize-controller [v1.0.0-rc.3](https://github.com/fluxcd/kustomize-controller/blob/v1.0.0-rc.3/CHANGELOG.md)
- notification-controller [v1.0.0-rc.3](https://github.com/fluxcd/notification-controller/blob/v1.0.0-rc.3/CHANGELOG.md)
- helm-controller [v0.33.0](https://github.com/fluxcd/helm-controller/blob/v0.33.0/CHANGELOG.md)
- image-reflector-controller [v0.27.2](https://github.com/fluxcd/image-reflector-controller/blob/v0.27.2/CHANGELOG.md)
- image-automation-controller [v0.33.1](https://github.com/fluxcd/image-automation-controller/blob/v0.33.1/CHANGELOG.md)

## CLI Changelog

- PR #3883 - @stefanprodan - e2e: Update dependencies
- PR #3882 - @fluxcdbot - Update toolkit components
- PR #3880 - @stefanprodan - Add OSSF Scorecard
- PR #3879 - @stefanprodan - Add ResourceQuota for critical pods
- PR #3877 - @dependabot[bot] - build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible
- PR #3876 - @dependabot[bot] - build(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3 in /tests/azure
- PR #3875 - @dependabot[bot] - build(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3
- PR #3866 - @onedr0p - Update Alpine to 3.18

v2.0.0-rc.2 (2023-05-09)

## Highlights

This is the 2nd release candidate of Flux v2.0 GA. Users are advised to upgrade from `v0.41` to `v2.0.0-rc.2` as soon as possible.

Flux v2.0.0-rc.2 comes with fixes to issues reported for RC.1 and performance improvements. Starting with this version, source-controller, kustomize-controller and helm-controller pods are marked as [system-cluster-critical](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/). This priority class will reduce the chances of Flux controllers being evicted before other non-critical workloads and prevents the pods from being permanently unavailable.

:bulb: For upgrading from v0.x, please see [the procedure documented in RC.1](https://github.com/fluxcd/flux2/releases/tag/v2.0.0-rc.1).

:warning: Note that Kubernetes 1.27.0 contains a regression bug that affects Flux, it is recommended to upgrade Kubernetes to 1.27.1 or newer.

### Fixes and improvements

- Fix bootstrap for BitBucket Server (CLI).
- Fix secrets decryption when using Azure Key Vault (kustomize-controller).
- Fix drift detection for renamed HelmReleases (helm-controller).
- Improve performance when handling webhook receivers (notification-controller).
- The `Alert` v1beta2 API has a new optional field `.spec.inclusionList` for fine-grained control over events filtering (notification-controller).
- The deprecated field `.status.url` was removed from the `Receiver` v1 API (notification-controller).
- Add support for commit signing using OpenPGP keys with passphrases (image-automation-controller).

## Components changelog

- source-controller [v1.0.0-rc.2](https://github.com/fluxcd/source-controller/blob/v1.0.0-rc.2/CHANGELOG.md)
- kustomize-controller [v1.0.0-rc.2](https://github.com/fluxcd/kustomize-controller/blob/v1.0.0-rc.2/CHANGELOG.md)
- notification-controller [v1.0.0-rc.2](https://github.com/fluxcd/notification-controller/blob/v1.0.0-rc.2/CHANGELOG.md)
- helm-controller [v0.32.2](https://github.com/fluxcd/helm-controller/blob/v0.32.2/CHANGELOG.md)
- image-reflector-controller [v0.27.1](https://github.com/fluxcd/image-reflector-controller/blob/v0.27.1/CHANGELOG.md)
- image-automation-controller [v0.33.0](https://github.com/fluxcd/image-automation-controller/blob/v0.33.0/CHANGELOG.md)

## CLI Changelog

- PR #3860 - @bigkevmcd - e2e: Add summary to Azure Alert
- PR #3858 - @fluxcdbot - Update toolkit components
- PR #3857 - @talife - Fix autocompletion for image repository reconcile
- PR #3855 - @dependabot[bot] - build(deps): bump peter-evans/create-pull-request from 5.0.0 to 5.0.1
- PR #3854 - @dependabot[bot] - build(deps): bump github/codeql-action from 2.3.2 to 2.3.3
- PR #3853 - @dependabot[bot] - build(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2
- PR #3849 - @makkes - Update fluxcd/go-git-providers to v0.15.3
- PR #3838 - @dependabot[bot] - build(deps): bump github/codeql-action from 2.3.0 to 2.3.2
- PR #3837 - @dependabot[bot] - build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3
- PR #3833 - @matheuscscp - Add OCI provider option to create Helm source command
- PR #3830 - @cuishuang - misc: fix some comments
- PR #3827 - @dependabot[bot] - build(deps): bump github/codeql-action from 2.2.12 to 2.3.0
- PR #3822 - @Hey - Fix outdated Loki Helm values URL
- PR #3821 - @makkes - Fix bootstrap for Bitbucket Server
- PR #3805 - @dependabot[bot] - build(deps): bump github/codeql-action from 2.2.11 to 2.2.12
- PR #3804 - @dependabot[bot] - build(deps): bump actions/checkout from 3.5.0 to 3.5.2
- PR #3802 - @stefanprodan - Set priority class for the critical Flux components
- PR #3797 - @makkes - better messaging for `pull artifact` command
- PR #3796 - @fluxcdbot - Update helm-controller to v0.32.2
- PR #3795 - @stefanprodan - Run conformance tests for Kubernetes 1.27
- PR #3783 - @aryan9600 - Clean directory before cloning git repo
- PR #3780 - @dependabot[bot] - build(deps): bump github/codeql-action from 2.2.9 to 2.2.11
- PR #3779 - @dependabot[bot] - build(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0
- PR #3778 - @dependabot[bot] - build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2
- PR #3768 - @relu - Fix publishing pre-release versions to AUR
- PR #3764 - @somtochiama - Add label selector flag to get cmd

v2.0.0-rc.1 (2023-04-06)

## Highlights

This is the first release candidate of Flux v2.0 GA :tada:. Users are encouraged to upgrade for the best experience.

Flux v2.0.0-rc.1 comes with the promotion of the [GitOps related APIs to v1](#api-changes) and adds [horizontal scaling & sharding capabilities](https://fluxcd.io/flux/cheatsheets/sharding/) to Flux controllers.

In addition, RC.1 comes with support for auth with Azure Workload Identity when pulling OCI artifacts from ACR and when decrypting secret with Azure Vault. Also, Bootstrap for GitLab was extended with support for generating [GitLab Deploy Tokens](https://fluxcd.io/flux/installation/#gitlab-and-gitlab-enterprise).

:heart: Big thanks to all the Flux contributors that helped us with this release!
👏  And a special shoutout to the GitLab team for their first contribution to Flux!

## API changes

### GitRepository v1

The [GitRepository](https://fluxcd.io/flux/components/source/gitrepositories/) kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

The  v1 API is backwards compatible with v1beta2, except for the following:
- the deprecated field `.spec.gitImplementation` was removed
- the unused field `.spec.accessFrom` was removed
- the deprecated field `.status.contentConfigChecksum` was removed
- the deprecated field `.status.artifact.checksum` was removed
- the `.status.url` was removed in favor of the absolute `.status.artifact.url`

### Kustomization v1

The [Kustomization](https://fluxcd.io/flux/components/kustomize/kustomization/) kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

A new optional field `.spec.commonMetadata` was added to the API for setting labels and/or annotations to all resources part of a Kustomization.

The v1 API is backwards compatible with v1beta2, except for the following:
- the deprecated field `.spec.validation` was removed
- the deprecated field `.spec.patchesStrategicMerge` was removed (replaced by `.spec.patches`)
- the deprecated field `.spec.patchesJson6902 ` was removed (replaced by `.spec.patches`)

### Receiver v1

The [Receiver](https://fluxcd.io/flux/components/notification/receiver/) kind was promoted from v1beta2 to v1 (GA).

The v1 API now supports triggering the reconciliation of multiple resources using `.spec.resources.matchLabels`.

The  v1 API is backwards compatible with v1beta2, no fields were removed.

## Upgrade procedure

Upgrade Flux from `v0.x` to `v2.0.0-rc-1` either by [rerunning flux bootstrap](https://fluxcd.io/flux/installation/#bootstrap-upgrade) or by using the [Flux GitHub Action](https://github.com/fluxcd/flux2/tree/main/action).

To upgrade the APIs from v1beta2, after deploying the new CRDs and controllers, change the manifests in Git:
1. Remove the deprecated fields from the `GitRepository` and `Kustomization` definitions.
2. Commit, push and reconcile the fields removal changes.
3. Set  `apiVersion: source.toolkit.fluxcd.io/v1` in the YAML files that contain `GitRepository` .
4. Set  `apiVersion: kustomize.toolkit.fluxcd.io/v1` in the YAML files that contain `Kustomization` .
5. Set  `apiVersion: notification.toolkit.fluxcd.io/v1` in the YAML files that contain `Receiver` definitions.
6. Commit, push and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually. It is advised to not delay this procedure as the beta
versions will be removed after 6 months.

:warning: Note that this release updates the major version of the Flux Go Module to v2. Please update your `go.mod` to require `github.com/fluxcd/flux2/v2`, see [pkg.go.dev](https://pkg.go.dev/github.com/fluxcd/flux2/v2) for the documentation of the module.

### New Documentation

- API: [GitRepository v1](https://fluxcd.io/flux/components/source/gitrepositories/)
- API: [Kustomization v1](https://fluxcd.io/flux/components/kustomize/kustomization/)
- API: [Receiver v1](https://fluxcd.io/flux/components/notification/receiver/)
- Guide: [Controller sharding and horizontal scaling](https://fluxcd.io/flux/cheatsheets/sharding/)
- Blog: [How to use Weave GitOps as your Flux UI](https://fluxcd.io/blog/2023/04/how-to-use-weave-gitops-as-your-flux-ui/)

## Components changelog

- source-controller [v1.0.0-rc.1](https://github.com/fluxcd/source-controller/blob/v1.0.0-rc.1/CHANGELOG.md)
- kustomize-controller [v1.0.0-rc.1](https://github.com/fluxcd/kustomize-controller/blob/v1.0.0-rc.1/CHANGELOG.md)
- notification-controller [v1.0.0-rc.1](https://github.com/fluxcd/notification-controller/blob/v1.0.0-rc.1/CHANGELOG.md)
- helm-controller [v0.32.0](https://github.com/fluxcd/helm-controller/blob/v0.32.0/CHANGELOG.md) [v0.32.1](https://github.com/fluxcd/helm-controller/blob/v0.32.1/CHANGELOG.md)
- image-reflector-controller [v0.27.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.27.0/CHANGELOG.md)
- image-automation-controller [v0.32.0](https://github.com/fluxcd/image-automation-controller/blob/v0.32.0/CHANGELOG.md)

## CLI Changelog

- PR #3763 - @souleb - Add the possibility to ignore files with build and diff Kustomization
- PR #3758 - @stefanprodan - Release Flux v2.0.0-rc.1
- PR #3762 - @dependabot[bot] - build(deps): bump github.com/docker/docker from 23.0.1 to 23.0.3
- PR #3745 - @dependabot[bot] - build(deps): bump github/codeql-action from 2.2.8 to 2.2.9
- PR #3744 - @dependabot[bot] - build(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1
- PR #3730 - @dependabot[bot] - build(deps): bump github/codeql-action from 2.2.7 to 2.2.8
- PR #3729 - @dependabot[bot] - build(deps): bump actions/checkout from 3.4.0 to 3.5.0
- PR #3728 - @dependabot[bot] - build(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4
- PR #3721 - @yiannistri - fix: Avoid printing an extra newline when exporting resources
- PR #3717 - @dependabot[bot] - build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1

v0.41.0 (2023-03-09)

Flux v0.41.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

## Features and improvements

- Experimental support of drift detection of Helm releases compared to cluster-state.
- Improved handling of `SIGTERM` signals received by the helm-controller, which will now terminate running Helm install or upgrade actions, instead of potentially leaving them in a pending state.
- Opt-in OOM watcher in helm-controller to handle graceful termination of the controller before it is forcefully killed by Kubernetes' OOM killer.
- Kubernetes client and Custom Resource Definition life-cycle improvements to reduce the memory consumption of the helm-controller, with observed reductions up to 50%.
- Opt-in allowance of DNS lookups during the rendering of Helm templates in the helm-controller via feature gate.
- Optional disabling of the cache of the status poller used to determine the health of the resources applied by the kustomize-controller. This may improve memory usage on large scale clusters at the cost of more direct API calls.
- Changes to the logging of all controllers to ensure Kubernetes components like the discovery client use the configured logging format.
- New `flux events` command to display Kubernetes events for Flux resources, including the events of a referenced resource.
- Custom annotations can now be set with `flux push` using `--annotations`.

## New documentation

- Cheatsheet: [Enable Helm drift detection](https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-drift-detection)
- Cheatsheet: [Enable Helm near OOM detection](https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-near-oom-detection)
- Cheatsheet: [Allow Helm DNS lookups](https://fluxcd.io/flux/cheatsheets/bootstrap/#allow-helm-dns-lookups)
- Controller: [New helm-controller feature gates and options](https://fluxcd.io/flux/components/helm/options/#feature-gates)
- Controller: [New kustomize-controller feature gate](https://fluxcd.io/flux/components/kustomize/options/#feature-gates)
- Spec: [HelmRelease drift detection](https://fluxcd.io/flux/components/helm/helmreleases/#drift-detection)

## Components changelog

- source-controller [v0.36.0](https://github.com/fluxcd/source-controller/blob/v0.36.0/CHANGELOG.md)
- kustomize-controller [v0.35.0](https://github.com/fluxcd/kustomize-controller/blob/v0.35.0/CHANGELOG.md)
- helm-controller [v0.31.0](https://github.com/fluxcd/helm-controller/blob/v0.31.0/CHANGELOG.md)
- notification-controller [v0.33.0](https://github.com/fluxcd/notification-controller/blob/v0.33.0/CHANGELOG.md)
- image-reflector-controller [v0.26.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.26.0/CHANGELOG.md)
- image-automation-controller [v0.31.0](https://github.com/fluxcd/image-automation-controller/blob/v0.31.0/CHANGELOG.md)

## CLI Changelog
- PR #3628 - @somtochiama - Add `flux events` command
- PR #3674 - @hiddeco - Update dependencies
- PR #3673 - @stefanprodan - ci: Use latest available images of kindest/node
- PR #3672 - @hiddeco - tests/azure: update dependencies
- PR #3670 - @hiddeco - Update Go to 1.20
- PR #3669 - @hiddeco - Update GitHub Action workflows
- PR #3667 - @hiddeco - Update helm-controller to v0.31.0 
- PR #3666 - @fluxcdbot - Update toolkit components
- PR #3653 - @stefanprodan - Allow custom annotations to be set when pushing OCI artifacts

v0.40.0 (2023-02-20)

## Highlights

Flux v0.40.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

### Breaking changes

**Image Automation**

The image-reflector-controller autologin flags have been deprecated and are no longer used.
Please see the new API specification and migration instructions in the controller [changelog](https://github.com/fluxcd/image-reflector-controller/blob/main/CHANGELOG.md#0250).

**Notifications**

The source revision format reported by the Flux controllers has changed according to [RFC-0005](https://github.com/fluxcd/flux2/tree/main/rfcs/0005-artifact-revision-and-digest).
The events referring to Git repositories, will report the revision in the format `@sha1:` instead of `/`.
For more details please see the source-controller [changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md#0350).

**OCI artifacts**

The OCI artifacts produced with `flux push artifact` have now custom media types:
- artifact media type `application/vnd.oci.image.manifest.v1+json`
- config media type `application/vnd.cncf.flux.config.v1+json`
- content media type `application/vnd.cncf.flux.content.v1.tar+gzip`

### Features and improvements

- The `GitRepository` API has a new optional field `.spec.ref.name`  for specifying a [Git Reference](https://git-scm.com/book/en/v2/Git-Internals-Git-References).
  This allows Flux to reconcile resources from GitHub Pull Requests (`refs/pull//head`) and GitLab Merge Requests (`refs/merge-requests//head`).
- The `ImageRepository` and `ImagePolicy` APIs have been promoted to `v1beta2`.
- Allow specifying the cloud provider contextual login for container registries with `ImageRepository.spec.provider`.
- Improve observability of `ImageRepository` by showing the latest scanned tags under `.status.lastScanResult.latestTags`.
- Improve observability of `ImagePolicy` by reporting the current and previous image tag in status and events.
- The Kubernetes builtin cluster roles: `view`, `edit` and `admin` have been extended to allow access to Flux custom resources.
- Print a report of Flux custom resources and the amount of cumulative storage used for each source type with `flux stats -A`.

### New Documentation

- API: [ImageRepository v1beta2](https://fluxcd.io/flux/components/image/imagerepositories/)
- API: [ImagePolicy v1beta2](https://fluxcd.io/flux/components/image/imagepolicies/)
- Security: [Aggregated cluster roles](https://fluxcd.io/flux/security/#controller-permissions)
- Bootstrap: [Disable Kubernetes cluster role aggregations](https://fluxcd.io/flux/cheatsheets/bootstrap/#disable-kubernetes-cluster-role-aggregations)
- Blog: [How Flux and Pulumi give each other superpowers](https://fluxcd.io/blog/2023/02/flux-pulumi-superpowers/)

## Components changelog

- source-controller [v0.35.1](https://github.com/fluxcd/source-controller/blob/v0.35.1/CHANGELOG.md) [v0.35.0](https://github.com/fluxcd/source-controller/blob/v0.35.0/CHANGELOG.md)
- kustomize-controller [v0.34.0](https://github.com/fluxcd/kustomize-controller/blob/v0.34.0/CHANGELOG.md)
- helm-controller [v0.30.0](https://github.com/fluxcd/helm-controller/blob/v0.30.0/CHANGELOG.md)
- notification-controller [v0.32.0](https://github.com/fluxcd/notification-controller/blob/v0.32.0/CHANGELOG.md)
- image-reflector-controller [v0.25.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.25.0/CHANGELOG.md)
- image-automation-controller [v0.30.0](https://github.com/fluxcd/image-automation-controller/blob/v0.30.0/CHANGELOG.md)

## CLI Changelog

- PR #3612 - @dependabot[bot] - build(deps): bump fossa-contrib/fossa-action from 1.2.0 to 2.0.0
- PR #3610 - @hiddeco - Update dependencies
- PR #3606 - @hiddeco - build: further solve issue release workflow
- PR #3605 - @hiddeco - build: ensure newlines work with $GITHUB_OUTPUT
- PR #3604 - @hiddeco - build: convert ::set-output to $GITHUB_OUTPUT
- PR #3603 - @stefanprodan - Remove deprecated flags
- PR #3602 - @hiddeco - Update source-controller to v0.35.1
- PR #3601 - @stefanprodan - ci: Fix Snyk Go build VCS stamping error
- PR #3598 - @fluxcdbot - Update toolkit components
- PR #3592 - @hiddeco - tests: only provide template values when used
- PR #3587 - @hiddeco - Support shortening of revision with digest
- PR #3585 - @darkowlzz - Update image-reflector API to v1beta2
- PR #3584 - @dependabot[bot] - build(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1
- PR #3583 - @dependabot[bot] - build(deps): bump snyk/actions from e25b2e6f5658d1bb7a6671b113260f13134cc3af to 806182742461562b67788a64410098c9d9b96adb
- PR #3582 - @dependabot[bot] - build(deps): bump actions/cache from 3.2.4 to 3.2.5
- PR #3581 - @dependabot[bot] - build(deps): bump github/codeql-action from 2.2.1 to 2.2.4
- PR #3578 - @stefanprodan - Add `flux stats` command to print the reconcilers status
- PR #3575 - @stefanprodan - RFC-0003: Introduce Flux OCI media type
- PR #3566 - @stefanprodan - rbac: Add view and edit aggregated cluster roles
- PR #3563 - @dependabot[bot] - build(deps): bump actions/cache from 3.2.3 to 3.2.4
- PR #3562 - @dependabot[bot] - build(deps): bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0
- PR #3560 - @stefanprodan - docs: Add permissions to update workflow

v0.39.0 (2023-02-02)

## Highlights

Flux v0.39.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Starting with this version, the Flux controllers come with [SBOMs and SLSA Provenance Attestations](https://fluxcd.io/flux/security/) embedded in their container images. 

The [Flux Terraform Provider](https://github.com/fluxcd/terraform-provider-flux) has a new resource for bootstrapping Flux, without depending on third-party Terraform providers, that allows customising the controllers at install time. Users are encouraged to migrate to this new resources and provide feedback.

The Flux CLI is now included in [Wolfi OS](https://github.com/wolfi-dev/os), the Linux (Un)distro designed for securing the software supply chain. The Chainguard team and Wolfi maintainers are shipping updates for the Flux package on a regular basis.

### Features and improvements

- Recreate immutable resources (e.g. Kubernetes Jobs) by annotating or labeling them with `kustomize.toolkit.fluxcd.io/force: enabled`.
- Support for HTTPS bearer token authentication for Git repositories.
- Improve memory usage by disabling the caching of Secret and ConfigMap resources in all controllers.
- Better observability with progressive status updates for Sources (Git, OCI, Helm, S3 Buckets). 
- Allow extracting the OCI artifact SHA256 digest for Cosign with `flux push artifact -o json`.
- Track CRDs managed by Flux, `flux trace` and `flux tree` will show which HelmRelease deployed which CRDs.
- Allow the Flux GitHub Action to use a GitHub token when checking for updates to avoid rate limiting.

### New documentation

- Security: [Software Bill of Materials](https://fluxcd.io/flux/security/#software-bill-of-materials)
- Security: [SLSA Provenance Attestations](https://fluxcd.io/flux/security/#slsa-provenance-attestations)
- Security: [Scanning Flux images for CVEs](https://fluxcd.io/flux/security/#scanning-for-cves)

## Components changelog

- source-controller [v0.34.0](https://github.com/fluxcd/source-controller/blob/v0.34.0/CHANGELOG.md)
- kustomize-controller [v0.33.0](https://github.com/fluxcd/kustomize-controller/blob/v0.33.0/CHANGELOG.md)
- helm-controller [v0.29.0](https://github.com/fluxcd/helm-controller/blob/v0.29.0/CHANGELOG.md)
- notification-controller [v0.31.0](https://github.com/fluxcd/notification-controller/blob/v0.31.0/CHANGELOG.md)
- image-reflector-controller [v0.24.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.24.0/CHANGELOG.md)
- image-automation-controller [v0.29.0](https://github.com/fluxcd/image-automation-controller/blob/v0.29.0/CHANGELOG.md)

## CLI Changelog

- PR #3550 - @stefanprodan - flux tree: Set CRDs GroupKind in output
- PR #3549 - @stefanprodan - flux tree: Track CRDs managed by HelmReleases
- PR #3545 - @fluxcdbot - Update toolkit components
- PR #3542 - @stefanprodan - flux tree: Add namespaces to objects reconciled from HRs
- PR #3540 - @stefanprodan - Add json/yaml output to flux push artifact
- PR #3537 - @stefanprodan - Update dependencies to Kubernetes v1.26.1
- PR #3532 - @stefanprodan - Update Alpine to v3.17 and kubectl to v1.26.1 in flux-cli image
- PR #3531 - @makkes - fix misleading messaging when using `-A` flag
- PR #3529 - @dependabot[bot] - build(deps): bump docker/setup-buildx-action from 2.2.1 to 2.4.0
- PR #3526 - @dependabot[bot] - Bump anchore/sbom-action from 0.13.1 to 0.13.3
- PR #3525 - @dependabot[bot] - Bump github/codeql-action from 2.1.38 to 2.2.1
- PR #3524 - @dependabot[bot] - Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1
- PR #3517 - @jooooel - Fix broken GitHub Action and handle case where VERSION is provided as an input
- PR #3507 - @thezanke - Update prometheus-community helm repo due to the suspension of OCI builds
- PR #3501 - @kingdonb - Add GITHUB_TOKEN  to Flux GitHub Action
- PR #3488 - @dependabot[bot] - Bump snyk/actions from 1cc9026f51d822442cb4b872d8d7ead8cc69a018 to e25b2e6f5658d1bb7a6671b113260f13134cc3af
- PR #3487 - @dependabot[bot] - Bump actions/cache from 3.2.2 to 3.2.3
- PR #3486 - @dependabot[bot] - Bump github/codeql-action from 2.1.37 to 2.1.38
- PR #3477 - @raffis - fix(install-script): support $GITHUB_TOKEN

v0.38.0 (2022-12-21)

## Highlights

Flux v0.38.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

### Notification API v1beta2

This release graduates the Notification APIs to `v1beta2`. After upgrading the controllers on your clusters, you need to update the notification Custom Resources in Git by replacing `notification.toolkit.fluxcd.io/v1beta1` with `notification.toolkit.fluxcd.io/v1beta2` in all YAML manifests.

#### Breaking changes

- The `Alert.spec.summary` has a max length of 255 characters.
- The `Provider.spec.address` and `Provider.spec.proxy` have a max length of 2048 characters.
- The `Receiver.status.url` was deprecated in favour of `Receiver.status.webhookPath`.

For more details about `v1beta2` please see the notification-controller [chagelog](https://github.com/fluxcd/notification-controller/blob/main/CHANGELOG.md#0300) and the [API spec documentation](https://fluxcd.io/flux/components/notification/).

### Features and improvements

- Support for defining Kustomize components with `Kustomization.spec.components`.
- Support for piping multi-doc YAMLs when publishing OCI artifacts with `kustomize build . | flux push artifact --path=-`.
- Support for Gitea commit status updates with `Provider.spec.type` set to `gitea`.
- Improve the memory usage of helm-controller by disabling the caching of Secret and ConfigMap resources.
- Update the Helm SDK to v3.10.3 (fix for Helm CVEs).
- All code references to `libgit2` were removed, and the `GitRepository.spec.gitImplementation` field is no longer being honored.

### Documentation improvements

The official [example repository](https://github.com/fluxcd/flux2-kustomize-helm-example) was refactored.  The new version comes with the following improvements:

- Make the example compatible with ARM64 Kubernetes clusters.
- Add Weave GitOps Helm release to showcase the [Flux UI](https://github.com/fluxcd/flux2-kustomize-helm-example#access-the-flux-ui).
- Replace the `ingress-nginx` Bitnami chart with the official one that contains multi-arch container images.
- Add `cert-manager` Helm release to showcase how to install CRDs and custom resources using `dependsOn`.
- Add Let's Encrypt `ClusterIssuer` to showcase how to patch resources in production with Flux Kustomization.
- Add the `flux-system` overlay to showcase how to configure Flux at bootstrap time.

## Components changelog

- source-controller [v0.33.0](https://github.com/fluxcd/source-controller/blob/v0.33.0/CHANGELOG.md)
- kustomize-controller [v0.32.0](https://github.com/fluxcd/kustomize-controller/blob/v0.32.0/CHANGELOG.md)
- helm-controller [v0.28.0](https://github.com/fluxcd/helm-controller/blob/v0.28.0/CHANGELOG.md)
- notification-controller [v0.30.0](https://github.com/fluxcd/notification-controller/blob/v0.30.0/CHANGELOG.md)
- image-reflector-controller [v0.23.1](https://github.com/fluxcd/image-reflector-controller/blob/v0.23.1/CHANGELOG.md)
- image-automation-controller [v0.28.0](https://github.com/fluxcd/image-automation-controller/blob/v0.28.0/CHANGELOG.md)

## CLI Changelog

- PR #3427 - @hiddeco - Update dependencies
- PR #3424 - @pjbgf - build: Revert sigstore/cosign-installer to v2.8.1
- PR #3423 - @dependabot[bot] - Bump github/codeql-action from 2.1.36 to 2.1.37
- PR #3422 - @dependabot[bot] - Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0
- PR #3421 - @dependabot[bot] - Bump actions/setup-go from 3.4.0 to 3.5.0
- PR #3420 - @dependabot[bot] - Bump actions/checkout from 3.1.0 to 3.2.0
- PR #3418 - @somtochiama - Fix path on `flux push`
- PR #3415 - @souleb - Fix dry-run still loading kubeconfig issue
- PR #3413 - @aryan9600 - Update dependencies
- PR #3408 - @souleb - Update fluxcd/pkg/kustomize dependency
- PR #3404 - @stefanprodan - e2e: Fix Azure test suite
- PR #3394 - @dependabot[bot] - Update sigstore/cosign-installer requirement to b6757d8360bb6b9803c38b68e8cb7442baaf7eb5
- PR #3393 - @dependabot[bot] - Bump github/codeql-action from 2.1.35 to 2.1.36
- PR #3389 - @somtochiama - Push/Build artifacts from stdin
- PR #3377 - @aryan9600 - bootstrap: fallback to default known_hosts
- PR #3372 - @dependabot[bot] - Bump peter-evans/create-pull-request from 4.2.2 to 4.2.3
- PR #3371 - @dependabot[bot] - Bump snyk/actions from a8dd587d8a94f5663fa3d67d51abd0cc66aff244 to 1cc9026f51d822442cb4b872d8d7ead8cc69a018
- PR #3370 - @dependabot[bot] - Bump actions/setup-go from 3.3.1 to 3.4.0
- PR #3369 - @dependabot[bot] - Bump github/codeql-action from 2.1.33 to 2.1.35
- PR #3360 - @fluxcdbot - Update toolkit components
- PR #3352 - @dependabot[bot] - Bump peter-evans/create-pull-request from 4.2.0 to 4.2.2
- PR #3350 - @stefanprodan - Set notification-controller container image to GHCR
- PR #3345 - @stefanprodan - e2e: Refactor Azure test suite to use go-git

v0.37.0 (2022-11-22)

## Highlights

Flux v0.37.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

### Breaking changes

#### Deprecation of `gitImplementation`

The interpretation of the `gitImplementation` field of `GitRepository` by source-controller and image-automation-controller has been deprecated, and will effectively always use `go-git`. This now supports all Git servers, including Azure DevOps and AWS CodeCommit, which previously were only supported by `libgit2`.

To opt-out from this behaviour, and get the controller to honour the field `.spec.gitImplementation`, start the controller with: `--feature-gates=ForceGoGitImplementation=false`.

For more information on this change, refer to the controllers's respective changelogs [listed below](#components-changelog).

#### Automatic force-push of `ImageUpdateAutomation`

Starting from this version, `ImageUpdateAutomation` objects with a `.spec.PushBranch` specified will have the push branch refreshed automatically via force push. To opt-out from this behaviour, start the controller with: `--feature-gates=GitForcePushBranch=false.`

### Features and improvements

- Support for bootstrapping Azure DevOps and AWS CodeCommit repositories using `flux bootstrap git`.
- Support cloning of Git v2 protocol (Azure DevOps and AWS CodeCommit) for `go-git` Git provider.
- Support force-pushing `ImageUpdateAutomation` repositories.
- Allow a dry-run of `flux build kustomization` with `--dry-run` and `--kustomization-file ./path/to/local/my-app.yaml`. Using these flags, variable substitutions from Secrets and ConfigMaps are skipped, and no connection to the cluster is made.
- Use signed OCI Helm chart for [kube-prometheus-stack](https://fluxcd.io/flux/guides/monitoring/).

### New documentation

- Guide: [AWS CodeCommit bootstrap](https://fluxcd.io/flux/use-cases/aws-codecommit)
- Guide: [Azure DevOps bootstrap](https://fluxcd.io/flux/use-cases/azure/#flux-installation-for-azure-devops)

## Components changelog

- source-controller [v0.32.1](https://github.com/fluxcd/source-controller/blob/v0.32.1/CHANGELOG.md)
- kustomize-controller [v0.31.0](https://github.com/fluxcd/kustomize-controller/blob/v0.31.0/CHANGELOG.md)
- helm-controller [v0.27.0](https://github.com/fluxcd/helm-controller/blob/v0.27.0/CHANGELOG.md)
- notification-controller [v0.29.0](https://github.com/fluxcd/notification-controller/blob/v0.29.0/CHANGELOG.md)
- image-reflector-controller [v0.23.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.23.0/CHANGELOG.md)
- image-automation-controller [v0.27.0](https://github.com/fluxcd/image-automation-controller/blob/v0.27.0/CHANGELOG.md)

## CLI Changelog

- PR #3339 - @hiddeco - Update dependencies
- PR #3326 - @fluxcdbot - Update toolkit components
- PR #3324 - @stefanprodan - Update kubectl and remove nsswitch.conf in flux-cli image
- PR #3323 - @pjbgf - build: Pin GitHub Actions
- PR #3317 - @souleb - Add a dry-run mode to flux build kustomization
- PR #3303 - @stefanprodan - monitoring: Use kube-prometheus-stack signed OCI Helm chart
- PR #3299 - @aryan9600 - Refactor bootstrap process to use `fluxcd/pkg/git`
- PR #3294 - @phillebaba - Aggregate errors in uninstall functions
- PR #3288 - @dependabot[bot] - Bump hashicorp/setup-terraform from 2.0.2 to 2.0.3
- PR #3281 - @stefanprodan - Refactor ARM64 e2e test suite
- PR #3269 - @dependabot[bot] - Bump actions/setup-go from 2 to 3
- PR #3249 - @phillebaba - Remove file reading from bootstrap package

🚀 fluxcd/flux2 - Release Notes

v2.5.1 (2025-02-25)

v2.5.0 (2025-02-20)

v2.4.0 (2024-09-30)

v2.3.0 (2024-05-13)

v2.2.3 (2024-02-05)

v2.2.2 (2023-12-19)

v2.2.1 (2023-12-15)

v2.2.0 (2023-12-12)

v2.1.2 (2023-10-12)

v2.1.1 (2023-09-19)

v2.1.0 (2023-08-24)

v2.0.1 (2023-07-11)

v2.0.0 (2023-07-05)

v2.0.0-rc.5 (2023-06-01)

v2.0.0-rc.4 (2023-05-29)

v2.0.0-rc.3 (2023-05-12)

v2.0.0-rc.2 (2023-05-09)

v2.0.0-rc.1 (2023-04-06)

v0.41.2 (2023-03-21)

v0.41.1 (2023-03-10)

v0.41.0 (2023-03-09)

v0.40.2 (2023-02-28)

v0.40.1 (2023-02-23)

v0.40.0 (2023-02-20)

v0.39.0 (2023-02-02)

v0.38.3 (2023-01-10)

v0.38.2 (2022-12-22)

v0.38.1 (2022-12-21)

v0.38.0 (2022-12-21)

v0.37.0 (2022-11-22)