Benjamin Carr, Ph.D. 👨🏻‍💻🧬
#Kubernetes overlords decide #IngressNGINX isn’t worth saving
Maintenance to end next year after ‘helpful options’ became ‘serious security flaws’
#Ingress #NGINX is an ingress controller – a class of tool that allows external HTTP/S access to clusters and the applications they run.
While popular, the tool is also problematic.
In March 2025, researchers at Wiz found Ingress NGINX had serious #vulnerabilities that could allow complete takeover of Kubernetes clusters.
https://www.theregister.com/2025/11/14/nginx_retirement/
Kubernetes overlords decide Ingress NGINX isn’t worth saving

: Maintenance to end next year after ‘helpful options’ became ‘serious security flaws’

The Register
Nov 15 at 12:04amWeb
Show threadSheogorathNov 15

@BenjaminHCCarr Claiming it's "Kubernetes overlords" that decided anything is quite misleading.

The maintainers highlighted the problem, no one cared enough to step up, and now they retire it.

It's a community project, there are no overlords, anyone could have stepped up.
https://github.com/kubernetes/community/blob/master/sig-network/README.md

I recommend to look at the last meeting recordings, it's a bit sad.

community/sig-network/README.md at master · kubernetes/community

Kubernetes community content. Contribute to kubernetes/community development by creating an account on GitHub.

GitHub
Show threadRachelNov 15
@sheogorath @BenjaminHCCarr yeah also worth looking at the recent bit with external-secret-operator maintenance for similar woes.

I love OSS but it is kinda sad to see how there isn't a strong culture of large organizations giving back either in engineering time or funding to projects they use