Skip to content

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[1.3.2] - 2026-04-23

Added:

MinIO: Extended configuration to customize all Tenant CRD values
MinIO: Added boolean to nullify correctly security context (useful in scenarios where it is supersed by the Kubernetes Engine, e.g : OpenShift)
XTM Composer: Extended configuration capabilities

[1.3.1] - 2026-04-02

Added

OpenCTI: Added default initContainers front, ingests, workers and connectors. All enabled by default. Each default initContainer will wait for its dependency to be up and running before starting its main app. They can be individually disabled if not needed in your environment.
OpenCTI: Added configurable initContainers for front, ingests, workers and connectors
OpenCTI: Added the possibility to configure ingress that routes traffic directly to ingests
OpenCTI: Added configurable volumes and volumeMounts for connectors (see example page)
Elasticsearch: Added default initContainer that sets vm.max_map_count on the hosts. Disabled by default. Can be enabled with elasticsearch.initVMMaxMapCount (recommended if allowMmap is enabled, which is true by default). Warning: the default initContainer set in the chart will run as privileged, you can override the default initContainer if this doesn't meet your security requirements. The vm.max_map_count value defaults to 1048576 (recommended by Elastic) but can be configured through the elasticsearch.vmMaxMapCountValue parameter.

Fixed

Elasticsearch: Added missing tolerarions and imagePullSecrets for masterNodes configuration in values

[1.3.0] - 2026-03-11

Changed

BREAKING CHANGE: OpenCTI: Bumped default version to 7.260309.0
XTM Composer: Bumped default version to 2.260223.0 (to align with OpenCTI requirements)
OpenCTI: Overriding the OpenCTI image tag is now correctly supported for front, ingests and workers
Redis, MinIO, RabbitMQ: Conditionned the rendering of the storageClassName parameter in the PVC definition to avoid errors when not set and no default storage class is configured in the cluster.

[1.2.11] - 2026-03-05

Added

OpenCTI: Added conditional metrics exposure for front and worker components via environment variables.
Doc: Added setup guidance for secret-based APP__HEALTH_ACCESS_KEY and metrics enablement.

Changed

OpenCTI: Front and ingest readiness/liveness probes now use exec checks with APP__HEALTH_ACCESS_KEY environment variable.
OpenCTI: Added commented default values examples to enable front and worker metrics.

[1.2.10] - 2026-03-02

Fixed

Environment variables could be duplicated in pod specs when the same key appeared in both envFromSecrets and env maps. Now the chart tracks rendered keys and only emits each variable once, with secret‑sourced values taking precedence.

[1.2.9] - 2026-02-24

Added

OpenCTI: Introduced the capacity of configuring volumes and volumeMounts for OpenCTI front and ingesters

[1.2.8] - 2026-02-13

Removed

OpenCTI: Removed OPENCTI_TOKEN from opencti.worker.env in the default values file to avoid conflict when setting it from the opencti.worker.envFromSecrets block

[1.2.7] - 2026-02-04

Added

Redis: Added pod antiAffinity that defaults on Kubernetes host
MinIO: Added pod antiAffinity that defaults on Kubernetes host
RabbitMQ: Added pod antiAffinity that defaults on Kubernetes host
Elasticsearch: Added pod antiAffinity that defaults on Kubernetes host

Changed

BREAKING CHANGE: Redis: Added a distinction for Redis data and sentinel nodes in configuration
BREAKING CHANGE: MinIO: Updated antiAffinity to be a full yaml definition instead of simple boolean
OpenCTI: Bump default version to 6.9.15
XTM Composer: Bump default version to 1.0.2. See changelog

Fixed

Fixed multiple non-working configurations (affinity, nodeSelector...) caused by wrong indent in templates.

Removed

BREAKING CHANGE: RabbitMQ: nodeSelector value was removed from values file as it's actually not supported by the CRD. Use the override attribute instead Reference.

[1.2.6] - 2026-01-19

Added

OpenCTI: Added logLevel in values
OpenCTI: Added writeAppLogsToFile in values to manage logs write to file (defaults to False)
OpenCTI: Added writeAuditLogsToFile in values to manage audit logs write to file (defaults to False)

Changed

OpenCTI: Bump default version to 6.9.7
Doc: Pinned operator versions. Added recommended K8S version.

[1.2.5] - 2025-11-28

Changed

Webservice: Added Import Document AI webservice & documentation
OpenCTI: Bump default version to 6.8.15

[1.2.4] - 2025-11-26

Changed

OpenCTI Connectors: Added some standard connectors configuration, disabled by default in values.yaml

[1.2.3] - 2025-11-25

Changed

OpenCTI: Bump default version to 6.8.13

Fixed

RabbitMQ: Removed Logging to file from default config to avoid error with security context from operator version >= 2.17

[1.2.2] - 2025-11-12

Changed

Elasticsearch: Added S3 Client Snapshot config capability for backups
Elasticsearch: Disabled by default the Kibana self-signed certificate to simplify access to dashboard by default

[1.2.1] - 2025-10-24

Fixed

Redis: Fixed and streamlined securityContext enablement and configuration

Changed

OpenCTI: Bump default version to 6.8.8

[1.2.0] - 2025-10-10

Added

Customizable ingresses for Kibana, RabbitMQ Console and MinIO console
Dedicated env vars for Front and Ingest deployments

Changed

BREAKING CHANGE: Removed ClusterIP from Redis headless service (default is now None)
Update Elasticsearch deployments configuration to support Master and Data nodes definition
Redis: Bump to 8.0.4
Elasticsearch: Bump to 8.18.4

Fixed

Deactivated by default all managers on front deployments
RabbitMQ: Enforced default configuration in values to make the workers connect properly

[1.1.0] - 2025-09-23

Added

XTM composer integration

Changed

Updated labels

[1.0.0] - 2025-08-12

Added

First release: includes OpenCTI and its backend stack