惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Security Affairs
Hacker News: Ask HN
Hacker News: Ask HN
L
Lohrmann on Cybersecurity
PCI Perspectives
PCI Perspectives
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cyber Attacks, Cyber Crime and Cyber Security
Recent Commits to openclaw:main
Recent Commits to openclaw:main
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
MyScale Blog
MyScale Blog
月光博客
月光博客
W
WeLiveSecurity
T
Threat Research - Cisco Blogs
Martin Fowler
Martin Fowler
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recorded Future
Recorded Future
The GitHub Blog
The GitHub Blog
Webroot Blog
Webroot Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
TaoSecurity Blog
TaoSecurity Blog
P
Proofpoint News Feed
Google DeepMind News
Google DeepMind News
F
Full Disclosure
U
Unit 42
Jina AI
Jina AI
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 最新话题
宝玉的分享
宝玉的分享
大猫的无限游戏
大猫的无限游戏
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
T
Troy Hunt's Blog
腾讯CDC
T
Threatpost
H
Hacker News: Front Page
P
Palo Alto Networks Blog
博客园 - 聂微东
Last Week in AI
Last Week in AI
有赞技术团队
有赞技术团队
Help Net Security
Help Net Security
L
LINUX DO - 热门话题
N
News and Events Feed by Topic
人人都是产品经理
人人都是产品经理
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Spread Privacy
Spread Privacy

The Register - Software: Virtualization

NodeWeaver says its perpetual licensing beats VMware’s perpetual price hikes NodeWeaver: Perpetual licensing beats VMware nickel-and-dime Microsoft cuts cloudy desktop prices by 20 percent Nutanix to add KubeVirt support to run VM on K8s at the edge Western Union zaps VMware and moves to Nutanix Nutanix thinks some Azure cloud desktops belong on-prem Nutanix thinks some Azure cloud desktops belong on-prem Nutanix brings its K8s to bare metal Half of VMware users plan to reduce usage by 2028 Xen Project announces five years of support for all releases Xen Project announces five years of support for all releases Broadcom says AI companies can’t make their own silicon One vendor doesn't mind high RAM prices: VMware NUC, NUC! Who’s there? ASUS with a thin client for cloud PCs Why flexibility will define the future of functionality AWS adds nested virtualization option for handful for EC2 Cisco set to release hypervisor as VMware alternative Cisco set to release hypervisor as VMware alternative Contain your Windows apps inside Linux Windows VMware scores early win in Siemens software licensing case Broadcom 'bulldozes' VMware CSPs with March deadline Java devs want container security - not the hassle Microsoft to face questions over From SA program Dell wants £10m+ from VMware if Tesco case goes against it Lenovo has a hunch you’re about to try quitting VMware China crew abused ESXi zero-days a year before disclosure China crew abused ESXi zero-days a year before disclosure AWS adds hybrid cloud storage support for Nutanix Nutanix pushes sovereign cloud in another swipe at VMware Nutanix pushes sovereign cloud in another swipe at VMware VMware kills vSphere Foundation in parts of EMEA European cloud trade group says EU should have blocked VMware-Broadcom merger Researchers spot 700 percent increase in hypervisor attacks Researchers spot 700 percent increase in hypervisor attacks Proxmox delivers its software-defined datacenter contender Proxmox delivers its software-defined datacenter contender HPE positions Morpheus stack as alternative to VMware VMware re-states claim Siemens used unlicensed software VMware re-states claim Siemens used unlicensed software 70-hour work weeks no longer enough for Infosys founder Veeam bets on more VMware alternatives Veeam bets on more VMware alternatives Ford straps in as Xen Project drives toward automotive use Microsoft reveals new cloudy AI PC that’s not a Copilot+ PC VMware admits it over-specced storage servers for years Server virtualization market heats up to win VMware refugees Broadcom creates a new Seal Of Approval for AI servers Broadcom creates a new Seal Of Approval for AI servers Rideshare giant dumps 200 cloudy Macs, saves $2.4 million IBM Cloud stops seeking new customers for its VMware service In Tesco vs. VMware, Computacenter warns, Dell, Broadcom VMware bungles cloud management portal upgrade, twice VMware bungles cloud management portal upgrade, twice Microsoft starts streaming cloudy apps instead of desktops Open source Cloud Hypervisor adds (futile) no-AI-code policy Proxmox delivers datacenter manager beta VMware to lose 35 percent of workloads in three years – some to its friends at ‘proper clouds’ VMware to lose 35 percent of workloads in three years Citrix products sold under old licenses to get glitchy Rethinking application delivery for the hybrid world VMware's in court again. Tesco latest in line Broadcom admits it’s sold a lot of VMware shelfware Supermarket giant Tesco sues VMware for breach of contract DOGE delayed deals, says Nutanix VirtualBox 7.2 fixes 3D guests, adds Arm-on-Arm support Cloudy PCs now often have lower TCO than laptops Platform9 pushes swing capacity workaround for VMware shifts Virtualization vet pushes out Proxmox VE 9, Backup Server 4 Oracle VirtualBox licensing tweak lies in wait for unwary EU cloud players want Europe to annul Broadcom’s VMWare buy How to host a Linux-powered local dev site in Windows VMware portal prevents some users from downloading patches VMware slows release cadence for flagship VCF suite Telefónica DE shifts VMware support to Spinnaker due to cost Citrix returns to hypervisor market without updating wares VMware’s rivals ramp efforts to create alternative stacks
Kubernetes overlords retire Ingress NGINX
Simon Sharwood Simon Sharwood · 2025-11-14 · via The Register - Software: Virtualization

Security

Kubernetes overlords decide Ingress NGINX isn’t worth saving

Maintenance to end next year after ‘helpful options’ became ‘serious security flaws’

Kubernetes maintainers have decided it’s not worth trying to save Ingress NGINX and will instead stop work on the project and retire it in March 2026.

Ingress NGINX is an ingress controller – a class of tool that allows external HTTP/S access to Kubernetes clusters and the applications they run.

Yesterday’s flexibility has become today’s insurmountable technical debt

According to Tabitha Sable, a staff engineer at Datadog who is also co-chair of the Kubernetes special interest group for security, “It became very popular due to its tremendous flexibility, breadth of features, and independence from any particular cloud or infrastructure provider.”

While developers have created alternatives, Sable feels “Ingress NGINX has continued to be one of the most popular, deployed as part of many hosted Kubernetes platforms and within innumerable independent users’ clusters.”

While popular, the tool is also problematic.

In March 2025, researchers at Wiz found Ingress NGINX had serious vulnerabilities that could allow complete takeover of Kubernetes clusters.

The project was already in trouble before that revelation. Researchers had previously found and fixed several major security flaws. Its maintainers last year announced they would stop adding core features and focus their efforts on a project called “InGate” that aimed to create a new ingress controller that also acted as a Gateway API controller – another means of connecting K8s clusters to the world.

On Wednesday, the Kubernetes Security Response Committee (SRC) decided to pull the plug on Ingress NGINX.

“The breadth and flexibility of Ingress NGINX has caused maintenance challenges,” Sable wrote. “Changing expectations about cloud native software have also added complications. What were once considered helpful options have sometimes come to be considered serious security flaws … Yesterday’s flexibility has become today’s insurmountable technical debt.”

Sable also wrote that Ingress NGINX “has always struggled with insufficient or barely-sufficient maintainership. For years, the project has had only one or two people doing development work, on their own time, after work hours and on weekends.”

When Wiz revealed its findings on Ingress NGINX flaws, it could find around 6,000 implementations of the tool. Come March 2026, any remaining instances will continue to work but developers will not deliver any updates.

So hop to it, K8s admins: You have a short period of time in which to consider if it’s possible to develop compensating controls that allow you to run abandonware, or pick an alternative and plan a migration. ®