v1.13.1

👌 Kubernetes version support

• Management Cluster: v1.32.x -> v1.36.x
• Workload Cluster: v1.30.x -> v1.36.x

More information about version support can be found here

Changes since v1.13.0

📈 Overview

• 4 new commits merged

🌱 Others

• Dependency: Bump the all-go-mod-patch-and-minor group across 3 directories with 11 updates (#13601)
• e2e: Start testing with K8s 1.36.0 (#13612)

📖 Additionally, there have been 2 contributions to our documentation and book. (#13606, #13616)

Dependencies

Added

Nothing has changed.

Changed

• github.com/moby/spdystream: v0.5.0 → v0.5.1
• k8s.io/api: v0.35.3 → v0.35.4
• k8s.io/apiextensions-apiserver: v0.35.3 → v0.35.4
• k8s.io/apimachinery: v0.35.3 → v0.35.4
• k8s.io/apiserver: v0.35.3 → v0.35.4
• k8s.io/client-go: v0.35.3 → v0.35.4
• k8s.io/cluster-bootstrap: v0.35.3 → v0.35.4
• k8s.io/code-generator: v0.35.3 → v0.35.4
• k8s.io/component-base: v0.35.3 → v0.35.4
• k8s.io/kms: v0.35.3 → v0.35.4
• sigs.k8s.io/structured-merge-diff/v6: v6.3.2 → v6.4.0

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.13.0

👌 Kubernetes version support

• Management Cluster: v1.32.x -> v1.35.x
• Workload Cluster: v1.30.x -> v1.35.x

More information about version support can be found here

Highlights

CAPI v1.13 is a release focused on stability, reliability and performances:

• Bumped to Go 1.25, controller-runtime v0.23, k8s.io/* v0.35, controller-gen v0.20
• KCP now allows to recover from different kind of failures as well as from multiple failures:
  • Increased tolerance to unexpected state of control plane components (accidental node deletion, manual removal of etcd members, accidental deletion of kubeadm control plane labels, and more)
  • Better visibility on common symptoms of kubeadm join errors (failed to promote etcd member, failed to apply kubeadm control plane labels and taints)
• Multiple improvements to improve controllers memory and CPU footprint, performance and stability at scale

Note: Cluster API is only supported on conformant Kubernetes Clusters and contract-relevant provider resources (e.g. InfraCluster) have to be implemented as CRDs (i.e. not via an aggregated apiserver).

Other changes

• The implementation of the Taint propagation proposal is now completed
• Runtime Hooks are now embedding v1beta2 Cluster types
• Machine now reports info about machine placement in the status.failureDomain field
• rolloutAfter for control plane and MachineDeployments can now be controlled from Cluster.spec.topology
• MachineWaitForVolumeDetachConsiderVolumeAttachments feature graduated to GA
• PriorityQueue feature graduated to beta and it is now enabled by default
• ReconcilerRateLimiting feature graduated to beta and it is now enabled by default
  • Starting from this release ReconcilerRateLimiting feature also requires PriorityQueue to be enabled. This ensures that ReconcilerRateLimiting works consistently with controller runtime ExponentialBackoff.

Deprecation and Removals Warning

• v1alpha3 and v1alpha4 apiVersions have been removed
• Reminder: v1beta1 is on track to be unserved in CAPI v1.16
  • Reminder: Provider should start implementing the v1beta2 contract ASAP.

For additional details for providers, please take a look at Cluster API v1.12 compared to v1.13.[GitHub issue #REPLACE ME](REPLACE ME)

Changes since v1.12.0

📈 Overview

• 279 new commits merged
• 10 breaking changes ⚠️
• 30 feature additions ✨
• 39 bugs fixed 🐛

📝 Proposals

• Core: Update autoscaling from zero enhancement proposal with node labels and taints configuration clarification (#13308)

⚠️ Breaking Changes

• API/Runtime SDK: Bump Runtime Hooks v1alpha1 types to core CAPI v1beta2 (#13200)
• API: Remove v1alpha3 + v1alpha4 apiVersions (#13199)
• CABPK: Remove deprecated --cluster-concurrency flag in CABPK (#13288)
• CAPD: Mark docker resources as deprecated (#13565)
• ClusterCache: Remove deprecated ClusterCache GetClientCertificatePrivateKey (#13156)
• ClusterClass: Remove deprecated ShouldSkipImmutabilityChecks (#13291)
• clusterctl: Remove deprecated --disable-grouping clusterctl describe cluster flag (#13289)
• clusterctl: Remove deprecated provider CRD migration from clusterctl upgrade (#13290)
• Dependency: Bump to controller-runtime main & controller-tools v0.20 (#13159)
• Misc: Remove deprecated ParseMajorMinorPatchTolerant / ParseMajorMinorPatch (#13292)

✨ New Features

• API: Backport newly introduced v1beta2 API fields to v1beta1 (#13455)
• CABPK: Optimize cache configuration of CABPK & standardize cache/client setup (#13407)
• CAPD: Implement DevMachinePools (#13346)
• CAPD: Improve CAPD wait for multi-user target (#13514)
• CAPD: Support externally managed LB (#13362)
• Cluster: Only set ownerReference on InfraCluster/ControlPlane when Topology is defined (#13332)
• ClusterCache: Add ClusterFilter to ClusterCache Options (#12665)
• ClusterClass: Implement support for taints (#13192)
• clusterctl: Allow overriding image name in clusterctl config (#13014)
• Core: Optimize cache configuration of core CAPI (#13488)
• Dependency: Bump Go to v1.25.5 (#13164)
• Dependency: Bump to controller-runtime v0.23 (#13245)
• Devtools: Add a flag to skip image preloading (#13143)
• KCP/CABPK: Allow diskSetup to include partition layout (#11634)
• KCP/MachineDeployment/Cluster: Add rolloutAfter to cluster.spec.topology (#13391)
• KCP: Allow remediation of multiple failures in KCP (#13352)
• KCP: Bump coredns/corefile-migration to v1.0.30 (#13282)
• KCP: Implement support for machine taints (#13181)
• KCP: Optimize cache configuration of KCP (#13460)
• Machine: Add Machine status.failureDomain (#13266)
• Machine: Promote MachineWaitForVolumeDetachConsiderVolumeAttachments feature to GA (#13293)
• Metrics/e2e: Add infra CRDs to dashboards, improve/fix dashboards, enable native histograms (#13354)
• Misc: Disable DWARF and symbol table to decrease binary/image size (#12856)
• Misc: Enable PriorityQueue per default (#13171)
• Misc: Promote ReconcileRateLimiting to beta (enabled per default) (#13373)
• Misc: Tune controller concurrency and cache timeout for scale (#13496)
• Release: Prepare main branch for v1.13 (#13174)
• Testing: Add example / debug suite for envtest (#13453)
• util: Extend conversion tests to cover the "no spec" case (#13409)
• util: Refresh cache entries on cache hit in SSA caches (#13459)

🐛 Bug Fixes

• API: Fix v1beta1 ControlPlane contract to handle .status.initialized correctly (#13186)
• CAPD: Fix "Failed to exec DockerMachine bootstrap" errors in CAPD (#13447)
• CAPD: Remove finalizers during deletion if ownerRef was never set for cluster controllers (#13239)
• CAPIM: Extend CAPD in-memory backend to set CP taint to fix scale tests (#13187)
• CAPIM: Fix in-memory watch unit test (#13464)
• CI: Bump trivy to v0.69.2 to fix CI (#13387)
• Cluster: Fix panic in Cluster conversion (#13383)
• ClusterClass/KCP/MachineSet/MachineDeployment: Mitigate managedFields apiserver issue for SSA (#13338)
• ClusterClass: Allow adding spec via ClusterClass JSON patches (#13225)
• ClusterClass: Do not overwrite global http.DefaultClient TLSConfig (#13058)
• ClusterClass: Fix upgradePlan computation in GetUpgradePlanFromClusterClassVersions (#13463)
• Dependency: Bump dependencies to fix CVE GO-2026-4394 (go.opentelemetry.io/otel/sdk pkg) (#13372)
• Dependency: Fix CVE-2026-39883 (#13573)
• e2e: Add wait-resource-versions-{become,remain}-stable intervals to e2e config (#13263)
• e2e: Clean up namespace in e2e tests (#13233)
• e2e: Fix cross-ns scale test (#13309)
• e2e: Fix goroutine & memory leak in inmemory provider (#13361)
• e2e: Fix node-label calculation in test extension & fix upgrade test (#13356)
• e2e: Fix WaitForMachinesReady interval (#13050)
• e2e: Increase reconcile timeout for KCP & DockerMachine (#13093)
• e2e: Only retry creating objects that failed (#13265)
• e2e: Tolerate NotFound errors during Namespace deletion in scale test cleanup (#13439)
• KCP/MachineSet: Preserve existing object names for backward compatibility with pre-v1.7 in-place updates (#13124)
• KCP: Grant delete permissions to Secrets. (#13070)
• KCP: KCP deletion should tolerate missing InfraTemplates (#13562)
• KCP: Use errors.Errorf instead of errors.Wrapf since the err is nil (#13486)
• Machine/MachineSet/MachineDeployment: Fix UpToDate calculation for rolloutAfter (#13404)
• MachineSet: Use MachineSet template values in completeMoveMachine for in-place updates (#13059)
• Misc: Fix bug while setting status for deprecated fields (#13336)
• Runtime SDK: Improve client cert/key rotation of the RuntimeSDK client (#13213)
• Testing/e2e: Fix unit test flakes, improve clusterctl download error in e2e tests (#13045)
• Testing: Fix flaky by waiting for CRD finalizer processing (#13470)
• Testing: Fix flaky TestClusterReconciler unit test (#13180)
• Testing: Fix TestReconcile flake (#13255)
• Testing: Fix webhook envtest tests for Kubernetes < v1.35 (#13170)
• Upgrades: Remove conflicting rules field from aggregated ClusterRoles (#13490)
• util: Fix a panic in conditions.Delete method if the sources condition list is empty (#13048)
• util: Fix exponential backoff with ReconcilerRateLimiting (#13416)
• util: Fix patchHelper unit test flakes (#13412)

🌱 Others

• API: Deprecate custom Condition types (#13237)
• API: Introduce conversion.MarshalDataUnsafeNoCopy to avoid unnecessary memory allocations during conversion (#13402)
• API: Postpone date when we stop serving v1beta1 (#13394)
• API: Relax validation for Machine .status.addresses to maximum of 128 instead of 32 items (#13060)
• API: Relax validation for Machine .status.addresses to maximum of 256 instead of 128 items (#13395)
• CAPD/CAPIM: Implement .status.failureDomain for DockerMachine & DevMachine (#13286)
• CAPD: Implement pause for DockerMachinePool (#13445)
• CAPD: Improve condition if CAPD Machine is not yet ready for bootstrap exec (#13461)
• CAPD: Move RBAC for devmachinetemplates from main.go to controller.go (#13271)
• CAPD: Reduce verbosity of CAPD exec log (#13493)
• CAPD: Use select with time.After instead of time.Sleep (#13480)
• CAPIM: Fix inMemory watch (#13229)
• CI: Bump golangci-lint v2.7.0 (#13108)
• CI: Bump Kubernetes version used for testing to v1.35.0-rc.0 (#13103)
• CI: Bump Kubernetes version used for testing to v1.35.0-rc.1 (#13138)
• CI: Drop security scan on 1.10 (#13454)
• CI: Dump resources in scale test (#13232)
• CI: Improve Fake API server (#13183)
• CI: Inmemory APIserver fails for unsupported fieldSelectors (#133...

v1.12.7

👌 Kubernetes version support

• Management Cluster: v1.31.x -> v1.35.x
• Workload Cluster: v1.29.x -> v1.35.x

More information about version support can be found here

Changes since v1.12.5

📈 Overview

• 7 new commits merged
• 2 bugs fixed 🐛

🐛 Bug Fixes

• Dependency: Fix CVE 2026 39883 release 1.12 (#13575)
• KCP: KCP deletion should tolerate missing InfraTemplates (#13563)

🌱 Others

• clusterctl: Bump Cert-manager v1.20.2 (#13597)
• Dependency: Bump cloudbuild to use gcb-docker-gcloud image with Go v1.25.5 (#13607)
• e2e: Start testing with Kubernetes v1.36.0-rc.0 (#13570)
• e2e: Start testing with Kubernetes v1.36.0-rc.1 (#13588)

📖 Additionally, there has been 1 contribution to our documentation and book. (#13561)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.11.10

👌 Kubernetes version support

• Management Cluster: v1.30.x -> v1.34.x
• Workload Cluster: v1.28.x -> v1.34.x

More information about version support can be found here

Changes since v1.11.8

📈 Overview

• 3 new commits merged
• 1 bug fixed 🐛

🐛 Bug Fixes

• Dependency: Fix CVE 2026 39883 release 1.11 (#13576)

🌱 Others

• clusterctl: Bump Cert-manager v1.20.2 (#13596)
• Dependency: Bump cloudbuild to use gcb-docker-gcloud image with Go v1.25.5 (#13608)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.13.0-rc.1

🚨 This is a RELEASE CANDIDATE. Use it only for testing purposes. If you find any bugs, file an issue.

⚠️ RELEASE CANDIDATE NOTES ⚠️

👌 Kubernetes version support

• Management Cluster: v1.32.x -> v1.35.x
• Workload Cluster: v1.30.x -> v1.35.x

More information about version support can be found here

Highlights

CAPI v1.13 is a release focused on stability, reliability and performances:

• Bumped to Go 1.25, controller-runtime v0.23, k8s.io/* v0.35, controller-gen v0.20
• KCP now allows to recover from different kind of failures as well as from multiple failures:
  • Increased tolerance to unexpected state of control plane components (accidental node deletion, manual removal of etcd members, accidental deletion of kubeadm control plane labels, and more)
  • Better visibility on common symptoms of kubeadm join errors (failed to promote etcd member, failed to apply kubeadm control plane labels and taints)
• Multiple improvements to improve controllers memory and CPU footprint, performance and stability at scale

Note: Cluster API is only supported on conformant Kubernetes Clusters and contract-relevant provider resources (e.g. InfraCluster) have to be implemented as CRDs (i.e. not via an aggregated apiserver).

Other changes

• The implementation of the Taint propagation proposal is now completed
• Runtime Hooks are now embedding v1beta2 Cluster types
• Machine now reports info about machine placement in the status.failureDomain field
• rolloutAfter for control plane and MachineDeployments can now be controlled from Cluster.spec.topology
• MachineWaitForVolumeDetachConsiderVolumeAttachments feature graduated to GA
• PriorityQueue feature graduated to beta and it is now enabled by default
• ReconcilerRateLimiting feature graduated to beta and it is now enabled by default
  • Starting from this release ReconcilerRateLimiting feature also requires PriorityQueue to be enabled. This ensures that ReconcilerRateLimiting works consistently with controller runtime ExponentialBackoff.

Deprecation and Removals Warning

• v1alpha3 and v1alpha4 apiVersions have been removed
• Reminder: v1beta1 is on track to be unserved in CAPI v1.16
  • Reminder: Provider should start implementing the v1beta2 contract ASAP.

For additional details for providers, please take a look at Cluster API v1.12 compared to v1.13.

Changes since v1.13.0-rc.0

📈 Overview

• 9 new commits merged
• 1 breaking change ⚠️
• 2 bugs fixed 🐛

⚠️ Breaking Changes

• CAPD: Mark docker resources as deprecated (#13565)

🐛 Bug Fixes

• Dependency: Fix CVE-2026-39883 (#13573)
• KCP: KCP deletion should tolerate missing InfraTemplates (#13562)

🌱 Others

• clusterctl: Add cloudscale-ch-cloudscale provider (#13567)
• Dependency: Bump the all-go-mod-patch-and-minor group across 3 directories with 4 updates (#13582)
• e2e: Start testing with Kubernetes v1.36.0-rc.0 (#13569)

Dependencies

Added

Nothing has changed.

Changed

• github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.30.0 → v1.31.0
• github.com/grpc-ecosystem/grpc-gateway/v2: v2.27.7 → v2.28.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.40.0 → v1.43.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.40.0 → v1.43.0
• go.opentelemetry.io/otel/metric: v1.40.0 → v1.43.0
• go.opentelemetry.io/otel/sdk/metric: v1.40.0 → v1.43.0
• go.opentelemetry.io/otel/sdk: v1.40.0 → v1.43.0
• go.opentelemetry.io/otel/trace: v1.40.0 → v1.43.0
• go.opentelemetry.io/otel: v1.40.0 → v1.43.0
• go.opentelemetry.io/proto/otlp: v1.9.0 → v1.10.0
• golang.org/x/crypto: v0.49.0 → v0.50.0
• golang.org/x/mod: v0.33.0 → v0.34.0
• golang.org/x/net: v0.52.0 → v0.53.0
• golang.org/x/sys: v0.42.0 → v0.43.0
• golang.org/x/telemetry: e7419c6 → 579e4da
• golang.org/x/term: v0.41.0 → v0.42.0
• golang.org/x/text: v0.35.0 → v0.36.0
• golang.org/x/tools: v0.42.0 → v0.43.0
• gonum.org/v1/gonum: v0.16.0 → v0.17.0
• google.golang.org/genproto/googleapis/api: 8636f87 → 9d38bb4
• google.golang.org/genproto/googleapis/rpc: 8636f87 → 9d38bb4
• google.golang.org/grpc: v1.79.3 → v1.80.0

Removed

Nothing has changed.

More details about the release

⚠️ RELEASE CANDIDATE NOTES ⚠️

👌 Kubernetes version support

• Management Cluster: v1.X.x -> v1.X.x
• Workload Cluster: v1.X.x -> v1.X.x

More information about version support can be found here

Highlights

• REPLACE ME

Deprecation Warning

REPLACE ME: A couple sentences describing the deprecation, including links to docs.

• [GitHub issue #REPLACE ME](REPLACE ME)

Changes since v1.12.0

📈 Overview

• 274 new commits merged
• 10 breaking changes ⚠️
• 30 feature additions ✨
• 39 bugs fixed 🐛

📝 Proposals

• Core: Update autoscaling from zero enhancement proposal with node labels and taints configuration clarification (#13308)

⚠️ Breaking Changes

• API/Runtime SDK: Bump Runtime Hooks v1alpha1 types to core CAPI v1beta2 (#13200)
• API: Remove v1alpha3 + v1alpha4 apiVersions (#13199)
• CABPK: Remove deprecated --cluster-concurrency flag in CABPK (#13288)
• CAPD: Mark docker resources as deprecated (#13565)
• ClusterCache: Remove deprecated ClusterCache GetClientCertificatePrivateKey (#13156)
• ClusterClass: Remove deprecated ShouldSkipImmutabilityChecks (#13291)
• clusterctl: Remove deprecated --disable-grouping clusterctl describe cluster flag (#13289)
• clusterctl: Remove deprecated provider CRD migration from clusterctl upgrade (#13290)
• Dependency: Bump to controller-runtime main & controller-tools v0.20 (#13159)
• Misc: Remove deprecated ParseMajorMinorPatchTolerant / ParseMajorMinorPatch (#13292)

✨ New Features

• API: Backport newly introduced v1beta2 API fields to v1beta1 (#13455)
• CABPK: Optimize cache configuration of CABPK & standardize cache/client setup (#13407)
• CAPD: Implement DevMachinePools (#13346)
• CAPD: Improve CAPD wait for multi-user target (#13514)
• CAPD: Support externally managed LB (#13362)
• Cluster: Only set ownerReference on InfraCluster/ControlPlane when Topology is defined (#13332)
• ClusterCache: Add ClusterFilter to ClusterCache Options (#12665)
• ClusterClass: Implement support for taints (#13192)
• clusterctl: Allow overriding image name in clusterctl config (#13014)
• Core: Optimize cache configuration of core CAPI (#13488)
• Dependency: Bump Go to v1.25.5 (#13164)
• Dependency: Bump to controller-runtime v0.23 (#13245)
• Devtools: Add a flag to skip image preloading (#13143)
• KCP/CABPK: Allow diskSetup to include partition layout (#11634)
• KCP/MachineDeployment/Cluster: Add rolloutAfter to cluster.spec.topology (#13391)
• KCP: Allow remediation of multiple failures in KCP (#13352)
• KCP: Bump coredns/corefile-migration to v1.0.30 (#13282)
• KCP: Implement support for machine taints (#13181)
• KCP: Optimize cache configuration of KCP (#13460)
• Machine: Add Machine status.failureDomain (#13266)
• Machine: Promote MachineWaitForVolumeDetachConsiderVolumeAttachments feature to GA (#13293)
• Metrics/e2e: Add infra CRDs to dashboards, improve/fix dashboards, enable native histograms (#13354)
• Misc: Disable DWARF and symbol table to decrease binary/image size (#12856)
• Misc: Enable PriorityQueue per default (#13171)
• Misc: Promote ReconcileRateLimiting to beta (enabled per default) (#13373)
• Misc: Tune controller concurrency and cache timeout for scale (#13496)
• Release: Prepare main branch for v1.13 (#13174)
• Testing: Add example / debug suite for envtest (#13453)
• util: Extend conversion tests to cover the "no spec" case (#13409)
• util: Refresh cache entries on cache hit in SSA caches (#13459)

🐛 Bug Fixes

• API: Fix v1beta1 ControlPlane contract to handle .status.initialized correctly (#13186)
• CAPD: Fix "Failed to exec DockerMachine bootstrap" errors in CAPD (#13447)
• CAPD: Remove finalizers during deletion if ownerRef was never set for cluster controllers (#13239)
• CAPIM: Extend CAPD in-memory backend to set CP taint to fix scale tests (#13187)
• CAPIM: Fix in-memory watch unit test (#13464)
• CI: Bump trivy to v0.69.2 to fix CI (#13387)
• Cluster: Fix panic in Cluster conversion (#13383)
• ClusterClass/KCP/MachineSet/MachineDeployment: Mitigate managedFields apiserver issue for SSA (#13338)
• ClusterClass: Allow adding spec via ClusterClass JSON patches (#13225)
• ClusterClass: Do not overwrite global http.DefaultClient TLSConfig (#13058)
• ClusterClass: Fix upgradePlan computation in GetUpgradePlanFromClusterClassVersions (#13463)
• Dependency: Bump dependencies to fix CVE GO-2026-4394 (go.opentelemetry.io/otel/sdk pkg) (#13372)
• Dependency: Fix CVE-2026-39883 (#13573)
• e2e: Add wait-resource-versions-{become,remain}-stable intervals to e2e config (#13263)
• e2e: Clean up namespace in e2e tests (#13233)
• e2e: Fix cross-ns scale test (#13309)
• e2e: Fix goroutine & memory leak in inmemory provider (#13361)
• e2e: Fix node-label calculation in test extension & fix upgrade test (#13356)
• e2e: Fix WaitForMachinesReady interval (#13050)
• e2e: Inc...

v1.13.0-rc.0

🚨 This is a RELEASE CANDIDATE. Use it only for testing purposes. If you find any bugs, file an issue.

⚠️ RELEASE CANDIDATE NOTES ⚠️

👌 Kubernetes version support

• Management Cluster: v1.32.x -> v1.35.x
• Workload Cluster: v1.30.x -> v1.35.x

More information about version support can be found here

Highlights

CAPI v1.13 is a release focused on stability, reliability and performances:

• Bumped to Go 1.25, controller-runtime v0.23, k8s.io/* v0.35, controller-gen v0.20
• KCP now allows to recover from different kind of failures as well as from multiple failures:
  • Increased tolerance to unexpected state of control plane components (accidental node deletion, manual removal of etcd members, accidental deletion of kubeadm control plane labels, and more)
  • Better visibility on common symptoms of kubeadm join errors (failed to promote etcd member, failed to apply kubeadm control plane labels and taints)
• Multiple improvements to improve controllers memory and CPU footprint, performance and stability at scale

Note: Cluster API is only supported on conformant Kubernetes Clusters and contract-relevant provider resources (e.g. InfraCluster) have to be implemented as CRDs (i.e. not via an aggregated apiserver).

Other Changes

• The implementation of the Taint propagation proposal is now completed
• Runtime Hooks are now embedding v1beta2 Cluster types
• Machine now reports info about machine placement in the status.failureDomain field
• rolloutAfter for control plane and MachineDeployments can now be controlled from Cluster.spec.topology
• MachineWaitForVolumeDetachConsiderVolumeAttachments feature graduated to GA
• PriorityQueue feature graduated to beta and it is now enabled by default
• ReconcilerRateLimiting feature graduated to beta and it is now enabled by default
  • Starting from this release ReconcilerRateLimiting feature also requires PriorityQueue to be enabled. This ensures that ReconcilerRateLimiting works consistently with controller runtime ExponentialBackoff.

Deprecation Warning

• v1alpha3 and v1alpha4 apiVersions have been removed
• Reminder: v1beta1 is on track to be unserved in CAPI v1.16
  • Reminder: Provider should start implementing the v1beta2 contract ASAP.

For additional details for providers, please take a look at Cluster API v1.12 compared to v1.13.

Changes since v1.12.0

📈 Overview

• 264 new commits merged
• 9 breaking changes ⚠️
• 30 feature additions ✨
• 37 bugs fixed 🐛

📝 Proposals

• Core: Update autoscaling from zero enhancement proposal with node labels and taints configuration clarification (#13308)

⚠️ Breaking Changes

• API/Runtime SDK: Bump Runtime Hooks v1alpha1 types to core CAPI v1beta2 (#13200)
• API: Remove v1alpha3 + v1alpha4 apiVersions (#13199)
• CABPK: Remove deprecated --cluster-concurrency flag in CABPK (#13288)
• ClusterCache: Remove deprecated ClusterCache GetClientCertificatePrivateKey (#13156)
• ClusterClass: Remove deprecated ShouldSkipImmutabilityChecks (#13291)
• clusterctl: Remove deprecated --disable-grouping clusterctl describe cluster flag (#13289)
• clusterctl: Remove deprecated provider CRD migration from clusterctl upgrade (#13290)
• Dependency: Bump to controller-runtime main & controller-tools v0.20 (#13159)
• Misc: Remove deprecated ParseMajorMinorPatchTolerant / ParseMajorMinorPatch (#13292)

✨ New Features

• API: Backport newly introduced v1beta2 API fields to v1beta1 (#13455)
• CABPK: Optimize cache configuration of CABPK & standardize cache/client setup (#13407)
• CAPD: Implement DevMachinePools (#13346)
• CAPD: Improve CAPD wait for multi-user target (#13514)
• CAPD: Support externally managed LB (#13362)
• Cluster: Only set ownerReference on InfraCluster/ControlPlane when Topology is defined (#13332)
• ClusterCache: Add ClusterFilter to ClusterCache Options (#12665)
• ClusterClass: Implement support for taints (#13192)
• clusterctl: Allow overriding image name in clusterctl config (#13014)
• Core: Optimize cache configuration of core CAPI (#13488)
• Dependency: Bump Go to v1.25.5 (#13164)
• Dependency: Bump to controller-runtime v0.23 (#13245)
• Devtools: Add a flag to skip image preloading (#13143)
• KCP/CABPK: Allow diskSetup to include partition layout (#11634)
• KCP/MachineDeployment/Cluster: Add rolloutAfter to cluster.spec.topology (#13391)
• KCP: Allow remediation of multiple failures in KCP (#13352)
• KCP: Bump coredns/corefile-migration to v1.0.30 (#13282)
• KCP: Implement support for machine taints (#13181)
• KCP: Optimize cache configuration of KCP (#13460)
• Machine: Add Machine status.failureDomain (#13266)
• Machine: Promote MachineWaitForVolumeDetachConsiderVolumeAttachments feature to GA (#13293)
• Metrics/e2e: Add infra CRDs to dashboards, improve/fix dashboards, enable native histograms (#13354)
• Misc: Disable DWARF and symbol table to decrease binary/image size (#12856)
• Misc: Enable PriorityQueue per default (#13171)
• Misc: Promote ReconcileRateLimiting to beta (enabled per default) (#13373)
• Misc: Tune controller concurrency and cache timeout for scale (#13496)
• Release: Prepare main branch for v1.13 (#13174)
• Testing: Add example / debug suite for envtest (#13453)
• util: Extend conversion tests to cover the "no spec" case (#13409)
• util: Refresh cache entries on cache hit in SSA caches (#13459)

🐛 Bug Fixes

• API: Fix v1beta1 ControlPlane contract to handle .status.initialized correctly (#13186)
• CAPD: Fix "Failed to exec DockerMachine bootstrap" errors in CAPD (#13447)
• CAPD: Remove finalizers during deletion if ownerRef was never set for cluster controllers (#13239)
• CAPIM: Extend CAPD in-memory backend to set CP taint to fix scale tests (#13187)
• CAPIM: Fix in-memory watch unit test (#13464)
• CI: Bump trivy to v0.69.2 to fix CI (#13387)
• Cluster: Fix panic in Cluster conversion (#13383)
• ClusterClass/KCP/MachineSet/MachineDeployment: Mitigate managedFields apiserver issue for SSA (#13338)
• ClusterClass: Allow adding spec via ClusterClass JSON patches (#13225)
• ClusterClass: Do not overwrite global http.DefaultClient TLSConfig (#13058)
• ClusterClass: Fix upgradePlan computation in GetUpgradePlanFromClusterClassVersions (#13463)
• Dependency: Bump dependencies to fix CVE GO-2026-4394 (go.opentelemetry.io/otel/sdk pkg) (#13372)
• e2e: Add wait-resource-versions-{become,remain}-stable intervals to e2e config (#13263)
• e2e: Clean up namespace in e2e tests (#13233)
• e2e: Fix cross-ns scale test (#13309)
• e2e: Fix goroutine & memory leak in inmemory provider (#13361)
• e2e: Fix node-label calculation in test extension & fix upgrade test (#13356)
• e2e: Fix WaitForMachinesReady interval (#13050)
• e2e: Increase reconcile timeout for KCP & DockerMachine (#13093)
• e2e: Only retry creating objects that failed (#13265)
• e2e: Tolerate NotFound errors during Namespace deletion in scale test cleanup (#13439)
• KCP/MachineSet: Preserve existing object names for backward compatibility with pre-v1.7 in-place updates (#13124)
• KCP: Grant delete permissions to Secrets. (#13070)
• KCP: Use errors.Errorf instead of errors.Wrapf since the err is nil (#13486)
• Machine/MachineSet/MachineDeployment: Fix UpToDate calculation for rolloutAfter (#13404)
• MachineSet: Use MachineSet template values in completeMoveMachine for in-place updates (#13059)
• Misc: Fix bug while setting status for deprecated fields (#13336)
• Runtime SDK: Improve client cert/key rotation of the RuntimeSDK client (#13213)
• Testing/e2e: Fix unit test flakes, improve clusterctl download error in e2e tests (#13045)
• Testing: Fix flaky by waiting for CRD finalizer processing (#13470)
• Testing: Fix flaky TestClusterReconciler unit test (#13180)
• Testing: Fix TestReconcile flake (#13255)
• Testing: Fix webhook envtest tests for Kubernetes < v1.35 (#13170)
• Upgrades: Remove conflicting rules field from aggregated ClusterRoles (#13490)
• util: Fix a panic in conditions.Delete method if the sources condition list is empty (#13048)
• util: Fix exponential backoff with ReconcilerRateLimiting (#13416)
• util: Fix patchHelper unit test flakes (#13412)

🌱 Others

• API: Deprecate custom Condition types (#13237)
• API: Introduce conversion.MarshalDataUnsafeNoCopy to avoid unnecessary memory allocations during conversion (#13402)
• API: Postpone date when we stop serving v1beta1 (#13394)
• API: Relax validation for Machine .status.addresses to maximum of 128 instead of 32 items (#13060)
• API: Relax validation for Machine .status.addresses to maximum of 256 instead of 128 items (#13395)
• CAPD/CAPIM: Implement .status.failureDomain for DockerMachine & DevMachine (#13286)
• CAPD: Implement pause for DockerMachinePool (#13445)
• CAPD: Improve condition if CAPD Machine is not yet ready for bootstrap exec (#13461)
• CAPD: Move RBAC for devmachinetemplates from main.go to controller.go (#13271)
• CAPD: Reduce verbosity of CAPD exec log (#13493)
• CAPD: Use select with time.After instead of time.Sleep (#13480)
• CAPIM: Fix inMemory watch (#13229)
• CI: Bump golangci-lint v2.7.0 (#13108)
• CI: Bump Kubernetes version used for testing to v1.35.0-rc.0 (#13103)
• CI: Bump Kubernetes version used for testing to v1.35.0-rc.1 (#13138)
• CI: Drop security scan on 1.10 (#13454)
• CI: Dump resources in scale test (#13232)
• CI: Improve Fake API server (#13183)
• CI: Inmemory APIserver fails for unsupported fieldSelectors (#13306)
• CI: Migrate away from custom GitHub action approval workflow (#13533)
• CI: Revive the debug endpoint for CAPDev in-memory (#13423)
• CI: Use env test 1.35.0 (#13168)
• ClusterCache: Remove stack traces from ClusterCache errors (#13396)
• Clus...

v1.12.5

👌 Kubernetes version support

• Management Cluster: v1.31.x -> v1.35.x
• Workload Cluster: v1.29.x -> v1.35.x

More information about version support can be found here

Changes since v1.12.4

📈 Overview

• 14 new commits merged
• 1 feature addition ✨
• 3 bugs fixed 🐛

✨ New Features

• CAPD: Improve CAPD wait for multi-user target (#13523)

🐛 Bug Fixes

• Testing: Fix flaky by waiting for CRD finalizer processing (#13478)
• Testing: Fix flaky TestClusterReconciler unit test (#13475)
• Testing: Fix TestMachineSetReconciler_createMachines_preflightChecks flake (#13477)

🌱 Others

• CAPD: Reduce verbosity of CAPD exec log (#13494)
• clusterctl: Bump cert-manager to v1.20.0 (#13484)
• clusterctl: Bump cert-manager to v1.20.1 (#13519)
• Dependency: Bump corefile-migration to v1.0.31 (#13526)
• Dependency: Bump dependencies to fix CVE-2026-33186 (google.golang.org/grpc) (#13504)
• Dependency: Bump go v1.25.9 (#13554)
• Dependency: Switch from docker to moby dependencies (#13550)
• e2e: Start testing with Kubernetes v1.36.0-beta.0 (#13525)
• KCP: KCP surfaces learner etcd members (#13491)

📖 Additionally, there has been 1 contribution to our documentation and book. (#13528)

Dependencies

Added

Nothing has changed.

Changed

• cel.dev/expr: v0.24.0 → v0.25.1
• github.com/cncf/xds/go: 0feb691 → ee656c7
• github.com/coredns/corefile-migration: v1.0.30 → v1.0.31
• github.com/envoyproxy/go-control-plane/envoy: v1.35.0 → v1.36.0
• github.com/envoyproxy/go-control-plane: 75eaa19 → v0.14.0
• github.com/envoyproxy/protoc-gen-validate: v1.2.1 → v1.3.0
• go.opentelemetry.io/contrib/detectors/gcp: v1.38.0 → v1.39.0
• google.golang.org/grpc: v1.78.0 → v1.79.3

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.11.8

👌 Kubernetes version support

• Management Cluster: v1.30.x -> v1.34.x
• Workload Cluster: v1.28.x -> v1.34.x

More information about version support can be found here

Changes since v1.11.7

📈 Overview

• 9 new commits merged
• 1 feature addition ✨
• 2 bugs fixed 🐛

✨ New Features

• CAPD: Improve CAPD wait for multi-user target (#13524)

🐛 Bug Fixes

• Testing: Fix flaky by waiting for CRD finalizer processing (#13479)
• Testing: Fix flaky TestClusterReconciler unit test (#13476)

🌱 Others

• CAPD: Reduce verbosity of CAPD exec log (#13495)
• clusterctl: Bump cert-manager to v1.20.0 (#13483)
• clusterctl: Bump cert-manager to v1.20.1 (#13518)
• Dependency: Bump dependencies to fix CVE-2026-33186 (google.golang.org/grpc) (#13505)
• Dependency: Bump go v1.25.9 (#13555)
• Dependency: Switch from docker to moby dependencies (#13552)

Dependencies

Added

Nothing has changed.

Changed

• cel.dev/expr: v0.24.0 → v0.25.1
• github.com/cncf/xds/go: 0feb691 → ee656c7
• github.com/envoyproxy/go-control-plane/envoy: v1.35.0 → v1.36.0
• github.com/envoyproxy/go-control-plane: 75eaa19 → v0.14.0
• github.com/envoyproxy/protoc-gen-validate: v1.2.1 → v1.3.0
• go.opentelemetry.io/contrib/detectors/gcp: v1.38.0 → v1.39.0
• google.golang.org/grpc: v1.78.0 → v1.79.3

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.13.0-beta.1

🚨 This is a BETA RELEASE. Use it only for testing purposes. If you find any bugs, file an issue.

Highlights

CAPI v1.13 is a release focused on stability, reliability and performances:

• Bumped to Go 1.25, controller-runtime v0.23, k8s.io/* v0.35, controller-gen v0.20
• KCP now allows to recover from different kind of failures as well as from multiple failures:
  • Increased tolerance to unexpected state of control plane components (accidental node deletion, manual removal of etcd members, accidental deletion of kubeadm control plane labels, and more)
  • Better visibility on common symptoms of kubeadm join errors (failed to promote etcd member, failed to apply kubeadm control plane labels and taints)
• Multiple improvements to improve controllers memory and CPU footprint, performance and stability at scale

Note: Cluster API is only supported on conformant Kubernetes Clusters and contract-relevant provider resources (e.g. InfraCluster) have to be implemented as CRDs (i.e. not via an aggregated apiserver).

Other changes

• The implementation of the Taint propagation proposal is now completed
• Runtime Hooks are now embedding v1beta2 Cluster types
• Machine now reports info about machine placement in the status.failureDomain field
• rolloutAfter for control plane and MachineDeployments can now be controlled from Cluster.spec.topology
• MachineWaitForVolumeDetachConsiderVolumeAttachments feature graduated to GA
• PriorityQueue feature graduated to beta and it is now enabled by default
• ReconcilerRateLimiting feature graduated to beta and it is now enabled by default
  • Starting from this release ReconcilerRateLimiting feature also requires PriorityQueue to be enabled. This ensures that ReconcilerRateLimiting works consistently with controller runtime ExponentialBackoff.

Deprecation and Removals Warning

• v1alpha3 and v1alpha4 apiVersions have been removed
• Reminder: v1beta1 is on track to be unserved in CAPI v1.16
  • Reminder: Provider should start implementing the v1beta2 contract ASAP.

For additional details for providers, please take a look at Cluster API v1.12 compared to v1.13.

Changes since v1.13.0-beta.0

📈 Overview

• 24 new commits merged
• 5 feature additions ✨
• 3 bugs fixed 🐛

✨ New Features

• CAPD: Implement DevMachinePools (#13346)
• CAPD: Improve CAPD wait for multi-user target (#13514)
• Core: Optimize cache configuration of core CAPI (#13488)
• KCP: Optimize cache configuration of KCP (#13460)
• Misc: Tune controller concurrency and cache timeout for scale (#13496)

🐛 Bug Fixes

• CAPIM: Fix in-memory watch unit test (#13464)
• KCP: Use errors.Errorf instead of errors.Wrapf since the err is nil (#13486)
• Upgrades: Remove conflicting rules field from aggregated ClusterRoles (#13490)

🌱 Others

• CAPD: Reduce verbosity of CAPD exec log (#13493)
• CAPD: Use select with time.After instead of time.Sleep (#13480)
• clusterctl: Bump cert-manager to v1.20.0 (#13482)
• clusterctl: Bump cert-manager to v1.20.1 (#13515)
• e2e: Improve scale test for re-entrancy and improve observability stack (#13492)
• e2e: Start testing with Kubernetes v1.36.0-beta.0 (#13513)
• KCP: KCP should handle missing control plane label (#13466)
• MachinePool: Fix reconcileDelete returning unnecessary error (#13481)
• Misc: Removing cluster-api-provider-nested as it is read-only (#13500)

Dependencies

Added

Nothing has changed.

Changed

• cel.dev/expr: v0.24.0 → v0.25.1
• github.com/cncf/xds/go: 0feb691 → ee656c7
• github.com/envoyproxy/go-control-plane/envoy: v1.35.0 → v1.36.0
• github.com/envoyproxy/go-control-plane: 75eaa19 → v0.14.0
• github.com/envoyproxy/protoc-gen-validate: v1.2.1 → v1.3.0
• github.com/fatih/color: v1.18.0 → v1.19.0
• go.etcd.io/etcd/api/v3: v3.6.8 → v3.6.9
• go.etcd.io/etcd/client/pkg/v3: v3.6.8 → v3.6.9
• go.etcd.io/etcd/client/v3: v3.6.8 → v3.6.9
• go.opentelemetry.io/contrib/detectors/gcp: v1.38.0 → v1.39.0
• google.golang.org/grpc: v1.78.0 → v1.79.3
• k8s.io/api: v0.35.2 → v0.35.3
• k8s.io/apiextensions-apiserver: v0.35.2 → v0.35.3
• k8s.io/apimachinery: v0.35.2 → v0.35.3
• k8s.io/apiserver: v0.35.2 → v0.35.3
• k8s.io/client-go: v0.35.2 → v0.35.3
• k8s.io/cluster-bootstrap: v0.35.2 → v0.35.3
• k8s.io/code-generator: v0.35.2 → v0.35.3
• k8s.io/component-base: v0.35.2 → v0.35.3
• k8s.io/kms: v0.35.2 → v0.35.3

Removed

Nothing has changed.

More details about the release

⚠️ BETA RELEASE NOTES ⚠️

Changes since v1.12.0

📈 Overview

• 255 new commits merged
• 9 breaking changes ⚠️
• 30 feature additions ✨
• 37 bugs fixed 🐛

📝 Proposals

• Core: Update autoscaling from zero enhancement proposal with node labels and taints configuration clarification (#13308)

⚠️ Breaking Changes

• API/Runtime SDK: Bump Runtime Hooks v1alpha1 types to core CAPI v1beta2 (#13200)
• API: Remove v1alpha3 + v1alpha4 apiVersions (#13199)
• CABPK: Remove deprecated --cluster-concurrency flag in CABPK (#13288)
• ClusterCache: Remove deprecated ClusterCache GetClientCertificatePrivateKey (#13156)
• ClusterClass: Remove deprecated ShouldSkipImmutabilityChecks (#13291)
• clusterctl: Remove deprecated --disable-grouping clusterctl describe cluster flag (#13289)
• clusterctl: Remove deprecated provider CRD migration from clusterctl upgrade (#13290)
• Dependency: Bump to controller-runtime main & controller-tools v0.20 (#13159)
• Misc: Remove deprecated ParseMajorMinorPatchTolerant / ParseMajorMinorPatch (#13292)

✨ New Features

• API: Backport newly introduced v1beta2 API fields to v1beta1 (#13455)
• CABPK: Optimize cache configuration of CABPK & standardize cache/client setup (#13407)
• CAPD: Implement DevMachinePools (#13346)
• CAPD: Improve CAPD wait for multi-user target (#13514)
• CAPD: Support externally managed LB (#13362)
• Cluster: Only set ownerReference on InfraCluster/ControlPlane when Topology is defined (#13332)
• ClusterCache: Add ClusterFilter to ClusterCache Options (#12665)
• ClusterClass: Implement support for taints (#13192)
• clusterctl: Allow overriding image name in clusterctl config (#13014)
• Core: Optimize cache configuration of core CAPI (#13488)
• Dependency: Bump Go to v1.25.5 (#13164)
• Dependency: Bump to controller-runtime v0.23 (#13245)
• Devtools: Add a flag to skip image preloading (#13143)
• KCP/CABPK: Allow diskSetup to include partition layout (#11634)
• KCP/MachineDeployment/Cluster: Add rolloutAfter to cluster.spec.topology (#13391)
• KCP: Allow remediation of multiple failures in KCP (#13352)
• KCP: Bump coredns/corefile-migration to v1.0.30 (#13282)
• KCP: Implement support for machine taints (#13181)
• KCP: Optimize cache configuration of KCP (#13460)
• Machine: Add Machine status.failureDomain (#13266)
• Machine: Promote MachineWaitForVolumeDetachConsiderVolumeAttachments feature to GA (#13293)
• Metrics/e2e: Add infra CRDs to dashboards, improve/fix dashboards, enable native histograms (#13354)
• Misc: Disable DWARF and symbol table to decrease binary/image size (#12856)
• Misc: Enable PriorityQueue per default (#13171)
• Misc: Promote ReconcileRateLimiting to beta (enabled per default) (#13373)
• Misc: Tune controller concurrency and cache timeout for scale (#13496)
• Release: Prepare main branch for v1.13 (#13174)
• Testing: Add example / debug suite for envtest (#13453)
• util: Extend conversion tests to cover the "no spec" case (#13409)
• util: Refresh cache entries on cache hit in SSA caches (#13459)

🐛 Bug Fixes

• API: Fix v1beta1 ControlPlane contract to handle .status.initialized correctly (#13186)
• CAPD: Fix "Failed to exec DockerMachine bootstrap" errors in CAPD (#13447)
• CAPD: Remove finalizers during deletion if ownerRef was never set for cluster controllers (#13239)
• CAPIM: Extend CAPD in-memory backend to set CP taint to fix scale tests (#13187)
• CAPIM: Fix in-memory watch unit test (#13464)
• CI: Bump trivy to v0.69.2 to fix CI (#13387)
• Cluster: Fix panic in Cluster conversion (#13383)
• ClusterClass/KCP/MachineSet/MachineDeployment: Mitigate managedFields apiserver issue for SSA (#13338)
• ClusterClass: Allow adding spec via ClusterClass JSON patches (#13225)
• ClusterClass: Do not overwrite global http.DefaultClient TLSConfig (#13058)
• ClusterClass: Fix upgradePlan computation in GetUpgradePlanFromClusterClassVersions (#13463)
• Dependency: Bump dependencies to fix CVE GO-2026-4394 (go.opentelemetry.io/otel/sdk pkg) (#13372)
• e2e: Add wait-resource-versions-{become,remain}-stable intervals to e2e config (#13263)
• e2e: Clean up namespace in e2e tests (#13233)
• e2e: Fix cross-ns scale test (#13309)
• e2e: Fix goroutine & memory leak in inmemory provider (#13361)
• e2e: Fix node-label calculation in test extension & fix upgrade test (#13356)
• e2e: Fix WaitForMachinesReady interval (#13050)
• e2e: Increase reconcile timeout for KCP & DockerMachine (#13093)
• e2e: Only retry creating objects that failed (#13265)
• e2e: Tolerate NotFound errors during Namespace deletion in scale test cleanup (#13439)
• KCP/MachineSet: P...

v1.13.0-beta.0

🚨 This is a BETA RELEASE. Use it only for testing purposes. If you find any bugs, file an issue.

More details about the release

⚠️ BETA RELEASE NOTES ⚠️

Changes since v1.12.0

📈 Overview

• 230 new commits merged
• 9 breaking changes ⚠️
• 25 feature additions ✨
• 34 bugs fixed 🐛

📝 Proposals

• Core: Update autoscaling from zero enhancement proposal with node labels and taints configuration clarification (#13308)

⚠️ Breaking Changes

• API/Runtime SDK: Bump Runtime Hooks v1alpha1 types to core CAPI v1beta2 (#13200)
• API: Remove v1alpha3 + v1alpha4 apiVersions (#13199)
• CABPK: Remove deprecated --cluster-concurrency flag in CABPK (#13288)
• ClusterCache: Remove deprecated ClusterCache GetClientCertificatePrivateKey (#13156)
• ClusterClass: Remove deprecated ShouldSkipImmutabilityChecks (#13291)
• clusterctl: Remove deprecated --disable-grouping clusterctl describe cluster flag (#13289)
• clusterctl: Remove deprecated provider CRD migration from clusterctl upgrade (#13290)
• Dependency: Bump to controller-runtime main & controller-tools v0.20 (#13159)
• Misc: Remove deprecated ParseMajorMinorPatchTolerant / ParseMajorMinorPatch (#13292)

✨ New Features

• API: Backport newly introduced v1beta2 API fields to v1beta1 (#13455)
• CABPK: Optimize cache configuration of CABPK & standardize cache/client setup (#13407)
• CAPD: Support externally managed LB (#13362)
• Cluster: Only set ownerReference on InfraCluster/ControlPlane when Topology is defined (#13332)
• ClusterCache: Add ClusterFilter to ClusterCache Options (#12665)
• ClusterClass: Implement support for taints (#13192)
• clusterctl: Allow overriding image name in clusterctl config (#13014)
• Dependency: Bump Go to v1.25.5 (#13164)
• Dependency: Bump to controller-runtime v0.23 (#13245)
• Devtools: Add a flag to skip image preloading (#13143)
• KCP/CABPK: Allow diskSetup to include partition layout (#11634)
• KCP/MachineDeployment/Cluster: Add rolloutAfter to cluster.spec.topology (#13391)
• KCP: Allow remediation of multiple failures in KCP (#13352)
• KCP: Bump coredns/corefile-migration to v1.0.30 (#13282)
• KCP: Implement support for machine taints (#13181)
• Machine: Add Machine status.failureDomain (#13266)
• Machine: Promote MachineWaitForVolumeDetachConsiderVolumeAttachments feature to GA (#13293)
• Metrics/e2e: Add infra CRDs to dashboards, improve/fix dashboards, enable native histograms (#13354)
• Misc: Disable DWARF and symbol table to decrease binary/image size (#12856)
• Misc: Enable PriorityQueue per default (#13171)
• Misc: Promote ReconcileRateLimiting to beta (enabled per default) (#13373)
• Release: Prepare main branch for v1.13 (#13174)
• Testing: Add example / debug suite for envtest (#13453)
• util: Extend conversion tests to cover the "no spec" case (#13409)
• util: Refresh cache entries on cache hit in SSA caches (#13459)

🐛 Bug Fixes

• API: Fix v1beta1 ControlPlane contract to handle .status.initialized correctly (#13186)
• CAPD: Fix "Failed to exec DockerMachine bootstrap" errors in CAPD (#13447)
• CAPD: Remove finalizers during deletion if ownerRef was never set for cluster controllers (#13239)
• CAPIM: Extend CAPD in-memory backend to set CP taint to fix scale tests (#13187)
• CI: Bump trivy to v0.69.2 to fix CI (#13387)
• Cluster: Fix panic in Cluster conversion (#13383)
• ClusterClass/KCP/MachineSet/MachineDeployment: Mitigate managedFields apiserver issue for SSA (#13338)
• ClusterClass: Allow adding spec via ClusterClass JSON patches (#13225)
• ClusterClass: Do not overwrite global http.DefaultClient TLSConfig (#13058)
• ClusterClass: Fix upgradePlan computation in GetUpgradePlanFromClusterClassVersions (#13463)
• Dependency: Bump dependencies to fix CVE GO-2026-4394 (go.opentelemetry.io/otel/sdk pkg) (#13372)
• e2e: Add wait-resource-versions-{become,remain}-stable intervals to e2e config (#13263)
• e2e: Clean up namespace in e2e tests (#13233)
• e2e: Fix cross-ns scale test (#13309)
• e2e: Fix goroutine & memory leak in inmemory provider (#13361)
• e2e: Fix node-label calculation in test extension & fix upgrade test (#13356)
• e2e: Fix WaitForMachinesReady interval (#13050)
• e2e: Increase reconcile timeout for KCP & DockerMachine (#13093)
• e2e: Only retry creating objects that failed (#13265)
• e2e: Tolerate NotFound errors during Namespace deletion in scale test cleanup (#13439)
• KCP/MachineSet: Preserve existing object names for backward compatibility with pre-v1.7 in-place updates (#13124)
• KCP: Grant delete permissions to Secrets. (#13070)
• Machine/MachineSet/MachineDeployment: Fix UpToDate calculation for rolloutAfter (#13404)
• MachineSet: Use MachineSet template values in completeMoveMachine for in-place updates (#13059)
• Misc: Fix bug while setting status for deprecated fields (#13336)
• Runtime SDK: Improve client cert/key rotation of the RuntimeSDK client (#13213)
• Testing/e2e: Fix unit test flakes, improve clusterctl download error in e2e tests (#13045)
• Testing: Fix flaky by waiting for CRD finalizer processing (#13470)
• Testing: Fix flaky TestClusterReconciler unit test (#13180)
• Testing: Fix TestReconcile flake (#13255)
• Testing: Fix webhook envtest tests for Kubernetes < v1.35 (#13170)
• util: Fix a panic in conditions.Delete method if the sources condition list is empty (#13048)
• util: Fix exponential backoff with ReconcilerRateLimiting (#13416)
• util: Fix patchHelper unit test flakes (#13412)

🌱 Others

• API: Deprecate custom Condition types (#13237)
• API: Introduce conversion.MarshalDataUnsafeNoCopy to avoid unnecessary memory allocations during conversion (#13402)
• API: Postpone date when we stop serving v1beta1 (#13394)
• API: Relax validation for Machine .status.addresses to maximum of 128 instead of 32 items (#13060)
• API: Relax validation for Machine .status.addresses to maximum of 256 instead of 128 items (#13395)
• CAPD/CAPIM: Implement .status.failureDomain for DockerMachine & DevMachine (#13286)
• CAPD: Implement pause for DockerMachinePool (#13445)
• CAPD: Improve condition if CAPD Machine is not yet ready for bootstrap exec (#13461)
• CAPD: Move RBAC for devmachinetemplates from main.go to controller.go (#13271)
• CAPIM: Fix inMemory watch (#13229)
• CI: Bump golangci-lint v2.7.0 (#13108)
• CI: Bump Kubernetes version used for testing to v1.35.0-rc.0 (#13103)
• CI: Bump Kubernetes version used for testing to v1.35.0-rc.1 (#13138)
• CI: Drop security scan on 1.10 (#13454)
• CI: Dump resources in scale test (#13232)
• CI: Improve Fake API server (#13183)
• CI: Inmemory APIserver fails for unsupported fieldSelectors (#13306)
• CI: Revive the debug endpoint for CAPDev in-memory (#13423)
• CI: Use env test 1.35.0 (#13168)
• ClusterCache: Remove stack traces from ClusterCache errors (#13396)
• ClusterClass: Add validation in ClusterClass for CP MachineInfra (#13378)
• ClusterClass: Fix test compute control plane version (#13287)
• ClusterClass: Improve topology diff (#13166)
• ClusterClass: Simplify GetUpgradePlanFromClusterClassVersions (#13276)
• clusterctl: Bump cert-manager v1.19.4 (#13376)
• clusterctl: Drop handling of old cert-manager annotation in clusterctl (#13202)
• clusterctl: Update cert-manager to v1.19.3 (#13307)
• clusterctl: Update to cert-manager v1.19.2 (#13277)
• ClusterResourceSet: Remove ClusterResourceSet ensureKubernetesServiceCreated (#13158)
• ClusterResourceSet: Set WithOwnedV1Beta1Conditions for ClusterResourceSet patch (#13267)
• Community meeting: Add AndiDog as machine pool area reviewer (#13033)
• Dependency: Bump go 1.25.7 (#13323)
• Dependency: Bump Go to v1.24.11 (#13106)
• Dependency: Bump Go to v1.25.6 (#13240)
• Dependency: Bump go v1.25.8 (#13428)
• Dependency: Bump go-github to v82 (#13296)
• Dependency: Bump golang.org/x/net to v0.51 to fix CVE (#13392)
• Devtools: Add additional_uncategorized_resources for Tilt (#13312)
• Devtools: Add labels to cluster deployment form fields (#13441)
• Devtools: Bump CAPI Visualizer to v1.5.0 (#13222)
• Devtools: Enable native histograms in Grafana / Prometheus (#13304)
• Devtools: Make kind image configurable via env var for make tilt-up (#13333)
• Devtools: Updated dev observability stack (#13044)
• e2e: 0 in e2e tests (#13429)
• e2e: Add json struct tags to ContainerImage (#13130)
• e2e: Add retry in test framework when getting manifest YAMLs (#13357)
• e2e: Bump autoscaler version used for testing to v1.34.2 (#13102)
• e2e: Bump autoscaler version used for testing to v1.35.0 (#13353)
• e2e: Bump kind to v0.31.0 (#13162)
• e2e: Bump Kubernetes version used for testing to v1.35.0 (#13151)
• e2e: Bump to etcd-v3.6.6-0 (#13144)
• e2e: Do not expect Machines for MachinePools not supporting Machines (#13071)
• e2e: Drop handling for clusterctl < v1.7.2 in e2e tests & framework (#13347)
• e2e: Drop unused e2e test template & handling for Kubernetes < v1.25 in e2e CC (#13348)
• e2e: Extend test extension to improve test coverage (#13343)
• e2e: Make clusterctl upgrade test to work when there are no machines (#13072)
• e2e: Remove handling for Kubernetes <= v1.28 in clusterctl upgrade test (#13157)
• e2e: Skip test using outdated docker client (#13125)
• e2e: Small cleanup in the RuntimeSDK test (#13274)
• e2e: Start testing against Kubernetes v1.36 (#13152)
• e2e: Use crane to pre-pull images instead of docker pull (#13113)
• KCP: Drop unnecessary etcd call in KCP (#13330)
• KCP: Fix flaky KCP test (#13374)
• KCP: KCP should read only KCP machines (#13457)
• KCP: KCP should report missing certificates (#13175)
• KCP: KCP should report missing Node labels and taint (#13176)
• KCP: Migrate from Requeue to RequeueAfter in kcp (#13028)
• KCP: Remove live list Machine c...