From cb8d15db4ceebccef6b432af7973915f835a1de1 Mon Sep 17 00:00:00 2001
From: Gabriel Mendoza <gabrielm@splunk.com>
Date: Wed, 1 Apr 2026 11:22:47 -0400
Subject: [PATCH 1/4] CSPL-4153: Update dependencies to fix security
 vulnerabilities

- Update google.golang.org/grpc from v1.78.0 to v1.79.3 (VULN-67797)
- Update github.com/buger/jsonparser from v1.1.1 to v1.1.2 (VULN-67794)
- Update Go stdlib from 1.25.7 to 1.25.8 (VULN-65734)
- Update gnutls via explicit microdnf update (VULN-69140)
- Update other dependencies to latest compatible versions

Fixes: VULN-67797, VULN-67794, VULN-65734, VULN-69140

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Gabriel Mendoza <gabrielm@splunk.com>
---
 Dockerfile | 3 ++-
 go.mod     | 4 ++--
 go.sum     | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4c7171a05..d86c9f405 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@ ARG BASE_IMAGE=registry.access.redhat.com/ubi8/ubi-minimal
 ARG BASE_IMAGE_VERSION=8.10-1770223153
 
 # Build the manager binary
-FROM golang:1.25.7 AS builder
+FROM golang:1.25.8 AS builder
 
 WORKDIR /workspace
 
@@ -63,6 +63,7 @@ RUN if grep -q 'Ubuntu' /etc/os-release; then \
         microdnf update -y libstdc++ && \
         microdnf update -y libxml2 && \
         microdnf update -y libgcc && \
+        microdnf update -y gnutls && \
         microdnf clean all; \
     fi
 
diff --git a/go.mod b/go.mod
index 3615f95ed..138308783 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/splunk/splunk-operator
 
-go 1.25.7
+go 1.25.8
 
 require (
 	cloud.google.com/go/storage v1.36.0
@@ -61,7 +61,7 @@ require (
 	github.com/bahlo/generic-list-go v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/buger/jsonparser v1.1.1 // indirect
+	github.com/buger/jsonparser v1.1.2 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
diff --git a/go.sum b/go.sum
index f4c6dae6b..d75a2b9b2 100644
--- a/go.sum
+++ b/go.sum
@@ -74,8 +74,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
-github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
+github.com/buger/jsonparser v1.1.2 h1:frqHqw7otoVbk5M8LlE/L7HTnIq2v9RX6EJ48i9AxJk=
+github.com/buger/jsonparser v1.1.2/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=

From c8b92a73851be19509c7b55cf14283e346b5b860 Mon Sep 17 00:00:00 2001
From: Gabriel Mendoza <gabrielm@splunk.com>
Date: Thu, 2 Apr 2026 22:58:01 -0400
Subject: [PATCH 2/4] Update Go version in .env and Dockerfile.distroless
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Update GO_VERSION in .env: 1.25.7 → 1.25.8
- Update Dockerfile.distroless FROM golang:1.25.7 → 1.25.8

Addresses review comment to update all Go version occurrences.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Gabriel Mendoza <gabrielm@splunk.com>
---
 .env                  | 2 +-
 Dockerfile.distroless | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.env b/.env
index 599249271..3906a4f7c 100644
--- a/.env
+++ b/.env
@@ -1,6 +1,6 @@
 OPERATOR_SDK_VERSION=v1.42.0
 REVIEWERS=vivekr-splunk,rlieberman-splunk,patrykw-splunk,Igor-splunk,kasiakoziol,kubabuczak,gabrielm-splunk,minjieqiu,qingw-splunk
-GO_VERSION=1.25.7
+GO_VERSION=1.25.8
 AWSCLI_URL=https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.8.6.zip
 KUBECTL_VERSION=v1.29.1
 AZ_CLI_VERSION=2.79.0
diff --git a/Dockerfile.distroless b/Dockerfile.distroless
index 37121e4a6..a2ac2afc0 100644
--- a/Dockerfile.distroless
+++ b/Dockerfile.distroless
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.25.7 AS builder
+FROM golang:1.25.8 AS builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

From cd1ded4fc1dc675f822eb83bb453d67c48ce9e82 Mon Sep 17 00:00:00 2001
From: Gabriel Mendoza <gabrielm@splunk.com>
Date: Tue, 7 Apr 2026 17:45:48 -0400
Subject: [PATCH 3/4] Update UBI 8 minimal base image to 8.10-1775152441

- Updated Dockerfile: ARG BASE_IMAGE_VERSION
- Updated Makefile: comment and BASE_IMAGE_VERSION variable
- Latest version pulled from registry.access.redhat.com/ubi8/ubi-minimal:8.10

Addresses review comment on PR #1809

Signed-off-by: Gabriel Mendoza <gabmendo@splunk.com>
---
 Dockerfile | 2 +-
 Makefile   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d86c9f405..33f8a9f80 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@
 ARG PLATFORMS=linux/amd64,linux/arm64
 
 ARG BASE_IMAGE=registry.access.redhat.com/ubi8/ubi-minimal
-ARG BASE_IMAGE_VERSION=8.10-1770223153
+ARG BASE_IMAGE_VERSION=8.10-1775152441
 
 # Build the manager binary
 FROM golang:1.25.8 AS builder
diff --git a/Makefile b/Makefile
index aaf7724b5..04afe0a15 100644
--- a/Makefile
+++ b/Makefile
@@ -170,12 +170,12 @@ docker-push: ## Push docker image with the manager.
 # Defaults:
 #   Build Platform: linux/amd64,linux/arm64
 #   Build Base OS: registry.access.redhat.com/ubi8/ubi-minimal
-#   Build Base OS Version: 8.10-1770223153
+#   Build Base OS Version: 8.10-1775152441
 # Pass only what is required, the rest will be defaulted
 # Setup defaults for build arguments
 PLATFORMS ?= linux/amd64,linux/arm64
 BASE_IMAGE ?= registry.access.redhat.com/ubi8/ubi-minimal
-BASE_IMAGE_VERSION ?= 8.10-1770223153
+BASE_IMAGE_VERSION ?= 8.10-1775152441
 
 docker-buildx:
 	@if [ -z "${IMG}" ]; then \

From 432071bc5f35026c97f70d1ada26d617db229528 Mon Sep 17 00:00:00 2001
From: Gabriel Mendoza <gabrielm@splunk.com>
Date: Thu, 23 Apr 2026 01:25:00 -0400
Subject: [PATCH 4/4] Restore helm chart version 3.0.0 to repository

Version 3.0.0 was inadvertently removed by automated PR (commit 1139fcf26)
when 3.1.0 was added. Customers reported the version missing from
`helm search repo` results.

Changes:
- Restored correct 3.0.0 packaged chart (5.8KB) from git history (commit a3737ba3c)
- Added 3.0.0 entries to docs/index.yaml for both splunk-enterprise and splunk-operator charts
- Updated SHA256 digests to match correct tarballs

File verification:
- splunk-operator-3.0.0.tgz is 5.8KB (correct operator-only chart)
- Contains splunk-operator/ directory structure (not splunk-enterprise/)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 docs/index.yaml | 51 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/docs/index.yaml b/docs/index.yaml
index 47385faef..8b4f5919a 100644
--- a/docs/index.yaml
+++ b/docs/index.yaml
@@ -55,6 +55,34 @@ entries:
     urls:
     - https://splunk.github.io/splunk-operator/splunk-enterprise-3.1.0.tgz
     version: 3.1.0
+  - apiVersion: v2
+    appVersion: 3.0.0
+    created: "2026-04-08T03:35:00Z"
+    dependencies:
+    - condition: splunk-operator.enabled
+      name: splunk-operator
+      repository: file://splunk-operator/helm-chart/splunk-operator
+      version: 3.0.0
+    description: A Helm chart for Splunk Enterprise managed by the Splunk Operator
+    digest: ae82f6c8edee4d827817fe6c9c6447c422a03c59595a0f6e779cef847a83b611
+    maintainers:
+    - email: vivekr@splunk.com
+      name: Vivek Reddy
+    - email: rlieberman@splunk.com
+      name: Raizel Lieberman
+    - email: patrykw@splunk.com
+      name: Patryk Wasielewski
+    - email: igorg@splunk.com
+      name: Igor Grzankowski
+    - email: kkoziol@splunk.com
+      name: Kasia Kozioł
+    - email: jbuczak@splunk.com
+      name: Jakub Buczak
+    name: splunk-enterprise
+    type: application
+    urls:
+    - https://splunk.github.io/splunk-operator/splunk-enterprise-3.0.0.tgz
+    version: 3.0.0
   - apiVersion: v2
     appVersion: 2.8.1
     created: "2026-03-02T17:02:33.789329656Z"
@@ -381,6 +409,29 @@ entries:
     urls:
     - https://splunk.github.io/splunk-operator/splunk-operator-3.1.0.tgz
     version: 3.1.0
+  - apiVersion: v2
+    appVersion: 3.0.0
+    created: "2026-04-08T03:35:00Z"
+    description: A Helm chart for the Splunk Operator for Kubernetes
+    digest: bd318b1f4022421a3fd429b186ca344c61d04a3c2bbdd5cc535d960773558e44
+    maintainers:
+    - email: vivekr@splunk.com
+      name: Vivek Reddy
+    - email: rlieberman@splunk.com
+      name: Raizel Lieberman
+    - email: patrykw@splunk.com
+      name: Patryk Wasielewski
+    - email: igorg@splunk.com
+      name: Igor Grzankowski
+    - email: kkoziol@splunk.com
+      name: Kasia Kozioł
+    - email: jbuczak@splunk.com
+      name: Jakub Buczak
+    name: splunk-operator
+    type: application
+    urls:
+    - https://splunk.github.io/splunk-operator/splunk-operator-3.0.0.tgz
+    version: 3.0.0
   - apiVersion: v2
     appVersion: 2.8.1
     created: "2026-03-02T17:02:33.967789812Z"