LogoLogo
Bonsai (0.13) DocsGitHubDiscord CommunityGarden Enterprise
Edge Release
Edge Release
  • Welcome to Garden!
  • Overview
    • What is Garden
    • Use Cases
      • Isolated On-Demand Preview Environments
      • Fast, Portable CI Pipelines that Run Anywhere
      • Shift Testing Left
      • Local Development With Remote Clusters
      • Jumpstart your Internal Developer Platform
    • Garden vs Other Tools
  • Getting Started
    • Quickstart
    • Garden Basics
    • Next Steps
  • Tutorials
    • Your First Project
      • 1. Create a Garden Project
      • 2. Pick a Kubernetes Plugin
      • 3. Add Actions
      • 4. Add Tests
      • 5. Code Syncing (Hot Reload)
      • 6. Next Steps
    • Setting up a Kubernetes cluster
      • 1. Create a Cluster
        • AWS
        • GCP
        • Azure
      • 2. Configure Container Registry
        • AWS
        • GCP
        • Azure
        • Docker Hub
      • 3. Set Up Ingress, TLS and DNS
      • 4. Configure the Provider
  • Using Garden With
    • Containers
      • Using Remote Container Builder
      • Building Containers
    • Kubernetes
      • Using Remote Kubernetes
      • Using Local Kubernetes
      • Deploying K8s Resources
      • Installing Helm charts
      • Running Tests and Tasks
    • Terraform
      • Using Terraform
      • Applying Terrform Stacks
    • Pulumi
      • Using Pulumi
      • Applying Pulumi Stacks
    • Local Scripts
  • Features
    • Remote Container Builder
    • Team Caching
    • Variables and Templating
    • Config Templates
    • Workflows
    • Code Synchronization
    • Custom Commands
    • Remote Sources
  • Guides
    • Connecting a Project
    • Environments and Namespaces
    • Installing Garden
    • Including/Excluding files
    • Installing Local Kubernetes
    • Migrating from Docker Compose to Garden
    • Using the CLI
    • Using Garden in CircleCI
    • Minimal RBAC Configuration for Development Clusters
    • Deploying to Production
    • Using a Registry Mirror
  • Reference
    • Providers
      • container
      • exec
      • jib
      • kubernetes
      • local-kubernetes
      • otel-collector
      • pulumi
      • terraform
    • Action Types
      • Build
        • container Build
        • exec Build
        • jib-container Build
      • Deploy
        • container Deploy
        • exec Deploy
        • helm Deploy
        • kubernetes Deploy
        • pulumi Deploy
        • terraform Deploy
      • Run
        • container Run
        • exec Run
        • helm-pod Run
        • kubernetes-exec Run
        • kubernetes-pod Run
      • Test
        • container Test
        • exec Test
        • helm-pod Test
        • kubernetes-exec Test
        • kubernetes-pod Test
    • Template Strings
      • Project template context
      • Environment template context
      • Provider template context
      • Action (all fields) template context
      • Action spec template context
      • Module template context
      • Remote Source template context
      • Project Output template context
      • Custom Command template context
      • Workflow template context
      • Template Helper Functions
    • Commands
    • Project Configuration
    • ConfigTemplate Reference
    • RenderTemplate Reference
    • Workflow Configuration
    • Garden Containers on Docker Hub
    • Glossary
    • Module Template Configuration
    • Module Types
      • container
      • exec
      • helm
      • jib-container
      • kubernetes
      • pulumi
      • templated
      • terraform
  • Misc
    • FAQ
    • Troubleshooting
    • Telemetry
    • How Organizations Adopt Garden
    • New Garden Cloud Version
    • Migrating to Cedar
    • Migrating to Bonsai
    • Ingress NGINX Vulnerability
    • Deprecations
  • Contributing to Garden
    • Contributor Covenant Code of Conduct
    • Contributing to the Docs
    • Setting up Your Developer Environment
    • Developing Garden
    • Config Resolution
    • Graph Execution
Powered by GitBook
On this page
  • How does this impact you?
  • Which Garden versions are impacted?
  • How to fix it?

Was this helpful?

  1. Misc

Ingress NGINX Vulnerability

As you might have read online, Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare.

How does this impact you?

You may be impacted if you're using an older version of Garden (see below what versions are impacted) to install an NGINX Ingress Controller. Garden installs the NGINX Ingress Controller if you set setupIngressController: nginx in your kubernetes provider (see: https://docs.garden.io/reference/providers/kubernetes#providers-.setupingresscontroller). That is, if your project looks like this:

kind: Project
# ...
providers:
  - name: kubernetes
    setupIngressController: "nginx" # <--- Means Garden will install NGINX Ingress Controller

Which Garden versions are impacted?

Garden Bonsai up until 0.13.56 included and Garden Cedar 0.14.0 are affected.

How to fix it?

  1. Upgrade to the latest Garden version using the following commands:

# Garden Bonsai:
garden self-update 0.13.57

# Garden Cedar:
garden self-update 0.14.1
  1. Uninstall the current installed ingress controller (Garden doesn’t automatically update that, see: https://docs.garden.io/guides/install-local-kubernetes#updating-or-removing-the-garden-installed-nginx-ingress-controller):

garden plugins kubernetes uninstall-garden-services
  1. Run any of your usual Garden commands, for example garden deploy or garden test, which will trigger an automatic redeploy of the ingress controller. The patched version which will be installed is 1.12.1.

As always, we are here to support. Good luck and stay safe out there!

Relevant links:

  • Wiz Research report: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

  • Kubernetes’s blog: https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

  • Garden Cedar 0.14.1 release notes: https://github.com/garden-io/garden/releases/tag/0.14.1

  • Garden Bonsai 0.13.57 release notes: https://github.com/garden-io/garden/releases/tag/0.13.57

PreviousMigrating to BonsaiNextDeprecations

Last updated 1 month ago

Was this helpful?