Matt Butcher

The Helm organization is thrilled to introduce Karen Chu as the latest member of the Helm org maintainers. She will be the ninth committee member. Karen has been active in the Helm ecosystem since day one when Rimas, Jack, and I first started the project. She was instrumental in Helm's early branding, organized both of the Helm Summits, and leads Helm's community management team. You may also know her from her Helm-adjacent work as the co-creator of the Illustrated Children's Guide to Kubernetes series or her role as a CNCF ambassador.

Meet Helm's newest org maintainer: Martin Hickey. Martin has been a longtime Helm project maintainer. He was instrumental in the development of Helm 3, and has been one of the most active maintainers on the project. He is also one of the creators of the Helm 2-to-3 migration plugin.

A year ago, we introduced Helm 3, a major evolution in Helm's development. And we announced at that time that Helm 2 would receive patches and security updates for a year.

Here we are, one year later. Friday the 13th, 2020 seems like a fitting day to end support for a major version. And today, we are announcing the official end of support for Helm 2. The charts repository is also now read-only, with no further changes.

Five years ago, in a hackathon at Deis (who has since been acquired by Microsoft) Helm was born.

Today we are happy to see Helm reach the final stage of the CNCF ladder. Helm has moved from the incubating level to the graduated level as a CNCF project, alongside Kubernetes and other select projects.

Security researcher Bernard Wagner of Entersekt discovered a vulnerability in the Helm client, impacting all versions of Helm between Helm >=2.0.0 and < 2.12.2. Two Helm client commands may be coerced into unpacking unsafe content from a maliciously designed chart.

A specially crafted chart may be able to unpack content into locations on the filesystem outside of the chart’s path, potentially overwriting existing files.

Rimas Mocevicius (rimusz) has become the fourth Helm Emeritus Maintainer.

Earlier this summer, we announced that Helm joined the CNCF as an official incubating project. Part of that transition involves moving the Helm project out of the Kubernetes GitHub org and into its org. We’re excited to announce that we’ve completed that process. As of last week, we have moved the Helm code repository to https://github.com/helm/helm.

Today we are happy to announce that Helm has become an official top-level CNCF project, joining the ranks of Prometheus, Linkerd, OpenTracing, and others. Helm will enter the CNCF as an incubating project as we continue to work on the next-generation Helm 3 cloud-native package manager.