News with the context that makes it useful, plus what it means for people running the affected systems.
HashiCorp Vault Enterprise 2.0 went GA on 13 April 2026, jumping from 1.21 to 2.0. The major bump is administrative, driven by IBM's support model. The breaking changes for operators are smaller than the version number suggests, but they will trip rekey automation.
Trivy 0.70.0 shipped 17 April 2026, the first release after the March supply chain incident. It bundles new features, but the change that breaks CI silently is the rotated GPG key for deb/rpm.
Traefik 3.6.14 shipped 21 April 2026 with patches for five CVEs. One of them, CVE-2026-40912, lets unauthenticated requests bypass ForwardAuth, BasicAuth, and DigestAuth via percent-encoded prefix tricks.
Wazuh 4.14.5 shipped 23 April 2026. The release notes read like routine maintenance. Five GitHub security advisories published five days later say otherwise.
Wazuh 5.0 beta1 shipped April 2026 with a rewritten agent communication layer and a new built-in indexer. Upgrade from 4.x requires a full stack restart.