Upgrading Kubernetes for CVE Issues with NGINX Ingress Controller

Ken E Stevens 20 Reputation points
2025-04-09T14:45:40.3233333+00:00

There have been multiple security advisories related to the Kubernetes NGINX Ingress Controller. What version of Kubernetes should be upgraded to in order to address the CVE impacts affecting the NGINX Ingress Controller? The current Kubernetes version is 1.30.3, and the NGINX Ingress Controller version is 1.5.1.

Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,447 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anusree Nashetty 4,375 Reputation points Microsoft External Staff Moderator
    2025-04-09T15:15:12.56+00:00

    Hello Ken E Stevens,

    Given your current Kubernetes version 1.30.3 and NGINX Ingress Controller version 1.5.1, it's advisable to upgrade your NGINX Ingress Controller to the latest version to benefit from the most recent security patches and features. Upgrade ingress-nginx to v1.11.5, v1.12.1, or any later version.

    You can see the latest Nginx Controller Releases: Releases

    Please check this document for your reference: https://groups.google.com/g/kubernetes-announce/c/D7ERcBhtuuc/m/dBC1IHQ8BQAJ?pli=1

    Please check this document for Upgradation process: https://kubernetes.github.io/ingress-nginx/deploy/upgrade/

    For your understanding about CVEs vulnerabilities, please check this document: Which NGINX Ingress Controllers Are Impacted by CVE-2022-4886, CVE-2023-5043, and CVE-2023-5044?

    If you have any further queries, please do let us know. If the answer is helpful, please click "Accept Answer" and "Upvote it"

    User's image


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.