Releases: IABTechLab/uid2-operator
Release list
v5.70.215
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.70.215-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.70.215-azure-cc
Changelog
📦 Uncategorized
v5.70.214
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.70.214-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.70.214-azure-cc
Changelog
📦 Uncategorized
-
UID2-7456: Suppress CVE-2026-56131/56407/56408 (libexpat) in .trivyignore - ( PR: #2642 )
-
[CI Pipeline] Released patch version: 5.70.214 - ( PR: #2643 )
-
UID2-7456: Suppress CVE-2026-56131/56407/56408 (libexpat) in .trivyignore - ( PR: #2642 )
-
[CI Pipeline] Released patch version: 5.70.214 - ( PR: #2643 )
v5.70.211
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.70.211-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.70.211-azure-cc
Changelog
📦 Uncategorized
v5.70.209
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.70.209-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.70.209-azure-cc
Changelog
📦 Uncategorized
v5.70.207
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.70.207-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.70.207-azure-cc
Changelog
📦 Uncategorized
v5.70.206
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.70.206-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.70.206-azure-cc
Changelog
📦 Uncategorized
v5.70.205
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Installation
docker pull us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator:5.70.205-gcp-oidc
docker pull ghcr.io/iabtechlab/uid2-operator:5.70.205-azure-cc
Changelog
📦 Uncategorized
v5.70.204
📦 Uncategorized
- chore: upgrade IABTechLab/uid2-shared-actions from v2 to v3 - ( PR: #2599 )
- [CI Pipeline] Released patch version: 5.70.161 - ( PR: #2601 )
- UID2-7279: suppress CVE-2026-45447 (libcrypto3); extend CVE-2026-42577 expiry - ( PR: #2602 )
- [CI Pipeline] Released patch version: 5.70.163 - ( PR: #2603 )
- [CI Pipeline] Released patch version: 5.70.164 - ( PR: #2604 )
- [CI Pipeline] Released patch version: 5.70.165 - ( PR: #2605 )
- [CI Pipeline] Released patch version: 5.70.166 - ( PR: #2606 )
- UID2-6385/UID2-6481: .trivyignore cleanup — extend CVE-2025-66293, remove CVE-2025-68973 - ( PR: #2607 )
- [CI Pipeline] Released patch version: 5.70.168 - ( PR: #2608 )
- [CI Pipeline] Released patch version: 5.70.169 - ( PR: #2609 )
- [CI Pipeline] Released patch version: 5.70.170 - ( PR: #2610 )
- [CI Pipeline] Released patch version: 5.70.171 - ( PR: #2611 )
- [CI Pipeline] Released patch version: 5.70.172 - ( PR: #2612 )
- [CI Pipeline] Released patch version: 5.70.173 - ( PR: #2613 )
- [CI Pipeline] Released patch version: 5.70.174 - ( PR: #2614 )
- UID2-7335: upgrade libexpat to patch CVE-2026-45186 (DoS) - ( PR: #2615 )
- [CI Pipeline] Released patch version: 5.70.177 - ( PR: #2616 )
- UID2-7335: bump base image to fix libexpat (CVE-2026-45186) in Azure CC + GCP OIDC operators - ( PR: #2618 )
- UID2-7340: publish operator release as pre-release instead of draft - ( PR: #2617 )
- [CI Pipeline] Released patch version: 5.70.181 - ( PR: #2619 )
- [CI Pipeline] Released patch version: 5.70.182 - ( PR: #2620 )
- UID2-7364: Suppress CVE-2026-54512 / CVE-2026-54513 (jackson-databind) - ( PR: #2621 )
- [CI Pipeline] Released patch version: 5.70.185 - ( PR: #2622 )
- UID2-7376: suppress CVE-2026-2100 (p11-kit) — not exploitable - ( PR: #2623 )
- [CI Pipeline] Released patch version: 5.70.188 - ( PR: #2624 )
- [CI Pipeline] Released patch version: 5.70.189 - ( PR: #2625 )
- [CI Pipeline] Released patch version: 5.70.190 - ( PR: #2626 )
- [CI Pipeline] Released patch version: 5.70.191 - ( PR: #2627 )
- [CI Pipeline] Released patch version: 5.70.192 - ( PR: #2628 )
- [CI Pipeline] Released patch version: 5.70.193 - ( PR: #2629 )
- UID2-6767: publish a GitHub pre-release for scheduled and standalone operator builds - ( PR: #2631 )
- [CI Pipeline] Released Patch version: 5.70.204 - ( PR: #2632 )
Installation
docker pull ghcr.io/iabtechlab/uid2-operator:5.70.204
ghcr.io/iabtechlab/uid2-operator:latest
Image reference to deploy:
5.70.204
Changelog
- chore: upgrade IABTechLab/uid2-shared-actions from v2 to v3 - ( PR: #2599 )
- [CI Pipeline] Released patch version: 5.70.161 - ( PR: #2601 )
- UID2-7279: suppress CVE-2026-45447 (libcrypto3); extend CVE-2026-42577 expiry - ( PR: #2602 )
- [CI Pipeline] Released patch version: 5.70.163 - ( PR: #2603 )
- [CI Pipeline] Released patch version: 5.70.164 - ( PR: #2604 )
- [CI Pipeline] Released patch version: 5.70.165 - ( PR: #2605 )
- [CI Pipeline] Released patch version: 5.70.166 - ( PR: #2606 )
- UID2-6385/UID2-6481: .trivyignore cleanup — extend CVE-2025-66293, remove CVE-2025-68973 - ( PR: #2607 )
- [CI Pipeline] Released patch version: 5.70.168 - ( PR: #2608 )
- [CI Pipeline] Released patch version: 5.70.169 - ( PR: #2609 )
- [CI Pipeline] Released patch version: 5.70.170 - ( PR: #2610 )
- [CI Pipeline] Released patch version: 5.70.171 - ( PR: #2611 )
- [CI Pipeline] Released patch version: 5.70.172 - ( PR: #2612 )
- [CI Pipeline] Released patch version: 5.70.173 - ( PR: #2613 )
- [CI Pipeline] Released patch version: 5.70.174 - ( PR: #2614 )
- UID2-7335: upgrade libexpat to patch CVE-2026-45186 (DoS) - ( PR: #2615 )
- [CI Pipeline] Released patch version: 5.70.177 - ( PR: #2616 )
- UID2-7335: bump base image to fix libexpat (CVE-2026-45186) in Azure CC + GCP OIDC operators - ( PR: #2618 )
- UID2-7340: publish operator release as pre-release instead of draft - ( PR: #2617 )
- [CI Pipeline] Released patch version: 5.70.181 - ( PR: #2619 )
- [CI Pipeline] Released patch version: 5.70.182 - ( PR: #2620 )
- UID2-7364: Suppress CVE-2026-54512 / CVE-2026-54513 (jackson-databind) - ( PR: #2621 )
- [CI Pipeline] Released patch version: 5.70.185 - ( PR: #2622 )
- UID2-7376: suppress CVE-2026-2100 (p11-kit) — not exploitable - ( PR: #2623 )
- [CI Pipeline] Released patch version: 5.70.188 - ( PR: #2624 )
- [CI Pipeline] Released patch version: 5.70.189 - ( PR: #2625 )
- [CI Pipeline] Released patch version: 5.70.190 - ( PR: #2626 )
- [CI Pipeline] Released patch version: 5.70.191 - ( PR: #2627 )
- [CI Pipeline] Released patch version: 5.70.192 - ( PR: #2628 )
- [CI Pipeline] Released patch version: 5.70.193 - ( PR: #2629 )
- UID2-6767: publish a GitHub pre-release for scheduled and standalone operator builds - ( PR: #2631 )
- [CI Pipeline] Released Patch version: 5.70.204 - ( PR: #2632 )
v5.70.159-r0
2026 H1 Operator Release
Update to all Private Operators on all cloud providers.
Integration Guides
AWS Marketplace
GCP Confidential Space
Microsoft Azure
Microsoft AKS
Release Notes
Performance Improvements
This release includes per-request optimizations that reduce CPU usage on common workloads:
- Crypto optimization: AES-GCM encryption/decryption now caches cipher instances and pre-allocates buffers
- Reduced overhead in HTTP path metric filtering and log masking
Bug Fixes
- Fixed clock/time drift seen in AWS private operators
Configuration / Deployment Changes
- Standardized minimum enclave CPU and memory allocations across all cloud deployment templates to 6vCPU/24GB
- AWS: minimum enclave size (6vCPU/24GB) is now enforced at startup
- Azure: CCE policy generation is now registry-agnostic, supporting operator images served from an alternative container registry
- Azure: Upgrade SKR sidecar version
- GCP: default
max_replicasreduced to 1 in Terraform template
API Changes
- Removed the legacy
optout_checkfield from/token/generate. Opted-out users now always receive an opt-out response.
Security Updates
- Upgraded base images and OS packages to address security vulnerabilities (gnutls, musl, libpng, OpenSSL, libexpat)
- Upgraded Netty to 4.1.135.Final
Full Changelog
All changes since v5.62.24-r2
Operator
service_instances, which controls the number of Verticle instances, now defaults to the vCPU count (#2413)- Removed the legacy
optout_checkfield (#2292) - Removed Special Feature 1 (precise geolocation) consent validation for EUID token generation (#2338)
- AES-GCM cipher caching optimization via uid2-shared (#2284)
- Switched ECDH key agreement to ACCP for client-side token generation (#2276)
- Optimized HTTP path metric filtering (#2270)
- Added null check to
getApiContact(#2374) - New metrics: opt-out record counts (#2255), salt effective-timestamp (#2397),
path/dii_typelabels on identity map metrics (#2429) - Updated salt bucket expiration handling (#2243)
- Aligned enclave CPU/memory standards across all cloud platforms (#2240)
AWS
- Enforce minimum enclave size (6 vCPU / 24 GB) at startup (#2580)
- Default
core_base_url/optout_base_urlinferred from identity scope + environment when missing from the operator secret (#2573) - Fixed enclave clock drift via periodic time sync (#2300)
- Updated dante SOCKS proxy to 1.4.4 (#2415)
Azure
- Upgraded SKR sidecar to 2.14 for Azure CC (#2559) and AKS (#2571)
- Operator now waits for the SKR sidecar to be ready before starting (#2561)
- CCE policy generation uses
--omit-id, making policies registry-agnostic (#2567)
GCP
- Default
max_replicasreduced to 1 in the Terraform template (#2588)
Security & dependencies
- Netty upgraded to 4.1.132.Final (#2469) and then 4.1.135.Final (#2593)
- Base image updates: eclipse-temurin / JRE Alpine 3.23 (#2259, #2267, #2325, #2349)
- gnutls upgrades in Azure CC and GCP OIDC images (#2530, #2548)
- musl/musl-utils 1.2.5-r23 (#2494); libcrypto3/libssl3 (#2488); libpng (#2316); urllib3 in AWS scripts (#2536); zlib/libexpat/jackson-core and other non-exploitable findings triaged in
.trivyignore(#2401, #2405, #2426, #2457, #2473, #2516, #2526)
v5.70.25
[CI Pipeline] Released Patch version: 5.70.25