IBM Cloud Docs
VPC File CSI Driver add-on version change log

VPC File CSI Driver add-on version change log

Review the version history for VPC File CSI Driver.

Version 2.0

2.0.16_443, released 22 September 2025

Default version

  • Resolves the following CVEs: CVE-2025-8058.
  • Updates Go to version 1.23.12.
  • {'Adds 3 new storage classes': 'ibmc-vpc-file-regional, ibmc-vpc-file-regional-max-bandwidth, and ibmc-vpc-file-regional-max-bandwidth-sds. These classes are based on VPC regional file share profiles and are available in Beta for allowlisted accounts.'}
  • armada-storage-secret v1.2.66

2.0.15_431, released 18 July 2025

Default version

  • Updates Go to version 1.23.11.
  • armada-storage-secret v1.2.65

2.0.14_403, released 18 July 2025

Default version

  • Resolves the following CVEs: CVE-2025-4802, CVE-2025-4673, and CVE-2025-4563.
  • Updates Go to version 1.23.10.
  • Updates k8s client libraries from 1.32.3 to 1.32.6
  • Updates imagePullPolicy to IfNotPresent for all containers in the deployment.
  • armada-storage-secret v1.2.64

2.0.13_370, released 16 June 2025

  • Resolves the following CVEs: CVE-2025-0395, CVE-2025-3576, and CVE-2025-24528.
  • Updates Go to version 1.23.9.
  • Adds support for users to configure CPU and memory limits and requests for all file containers.
  • Fixes an issue where the provisioner and resizer containers were restarting due to the client rate-limiter.
  • Enables leader-election for csi-resizer.
  • Fixes a warning shown in PVC during volume expansion.
  • Improves error messages.
  • Updates k8s client libraries to 1.32.
  • {'Note': 'Users might see unwanted messages in file-csi-driver-status configmap.'}

2.0.10_334, released 19 February 2025

  • Resolves the following CVEs: CVE-2024-45339, and CVE-2024-45338.
  • Resiliency improvement to use VPC Storage service API for tagging volumes. This doesn't impact existing or new PVCs. This reduces the number of Kubernetes service API calls.
  • Updates the golang base image to 1.22.12.
  • Updates the armada-storage-secret to v1.2.55.

Version 1.2

1.2.14_332, released 19 February 2025

  • Resolves the following CVEs: CVE-2024-45339, and CVE-2024-45338.
  • Resiliency improvement to use VPC Storage service API for tagging volumes. This doesn't impact existing or new PVCs. This reduces the number of Kubernetes service API calls.
  • Updates the golang base image to 1.22.12.
  • Updates the armada-storage-secret to v1.2.55.

Change log for version 2.0.9_322, released 11 December 2024

  • region support is now deprecated in the storage class settings. Continuing to provide a region in your storage classes does not cause any issues with either existing PVC or new PVC. The default behavior is now to get the region detail from worker node labels only.
  • Fixes a bug where setting default storage class was not working in version 4.15 clusters.
  • Fixes CVE-2024-51744.
  • Updates the storage-secret-sidecar image to v1.2.52.

Change log for version 2.0.8_311, released 3 October 2024

  • Updates the golang base image to 1.22.7.
  • Updates to Kubernetes 1.30 client libraries.
  • Updates the CSI specification to version 1.9.0.
  • Fixes a security issue for the CSI sidecar liveness probe. The sidecar now runs as non-root in the Node Server pod.
  • Adds the ability to set a default storage class. For more information, see Setting the default storage class.
  • Updates the following sidecar images: csi-provisioner:v5.0.2, csi-resizer:v1.11.2, livenessprobe:v2.13.1, and csi-node-driver-registrar:v2.11.1.
  • Resolves CVE-2024-2398, CVE-2024-37370, CVE-2024-37371.

Change log for version 2.0.6_259, released 26 August 2024

  • Updates the golang image to 1.21.13-community.

Change log for version 2.0.5_253, released 15 July 2024

  • Updates the golang image to 1.21.12-community.
  • Updates the armada-storage-secret to v1.2.40.
  • Resolves CVE-2024-28182 and CVE-2023-2953.

Change log for version 2.0.4_232, released 3 July 2024

  • Version 2.0 and later is managed via the storage-operator add-on which is installed by default on new 1.30 and later clusters. To update your add-on, see Updating the IBM Cloud File Storage for VPC cluster add-on.
  • Adds support for encryption in-transit (EIT). EIT is disabled by default. For more information, see Setting up encryption in-transit.
  • Adds support for tagging. File shares can now be cleaned up when deleting clusters by using the --force-delete-storage option on the ibmcloud ks cluster rm command.
  • Adds new pre-defined storage classes. The previous storage classes are deprecated. Update your apps to use the new storage classes. For more information, see the Migrating to a new storage class.
  • Adds functionality to track CSI driver major events. You can the add-on status by reviewing the file-csi-driver-status configmap in the kube-system namespace.
  • Adds more attributes to persistent volume objects (PV) FileShareID, FileShareTargetID, ENISubnetID, ENISecurityGroupIDs.
  • Adds retries for fileShare target creation in case of partial failure during PVC creation.
  • Updates RBAC policies to use minimal privileges required.
  • Updates golang to 1.21.11-community.
  • Known issues: StorageClassSecres are not supported.

Version 1.2 archive

Change log for version 1.2.13_326, released 11 December 2024

  • Fixes CVE-2024-51744.
  • Updates the storage-secret-sidecar image to v1.2.52.

Change log for version 1.2.12_312, released 3 October 2024

  • Updates the golang base image to 1.22.7.
  • Updates to Kubernetes 1.30 client libraries.
  • Updates the CSI specification to version 1.9.0.
  • Fixes a security issue for the CSI sidecar liveness probe. The sidecar now runs as non-root in the Node Server pod.
  • Updates the following sidecar images: csi-provisioner:v5.0.2, csi-resizer:v1.11.2, livenessprobe:v2.13.1, and csi-node-driver-registrar:v2.11.1.
  • Resolves CVE-2024-2398, CVE-2024-37370, CVE-2024-37371.

Change log for version 1.2.10_254, released 15 July 2024

  • Updates the golang image to 1.21.12-community.
  • Updates the armada-storage-secret to v1.2.40.
  • Resolves CVE-2024-28182 and CVE-2023-2953.

Change log for version 1.2.9_245, released 21 June 2024

Change log for 1.2.8_174, released 10 May 2024

  • Updates golang to 1.21.9-community.
  • Removes curl package from base image.
  • Updates the armada-storage-secret to v1.2.35.
  • Sets handle-volume-inuse-error flag to false in the csi-resizer to reduce costs associated with watching all pods in the cluster which can cause OOM Killed errors for the csi-resizer.
  • Resolves CVE-2023-46218, CVE-2023-28322, and CVE-2023-38546.

Change log for 1.2.7_154, released 08 March 2024

  • Base image migrated from UBI to golang.

Change log for version 1.2.6_130, released 08 February 2024

  • Fixes hanging issue related to mounting and unmounting after node server restart.
  • Introduces granular locking mounting and unmounting at the targetPath level.
  • Disables the CSI NodeExpansion method as it is not required for the file share. The PVC can still be expanded.
  • Changes how the IAM endpoint is determined for VPC Gen2 clusters.
  • Upgrades Kubernetes client library to 1.28.
  • Upgrades CSI spec to 1.8.0.
  • Resolves the following CVEs: CVE-2022-48560, CVE-2022-48564, CVE-2023-39615, CVE-2023-43804, CVE-2023-45803, and CVE-2023-5981.
  • Updates the following sidecar images:
    • armada-storage-secret to v1.2.31.
    • csi-node-driver-registrar to v2.9.3.
    • csi-provisioner to v3.6.3.
    • csi-resizer to v1.9.3.
    • livenessprobe to v2.11.0.

Change log for version 1.2.5_107, released 10 January 2024

  • Resolves CVE-2023-3446, CVE-2023-3817, and CVE-2023-5678.
  • Applies a security fix to use the correct socket path following SElinux policy module changes and CSI recommendations to use /var/lib/kubelet/plugins/.

Change log for version 1.2.3_97, released 27 November 2023

Change log for version version 1.2.0, released 31 October 2023

  • Tiered and custom profile storage classes are no longer supported. Update your PVCs to use a dp2 storage classes.
  • Adds support for granular authorization via the Virtual Network Interface VNI (Elastic Network Interface ENI).
  • Adds support for cross zone mounting by default. Pods can now mount storage volumes across zones.
  • Allows you to bring your own security group to control granular authorization at the worker node, zone, or worker pool level.
  • Adds bring your own subnet support to control which subnet the virtual network interface (VNI) IP for storage is assigned and created in.
  • Adds bring your own IP support existing PrimaryIP which the VNI will assign.
  • Allows you to set a custom PrimaryIPAddress within the subnet range where the VNI IP is assigned and created.

Version 1.1

Change log for version 1.1.10_93, released 27 November 2023

Change log for version 1.1.9_87, released 13 November 2023

Change log for version 1.1.7_49, released 14 September 2023

Change log for version 1.1.6_41, release 28 July 2023

  • Tiered storage classes are deprecated and will be unsupported soon. To migrate, create new PVCs and that use a dp2 storage class and redeploy your apps.
  • Updates for the VPC API compatibility changes. For more information, see the VPC REST API change log
  • Adds support for dp2 profiles.
  • Updates the UBI to version 8.8-1014 to resolve the following CVEs: CVE-2023-1667, CVE-2023-2283, CVE-2023-26604, and CVE-2020-24736.
  • Updates Golang to version 1.19.11 to resolve CVE-2023-29406.

Change log for version 1.1, released 3 July 2023

Change log for version 1.1-beta, released 15 May 2023

  • Kubernetes dependencies upgraded to 1.26.4.
  • Controller pods are now deployed as Deployment, in previous releases pods were deployed as Satefulsets.
  • Adds the priorityClass in the deployment file for controller and node pods.

Version 1.0

Change log for version 1.0, released 16 May 2023