Releases · FairwindsOps/goldilocks

29 May 14:29

reactiveops-bot

v4.15.1

93e16c3

v4.15.1 Latest

Latest

Changelog

3be8f9e Managed by Terraform
93e16c3 fix goreleaser signing on release

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

cosign verify-blob checksums.txt --bundle=checksums.txt.sigstore.json --key https://artifacts.fairwinds.com/cosign-p256.pub

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4.15.1 --key https://artifacts.fairwinds.com/cosign-p256.pub

Assets 16

checksums.txt

sha256:2da360ffb3944c71b93d654d368b90c20fc777a4e25ef70269fe46167a0a7648

620 Bytes 2026-05-29T14:29:44Z
checksums.txt.sigstore.json

sha256:9702c6f2db04010354272c14de7d417feb43341ec2e018000d5a71bddfe815fe

3.66 KB 2026-05-29T14:29:45Z
goldilocks_4.15.1_darwin_amd64.tar.gz

sha256:947aa27dcb545fbe9b6f22bdfa97e206b460f8584e62aca980ca8b90b430cd9d

14.6 MB 2026-05-29T14:29:44Z
goldilocks_4.15.1_darwin_amd64.tar.gz.sigstore.json

sha256:58c6c4a2b288f2e9c2413c669936ecbb0b31061d81e993e5607b6e25e332f1c8

3.57 KB 2026-05-29T14:29:45Z
goldilocks_4.15.1_darwin_arm64.tar.gz

sha256:e1fb3bf8fd439d04ee899e949275f8d666f276ac43a2d4e6b5a0afe582046028

13.5 MB 2026-05-29T14:29:42Z
goldilocks_4.15.1_darwin_arm64.tar.gz.sigstore.json

sha256:6de3c538375c8e39449d4fe68be1ede2090058c7162d5da5534636c2825d4f94

3.7 KB 2026-05-29T14:29:45Z
goldilocks_4.15.1_linux_amd64.tar.gz

sha256:70254225ddd9e3620ac94d78bd3eb79a72a372b9773539dc444f0cbc869f840e

14.3 MB 2026-05-29T14:29:42Z
goldilocks_4.15.1_linux_amd64.tar.gz.sigstore.json

sha256:ebe11b99821cf7812dde3ba529b103c3c00b431de774c7518054ef6fe7fa37eb

3.66 KB 2026-05-29T14:29:45Z
goldilocks_4.15.1_linux_arm64.tar.gz

sha256:5ad85e70b37023a69cdcfdcece54f4d7629026f099e23ff000940b4b8cf11003

12.8 MB 2026-05-29T14:29:44Z
goldilocks_4.15.1_linux_arm64.tar.gz.sigstore.json

sha256:9cd7314679735f26a709e1bdd9fdbba683af28cc1ae8482d1c543677d73eed94

3.61 KB 2026-05-29T14:29:45Z
Source code (zip)

2026-05-29T13:56:25Z
Source code (tar.gz)

2026-05-29T13:56:25Z

27 Apr 15:46

reactiveops-bot

v4.15.0

ab42299

v4.15.0

Changelog

d668d78 INS-2242: Fix goldilocks vulnerabilities (#849)
41c6607 Managed by Terraform
6e94e03 Managed by Terraform
86aaec6 Managed by Terraform
ab42299 add notice to include registry change and immutable images notice on the readme (#851)
b4d579c fix: honor -stderrthreshold when -logtostderr is set (#850)

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

cosign verify-blob checksums.txt --signature=checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign-p256.pub

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4.15.0 --key https://artifacts.fairwinds.com/cosign-p256.pub

Assets 9

10 Mar 16:37

reactiveops-bot

v4.14.18

2a4b04e

v4.14.18

Changelog

2a4b04e Fixed user on deployment (#844)

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

sha256sum -c goldilocks_v4.14.18_checksums.txt --ignore-missing
cosign verify-blob goldilocks_v4.14.18_checksums.txt --signature=goldilocks_v4.14.18_checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4 --key https://artifacts.fairwinds.com/cosign.pub

Assets 9

24 Feb 17:00

reactiveops-bot

v4.14.10

b7efe33

v4.14.10

Changelog

b7efe33 INS-1938: Upgrade goldilocks with go 1.26 (#831)

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

sha256sum -c goldilocks_v4.14.10_checksums.txt --ignore-missing
cosign verify-blob goldilocks_v4.14.10_checksums.txt --signature=goldilocks_v4.14.10_checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4 --key https://artifacts.fairwinds.com/cosign.pub

Assets 9

21 Jan 16:35

reactiveops-bot

v4.14.9

4108c88

v4.14.9

Changelog

4108c88 fix: correct memory unit formatting in dashboard (#821)

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

sha256sum -c goldilocks_v4.14.9_checksums.txt --ignore-missing
cosign verify-blob goldilocks_v4.14.9_checksums.txt --signature=goldilocks_v4.14.9_checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4 --key https://artifacts.fairwinds.com/cosign.pub

Assets 9

08 Dec 15:33

reactiveops-bot

v4.14.8

ddf3750

v4.14.8

Changelog

ddf3750 INS-1682: goldilocks: Bump go to 1.25.5 for fixing vulnerability (#813)

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

sha256sum -c goldilocks_v4.14.8_checksums.txt --ignore-missing
cosign verify-blob goldilocks_v4.14.8_checksums.txt --signature=goldilocks_v4.14.8_checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4 --key https://artifacts.fairwinds.com/cosign.pub

Assets 9

31 Oct 14:26

reactiveops-bot

v4.14.7

37bafdd

v4.14.7

Changelog

37bafdd INS-1565: Fix goldilocks vulnerabilities (#805)
ea8d0e6 Update link to VPA Recommender documentation (#804)
789ce65 fix: update deps in CI and go (#803)

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

sha256sum -c goldilocks_v4.14.7_checksums.txt --ignore-missing
cosign verify-blob goldilocks_v4.14.7_checksums.txt --signature=goldilocks_v4.14.7_checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4 --key https://artifacts.fairwinds.com/cosign.pub

Assets 9

28 Oct 15:32

reactiveops-bot

v4.14.6

f50c8b9

v4.14.6

Changelog

f50c8b9 fix: match user-supplied UpdateMode with typed values (#781)

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

sha256sum -c goldilocks_v4.14.6_checksums.txt --ignore-missing
cosign verify-blob goldilocks_v4.14.6_checksums.txt --signature=goldilocks_v4.14.6_checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4 --key https://artifacts.fairwinds.com/cosign.pub

Assets 9

16 Oct 16:32

reactiveops-bot

v4.14.5

fd725f8

v4.14.5

Changelog

fd725f8 Change default onDelete and onUpdate log level to debug (#800)

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

sha256sum -c goldilocks_v4.14.5_checksums.txt --ignore-missing
cosign verify-blob goldilocks_v4.14.5_checksums.txt --signature=goldilocks_v4.14.5_checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4 --key https://artifacts.fairwinds.com/cosign.pub

Assets 9

18 Aug 18:32

reactiveops-bot

v4.14.4

d28372d

v4.14.4

Changelog

d28372d INS-1305: fix CVE-2025-47907 (#785)

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

sha256sum -c goldilocks_v4.14.4_checksums.txt --ignore-missing
cosign verify-blob goldilocks_v4.14.4_checksums.txt --signature=goldilocks_v4.14.4_checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4 --key https://artifacts.fairwinds.com/cosign.pub

Assets 9

Releases: FairwindsOps/goldilocks

v4.15.1

Changelog

Uh oh!

v4.15.0

Changelog

Uh oh!

v4.14.18

Changelog

Uh oh!

v4.14.10

Changelog

Uh oh!

v4.14.9

Changelog

Uh oh!

v4.14.8

Changelog

Uh oh!

v4.14.7

Changelog

Uh oh!

v4.14.6

Changelog

Uh oh!

v4.14.5

Changelog

Uh oh!

v4.14.4

Changelog

Uh oh!