diff --git a/bitnami/apache/CHANGELOG.md b/bitnami/apache/CHANGELOG.md
index 64deb4f2f6772f..6d9fc7d08d12de 100644
--- a/bitnami/apache/CHANGELOG.md
+++ b/bitnami/apache/CHANGELOG.md
@@ -1,8 +1,14 @@
# Changelog
-## 11.2.23 (2024-12-08)
+## 11.3.0 (2024-12-10)
-* [bitnami/apache] Release 11.2.23 ([#30827](https://github.com/bitnami/charts/pull/30827))
+* [bitnami/apache] Detect non-standard images ([#30857](https://github.com/bitnami/charts/pull/30857))
+
+## 11.2.23 (2024-12-08)
+
+* [bitnami/*] docs: :memo: Add "Backup & Restore" section (#30711) ([35ab536](https://github.com/bitnami/charts/commit/35ab5363741e7548f4076f04da6e62d10153c60c)), closes [#30711](https://github.com/bitnami/charts/issues/30711)
+* [bitnami/*] docs: :memo: Add "Prometheus metrics" (batch 1) (#30660) ([7409ca4](https://github.com/bitnami/charts/commit/7409ca4c21869fabe1532dd4f3ff24895df71c6d)), closes [#30660](https://github.com/bitnami/charts/issues/30660)
+* [bitnami/apache] Release 11.2.23 (#30827) ([f504f07](https://github.com/bitnami/charts/commit/f504f07780487955d3391075cc82721df6601bd8)), closes [#30827](https://github.com/bitnami/charts/issues/30827)
## 11.2.22 (2024-10-29)
diff --git a/bitnami/apache/Chart.lock b/bitnami/apache/Chart.lock
index 1266036647b8dc..7d28733c590461 100644
--- a/bitnami/apache/Chart.lock
+++ b/bitnami/apache/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
- version: 2.27.2
-digest: sha256:6fd86cc5a4b5094abca1f23c8ec064e75e51eceaded94a5e20977274b2abb576
-generated: "2024-12-08T09:46:50.854822766Z"
+ version: 2.28.0
+digest: sha256:5b30f0fa07bb89b01c55fd6258c8ce22a611b13623d4ad83e8fdd1d4490adc74
+generated: "2024-12-10T14:40:05.585262+01:00"
diff --git a/bitnami/apache/Chart.yaml b/bitnami/apache/Chart.yaml
index a9d531720bef0c..7a3626e5e64232 100644
--- a/bitnami/apache/Chart.yaml
+++ b/bitnami/apache/Chart.yaml
@@ -35,4 +35,4 @@ maintainers:
name: apache
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/apache
-version: 11.2.23
+version: 11.3.0
diff --git a/bitnami/apache/README.md b/bitnami/apache/README.md
index e84df66349b6e9..bef9a357ee2b2d 100644
--- a/bitnami/apache/README.md
+++ b/bitnami/apache/README.md
@@ -111,13 +111,14 @@ Install the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/char
### Global parameters
-| Name | Description | Value |
-| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
-| `global.imageRegistry` | Global Docker image registry | `""` |
-| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
-| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
-| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` |
-| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
+| Name | Description | Value |
+| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `global.imageRegistry` | Global Docker image registry | `""` |
+| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
+| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
+| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` |
+| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
+| `global.security.allowInsecureImages` | By default, this chart verifies that the original container images that were designed, tested, and validated are used. This option makes the chart skip the verification step and proceed | `false` |
### Common parameters
@@ -344,6 +345,11 @@ Find more information about how to deal with common errors related to Bitnami's
## Upgrading
+### To 11.3.0
+
+Starting from this minor version, the Bitnami Airflow chart verifies that the original container images that were designed, tested, and validated are used.
+This container image verification can be skipped by setting the global parameter `global.security.allowInsecureImages` to `true`. Further information can be obtained at [this GitHub issue](https://github.com/bitnami/charts/issues/30850).
+
### To 11.0.0
This major bump changes the following security defaults:
diff --git a/bitnami/apache/templates/NOTES.txt b/bitnami/apache/templates/NOTES.txt
index ebb39b1ac424c8..9548080de5abc5 100644
--- a/bitnami/apache/templates/NOTES.txt
+++ b/bitnami/apache/templates/NOTES.txt
@@ -47,3 +47,4 @@ WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.t
{{ include "apache.validateValues" . }}
{{- include "common.warnings.resources" (dict "sections" (list "cloneHtdocsFromGit" "metrics" "") "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.git .Values.metrics.image) "context" $) }}
+{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.metrics.image) "context" $) }}
diff --git a/bitnami/apache/values.yaml b/bitnami/apache/values.yaml
index a1c99e577208e0..059f08f5d8550d 100644
--- a/bitnami/apache/values.yaml
+++ b/bitnami/apache/values.yaml
@@ -29,6 +29,13 @@ global:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
+ ## Security parameters
+ ##
+ security:
+ ## @param global.security.allowInsecureImages By default, this chart verifies that the original container images that were designed, tested, and validated are used. This option makes the chart skip the verification step and proceed
+ ##
+ allowInsecureImages: false
+
## @section Common parameters
## @param kubeVersion Override Kubernetes version