diff --git a/bitnami/sealed-secrets/CHANGELOG.md b/bitnami/sealed-secrets/CHANGELOG.md
index 590eae3f90d4cd..307d36e5187203 100644
--- a/bitnami/sealed-secrets/CHANGELOG.md
+++ b/bitnami/sealed-secrets/CHANGELOG.md
@@ -1,8 +1,12 @@
# Changelog
-## 2.4.14 (2024-12-05)
+## 2.5.0 (2024-12-10)
-* [bitnami/sealed-secrets] Release 2.4.14 ([#30805](https://github.com/bitnami/charts/pull/30805))
+* [bitnami/sealed-secrets] Detect non-standard images ([#30966](https://github.com/bitnami/charts/pull/30966))
+
+## 2.4.14 (2024-12-05)
+
+* [bitnami/sealed-secrets] Release 2.4.14 (#30805) ([1bc7b3f](https://github.com/bitnami/charts/commit/1bc7b3fa73b91b48644cd1f9046087b6ea5d5c05)), closes [#30805](https://github.com/bitnami/charts/issues/30805)
## 2.4.13 (2024-12-04)
diff --git a/bitnami/sealed-secrets/Chart.lock b/bitnami/sealed-secrets/Chart.lock
index 47c6eac2a5b070..67f67a6f07bbe6 100644
--- a/bitnami/sealed-secrets/Chart.lock
+++ b/bitnami/sealed-secrets/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
- version: 2.27.2
-digest: sha256:6fd86cc5a4b5094abca1f23c8ec064e75e51eceaded94a5e20977274b2abb576
-generated: "2024-12-04T03:55:26.784408236Z"
+ version: 2.28.0
+digest: sha256:5b30f0fa07bb89b01c55fd6258c8ce22a611b13623d4ad83e8fdd1d4490adc74
+generated: "2024-12-10T17:27:55.547739+01:00"
diff --git a/bitnami/sealed-secrets/Chart.yaml b/bitnami/sealed-secrets/Chart.yaml
index fb88b8ca63b78a..a13e6aea8d029c 100644
--- a/bitnami/sealed-secrets/Chart.yaml
+++ b/bitnami/sealed-secrets/Chart.yaml
@@ -29,4 +29,4 @@ name: sealed-secrets
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/sealed-secrets
- https://github.com/bitnami-labs/sealed-secrets
-version: 2.4.14
+version: 2.5.0
diff --git a/bitnami/sealed-secrets/README.md b/bitnami/sealed-secrets/README.md
index ed203e37c3d1be..e636b5abdb530e 100644
--- a/bitnami/sealed-secrets/README.md
+++ b/bitnami/sealed-secrets/README.md
@@ -194,11 +194,12 @@ As an alternative, use one of the preset configurations for pod affinity, pod an
### Global parameters
-| Name | Description | Value |
-| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
-| `global.imageRegistry` | Global Docker image registry | `""` |
-| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
-| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
+| Name | Description | Value |
+| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `global.imageRegistry` | Global Docker image registry | `""` |
+| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
+| `global.security.allowInsecureImages` | Allows skipping image verification | `false` |
+| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
### Common parameters
@@ -412,6 +413,10 @@ Find more information about how to deal with common errors related to Bitnami's
## Upgrading
+### To 2.5.0
+
+This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850).
+
### To 2.0.0
This major bump changes the following security defaults:
diff --git a/bitnami/sealed-secrets/templates/NOTES.txt b/bitnami/sealed-secrets/templates/NOTES.txt
index f138172dcbb8e6..294b1aa68d4be3 100644
--- a/bitnami/sealed-secrets/templates/NOTES.txt
+++ b/bitnami/sealed-secrets/templates/NOTES.txt
@@ -54,4 +54,5 @@ Both the SealedSecret and generated Secret must have the same name and namespace
{{- include "common.warnings.rollingTag" .Values.image }}
{{- end }}
{{- include "common.warnings.resources" (dict "sections" (list "") "context" $) }}
-{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image) "context" $) }}
\ No newline at end of file
+{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image) "context" $) }}
+{{- include "common.errors.insecureImages" (dict "images" (list .Values.image) "context" $) }}
diff --git a/bitnami/sealed-secrets/values.yaml b/bitnami/sealed-secrets/values.yaml
index cf24f0313fb6d7..9c189ead5e15a2 100644
--- a/bitnami/sealed-secrets/values.yaml
+++ b/bitnami/sealed-secrets/values.yaml
@@ -17,6 +17,11 @@ global:
## - myRegistryKeySecretName
##
imagePullSecrets: []
+ ## Security parameters
+ ##
+ security:
+ ## @param global.security.allowInsecureImages Allows skipping image verification
+ allowInsecureImages: false
## Compatibility adaptations for Kubernetes platforms
##
compatibility: