Bump Cert-manager version in installation documentation

[github-actions]

Bump Cert-manager version in installation documentation

docs: update cert-manager referenced version v1.20.3

2 file(s) updated with "https://github.com/cert-manager/cert-manager/releases/download/v1.20.3/": * docs/installation/other_inst_scenarios/install_epinio_on_rancher_desktop.md * docs/tutorials/single-dev-workflow.md

v1.20.3

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This patch release fixes a security issue ([`GHSA-8rvj-mm4h-c258`](https://github.com/cert-manager/cert-manager/security/advisories/GHSA-8rvj-mm4h-c258), HIGH) where the default `cert-manager-edit` aggregate ClusterRole granted namespace users permission to create ACME `Challenge` and `Order` resources directly. A user who could create a `Challenge` referencing a `ClusterIssuer` could supply attacker-controlled solver configuration while cert-manager loaded credentials from the `ClusterIssuer`'s namespace, bypassing Issuer solver selectors (`dnsZones`, `dnsNames`, `matchLabels`). With the acme-dns provider specifically, this could disclose DNS credentials to an attacker-controlled endpoint.

This release also removes the issuer owner reference from Challenges which was blocking Challenge garbage collection, and updates Go to fix reported CVEs.

All users should upgrade.

> [!WARNING]
> **Potentially breaking change:** The `cert-manager-edit` aggregate ClusterRole no longer grants `create` for `challenges.acme.cert-manager.io` or `create`, `patch`, `update` for `orders.acme.cert-manager.io`. These resources are internal to cert-manager's ACME workflow and are not intended to be created or modified directly by users. If you have tooling or workflows that create Challenge or Order resources directly (outside of the normal Certificate → CertificateRequest → Order → Challenge flow), you will need to grant those permissions explicitly.

## Changes by Kind

### Bug or Regression

- Security (HIGH): Remove Challenge `create` and Order `create`, `patch`, `update` verbs from the `cert-manager-edit` aggregate ClusterRole ([`GHSA-8rvj-mm4h-c258`](https://github.com/cert-manager/cert-manager/security/advisories/GHSA-8rvj-mm4h-c258)). (#8940, @wallrj-cyberark)
- Remove issuer owner reference from challenges blocking challenge garbage collection (#8759, @cert-manager-bot)

### Other (Cleanup or Flake)

- Bump go to 1.26.3, other deps to fix several govulncheck issues (#8789, @SgtCoDFish)
- Update Go to `v1.26.4` to fix CVE-2026-27145, CVE-2026-42504, and CVE-2026-42507 (#8926, @wallrj-cyberark)

v1.20.2

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.2 fixes invalid YAML generated in the Helm chart when both `webhook.config`
and `webhook.volumes` are defined, and bumps Go to 1.26.2 along with dependencies
to address reported vulnerabilities.

## Changes by Kind

### Bug or Regression

- Helm: Fix invalid YAML generated when both `webhook.config` and `webhook.volumes` are defined. (#8665, @cert-manager-bot)

### Other (Cleanup or Flake)

- Bump go dependencies with reported vulnerabilities (#8704, @erikgb)
- Bump go to 1.26.2 (#8703, @erikgb)

GitHub Action workflow link

---

Created automatically by Updatecli Options: Most of Updatecli configuration is done via its manifest(s). If you close this pull request, Updatecli will automatically reopen it, the next time it runs. If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made. Feel free to report any issues at github.com/updatecli/updatecli. If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!

[netlify]

✅ Deploy Preview for epinio-docs-staging ready!

Name	Link
🔨 Latest commit	4616a76
🔍 Latest deploy log	https://app.netlify.com/projects/epinio-docs-staging/deploys/6a3df56eaf649a00088c0468
😎 Deploy Preview	https://deploy-preview-487--epinio-docs-staging.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.