diff --git a/control-plane/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go b/control-plane/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go
index 9c4aa1e1a9..6132824a1f 100644
--- a/control-plane/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go
+++ b/control-plane/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go
@@ -45,14 +45,15 @@ func withInformerFactory(ctx context.Context) context.Context {
 	}
 	labelSelectors := untyped.([]string)
 	for _, selector := range labelSelectors {
+		selectorVal := selector
 		opts := []externalversions.SharedInformerOption{}
 		if injection.HasNamespaceScope(ctx) {
 			opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx)))
 		}
 		opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) {
-			l.LabelSelector = selector
+			l.LabelSelector = selectorVal
 		}))
-		ctx = context.WithValue(ctx, filtered.Key{Selector: selector},
+		ctx = context.WithValue(ctx, filtered.Key{Selector: selectorVal},
 			externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...))
 	}
 	return ctx
diff --git a/control-plane/pkg/client/injection/informers/factory/filtered/filtered_factory.go b/control-plane/pkg/client/injection/informers/factory/filtered/filtered_factory.go
index 033c30f5b1..14b05c6eb1 100644
--- a/control-plane/pkg/client/injection/informers/factory/filtered/filtered_factory.go
+++ b/control-plane/pkg/client/injection/informers/factory/filtered/filtered_factory.go
@@ -53,14 +53,15 @@ func withInformerFactory(ctx context.Context) context.Context {
 	}
 	labelSelectors := untyped.([]string)
 	for _, selector := range labelSelectors {
+		selectorVal := selector
 		opts := []externalversions.SharedInformerOption{}
 		if injection.HasNamespaceScope(ctx) {
 			opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx)))
 		}
 		opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) {
-			l.LabelSelector = selector
+			l.LabelSelector = selectorVal
 		}))
-		ctx = context.WithValue(ctx, Key{Selector: selector},
+		ctx = context.WithValue(ctx, Key{Selector: selectorVal},
 			externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...))
 	}
 	return ctx
diff --git a/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/fake/fake_filtered_factory.go b/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/fake/fake_filtered_factory.go
index 4da6d665ca..f983b32423 100644
--- a/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/fake/fake_filtered_factory.go
+++ b/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/fake/fake_filtered_factory.go
@@ -45,14 +45,15 @@ func withInformerFactory(ctx context.Context) context.Context {
 	}
 	labelSelectors := untyped.([]string)
 	for _, selector := range labelSelectors {
+		selectorVal := selector
 		opts := []externalversions.SharedInformerOption{}
 		if injection.HasNamespaceScope(ctx) {
 			opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx)))
 		}
 		opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) {
-			l.LabelSelector = selector
+			l.LabelSelector = selectorVal
 		}))
-		ctx = context.WithValue(ctx, filtered.Key{Selector: selector},
+		ctx = context.WithValue(ctx, filtered.Key{Selector: selectorVal},
 			externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...))
 	}
 	return ctx
diff --git a/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/filtered_factory.go b/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/filtered_factory.go
index 560e5ee10c..08a31c010b 100644
--- a/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/filtered_factory.go
+++ b/control-plane/pkg/client/internals/kafka/injection/informers/factory/filtered/filtered_factory.go
@@ -53,14 +53,15 @@ func withInformerFactory(ctx context.Context) context.Context {
 	}
 	labelSelectors := untyped.([]string)
 	for _, selector := range labelSelectors {
+		selectorVal := selector
 		opts := []externalversions.SharedInformerOption{}
 		if injection.HasNamespaceScope(ctx) {
 			opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx)))
 		}
 		opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) {
-			l.LabelSelector = selector
+			l.LabelSelector = selectorVal
 		}))
-		ctx = context.WithValue(ctx, Key{Selector: selector},
+		ctx = context.WithValue(ctx, Key{Selector: selectorVal},
 			externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...))
 	}
 	return ctx
diff --git a/control-plane/pkg/reconciler/broker/controller.go b/control-plane/pkg/reconciler/broker/controller.go
index 113d51ce97..781dd16a8e 100644
--- a/control-plane/pkg/reconciler/broker/controller.go
+++ b/control-plane/pkg/reconciler/broker/controller.go
@@ -88,8 +88,13 @@ func NewController(ctx context.Context, watcher configmap.Watcher, env *config.E
 		)
 	}
 
+	featureStore := feature.NewStore(logging.FromContext(ctx).Named("feature-config-store"))
+	featureStore.WatchConfigs(watcher)
+
 	impl := brokerreconciler.NewImpl(ctx, reconciler, kafka.BrokerClass, func(impl *controller.Impl) controller.Options {
-		return controller.Options{PromoteFilterFunc: kafka.BrokerClassFilter()}
+		return controller.Options{
+			ConfigStore:       featureStore,
+			PromoteFilterFunc: kafka.BrokerClassFilter()}
 	})
 
 	reconciler.Resolver = resolver.NewURIResolverFromTracker(ctx, impl.Tracker)
@@ -97,6 +102,7 @@ func NewController(ctx context.Context, watcher configmap.Watcher, env *config.E
 
 	features := feature.FromContext(ctx)
 	caCerts, err := reconciler.getCaCerts()
+
 	if err != nil && (features.IsStrictTransportEncryption() || features.IsPermissiveTransportEncryption()) {
 		// We only need to warn here as the broker won't reconcile properly without the proper certs because the prober won't succeed
 		logger.Warn("Failed to get CA certs when at least one address uses TLS", zap.Error(err))
diff --git a/control-plane/pkg/reconciler/broker/controller_test.go b/control-plane/pkg/reconciler/broker/controller_test.go
index 555c32e56c..e714216e5d 100644
--- a/control-plane/pkg/reconciler/broker/controller_test.go
+++ b/control-plane/pkg/reconciler/broker/controller_test.go
@@ -89,6 +89,10 @@ func TestNewController(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name: apisconfig.FlagsConfigName,
 			},
+		}, &corev1.ConfigMap{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "config-features",
+			},
 		}),
 		env,
 	)
diff --git a/control-plane/pkg/reconciler/consumergroup/consumergroup_test.go b/control-plane/pkg/reconciler/consumergroup/consumergroup_test.go
index b2ac6250cd..188b6f79e7 100644
--- a/control-plane/pkg/reconciler/consumergroup/consumergroup_test.go
+++ b/control-plane/pkg/reconciler/consumergroup/consumergroup_test.go
@@ -2164,7 +2164,7 @@ func TestFinalizeKind(t *testing.T) {
 				Eventf(
 					corev1.EventTypeWarning,
 					"InternalError",
-					"failed to delete consumer group offset: unable to delete the consumer group my.group.id: "+sarama.ErrClusterAuthorizationFailed.Error() + " (retry num 1)",
+					"failed to delete consumer group offset: unable to delete the consumer group my.group.id: "+sarama.ErrClusterAuthorizationFailed.Error()+" (retry num 1)",
 				),
 			},
 			WantStatusUpdates: []clientgotesting.UpdateActionImpl{
diff --git a/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml b/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml
index e00754ce9d..8b298cd29e 100644
--- a/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml
+++ b/data-plane/config/broker-tls/broker-ingress-tls-certificate.yaml
@@ -26,12 +26,12 @@ spec:
       app.kubernetes.io/component: kafka-broker-receiver
       app.kubernetes.io/name: knative-eventing
 
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1
diff --git a/data-plane/config/broker/500-receiver.yaml b/data-plane/config/broker/500-receiver.yaml
index 97e682d015..fee514b3e6 100644
--- a/data-plane/config/broker/500-receiver.yaml
+++ b/data-plane/config/broker/500-receiver.yaml
@@ -182,7 +182,6 @@ spec:
             secretName: kafka-broker-ingress-server-tls
             optional: true
 
-            
       restartPolicy: Always
 ---
 
@@ -212,6 +211,10 @@ spec:
       port: 8080
       protocol: TCP
       targetPort: 8080
+    - name: https-container
+      port: 8443
+      protocol: TCP
+      targetPort: 8443
     - name: http-metrics
       port: 9090
       protocol: TCP
diff --git a/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml b/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml
index 4971a7d34d..0896ca68b7 100644
--- a/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml
+++ b/data-plane/config/channel-tls/channel-ingress-tls-certificate.yaml
@@ -26,12 +26,12 @@ spec:
       app.kubernetes.io/component: kafka-channel-receiver
       app.kubernetes.io/name: knative-eventing
 
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1
diff --git a/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml b/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml
index baf6a6ec73..ef20921431 100644
--- a/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml
+++ b/data-plane/config/sink-tls/sink-ingress-tls-certificate.yaml
@@ -26,12 +26,12 @@ spec:
       app.kubernetes.io/component: kafka-sink-receiver
       app.kubernetes.io/name: knative-eventing
 
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1
diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/metrics/Metrics.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/metrics/Metrics.java
index 9f0a11bc3d..6ff61f3d19 100644
--- a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/metrics/Metrics.java
+++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/metrics/Metrics.java
@@ -62,17 +62,22 @@ public class Metrics {
     public static final boolean DISABLE_KAFKA_CLIENTS_METRICS =
             Boolean.parseBoolean(System.getenv("DISABLE_KAFKA_CLIENTS_METRICS"));
 
-    // There are different thread polls usable, mainly, each with its own drawbacks for our use case:
-    //   - cached thread pools
-    //   - fixed thread pools
+    // There are different thread polls usable, mainly, each with its own drawbacks
+    // for our use case:
+    // - cached thread pools
+    // - fixed thread pools
     //
-    // A cached thread might grow unbounded and since creating, updating and deleting resources
-    // trigger the usage of this executor, a bad actor might start continuously creating, updating
+    // A cached thread might grow unbounded and since creating, updating and
+    // deleting resources
+    // trigger the usage of this executor, a bad actor might start continuously
+    // creating, updating
     // and deleting resources which will cause resource exhaustion.
     //
-    // A fixed thread poll doesn't give the best possible latency for every resource, but it's
+    // A fixed thread poll doesn't give the best possible latency for every
+    // resource, but it's
     // bounded, so we keep the resource usage under control.
-    // We might want to provide configs to make it bigger than a single thread but a single thread
+    // We might want to provide configs to make it bigger than a single thread but a
+    // single thread
     // to start with is good enough for now.
     public static final ExecutorService meterBinderExecutor = Executors.newSingleThreadExecutor();
 
@@ -80,17 +85,19 @@ public class Metrics {
         Runtime.getRuntime().addShutdownHook(new Thread(meterBinderExecutor::shutdown));
     }
 
-    // Micrometer employs a naming convention that separates lowercase words with a '.' (dot) character.
-    // Different monitoring systems have different recommendations regarding naming convention, and some naming
+    // Micrometer employs a naming convention that separates lowercase words with a
+    // '.' (dot) character.
+    // Different monitoring systems have different recommendations regarding naming
+    // convention, and some naming
     // conventions may be incompatible for one system and not another.
-    // Each Micrometer implementation for a monitoring system comes with a naming convention that transforms lowercase
+    // Each Micrometer implementation for a monitoring system comes with a naming
+    // convention that transforms lowercase
     // dot notation names to the monitoring system’s recommended naming convention.
-    // Additionally, this naming convention implementation sanitizes metric names and tags of special characters that
+    // Additionally, this naming convention implementation sanitizes metric names
+    // and tags of special characters that
     // are disallowed by the monitoring system.
 
-    /**
-     * In prometheus format --> http_events_sent_total
-     */
+    /** In prometheus format --> http_events_sent_total */
     public static final String HTTP_EVENTS_SENT_COUNT = "http.events.sent";
 
     /**
@@ -221,8 +228,8 @@ public static MeterRegistry getRegistry() {
      * Register the given consumer to the global meter registry.
      *
      * @param consumer consumer to bind to the global registry.
-     * @param <K>      Record key type.
-     * @param <V>      Record value type.
+     * @param <K> Record key type.
+     * @param <V> Record value type.
      * @return A meter binder to close once the consumer is closed.
      */
     public static <K, V> AsyncCloseable register(final Consumer<K, V> consumer) {
@@ -233,8 +240,8 @@ public static <K, V> AsyncCloseable register(final Consumer<K, V> consumer) {
      * Register the given producer to the global meter registry.
      *
      * @param producer Consumer to bind to the global registry.
-     * @param <K>      Record key type.
-     * @param <V>      Record value type.
+     * @param <K> Record key type.
+     * @param <V> Record value type.
      * @return A meter binder to close once the producer is closed.
      */
     public static <K, V> AsyncCloseable register(final Producer<K, V> producer) {
@@ -270,7 +277,8 @@ private static AsyncCloseable register(final Supplier<KafkaClientMetrics> metric
                 };
 
             } catch (final RejectedExecutionException ex) {
-                // if this task cannot be accepted for execution when the executor has been shutdown.
+                // if this task cannot be accepted for execution when the executor has been
+                // shutdown.
                 logger.warn("Failed to bind metrics for Kafka client", ex);
             }
         }
diff --git a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java
index 06a4332ff3..021cda2c6a 100644
--- a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java
+++ b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticle.java
@@ -30,9 +30,8 @@
 import dev.knative.eventing.kafka.broker.receiver.impl.handler.MethodNotAllowedHandler;
 import dev.knative.eventing.kafka.broker.receiver.impl.handler.ProbeHandler;
 import dev.knative.eventing.kafka.broker.receiver.main.ReceiverEnv;
-import io.fabric8.kubernetes.client.*;
 import io.vertx.core.*;
-import io.vertx.core.buffer.*;
+import io.vertx.core.buffer.Buffer;
 import io.vertx.core.eventbus.MessageConsumer;
 import io.vertx.core.http.HttpServer;
 import io.vertx.core.http.HttpServerOptions;
diff --git a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/ReceiverVerticleFactory.java b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/ReceiverVerticleFactory.java
index 6c5b14f841..1647694589 100644
--- a/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/ReceiverVerticleFactory.java
+++ b/data-plane/receiver/src/main/java/dev/knative/eventing/kafka/broker/receiver/main/ReceiverVerticleFactory.java
@@ -36,7 +36,7 @@ class ReceiverVerticleFactory implements Supplier<Verticle> {
     private final HttpServerOptions httpServerOptions;
     private final HttpServerOptions httpsServerOptions;
 
-    private final String secretVolumePath = "/etc/receiver-secret-volume";
+    private final String secretVolumePath = "/etc/receiver-tls-secret";
 
     private final IngressRequestHandler ingressRequestHandler;
 
diff --git a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java
index eb37cfecca..ba7c1580a7 100644
--- a/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java
+++ b/data-plane/receiver/src/test/java/dev/knative/eventing/kafka/broker/receiver/impl/ReceiverVerticleTest.java
@@ -15,10 +15,7 @@
  */
 package dev.knative.eventing.kafka.broker.receiver.impl;
 
-import static io.netty.handler.codec.http.HttpResponseStatus.ACCEPTED;
-import static io.netty.handler.codec.http.HttpResponseStatus.BAD_REQUEST;
-import static io.netty.handler.codec.http.HttpResponseStatus.NOT_FOUND;
-import static io.netty.handler.codec.http.HttpResponseStatus.OK;
+import static io.netty.handler.codec.http.HttpResponseStatus.*;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.mockito.Mockito.mock;
diff --git a/go.mod b/go.mod
index 51371d39f7..948863fe85 100644
--- a/go.mod
+++ b/go.mod
@@ -39,10 +39,10 @@ require (
 	github.com/google/gofuzz v1.2.0
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/kedacore/keda/v2 v2.8.1
-	knative.dev/eventing v0.38.5
-	knative.dev/hack v0.0.0-20230712131415-ddae80293c43
-	knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626
-	knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2
+	knative.dev/eventing v0.38.7-0.20231114105650-05b92c7f910a
+	knative.dev/hack v0.0.0-20231123073118-c0f04e812cfe
+	knative.dev/pkg v0.0.0-20231103161548-f5b42e8dea44
+	knative.dev/reconciler-test v0.0.0-20231121134246-52a86c40f40c
 	sigs.k8s.io/controller-runtime v0.12.3
 )
 
diff --git a/go.sum b/go.sum
index 140351effc..f0b881391c 100644
--- a/go.sum
+++ b/go.sum
@@ -1339,14 +1339,14 @@ k8s.io/utils v0.0.0-20200912215256-4140de9c8800/go.mod h1:jPW/WVKK9YHAvNhRxK0md/
 k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8=
 k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.38.5 h1:NvSy3lek9IbLLWEot36NyAfNv7VkJNl38F1ItVL0D6s=
-knative.dev/eventing v0.38.5/go.mod h1:g+iAS+KBRSKULEPqoVnseMkObDeq3SJhqefbuIu8zY8=
-knative.dev/hack v0.0.0-20230712131415-ddae80293c43 h1:3SE06uNfSFGm/5XS+0trbyCUpgsOaBeyhPQU8FPNFz8=
-knative.dev/hack v0.0.0-20230712131415-ddae80293c43/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626 h1:qFE+UDBRg6cpF5LbA0sv1XK4XZ36Z7aTRCa+HcuxnNQ=
-knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626/go.mod h1:g+UCgSKQ2f15kHYu/V3CPtoKo5F1x/2Y1ot0NSK7gA0=
-knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2 h1:Lenj/sGhPYZoCdl4bvoeZzA4Y1VS4LNEIWH1/HTU+6I=
-knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2/go.mod h1:HgugJUOhHZ3F6Tbhte92ecL0sBqJtCeJtd7K8jX+IJk=
+knative.dev/eventing v0.38.7-0.20231114105650-05b92c7f910a h1:gSGU4/w3NwVSmmcBG8B6H8AT647dMPLyqwn6LLpdp+I=
+knative.dev/eventing v0.38.7-0.20231114105650-05b92c7f910a/go.mod h1:a6XMiX0CEaQi9z698LZ9wVzseFK+4wgTExWhyKXzYqc=
+knative.dev/hack v0.0.0-20231123073118-c0f04e812cfe h1:8MMQg9UvxCLiOqWnWm6+kiYyV81Are8ocj7fX6qpgrk=
+knative.dev/hack v0.0.0-20231123073118-c0f04e812cfe/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
+knative.dev/pkg v0.0.0-20231103161548-f5b42e8dea44 h1:2gjHbqg8K9k1KJtLgxsTvzxovXOhozcrk3AzzJmjsA0=
+knative.dev/pkg v0.0.0-20231103161548-f5b42e8dea44/go.mod h1:g+UCgSKQ2f15kHYu/V3CPtoKo5F1x/2Y1ot0NSK7gA0=
+knative.dev/reconciler-test v0.0.0-20231121134246-52a86c40f40c h1:MDmiP3HYihbl5gkNJJOC/adSup3y8nHZlmSMwHZ9heU=
+knative.dev/reconciler-test v0.0.0-20231121134246-52a86c40f40c/go.mod h1:Yw7Jkv+7PjDitG6CUkakWc/5SZa8Tm/sgXfaFy305Ng=
 pgregory.net/rapid v0.3.3 h1:jCjBsY4ln4Atz78QoBWxUEvAHaFyNDQg9+WU62aCn1U=
 pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/test/config-transport-encryption/features.yaml b/test/config-transport-encryption/features.yaml
new file mode 100644
index 0000000000..ce2d561784
--- /dev/null
+++ b/test/config-transport-encryption/features.yaml
@@ -0,0 +1,32 @@
+# Copyright 2021 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-features
+  namespace: knative-eventing
+  labels:
+    knative.dev/config-propagation: original
+    knative.dev/config-category: eventing
+data:
+  authentication.oidc: "disabled"
+  delivery-retryafter: "disabled"
+  delivery-timeout: "enabled"
+  eventtype-auto-create: "disabled"
+  kreference-group: "disabled"
+  kreference-mapping: "disabled"
+  new-trigger-filters: "enabled"
+  strict-subscriber: "disabled"
+  transport-encryption: "Strict"
diff --git a/test/e2e-common.sh b/test/e2e-common.sh
index 51aef170a1..ab34608385 100644
--- a/test/e2e-common.sh
+++ b/test/e2e-common.sh
@@ -96,9 +96,13 @@ function knative_eventing() {
     kubectl apply -f "${EVENTING_CONFIG}/eventing-crds.yaml"
     kubectl apply -f "${EVENTING_CONFIG}/eventing-core.yaml"
     kubectl apply -f "${EVENTING_CONFIG}/eventing-tls-networking.yaml"
+
   else
     echo ">> Install Knative Eventing from ${KNATIVE_EVENTING_RELEASE}"
     kubectl apply -f "${KNATIVE_EVENTING_RELEASE}"
+
+    echo ">> Intall Knative Eventing TLS from ${KNATIVE_EVENTING_RELEASE_TLS}"
+    kubectl apply -f "${KNATIVE_EVENTING_RELEASE_TLS}"
   fi
 
   ! kubectl patch horizontalpodautoscalers.autoscaling -n knative-eventing eventing-webhook -p '{"spec": {"minReplicas": '${REPLICAS}'}}'
diff --git a/test/e2e_new/broker_eventing_tls_test.go b/test/e2e_new/broker_eventing_tls_test.go
new file mode 100644
index 0000000000..123d9fb61d
--- /dev/null
+++ b/test/e2e_new/broker_eventing_tls_test.go
@@ -0,0 +1,48 @@
+//go:build e2e
+// +build e2e
+
+/*
+ * Copyright 2023 The Knative Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package e2e_new
+
+import (
+	"testing"
+	"time"
+
+	"knative.dev/eventing-kafka-broker/test/rekt/features"
+	"knative.dev/pkg/system"
+	"knative.dev/reconciler-test/pkg/environment"
+	"knative.dev/reconciler-test/pkg/eventshub"
+	"knative.dev/reconciler-test/pkg/k8s"
+	"knative.dev/reconciler-test/pkg/knative"
+)
+
+func TestBrokerTLSCARotation(t *testing.T) {
+	t.Parallel()
+
+	ctx, env := global.Environment(
+		knative.WithKnativeNamespace(system.Namespace()),
+		knative.WithLoggingConfig,
+		knative.WithTracingConfig,
+		k8s.WithEventListener,
+		environment.Managed(t),
+		eventshub.WithTLS(t),
+		environment.WithPollTimings(5*time.Second, 4*time.Minute),
+	)
+
+	env.Test(ctx, t, features.RotateBrokerTLSCertificates())
+}
diff --git a/test/reconciler-tests.sh b/test/reconciler-tests.sh
index 419afdd382..1aa9a5ba6d 100755
--- a/test/reconciler-tests.sh
+++ b/test/reconciler-tests.sh
@@ -48,6 +48,12 @@ go_test_e2e -tags=e2e,cloudevents -timeout=1h ./test/e2e_new_channel/... || fail
 
 go_test_e2e -tags=deletecm ./test/e2e_new/... || fail_test "E2E (new deletecm) suite failed"
 
+echo "Running E2E Reconciler Tests with strict transport encryption"
+
+kubectl apply -Rf "$(dirname "$0")/config-transport-encryption"
+
+go_test_e2e -timeout=1h ./test/e2e_new -run TLS || fail_test
+
 if ! ${LOCAL_DEVELOPMENT}; then
   go_test_e2e -tags=sacura -timeout=40m ./test/e2e/... || fail_test "E2E (sacura) suite failed"
 fi
diff --git a/test/rekt/features/broker_auth.go b/test/rekt/features/broker_auth.go
index f66f8edca4..24acf2706c 100644
--- a/test/rekt/features/broker_auth.go
+++ b/test/rekt/features/broker_auth.go
@@ -21,15 +21,19 @@ import (
 	"time"
 
 	"github.com/cloudevents/sdk-go/v2/test"
+
 	"github.com/google/uuid"
 	testpkg "knative.dev/eventing-kafka-broker/test/pkg"
 	"knative.dev/eventing-kafka-broker/test/rekt/resources/kafkaauthsecret"
+
 	"knative.dev/eventing/test/rekt/resources/broker"
 	"knative.dev/eventing/test/rekt/resources/trigger"
+
 	"knative.dev/reconciler-test/pkg/eventshub"
 	"knative.dev/reconciler-test/pkg/eventshub/assert"
 	"knative.dev/reconciler-test/pkg/feature"
 	"knative.dev/reconciler-test/pkg/manifest"
+
 	"knative.dev/reconciler-test/resources/svc"
 
 	brokerconfigmap "knative.dev/eventing-kafka-broker/test/rekt/resources/configmap/broker"
diff --git a/test/rekt/features/broker_tls.go b/test/rekt/features/broker_tls.go
new file mode 100644
index 0000000000..705693197b
--- /dev/null
+++ b/test/rekt/features/broker_tls.go
@@ -0,0 +1,111 @@
+/*
+ * Copyright 2023 The Knative Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package features
+
+import (
+	"context"
+	"time"
+
+	"k8s.io/apimachinery/pkg/types"
+	"knative.dev/eventing/test/rekt/resources/addressable"
+	"knative.dev/reconciler-test/resources/certificate"
+
+	testpkg "knative.dev/eventing-kafka-broker/test/pkg"
+
+	cetest "github.com/cloudevents/sdk-go/v2/test"
+	"github.com/google/uuid"
+
+	brokerconfigmap "knative.dev/eventing-kafka-broker/test/rekt/resources/configmap/broker"
+	"knative.dev/eventing/test/rekt/features/featureflags"
+	"knative.dev/eventing/test/rekt/resources/broker"
+	"knative.dev/eventing/test/rekt/resources/trigger"
+	"knative.dev/pkg/system"
+	"knative.dev/reconciler-test/pkg/eventshub"
+	"knative.dev/reconciler-test/pkg/eventshub/assert"
+	"knative.dev/reconciler-test/pkg/feature"
+	"knative.dev/reconciler-test/pkg/resources/service"
+)
+
+func RotateBrokerTLSCertificates() *feature.Feature {
+
+	ingressCertificateName := "kafka-broker-ingress-server-tls"
+	ingressSecretName := "kafka-broker-ingress-server-tls"
+
+	brokerName := feature.MakeRandomK8sName("broker")
+	triggerName := feature.MakeRandomK8sName("trigger")
+	sink := feature.MakeRandomK8sName("sink")
+	source := feature.MakeRandomK8sName("source")
+
+	f := feature.NewFeatureNamed("Rotate Kafka Broker TLS certificate")
+
+	brokerConfig := feature.MakeRandomK8sName("brokercfg")
+
+	f.Prerequisite("transport encryption is strict", featureflags.TransportEncryptionStrict())
+	f.Prerequisite("should not run when Istio is enabled", featureflags.IstioDisabled())
+
+	f.Setup("Create broker config", brokerconfigmap.Install(brokerConfig,
+		brokerconfigmap.WithNumPartitions(1),
+		brokerconfigmap.WithReplicationFactor(1),
+		brokerconfigmap.WithBootstrapServer(testpkg.BootstrapServersPlaintext)))
+
+	f.Setup("Rotate ingress certificate", certificate.Rotate(certificate.RotateCertificate{
+		Certificate: types.NamespacedName{
+			Namespace: system.Namespace(),
+			Name:      ingressCertificateName,
+		},
+	}))
+
+	f.Setup("install sink", eventshub.Install(sink, eventshub.StartReceiverTLS))
+	f.Setup("Install broker", broker.Install(brokerName, append(
+		broker.WithEnvConfig(),
+		broker.WithConfig(brokerConfig))...,
+	))
+	f.Setup("Broker is ready", broker.IsReady(brokerName))
+	f.Setup("install trigger", func(ctx context.Context, t feature.T) {
+		d := service.AsDestinationRef(sink)
+		d.CACerts = eventshub.GetCaCerts(ctx)
+		trigger.Install(triggerName, brokerName, trigger.WithSubscriberFromDestination(d))(ctx, t)
+	})
+	f.Setup("trigger is ready", trigger.IsReady(triggerName))
+	f.Setup("Broker has HTTPS address", broker.ValidateAddress(brokerName, addressable.AssertHTTPSAddress))
+
+	event := cetest.FullEvent()
+	event.SetID(uuid.New().String())
+
+	f.Requirement("install source", eventshub.Install(source,
+		eventshub.StartSenderToResourceTLS(broker.GVR(), brokerName, nil),
+		eventshub.InputEvent(event),
+		// Send multiple events so that we take into account that the certificate rotation might
+		// be detected by the server after some time.
+		eventshub.SendMultipleEvents(100, 3*time.Second),
+	))
+
+	f.Assert("Event sent", assert.OnStore(source).
+		MatchSentEvent(cetest.HasId(event.ID())).
+		AtLeast(1),
+	)
+	f.Assert("Event received", assert.OnStore(sink).
+		MatchReceivedEvent(cetest.HasId(event.ID())).
+		AtLeast(1),
+	)
+	f.Assert("Source match updated peer certificate", assert.OnStore(source).
+		MatchPeerCertificatesReceived(assert.MatchPeerCertificatesFromSecret(system.Namespace(), ingressSecretName, "tls.crt")).
+		AtLeast(1),
+	)
+
+	return f
+}
diff --git a/third_party/eventing-latest/eventing-core.yaml b/third_party/eventing-latest/eventing-core.yaml
index cc2a4457a1..15398089a8 100644
--- a/third_party/eventing-latest/eventing-core.yaml
+++ b/third_party/eventing-latest/eventing-core.yaml
@@ -16,7 +16,7 @@ kind: Namespace
 metadata:
   name: knative-eventing
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 
 ---
@@ -40,7 +40,7 @@ metadata:
   name: eventing-controller
   namespace: knative-eventing
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -48,7 +48,7 @@ kind: ClusterRoleBinding
 metadata:
   name: eventing-controller
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 subjects:
   - kind: ServiceAccount
@@ -64,7 +64,7 @@ kind: ClusterRoleBinding
 metadata:
   name: eventing-controller-resolver
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 subjects:
   - kind: ServiceAccount
@@ -80,7 +80,7 @@ kind: ClusterRoleBinding
 metadata:
   name: eventing-controller-source-observer
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 subjects:
   - kind: ServiceAccount
@@ -96,7 +96,7 @@ kind: ClusterRoleBinding
 metadata:
   name: eventing-controller-sources-controller
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 subjects:
   - kind: ServiceAccount
@@ -112,7 +112,7 @@ kind: ClusterRoleBinding
 metadata:
   name: eventing-controller-manipulator
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 subjects:
   - kind: ServiceAccount
@@ -144,7 +144,7 @@ metadata:
   name: pingsource-mt-adapter
   namespace: knative-eventing
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -152,7 +152,7 @@ kind: ClusterRoleBinding
 metadata:
   name: knative-eventing-pingsource-mt-adapter
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 subjects:
   - kind: ServiceAccount
@@ -184,7 +184,7 @@ metadata:
   name: eventing-webhook
   namespace: knative-eventing
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -192,7 +192,7 @@ kind: ClusterRoleBinding
 metadata:
   name: eventing-webhook
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 subjects:
   - kind: ServiceAccount
@@ -209,7 +209,7 @@ metadata:
   namespace: knative-eventing
   name: eventing-webhook
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 subjects:
   - kind: ServiceAccount
@@ -225,7 +225,7 @@ kind: ClusterRoleBinding
 metadata:
   name: eventing-webhook-resolver
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 subjects:
   - kind: ServiceAccount
@@ -241,7 +241,7 @@ kind: ClusterRoleBinding
 metadata:
   name: eventing-webhook-podspecable-binding
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 subjects:
   - kind: ServiceAccount
@@ -273,7 +273,7 @@ metadata:
   name: config-br-default-channel
   namespace: knative-eventing
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 data:
   channel-template-spec: |
@@ -301,7 +301,7 @@ metadata:
   name: config-br-defaults
   namespace: knative-eventing
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 data:
   # Configures the default for any Broker that does not specify a spec.config or Broker class.
@@ -338,7 +338,7 @@ metadata:
   name: default-ch-webhook
   namespace: knative-eventing
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 data:
   # Configuration for defaulting channels that do not specify CRD implementations.
@@ -374,7 +374,7 @@ metadata:
   labels:
   annotations:
     knative.dev/example-checksum: "9185c153"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 data:
   _example: |
@@ -420,7 +420,7 @@ metadata:
   labels:
     knative.dev/config-propagation: original
     knative.dev/config-category: eventing
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 data:
   # ALPHA feature: The kreference-group allows you to use the Group field in KReferences.
@@ -515,7 +515,7 @@ metadata:
   name: config-leader-election
   namespace: knative-eventing
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   annotations:
     knative.dev/example-checksum: "f7948630"
@@ -578,7 +578,7 @@ metadata:
   labels:
     knative.dev/config-propagation: original
     knative.dev/config-category: eventing
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 data:
   # Common configuration for all Knative codebase
@@ -631,7 +631,7 @@ metadata:
   labels:
     knative.dev/config-propagation: original
     knative.dev/config-category: eventing
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   annotations:
     knative.dev/example-checksum: "f46cf09d"
@@ -705,7 +705,7 @@ metadata:
   name: config-sugar
   namespace: knative-eventing
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   annotations:
     knative.dev/example-checksum: "62dfac6f"
@@ -764,7 +764,7 @@ metadata:
   labels:
     knative.dev/config-propagation: original
     knative.dev/config-category: eventing
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   annotations:
     knative.dev/example-checksum: "0492ceb0"
@@ -821,7 +821,7 @@ metadata:
   labels:
     knative.dev/high-availability: "true"
     app.kubernetes.io/component: eventing-controller
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   selector:
@@ -832,7 +832,7 @@ spec:
       labels:
         app: eventing-controller
         app.kubernetes.io/component: eventing-controller
-        app.kubernetes.io/version: "20230726-6bfc2d4ae"
+        app.kubernetes.io/version: "1.11.6"
         app.kubernetes.io/name: knative-eventing
     spec:
       # To avoid node becoming SPOF, spread our replicas to different nodes.
@@ -850,7 +850,7 @@ spec:
       containers:
         - name: eventing-controller
           terminationMessagePolicy: FallbackToLogsOnError
-          image: gcr.io/knative-nightly/knative.dev/eventing/cmd/controller@sha256:2137eae87ac64b385e352c89cde3583447c97c9c107eed23f6f46f25a051e12f
+          image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:122fc0b583f437aa5a20cb38c0f201dc00bf2300b3ff06ba6d7e4df5ad7cd56e
           resources:
             requests:
               cpu: 100m
@@ -868,7 +868,7 @@ spec:
               value: knative.dev/eventing
             # APIServerSource
             - name: APISERVER_RA_IMAGE
-              value: gcr.io/knative-nightly/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:8634dd4f489dd941604e7bad43933a4a1a75e152a9877a496193fc0b6352f7f4
+              value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:0a4e0544667cf729acf82b41b60c0eff1f2e9f420fe5ff4940fe6ca0c0d072b0
             - name: POD_NAME
               valueFrom:
                 fieldRef:
@@ -938,7 +938,7 @@ metadata:
   namespace: knative-eventing
   labels:
     app.kubernetes.io/component: pingsource-mt-adapter
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   # when set to 0 (and only 0) will be set to 1 when the first PingSource is created.
@@ -952,7 +952,7 @@ spec:
       labels:
         !!merge <<: *labels
         app.kubernetes.io/component: pingsource-mt-adapter
-        app.kubernetes.io/version: "20230726-6bfc2d4ae"
+        app.kubernetes.io/version: "1.11.6"
         app.kubernetes.io/name: knative-eventing
     spec:
       affinity:
@@ -966,7 +966,7 @@ spec:
       enableServiceLinks: false
       containers:
         - name: dispatcher
-          image: gcr.io/knative-nightly/knative.dev/eventing/cmd/mtping@sha256:826291b1a7c6cf21539b8b8a6b6864c76a46bd7d2a368725fd4fdb2987dbd140
+          image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:a48882d58e7b0ecb25185f3a148e271a5808d35c5dbc7a1172da5fda82c7e887
           env:
             - name: SYSTEM_NAMESPACE
               value: ''
@@ -1040,7 +1040,7 @@ metadata:
   namespace: knative-eventing
   labels:
     app.kubernetes.io/component: eventing-webhook
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   scaleTargetRef:
@@ -1065,7 +1065,7 @@ metadata:
   namespace: knative-eventing
   labels:
     app.kubernetes.io/component: eventing-webhook
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   minAvailable: 80%
@@ -1095,7 +1095,7 @@ metadata:
   namespace: knative-eventing
   labels:
     app.kubernetes.io/component: eventing-webhook
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   selector:
@@ -1107,7 +1107,7 @@ spec:
       labels:
         !!merge <<: *labels
         app.kubernetes.io/component: eventing-webhook
-        app.kubernetes.io/version: "20230726-6bfc2d4ae"
+        app.kubernetes.io/version: "1.11.6"
         app.kubernetes.io/name: knative-eventing
     spec:
       # To avoid node becoming SPOF, spread our replicas to different nodes.
@@ -1127,7 +1127,7 @@ spec:
           terminationMessagePolicy: FallbackToLogsOnError
           # This is the Go import path for the binary that is containerized
           # and substituted here.
-          image: gcr.io/knative-nightly/knative.dev/eventing/cmd/webhook@sha256:b2252afe0202a942c6f521ab876354161b6c5050f16cc4397cb9b4ff404f08f5
+          image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:4fdaf38d671416f627bee2a0ac1b0f29ca1b2fe2ece86760656ee824e67e614c
           resources:
             requests:
               # taken from serving.
@@ -1200,7 +1200,7 @@ metadata:
   labels:
     role: eventing-webhook
     app.kubernetes.io/component: eventing-webhook
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   name: eventing-webhook
   namespace: knative-eventing
@@ -1235,18 +1235,36 @@ metadata:
     eventing.knative.dev/source: "true"
     duck.knative.dev/source: "true"
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   annotations:
-    # TODO add schemas and descriptions
+    # TODO add schemas
     registry.knative.dev/eventTypes: |
       [
-        { "type": "dev.knative.apiserver.resource.add" },
-        { "type": "dev.knative.apiserver.resource.delete" },
-        { "type": "dev.knative.apiserver.resource.update" },
-        { "type": "dev.knative.apiserver.ref.add" },
-        { "type": "dev.knative.apiserver.ref.delete" },
-        { "type": "dev.knative.apiserver.ref.update" }
+        {
+          "type": "dev.knative.apiserver.resource.add",
+          "description": "CloudEvent type used for add operations when in Resource mode"
+        },
+        {
+          "type": "dev.knative.apiserver.resource.delete",
+          "description": "CloudEvent type used for delete operations when in Resource mode"
+        },
+        {
+          "type": "dev.knative.apiserver.resource.update",
+          "description": "CloudEvent type used for update operations when in Resource mode"
+        },
+        {
+          "type": "dev.knative.apiserver.ref.add",
+          "description": "CloudEvent type used for add operations when in Reference mode"
+        },
+        {
+          "type": "dev.knative.apiserver.ref.delete",
+          "description": "CloudEvent type used for delete operations when in Reference mode"
+        },
+        {
+          "type": "dev.knative.apiserver.ref.update",
+          "description": "CloudEvent type used for update operations when in Reference mode"
+        }
       ]
   name: apiserversources.sources.knative.dev
 spec:
@@ -1485,7 +1503,7 @@ metadata:
   labels:
     knative.dev/crd-install: "true"
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: eventing.knative.dev
@@ -1569,8 +1587,24 @@ spec:
                   description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh.
                   type: object
                   properties:
+                    name:
+                      type: string
                     url:
                       type: string
+                    CACerts:
+                      type: string
+                addresses:
+                  description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh.
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      name:
+                        type: string
+                      url:
+                        type: string
+                      CACerts:
+                        type: string
                 annotations:
                   description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                   type: object
@@ -1662,7 +1696,7 @@ metadata:
     knative.dev/crd-install: "true"
     messaging.knative.dev/subscribable: "true"
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: messaging.knative.dev
@@ -1817,10 +1851,27 @@ spec:
               type: object
               properties:
                 address:
+                  description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh.
                   type: object
                   properties:
+                    name:
+                      type: string
                     url:
                       type: string
+                    CACerts:
+                      type: string
+                addresses:
+                  description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh.
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      name:
+                        type: string
+                      url:
+                        type: string
+                      CACerts:
+                        type: string
                 annotations:
                   description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                   type: object
@@ -1948,7 +1999,7 @@ metadata:
     eventing.knative.dev/source: "true"
     duck.knative.dev/source: "true"
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   name: containersources.sources.knative.dev
 spec:
@@ -2105,7 +2156,7 @@ metadata:
   name: eventtypes.eventing.knative.dev
   labels:
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: eventing.knative.dev
@@ -2266,7 +2317,7 @@ metadata:
   labels:
     knative.dev/crd-install: "true"
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: flows.knative.dev
@@ -2372,10 +2423,27 @@ spec:
               type: object
               properties:
                 address:
+                  description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel.
                   type: object
                   properties:
+                    name:
+                      type: string
                     url:
                       type: string
+                    CACerts:
+                      type: string
+                addresses:
+                  description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel.
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      name:
+                        type: string
+                      url:
+                        type: string
+                      CACerts:
+                        type: string
                 annotations:
                   description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                   type: object
@@ -2524,13 +2592,16 @@ metadata:
     eventing.knative.dev/source: "true"
     duck.knative.dev/source: "true"
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   annotations:
-    # TODO add schemas and descriptions
+    # TODO add schema
     registry.knative.dev/eventTypes: |
       [
-        { "type": "dev.knative.sources.ping" }
+        {
+          "type": "dev.knative.sources.ping",
+          "description": "CloudEvent type for fixed payloads on a specified cron schedule"
+        }
       ]
   name: pingsources.sources.knative.dev
 spec:
@@ -2719,7 +2790,7 @@ metadata:
   labels:
     knative.dev/crd-install: "true"
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: flows.knative.dev
@@ -2849,10 +2920,27 @@ spec:
               type: object
               properties:
                 address:
+                  description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence.
                   type: object
                   properties:
+                    name:
+                      type: string
                     url:
                       type: string
+                    CACerts:
+                      type: string
+                addresses:
+                  description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence.
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      name:
+                        type: string
+                      url:
+                        type: string
+                      CACerts:
+                        type: string
                 annotations:
                   description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                   type: object
@@ -3046,7 +3134,7 @@ metadata:
     duck.knative.dev/source: "true"
     duck.knative.dev/binding: "true"
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   name: sinkbindings.sources.knative.dev
 spec:
@@ -3240,7 +3328,7 @@ metadata:
   name: subscriptions.messaging.knative.dev
   labels:
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: messaging.knative.dev
@@ -3363,6 +3451,9 @@ spec:
                     uri:
                       description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
                       type: string
+                    CACerts:
+                      description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink.
+                      type: string
             status:
               type: object
               properties:
@@ -3466,7 +3557,7 @@ metadata:
   name: triggers.eventing.knative.dev
   labels:
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: eventing.knative.dev
@@ -3662,7 +3753,7 @@ kind: ClusterRole
 metadata:
   name: addressable-resolver
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 aggregationRule:
   clusterRoleSelectors:
@@ -3676,7 +3767,7 @@ metadata:
   name: service-addressable-resolver
   labels:
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 # Do not use this role directly. These rules will be added to the "addressable-resolver" role.
 rules:
@@ -3695,7 +3786,7 @@ metadata:
   name: serving-addressable-resolver
   labels:
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 # Do not use this role directly. These rules will be added to the "addressable-resolver" role.
 rules:
@@ -3717,7 +3808,7 @@ metadata:
   name: channel-addressable-resolver
   labels:
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 # Do not use this role directly. These rules will be added to the "addressable-resolver" role.
 rules:
@@ -3743,7 +3834,7 @@ metadata:
   name: broker-addressable-resolver
   labels:
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 # Do not use this role directly. These rules will be added to the "addressable-resolver" role.
 rules:
@@ -3763,7 +3854,7 @@ metadata:
   name: flows-addressable-resolver
   labels:
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 # Do not use this role directly. These rules will be added to the "addressable-resolver" role.
 rules:
@@ -3799,7 +3890,7 @@ kind: ClusterRole
 metadata:
   name: eventing-broker-filter
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups:
@@ -3825,7 +3916,7 @@ kind: ClusterRole
 metadata:
   name: eventing-broker-ingress
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups:
@@ -3842,7 +3933,7 @@ kind: ClusterRole
 metadata:
   name: eventing-config-reader
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups:
@@ -3875,7 +3966,7 @@ kind: ClusterRole
 metadata:
   name: channelable-manipulator
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 aggregationRule:
   clusterRoleSelectors:
@@ -3889,7 +3980,7 @@ metadata:
   name: meta-channelable-manipulator
   labels:
     duck.knative.dev/channelable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 # Do not use this role directly. These rules will be added to the "channelable-manipulator" role.
 rules:
@@ -3928,7 +4019,7 @@ metadata:
   name: knative-eventing-namespaced-admin
   labels:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups: ["eventing.knative.dev"]
@@ -3941,7 +4032,7 @@ metadata:
   name: knative-messaging-namespaced-admin
   labels:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups: ["messaging.knative.dev"]
@@ -3954,7 +4045,7 @@ metadata:
   name: knative-flows-namespaced-admin
   labels:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups: ["flows.knative.dev"]
@@ -3967,7 +4058,7 @@ metadata:
   name: knative-sources-namespaced-admin
   labels:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups: ["sources.knative.dev"]
@@ -3980,7 +4071,7 @@ metadata:
   name: knative-bindings-namespaced-admin
   labels:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups: ["bindings.knative.dev"]
@@ -3992,8 +4083,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: knative-eventing-namespaced-edit
   labels:
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"]
@@ -4006,7 +4097,7 @@ metadata:
   name: knative-eventing-namespaced-view
   labels:
     rbac.authorization.k8s.io/aggregate-to-view: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"]
@@ -4033,7 +4124,7 @@ kind: ClusterRole
 metadata:
   name: knative-eventing-controller
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups:
@@ -4168,7 +4259,7 @@ kind: ClusterRole
 metadata:
   name: knative-eventing-pingsource-mt-adapter
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups:
@@ -4235,7 +4326,7 @@ kind: ClusterRole
 metadata:
   name: podspecable-binding
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 aggregationRule:
   clusterRoleSelectors:
@@ -4249,7 +4340,7 @@ metadata:
   name: builtin-podspecable-binding
   labels:
     duck.knative.dev/podspecable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 # Do not use this role directly. These rules will be added to the "podspecable-binding role.
 rules:
@@ -4295,7 +4386,7 @@ kind: ClusterRole
 metadata:
   name: source-observer
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 aggregationRule:
   clusterRoleSelectors:
@@ -4309,7 +4400,7 @@ metadata:
   name: eventing-sources-source-observer
   labels:
     duck.knative.dev/source: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 # Do not use this role directly. These rules will be added to the "source-observer" role.
 rules:
@@ -4345,7 +4436,7 @@ kind: ClusterRole
 metadata:
   name: knative-eventing-sources-controller
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   - apiGroups:
@@ -4431,7 +4522,7 @@ kind: ClusterRole
 metadata:
   name: knative-eventing-webhook
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   # For watching logging configuration and getting certs.
@@ -4541,7 +4632,7 @@ metadata:
   namespace: knative-eventing
   name: knative-eventing-webhook
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 rules:
   # For manipulating certs into secrets.
@@ -4577,7 +4668,7 @@ kind: ValidatingWebhookConfiguration
 metadata:
   name: config.webhook.eventing.knative.dev
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 webhooks:
   - admissionReviewVersions: ["v1", "v1beta1"]
@@ -4612,7 +4703,7 @@ kind: MutatingWebhookConfiguration
 metadata:
   name: webhook.eventing.knative.dev
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 webhooks:
   - admissionReviewVersions: ["v1", "v1beta1"]
@@ -4645,7 +4736,7 @@ kind: ValidatingWebhookConfiguration
 metadata:
   name: validation.webhook.eventing.knative.dev
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 webhooks:
   - admissionReviewVersions: ["v1", "v1beta1"]
@@ -4679,7 +4770,7 @@ metadata:
   name: eventing-webhook-certs
   namespace: knative-eventing
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 # The data is populated at install time.
 
@@ -4703,7 +4794,7 @@ kind: MutatingWebhookConfiguration
 metadata:
   name: sinkbindings.webhook.sources.knative.dev
   labels:
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 webhooks:
   - admissionReviewVersions: ["v1", "v1beta1"]
diff --git a/third_party/eventing-latest/eventing-crds.yaml b/third_party/eventing-latest/eventing-crds.yaml
index 0594593323..11c247ae8b 100644
--- a/third_party/eventing-latest/eventing-crds.yaml
+++ b/third_party/eventing-latest/eventing-crds.yaml
@@ -20,18 +20,36 @@ metadata:
     eventing.knative.dev/source: "true"
     duck.knative.dev/source: "true"
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   annotations:
-    # TODO add schemas and descriptions
+    # TODO add schemas
     registry.knative.dev/eventTypes: |
       [
-        { "type": "dev.knative.apiserver.resource.add" },
-        { "type": "dev.knative.apiserver.resource.delete" },
-        { "type": "dev.knative.apiserver.resource.update" },
-        { "type": "dev.knative.apiserver.ref.add" },
-        { "type": "dev.knative.apiserver.ref.delete" },
-        { "type": "dev.knative.apiserver.ref.update" }
+        {
+          "type": "dev.knative.apiserver.resource.add",
+          "description": "CloudEvent type used for add operations when in Resource mode"
+        },
+        {
+          "type": "dev.knative.apiserver.resource.delete",
+          "description": "CloudEvent type used for delete operations when in Resource mode"
+        },
+        {
+          "type": "dev.knative.apiserver.resource.update",
+          "description": "CloudEvent type used for update operations when in Resource mode"
+        },
+        {
+          "type": "dev.knative.apiserver.ref.add",
+          "description": "CloudEvent type used for add operations when in Reference mode"
+        },
+        {
+          "type": "dev.knative.apiserver.ref.delete",
+          "description": "CloudEvent type used for delete operations when in Reference mode"
+        },
+        {
+          "type": "dev.knative.apiserver.ref.update",
+          "description": "CloudEvent type used for update operations when in Reference mode"
+        }
       ]
   name: apiserversources.sources.knative.dev
 spec:
@@ -270,7 +288,7 @@ metadata:
   labels:
     knative.dev/crd-install: "true"
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: eventing.knative.dev
@@ -354,8 +372,24 @@ spec:
                   description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh.
                   type: object
                   properties:
+                    name:
+                      type: string
                     url:
                       type: string
+                    CACerts:
+                      type: string
+                addresses:
+                  description: Broker is Addressable. It exposes the endpoints as URIs to get events delivered into the Broker mesh.
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      name:
+                        type: string
+                      url:
+                        type: string
+                      CACerts:
+                        type: string
                 annotations:
                   description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                   type: object
@@ -447,7 +481,7 @@ metadata:
     knative.dev/crd-install: "true"
     messaging.knative.dev/subscribable: "true"
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: messaging.knative.dev
@@ -602,10 +636,27 @@ spec:
               type: object
               properties:
                 address:
+                  description: Channel is Addressable. It exposes the endpoint as an URI to get events delivered into the Channel mesh.
                   type: object
                   properties:
+                    name:
+                      type: string
                     url:
                       type: string
+                    CACerts:
+                      type: string
+                addresses:
+                  description: Channel is Addressable. It exposes the endpoints as URIs to get events delivered into the Channel mesh.
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      name:
+                        type: string
+                      url:
+                        type: string
+                      CACerts:
+                        type: string
                 annotations:
                   description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                   type: object
@@ -733,7 +784,7 @@ metadata:
     eventing.knative.dev/source: "true"
     duck.knative.dev/source: "true"
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   name: containersources.sources.knative.dev
 spec:
@@ -890,7 +941,7 @@ metadata:
   name: eventtypes.eventing.knative.dev
   labels:
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: eventing.knative.dev
@@ -1051,7 +1102,7 @@ metadata:
   labels:
     knative.dev/crd-install: "true"
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: flows.knative.dev
@@ -1157,10 +1208,27 @@ spec:
               type: object
               properties:
                 address:
+                  description: Parallel is Addressable. It exposes the endpoint as an URI to get events delivered into the Parallel.
                   type: object
                   properties:
+                    name:
+                      type: string
                     url:
                       type: string
+                    CACerts:
+                      type: string
+                addresses:
+                  description: Parallel is Addressable. It exposes the endpoints as URIs to get events delivered into the Parallel.
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      name:
+                        type: string
+                      url:
+                        type: string
+                      CACerts:
+                        type: string
                 annotations:
                   description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                   type: object
@@ -1309,13 +1377,16 @@ metadata:
     eventing.knative.dev/source: "true"
     duck.knative.dev/source: "true"
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   annotations:
-    # TODO add schemas and descriptions
+    # TODO add schema
     registry.knative.dev/eventTypes: |
       [
-        { "type": "dev.knative.sources.ping" }
+        {
+          "type": "dev.knative.sources.ping",
+          "description": "CloudEvent type for fixed payloads on a specified cron schedule"
+        }
       ]
   name: pingsources.sources.knative.dev
 spec:
@@ -1504,7 +1575,7 @@ metadata:
   labels:
     knative.dev/crd-install: "true"
     duck.knative.dev/addressable: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: flows.knative.dev
@@ -1634,10 +1705,27 @@ spec:
               type: object
               properties:
                 address:
+                  description: Sequence is Addressable. It exposes the endpoint as an URI to get events delivered into the Sequence.
                   type: object
                   properties:
+                    name:
+                      type: string
                     url:
                       type: string
+                    CACerts:
+                      type: string
+                addresses:
+                  description: Sequence is Addressable. It exposes the endpoints as URIs to get events delivered into the Sequence.
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      name:
+                        type: string
+                      url:
+                        type: string
+                      CACerts:
+                        type: string
                 annotations:
                   description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
                   type: object
@@ -1831,7 +1919,7 @@ metadata:
     duck.knative.dev/source: "true"
     duck.knative.dev/binding: "true"
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
   name: sinkbindings.sources.knative.dev
 spec:
@@ -2025,7 +2113,7 @@ metadata:
   name: subscriptions.messaging.knative.dev
   labels:
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: messaging.knative.dev
@@ -2148,6 +2236,9 @@ spec:
                     uri:
                       description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.
                       type: string
+                    CACerts:
+                      description: Certification Authority (CA) certificates in PEM format that the subscription trusts when sending events to the sink.
+                      type: string
             status:
               type: object
               properties:
@@ -2251,7 +2342,7 @@ metadata:
   name: triggers.eventing.knative.dev
   labels:
     knative.dev/crd-install: "true"
-    app.kubernetes.io/version: "20230726-6bfc2d4ae"
+    app.kubernetes.io/version: "1.11.6"
     app.kubernetes.io/name: knative-eventing
 spec:
   group: eventing.knative.dev
diff --git a/third_party/eventing-latest/eventing-tls-networking.yaml b/third_party/eventing-latest/eventing-tls-networking.yaml
index 5e4c7069f4..223fe89286 100644
--- a/third_party/eventing-latest/eventing-tls-networking.yaml
+++ b/third_party/eventing-latest/eventing-tls-networking.yaml
@@ -91,12 +91,12 @@ spec:
     labels:
       app.kubernetes.io/component: imc-dispatcher
       app.kubernetes.io/name: knative-eventing
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1
@@ -104,6 +104,7 @@ spec:
     rotationPolicy: Always
   dnsNames:
     - imc-dispatcher.knative-eventing.svc.cluster.local
+    - imc-dispatcher.knative-eventing.svc
   issuerRef:
     name: selfsigned-ca-issuer
     kind: Issuer
@@ -136,12 +137,12 @@ spec:
     labels:
       app.kubernetes.io/component: broker-filter
       app.kubernetes.io/name: knative-eventing
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1
@@ -149,6 +150,7 @@ spec:
     rotationPolicy: Always
   dnsNames:
     - broker-filter.knative-eventing.svc.cluster.local
+    - broker-filter.knative-eventing.svc
   issuerRef:
     name: selfsigned-ca-issuer
     kind: Issuer
@@ -181,12 +183,12 @@ spec:
     labels:
       app.kubernetes.io/component: broker-ingress
       app.kubernetes.io/name: knative-eventing
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
+  # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
   subject:
     organizations:
       - local
-  isCA: false
   privateKey:
     algorithm: RSA
     encoding: PKCS1
@@ -194,6 +196,7 @@ spec:
     rotationPolicy: Always
   dnsNames:
     - broker-ingress.knative-eventing.svc.cluster.local
+    - broker-ingress.knative-eventing.svc
   issuerRef:
     name: selfsigned-ca-issuer
     kind: Issuer
diff --git a/third_party/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go b/third_party/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go
index e876e133e6..afec97540f 100644
--- a/third_party/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go
+++ b/third_party/pkg/client/injection/informers/factory/filtered/fake/fake_filtered_factory.go
@@ -45,14 +45,15 @@ func withInformerFactory(ctx context.Context) context.Context {
 	}
 	labelSelectors := untyped.([]string)
 	for _, selector := range labelSelectors {
+		selectorVal := selector
 		opts := []externalversions.SharedInformerOption{}
 		if injection.HasNamespaceScope(ctx) {
 			opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx)))
 		}
 		opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) {
-			l.LabelSelector = selector
+			l.LabelSelector = selectorVal
 		}))
-		ctx = context.WithValue(ctx, filtered.Key{Selector: selector},
+		ctx = context.WithValue(ctx, filtered.Key{Selector: selectorVal},
 			externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...))
 	}
 	return ctx
diff --git a/third_party/pkg/client/injection/informers/factory/filtered/filtered_factory.go b/third_party/pkg/client/injection/informers/factory/filtered/filtered_factory.go
index 3417bd55eb..863d940ff8 100644
--- a/third_party/pkg/client/injection/informers/factory/filtered/filtered_factory.go
+++ b/third_party/pkg/client/injection/informers/factory/filtered/filtered_factory.go
@@ -53,14 +53,15 @@ func withInformerFactory(ctx context.Context) context.Context {
 	}
 	labelSelectors := untyped.([]string)
 	for _, selector := range labelSelectors {
+		selectorVal := selector
 		opts := []externalversions.SharedInformerOption{}
 		if injection.HasNamespaceScope(ctx) {
 			opts = append(opts, externalversions.WithNamespace(injection.GetNamespaceScope(ctx)))
 		}
 		opts = append(opts, externalversions.WithTweakListOptions(func(l *v1.ListOptions) {
-			l.LabelSelector = selector
+			l.LabelSelector = selectorVal
 		}))
-		ctx = context.WithValue(ctx, Key{Selector: selector},
+		ctx = context.WithValue(ctx, Key{Selector: selectorVal},
 			externalversions.NewSharedInformerFactoryWithOptions(c, controller.GetResyncPeriod(ctx), opts...))
 	}
 	return ctx
diff --git a/vendor/knative.dev/eventing/pkg/apis/feature/features.go b/vendor/knative.dev/eventing/pkg/apis/feature/features.go
index b80542945e..33d3405f8a 100644
--- a/vendor/knative.dev/eventing/pkg/apis/feature/features.go
+++ b/vendor/knative.dev/eventing/pkg/apis/feature/features.go
@@ -51,11 +51,28 @@ const (
 // Missing entry in the map means feature is equal to feature not enabled.
 type Flags map[string]Flag
 
+func newDefaults() Flags {
+	return map[string]Flag{
+		KReferenceGroup:     Disabled,
+		DeliveryRetryAfter:  Disabled,
+		DeliveryTimeout:     Enabled,
+		KReferenceMapping:   Disabled,
+		NewTriggerFilters:   Enabled,
+		TransportEncryption: Disabled,
+		EvenTypeAutoCreate:  Disabled,
+	}
+}
+
 // IsEnabled returns true if the feature is enabled
 func (e Flags) IsEnabled(featureName string) bool {
 	return e != nil && e[featureName] == Enabled
 }
 
+// IsDisabled returns true if the feature is disabled
+func (e Flags) IsDisabled(featureName string) bool {
+	return e != nil && e[featureName] == Disabled
+}
+
 // IsAllowed returns true if the feature is enabled or allowed
 func (e Flags) IsAllowed(featureName string) bool {
 	return e.IsEnabled(featureName) || (e != nil && e[featureName] == Allowed)
@@ -82,7 +99,7 @@ func (e Flags) String() string {
 
 // NewFlagsConfigFromMap creates a Flags from the supplied Map
 func NewFlagsConfigFromMap(data map[string]string) (Flags, error) {
-	flags := Flags{}
+	flags := newDefaults()
 
 	for k, v := range data {
 		if strings.HasPrefix(k, "_") {
@@ -96,12 +113,12 @@ func NewFlagsConfigFromMap(data map[string]string) (Flags, error) {
 			flags[sanitizedKey] = Disabled
 		} else if strings.EqualFold(v, string(Enabled)) {
 			flags[sanitizedKey] = Enabled
-		} else if strings.EqualFold(v, string(Permissive)) {
+		} else if k == TransportEncryption && strings.EqualFold(v, string(Permissive)) {
 			flags[sanitizedKey] = Permissive
-		} else if strings.EqualFold(v, string(Strict)) {
+		} else if k == TransportEncryption && strings.EqualFold(v, string(Strict)) {
 			flags[sanitizedKey] = Strict
 		} else {
-			return Flags{}, fmt.Errorf("cannot parse the boolean flag '%s' = '%s'. Allowed values: [true, false]", k, v)
+			return flags, fmt.Errorf("cannot parse the feature flag '%s' = '%s'", k, v)
 		}
 	}
 
diff --git a/vendor/knative.dev/hack/library.sh b/vendor/knative.dev/hack/library.sh
index 889de55a55..0fcd831936 100644
--- a/vendor/knative.dev/hack/library.sh
+++ b/vendor/knative.dev/hack/library.sh
@@ -1007,3 +1007,4 @@ readonly KNATIVE_SERVING_RELEASE_CRDS="$(get_latest_knative_yaml_source "serving
 readonly KNATIVE_SERVING_RELEASE_CORE="$(get_latest_knative_yaml_source "serving" "serving-core")"
 readonly KNATIVE_NET_ISTIO_RELEASE="$(get_latest_knative_yaml_source "net-istio" "net-istio")"
 readonly KNATIVE_EVENTING_RELEASE="$(get_latest_knative_yaml_source "eventing" "eventing")"
+readonly KNATIVE_EVENTING_RELEASE_TLS="$(get_latest_knative_yaml_source "eventing" "eventing-tls-networking")"
diff --git a/vendor/knative.dev/hack/release.sh b/vendor/knative.dev/hack/release.sh
index 5d4f09a890..256ae40d0e 100644
--- a/vendor/knative.dev/hack/release.sh
+++ b/vendor/knative.dev/hack/release.sh
@@ -652,9 +652,34 @@ function publish_artifacts() {
   fi
   [[ -n "${RELEASE_GCS_BUCKET}" ]] && publish_to_gcs "${ARTIFACTS_TO_PUBLISH}"
   publish_to_github "${ARTIFACTS_TO_PUBLISH}"
+  set_latest_to_highest_semver
   banner "New release published successfully"
 }
 
+# Sets the github release with the highest semver to 'latest'
+function set_latest_to_highest_semver() {
+  if ! (( PUBLISH_TO_GITHUB )); then
+    return 0
+  fi
+  echo "Setting latest release to highest semver"
+  
+  local last_version release_id  # don't combine with assignment else $? will be 0
+
+  last_version="$(hub_tool -p release | cut -d'-' -f2 | grep '^v[0-9]\+\.[0-9]\+\.[0-9]\+$'| sort -r -V | head -1)"
+  if ! [[ $? -eq 0 ]]; then
+    abort "cannot list releases"
+  fi
+  
+  release_id="$(hub_tool api "/repos/${ORG_NAME}/${REPO_NAME}/releases/tags/knative-${last_version}" | jq .id)"
+  if [[ $? -ne 0 ]]; then
+    abort "cannot get relase id from github"
+  fi
+  
+  hub_tool api --method PATCH "/repos/knative/serving/releases/$release_id" \
+    -F make_latest=true > /dev/null || abort "error settomg $last_version to 'latest'"
+  echo "Github release ${last_version} set as 'latest'"
+}
+
 # Entry point for a release script.
 function main() {
   parse_flags "$@"
@@ -681,6 +706,8 @@ function main() {
   function_exists build_release || abort "function 'build_release()' not defined"
   [[ -x ${VALIDATION_TESTS} ]] || abort "test script '${VALIDATION_TESTS}' doesn't exist"
 
+  banner "Environment variables"
+  env
   # Log what will be done and where.
   banner "Release configuration"
   if which gcloud &>/dev/null ; then
diff --git a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/fake_filtered_factory.go b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/fake_filtered_factory.go
index c5a9f97286..1d099f2daf 100644
--- a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/fake_filtered_factory.go
+++ b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/fake_filtered_factory.go
@@ -116,14 +116,15 @@ func withInformerFactory(ctx {{.contextContext|raw}}) {{.contextContext|raw}} {
 	}
 	labelSelectors := untyped.([]string)
 	for _, selector := range labelSelectors {
+        selectorVal := selector
 		opts := []{{.informersSharedInformerOption|raw}}{}
 		if {{.injectionHasNamespace|raw}}(ctx) {
 			opts = append(opts, {{.informersWithNamespace|raw}}({{.injectionGetNamespace|raw}}(ctx)))
 		}		
 		opts = append(opts, {{.informersWithTweakListOptions|raw}}(func(l *{{.metav1ListOptions|raw}}) {
-			l.LabelSelector = selector
+			l.LabelSelector = selectorVal
 		}))
-		ctx = context.WithValue(ctx, {{.factoryKey|raw}}{Selector: selector},
+		ctx = context.WithValue(ctx, {{.factoryKey|raw}}{Selector: selectorVal},
 			{{.informersNewSharedInformerFactoryWithOptions|raw}}(c, {{.controllerGetResyncPeriod|raw}}(ctx), opts...))
 	}
 	return ctx
diff --git a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/filtered_factory.go b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/filtered_factory.go
index f829230622..d26fa16d65 100644
--- a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/filtered_factory.go
+++ b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/filtered_factory.go
@@ -117,14 +117,15 @@ func withInformerFactory(ctx {{.contextContext|raw}}) {{.contextContext|raw}} {
 	}
 	labelSelectors := untyped.([]string)
 	for _, selector := range labelSelectors {
+        selectorVal := selector
 		opts := []{{.informersSharedInformerOption|raw}}{}
 		if {{.injectionHasNamespace|raw}}(ctx) {
 			opts = append(opts, {{.informersWithNamespace|raw}}({{.injectionGetNamespace|raw}}(ctx)))
 		}	
 		opts = append(opts, {{.informersWithTweakListOptions|raw}}(func(l *{{.metav1ListOptions|raw}}) {
-			l.LabelSelector = selector
+			l.LabelSelector = selectorVal
 		}))
-		ctx = context.WithValue(ctx, Key{Selector: selector},
+		ctx = context.WithValue(ctx, Key{Selector: selectorVal},
 			{{.informersNewSharedInformerFactoryWithOptions|raw}}(c, {{.controllerGetResyncPeriod|raw}}(ctx), opts...))
 	}
 	return ctx
diff --git a/vendor/knative.dev/reconciler-test/pkg/environment/flags.go b/vendor/knative.dev/reconciler-test/pkg/environment/flags.go
index 59efc52e9a..80fda98629 100644
--- a/vendor/knative.dev/reconciler-test/pkg/environment/flags.go
+++ b/vendor/knative.dev/reconciler-test/pkg/environment/flags.go
@@ -21,8 +21,10 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"time"
 
 	"knative.dev/reconciler-test/pkg/feature"
+	"knative.dev/reconciler-test/pkg/state"
 )
 
 var (
@@ -34,6 +36,9 @@ var (
 
 	ipFilePath     = new(string)
 	teardownOnFail = new(bool)
+
+	pollTimeout  = new(time.Duration)
+	pollInterval = new(time.Duration)
 )
 
 // InitFlags registers the requirement and state filter flags supported by the
@@ -62,7 +67,8 @@ func InitFlags(fs *flag.FlagSet) {
 
 	fs.StringVar(ipFilePath, "images.producer.file", "", "file path for file-based image producer")
 	fs.StringVar(testNamespace, "environment.namespace", "", "Test namespace")
-
+	fs.DurationVar(pollTimeout, "poll.timeout", state.DefaultPollTimeout, "Poll timeout")
+	fs.DurationVar(pollInterval, "poll.interval", state.DefaultPollInterval, "Poll interval")
 	fs.BoolVar(teardownOnFail, "teardown.on.fail", false, "Set this flag to do teardown even if test fails.")
 }
 
diff --git a/vendor/knative.dev/reconciler-test/pkg/environment/magic.go b/vendor/knative.dev/reconciler-test/pkg/environment/magic.go
index a1808d8560..a0400bcb22 100644
--- a/vendor/knative.dev/reconciler-test/pkg/environment/magic.go
+++ b/vendor/knative.dev/reconciler-test/pkg/environment/magic.go
@@ -198,6 +198,7 @@ func (mr *MagicGlobalEnvironment) Environment(opts ...EnvOpts) (context.Context,
 	}
 
 	ctx := ContextWith(mr.c, env)
+	ctx = ContextWithPollTimings(ctx, *pollInterval, *pollTimeout)
 
 	for _, opt := range opts {
 		if nctx, err := opt(ctx, env); err != nil {
diff --git a/vendor/knative.dev/reconciler-test/pkg/environment/timings.go b/vendor/knative.dev/reconciler-test/pkg/environment/timings.go
index aac96e8281..bf4409b06c 100644
--- a/vendor/knative.dev/reconciler-test/pkg/environment/timings.go
+++ b/vendor/knative.dev/reconciler-test/pkg/environment/timings.go
@@ -19,37 +19,26 @@ package environment
 import (
 	"context"
 	"time"
+
+	"knative.dev/reconciler-test/pkg/state"
 )
 
+// this has been moved to state pkg to break cycle between environment and feature package,
+// keeping the consts here for backwards API compatibility
 const (
 	DefaultPollInterval = 3 * time.Second
 	DefaultPollTimeout  = 2 * time.Minute
 )
 
-type timingsKey struct{}
-type timingsType struct {
-	interval time.Duration
-	timeout  time.Duration
-}
-
-// PollTimingsFromContext will get the previously set poll timing from context,
-// or return the defaults if not found.
-// - values from from context.
-// - defaults.
+// ContextWithPollTimings returns a context with poll timings set
 func ContextWithPollTimings(ctx context.Context, interval, timeout time.Duration) context.Context {
-	return context.WithValue(ctx, timingsKey{}, timingsType{
-		interval: interval,
-		timeout:  timeout,
-	})
+	return state.ContextWithPollTimings(ctx, interval, timeout)
 }
 
 // PollTimingsFromContext will get the previously set poll timing from context,
 // or return the defaults if not found.
-// - values from from context.
+// - values from context.
 // - defaults.
 func PollTimingsFromContext(ctx context.Context) (time.Duration, time.Duration) {
-	if t, ok := ctx.Value(timingsKey{}).(timingsType); ok {
-		return t.interval, t.timeout
-	}
-	return DefaultPollInterval, DefaultPollTimeout
+	return state.PollTimingsFromContext(ctx)
 }
diff --git a/vendor/knative.dev/reconciler-test/pkg/feature/feature.go b/vendor/knative.dev/reconciler-test/pkg/feature/feature.go
index 4113bc3d0d..0d454c5172 100644
--- a/vendor/knative.dev/reconciler-test/pkg/feature/feature.go
+++ b/vendor/knative.dev/reconciler-test/pkg/feature/feature.go
@@ -23,7 +23,6 @@ import (
 	"runtime"
 	"strings"
 	"sync"
-	"time"
 
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -32,7 +31,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"knative.dev/pkg/apis"
 	"knative.dev/pkg/injection/clients/dynamicclient"
-
 	"knative.dev/reconciler-test/pkg/state"
 )
 
@@ -229,7 +227,8 @@ func DeleteResources(ctx context.Context, t T, refs []corev1.ObjectReference) er
 
 	var lastResource corev1.ObjectReference // One still present resource
 
-	err := wait.Poll(time.Second, 4*time.Minute, func() (bool, error) {
+	interval, timeout := state.PollTimingsFromContext(ctx)
+	err := wait.Poll(interval, timeout, func() (bool, error) {
 		for _, ref := range refs {
 			gv, err := schema.ParseGroupVersion(ref.APIVersion)
 			if err != nil {
diff --git a/vendor/knative.dev/reconciler-test/pkg/state/timings.go b/vendor/knative.dev/reconciler-test/pkg/state/timings.go
new file mode 100644
index 0000000000..5a79de9e10
--- /dev/null
+++ b/vendor/knative.dev/reconciler-test/pkg/state/timings.go
@@ -0,0 +1,52 @@
+/*
+Copyright 2021 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package state
+
+import (
+	"context"
+	"time"
+)
+
+const (
+	DefaultPollInterval = 3 * time.Second
+	DefaultPollTimeout  = 2 * time.Minute
+)
+
+type timingsKey struct{}
+type timingsType struct {
+	interval time.Duration
+	timeout  time.Duration
+}
+
+// ContextWithPollTimings returns a context with poll timings set
+func ContextWithPollTimings(ctx context.Context, interval, timeout time.Duration) context.Context {
+	return context.WithValue(ctx, timingsKey{}, timingsType{
+		interval: interval,
+		timeout:  timeout,
+	})
+}
+
+// PollTimingsFromContext will get the previously set poll timing from context,
+// or return the defaults if not found.
+// - values from  context.
+// - defaults.
+func PollTimingsFromContext(ctx context.Context) (time.Duration, time.Duration) {
+	if t, ok := ctx.Value(timingsKey{}).(timingsType); ok {
+		return t.interval, t.timeout
+	}
+	panic("no poll timings found in context")
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 8d2255ea99..51661e3759 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1266,7 +1266,7 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.38.5
+# knative.dev/eventing v0.38.7-0.20231114105650-05b92c7f910a
 ## explicit; go 1.19
 knative.dev/eventing/cmd/event_display
 knative.dev/eventing/cmd/heartbeats
@@ -1422,11 +1422,11 @@ knative.dev/eventing/test/upgrade/prober/wathola/fetcher
 knative.dev/eventing/test/upgrade/prober/wathola/forwarder
 knative.dev/eventing/test/upgrade/prober/wathola/receiver
 knative.dev/eventing/test/upgrade/prober/wathola/sender
-# knative.dev/hack v0.0.0-20230712131415-ddae80293c43
+# knative.dev/hack v0.0.0-20231123073118-c0f04e812cfe
 ## explicit; go 1.18
 knative.dev/hack
 knative.dev/hack/shell
-# knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626
+# knative.dev/pkg v0.0.0-20231103161548-f5b42e8dea44
 ## explicit; go 1.18
 knative.dev/pkg/apiextensions/storageversion
 knative.dev/pkg/apiextensions/storageversion/cmd/migrate
@@ -1540,7 +1540,7 @@ knative.dev/pkg/webhook/json
 knative.dev/pkg/webhook/resourcesemantics
 knative.dev/pkg/webhook/resourcesemantics/defaulting
 knative.dev/pkg/webhook/resourcesemantics/validation
-# knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2
+# knative.dev/reconciler-test v0.0.0-20231121134246-52a86c40f40c
 ## explicit; go 1.18
 knative.dev/reconciler-test/cmd/eventshub
 knative.dev/reconciler-test/pkg/environment