Releases: flatcar/scripts
Releases · flatcar/scripts
stable-3815.2.2
Changes since Stable 3815.2.1
Security fixes:
- Linux (CVE-2023-28746, CVE-2023-47233, CVE-2023-52639, CVE-2023-6270, CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24861, CVE-2024-26584, CVE-2024-26585, CVE-2024-26642, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26686, CVE-2024-26700, CVE-2024-26809)
- Downgraded xz-utils to 5.4.2 as precaution even though Flatcar is not affected of the SSH backdoor (CVE-2024-3094)
- openssh (CVE-2023-48795, CVE-2023-51384, CVE-2023-51385)
Bug fixes:
- Disabled user-configdrive.service on OpenStack when config drive is used, which caused the hostname to be overwritten. The coreos-cloudinit.service unit already runs on OpenStack if the system is not configured via ignition. (Flatcar#1385)
- Fixed
toolbox
to prevent mountedctr
snapshots from being garbage-collected (toolbox#9)
Changes:
- Disabled real-time priority for multipathd as it prevents the cgroups2 cpu controller from working. (scripts#1771)
- SDK: Unified qemu image formats, so that the
qemu_uefi
build target provides the regularqemu
and theqemu_uefi_secure
artifacts (scripts#1847)
Updates:
lts-3510.3.3
Changes since LTS 3510.3.2
Security fixes:
- Linux (CVE-2023-52429, CVE-2023-52434, CVE-2023-52435, CVE-2023-52447, CVE-2023-52486, CVE-2023-52489, CVE-2023-52491, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52498, CVE-2023-52583, CVE-2023-52587, CVE-2023-52588, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52614, CVE-2023-52615, CVE-2023-52616, CVE-2023-52617, CVE-2023-52618, CVE-2023-52619, CVE-2023-52620, CVE-2023-52622, CVE-2023-52623, CVE-2023-52627, CVE-2023-52630, CVE-2023-52631, CVE-2023-52633, CVE-2023-52635, CVE-2023-52637, CVE-2023-52638, CVE-2023-52640, CVE-2023-52641, CVE-2023-6270, CVE-2023-7042, CVE-2024-0340, CVE-2024-0565, CVE-2024-0841, CVE-2024-1086, CVE-2024-1151, CVE-2024-22099, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-26592, CVE-2024-26593, CVE-2024-26594, CVE-2024-26600, CVE-2024-26601, CVE-2024-26602, CVE-2024-26603, CVE-2024-26606, CVE-2024-26608, CVE-2024-26610, CVE-2024-26614, CVE-2024-26615, CVE-2024-26622, CVE-2024-26625, CVE-2024-26627, CVE-2024-26635, CVE-2024-26636, CVE-2024-26640, CVE-2024-26641, CVE-2024-26644, CVE-2024-26645, CVE-2024-26651, CVE-2024-26659, CVE-2024-26660, CVE-2024-26663, CVE-2024-26664, CVE-2024-26665, CVE-2024-26668, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675, CVE-2024-26676, CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26688, CVE-2024-26689, CVE-2024-26696, CVE-2024-26697, CVE-2024-26698, CVE-2024-26702, CVE-2024-26704, CVE-2024-26707, CVE-2024-26712, CVE-2024-26715, CVE-2024-26717, CVE-2024-26720, CVE-2024-26727, CVE-2024-26733, CVE-2024-26735, CVE-2024-26736, CVE-2024-26737, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26748, CVE-2024-26749, CVE-2024-26751, CVE-2024-26752, CVE-2024-26754, CVE-2024-26763, CVE-2024-26764, CVE-2024-26766, CVE-2024-26769, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26774, CVE-2024-26776, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26782, CVE-2024-26787, CVE-2024-26788, CVE-2024-26790, CVE-2024-26791, CVE-2024-26793, CVE-2024-26795, CVE-2024-26798, CVE-2024-26801, CVE-2024-26802, CVE-2024-26803, CVE-2024-26804, CVE-2024-26805, CVE-2024-26808, CVE-2024-26809)
Bug fixes:
- Fixed
toolbox
to prevent mountedctr
snapshots from being garbage-collected (toolbox#9)
Changes:
- SDK: Unified qemu image formats, so that the
qemu_uefi
build target provides the regularqemu
and the `qemu...
beta-3913.1.0
Changes since Beta 3874.1.0
Security fixes:
- Downgraded xz-utils to 5.4.2 as precaution even though Flatcar is not affected of the SSH backdoor (CVE-2024-3094)
- coreutils (CVE-2024-0684)
- dnsmasq (CVE-2023-28450, CVE-2023-50387, CVE-2023-50868)
- gcc (CVE-2023-4039)
- glibc (CVE-2023-5156, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780)
- gnupg (gnupg-2024-01-25)
- gnutls (CVE-2024-0567, CVE-2024-0553)
- libuv (CVE-2024-24806)
- libxml2 (CVE-2024-25062)
- openssl (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727)
- sudo (CVE-2023-42465)
- vim (CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706)
Bug fixes:
- Disabled user-configdrive.service on OpenStack when config drive is used, which caused the hostname to be overwritten. The coreos-cloudinit.service unit already runs on OpenStack if the system is not configured via ignition. (Flatcar#1385)
- Fixed
toolbox
to prevent mountedctr
snapshots from being garbage-collected (toolbox#9) - Removed custom CloudSigma coreos-cloudinit service configuration since it will be called with the cloudsigma oem anyway. The restart of the service can also cause the serial port to be stuck in an nondeterministic state which breaks future runs.
Changes:
- A new format
qemu_uefi_secure
is introduced to test Flatcar for SecureBoot-enabled features. The format will be later merged intoqemu_uefi
. - Added Ignition Clevis support for encrypted disks unlocked with a TPM2 device or a Tang server (scripts#1560)
- Added Scaleway images (flatcar/scripts#1683)
- Added support for unlocking the rootfs with a TPM set up by systemd-cryptenroll (bootengine#93)
- Disabled real-time priority for multipathd as it prevents the cgroups2 cpu controller from working. (flatcar/scripts#1771)
- Enabled the GRUB TPM2 module to measure the boot code path and files into PCR 8+9 in UEFI (scripts#1861)
- Provided a ZFS-2.2.2 Flatcar extension as optional systemd-sysext image with the release. Write 'zfs' to
/etc/flatcar/enabled-sysext.conf
through Ignition and the sysext will be installed during provisioning. ZFS support is experimental and ZFS is not supported for the root partition. (flatcar/scripts#1742) - Removed Linux drivers for Mellanox Technologies Switch ASICs family and Spectrum/Spectrum-2/Spectrum-3/Spectrum-4 Ethernet Switch ASICs to reduce the initrd size on AMD64 by ~5MB (flatcar/scripts#1734). This change is part of the effort to reduce the initrd size (flatcar#1381).
- Removed coreos-cloudinit support for automatic keys conversion (e.g
reboot-strategy
->reboot_strategy
) (scripts#1687) - SDK: Unified qemu image formats, so that the
qemu_uefi
build target provides the regularqemu
and theqemu_uefi_secure
artifacts (scripts#1847)
Updates:
- Go (1.20.14)
- Ignition (2.18.0 (includes 2.17.0, 2.16.2, 2.16.1 and 2.16.0))
- Linux Firmware (20240312 (includes 20240220))
- audit (3.1.1)
- bind-tools (9.16.48)
- c-ares (1.25.0)
- cJSON (1.7.17)
- ca-certificates (3.99)
- checkpolicy (3.6)
- curl (8.6.0)
- ethtool (6.6)
- glibc (2.38)
- gnupg (2.4.4 (includes 2.2.42))
- less (643)
- libbsd (0.11.8)
- libcap-ng (0.8.4)
- libgcrypt (1.10.3)
- libidn2 (2.3.7 (includes https://gitlab.com/libidn/libidn2/-/releases/v2.3.4)))
- libksba (1.6.6)
- libnvme (1.7.1 (includes 1.7))
- libpsl (0.21.5)
- libseccomp (2.5.5)
- libselinux (3.6)
- libsemanage (3.6)
- libsepol (3.6)
- libuv (1.48.0)
- libverto (0.3.2)
- libxml2 (2.12.5 (includes 2.12.4))
- lsof (4.99.3 (includes 4.99.2 and 4.99.1))
- mime-types (2.1.54)
- multipath-tools (0.9.7)
- nvme-cli (2.7.1 (includes 2.7))
- openssl (3.2.1)
- policycoreutils (3.6)
- semodule-utils (3.6)
- shim (15.8)
- sqlite (3.45.1)
- sudo (1.9.15p5)
- systemd (255.3 (from 252.11))
- thin-provisioning-tools (1.0.10)
- traceroute (2.1.5 (includes 2.1.4))
- usbutils (017)
- util-linux (2.39.3)
- vim (9.0.2167)
- xmlsec ([1.3.3](https://github.com...
alpha-3941.0.0
Changes since Alpha 3913.0.0
Security fixes:
- Downgraded xz-utils to 5.4.2 as precaution even though Flatcar is not affected of the SSH backdoor (CVE-2024-3094)
- c-ares (CVE-2024-25629)
- coreutils (coreutils-2024-03-28)
- curl (CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466)
- nghttp2 (CVE-2024-28182)
Bug fixes:
- Disabled user-configdrive.service on OpenStack when config drive is used, which caused the hostname to be overwritten. The coreos-cloudinit.service unit already runs on OpenStack if the system is not configured via ignition. (Flatcar#1385)
- Fixed
toolbox
to prevent mountedctr
snapshots from being garbage-collected (toolbox#9)
Changes:
- Added zram-generator package to the image (scripts#1772)
- Add Intel igc driver to support I225/I226 family NICs. (flatcar/scripts#1786)
- Added Hyper-V VHDX image (flatcar/scripts#1791)
- Added support for unlocking the rootfs with a TPM set up by systemd-cryptenroll (bootengine#93)
- Disabled real-time priority for multipathd as it prevents the cgroups2 cpu controller from working. (flatcar/scripts#1771)
- Enabled amd-pstate,amd-pstate-epp cpufreq drivers for some AMD CPUs in the kernel. (flatcar/scripts#1770)
- Enabled ntpd by default on AWS & GCP, enabled chronyd by default on Azure. The native time sync source is used on each cloud. (scripts#1792)
- Enabled the ptp_vmw module in the kernel.
- Switched ptp_kvm from kernel builtin to module.
- Enabled the GRUB TPM2 module to measure the boot code path and files into PCR 8+9 in UEFI (scripts#1861)
- Hyper-V images, both .vhd and .vhdx files are available as
zip
compressed, switching frombzip2
to a built-in available Windows compression -zip
(scripts#1878) - OpenStack, Brightbox: Added the
flatcar.autologin
kernel cmdline parameter by default as the hypervisor manages access to the console (scripts#1866) - Removed
actool
from the image andacbuild
from the SDK as these tools are deprecated and not used (scripts#1817) - SDK: Unified qemu image formats, so that the
qemu_uefi
build target provides the regularqemu
and theqemu_uefi_secure
artifacts (scripts#1847) - The default VM memory was bumped to 2 GB in the Qemu script and for VMware OVFs (scripts#1827)
Updates:
- Linux Firmware (20240410)
- acl (2.3.2)
- attr (2.5.2)
- bpftool (6.7.6)
- c-ares (1.27.0 (includes 1.26.0))
- ca-certificates (3.99)
- containerd (1.7.15 (includes 1.7.14))
- coreutils (9.5)
- curl (8.7.1 (includes 8.7.0))
- ethtool (6.7)
- git (2.43.2)
- inih (58)
- ipset (7.21 (includes 7.20))
- iputils (20240117 (includes 20231222)
- libnvme (1.8)
- nghttp2 (1.61.0 (includes 1.58.0, 1.59.0 and 1.60.0))
- nvme-cli (2.8)
- open-vm-tools (12.4.0)
- samba (4.18.9)
- selinux-refpolicy (2.20240226)
- SDK: libpng (1.6.43 (includes 1.6.42 and 1.6.41))
- SDK: Rust (1.77.1 (includes 1.77.0))
stable-3815.2.1
Changes since Stable 3815.2.0
Security fixes:
- Linux (CVE-2023-52429, CVE-2023-52434, CVE-2023-52435, CVE-2024-0340, CVE-2024-1151, CVE-2024-23850, CVE-2024-23851, CVE-2024-26582, CVE-2024-26583, CVE-2024-26586, CVE-2024-26593)
Bug fixes:
- Fixed that systemd-sysext images can extend directories where Flatcar extensions are also shipping files, e.g., that the sysext-bakery Kubernetes extension works when OEM extensions are present (sysext-bakery#50)
- Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages in an airgapped environment (update_engine#39)
- Restored support for custom OEMs supplied in the PXE boot where
/usr/share/oem
brings the OEM partition contents (Flatcar#1376)
Changes:
Updates:
beta-3874.1.0
Changes since Beta 3850.1.0
Security fixes:
- Linux (CVE-2023-52429, CVE-2024-1151, CVE-2024-23850, CVE-2024-23851, CVE-2024-26581, CVE-2024-26582, CVE-2024-26583, CVE-2024-26584, CVE-2024-26585, CVE-2024-26593)
Bug fixes:
- Fixed that systemd-sysext images can extend directories where Flatcar extensions are also shipping files, e.g., that the sysext-bakery Kubernetes extension works when OEM extensions are present (sysext-bakery#50)
- Fixed kubevirt vm creation by ensuring that /dev/vhost-net exists (Flatcar#1336)
- Resolved kmod static nodes creation in bootengine (bootengine#85)
- Restored support for custom OEMs supplied in the PXE boot where
/usr/share/oem
brings the OEM partition contents (Flatcar#1376)
Updates:
- Linux (6.6.21 (includes 6.6.20, 6.6.19, 6.6.18, 6.6.17))
- Linux Firmware (20240115)
- afterburn (5.5.1)
- ca-certificates (3.98)
- containerd (1.7.13 (includes 1.7.12))
- docker (24.0.9)
- git (2.43.0 (includes 2.42.0))
- iperf (3.16)
- keyutils (1.6.3 (includes 1.6.2))
- libuv (1.47.0)
- runc (1.1.12)
- SDK: make (4.4.1 (includes 4.4))
- SDK: portage (3.0.61)
Changes since Alpha 3874.0.0
Security fixes:
- Linux (CVE-2023-52429, CVE-2024-1151, CVE-2024-23850, CVE-2024-23851, CVE-2024-26581, CVE-2024-26582, CVE-2024-26583, CVE-2024-26584, CVE-2024-26585, CVE-2024-26593)
Bug fixes:
- Fixed that systemd-sysext images can extend directories where Flatcar extensions are also shipping files, e.g., that the sysext-bakery Kubernetes extension works when OEM extensions are present (sysext-bakery#50)
- Fixed kubevirt vm creation by ensuring that /dev/vhost-net exists (Flatcar#1336)
- Resolved kmod static nodes creation in bootengine (bootengine#85)
- Restored support for custom OEMs supplied in the PXE boot where
/usr/share/oem
brings the OEM partition contents (Flatcar#1376)
Updates:
alpha-3913.0.0
Changes since Alpha 3874.0.0
Security fixes:
- Linux (CVE-2023-52429, CVE-2024-1151, CVE-2024-23850, CVE-2024-23851, CVE-2024-26581, CVE-2024-26582, CVE-2024-26583, CVE-2024-26584, CVE-2024-26585, CVE-2024-26593)
- coreutils (CVE-2024-0684)
- dnsmasq (CVE-2023-28450, CVE-2023-50387, CVE-2023-50868)
- gcc (CVE-2023-4039)
- glibc (CVE-2023-5156, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780)
- gnupg (gnupg-2024-01-25)
- gnutls (CVE-2024-0567, CVE-2024-0553)
- libuv (CVE-2024-24806)
- libxml2 (CVE-2024-25062)
- openssl (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727)
- sudo (CVE-2023-42465)
- vim (CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706)
Bug fixes:
- Fixed that systemd-sysext images can extend directories where Flatcar extensions are also shipping files, e.g., that the sysext-bakery Kubernetes extension works when OEM extensions are present (sysext-bakery#50)
- Fixed kubevirt vm creation by ensuring that /dev/vhost-net exists (Flatcar#1336)
- Removed custom CloudSigma coreos-cloudinit service configuration since it will be called with the cloudsigma oem anyway. The restart of the service can also cause the serial port to be stuck in an nondeterministic state which breaks future runs.
- Resolved kmod static nodes creation in bootengine (bootengine#85)
- Restored support for custom OEMs supplied in the PXE boot where
/usr/share/oem
brings the OEM partition contents (Flatcar#1376)
Changes:
- Introduced a new format
qemu_uefi_secure
to test Flatcar for SecureBoot-enabled features. The format will be later merged intoqemu_uefi
. - Added Ignition Clevis support for encrypted disks unlocked with a TPM2 device or a Tang server (scripts#1560)
- Added Scaleway images (flatcar/scripts#1683)
- Provided a ZFS-2.2.2 Flatcar extension as optional systemd-sysext image with the release. Write 'zfs' to
/etc/flatcar/enabled-sysext.conf
through Ignition and the sysext will be installed during provisioning. ZFS support is experimental and ZFS is not supported for the root partition. (flatcar/scripts#1742) - Removed Linux drivers for Mellanox Technologies Switch ASICs family and Spectrum/Spectrum-2/Spectrum-3/Spectrum-4 Ethernet Switch ASICs to reduce the initrd size on AMD64 by ~5MB (flatcar/scripts#1734). This change is part of the effort to reduce the initrd size (Flatcar#1381).
- Removed coreos-cloudinit support for automatic keys conversion (e.g
reboot-strategy
->reboot_strategy
) (scripts#1687)
Updates:
- Go (1.20.14)
- Ignition (2.18.0 (includes 2.17.0, 2.16.2, 2.16.1 and 2.16.0))
- Linux (6.6.21 (includes 6.6.20, 6.6.19, 6.6.18, 6.6.17))
- Linux Firmware (20240312 (includes 20240220))
- audit (3.1.1)
- bind-tools (9.16.48)
- c-ares (1.25.0)
- cJSON (1.7.17)
- ca-certificates (3.98)
- checkpolicy (3.6)
- curl (8.6.0)
- ethtool (6.6)
- glibc (2.38)
- gnupg (2.4.4)
- keyutils (1.6.3 (includes 1.6.2))
- less (643)
- libbsd (0.11.8)
- libcap-ng (0.8.4)
- libgcrypt (1.10.3)
- libidn2 (2.3.7)
- libksba (1.6.6)
- libnvme (1.7.1 (includes 1.7))
- libpsl (0.21.5)
- libseccomp (2.5.5)
- libselinux (3.6)
- libsemanage (3.6)
- libsepol (3.6)
- libuv (1.48.0)
- libverto (0.3.2)
- libxml2 (2.12.5)
- lsof (4.99.3 (includes 4.99.2 and 4.99.1))
- mime-types (2.1.54)
- multipath-tools (0.9.7)
- nvme-cli (2.7.1 (includes 2.7))
- openssl (3.2.1)
- policycoreutils (3.6)
- semodule-utils (3.6)
- shim (15.8)
- sqlite (3.45.1)
- sudo (1.9.15p5)
- systemd (255.3)
- thin-provisioning-tools (1.0.10)
- traceroute (2.1.5 (includes [2.1.4](https:/...
stable-3815.2.0
Changes since Stable 3760.2.0
Security fixes:
- Linux (CVE-2023-46838, CVE-2023-50431, CVE-2023-6610, CVE-2023-6915, CVE-2024-1085, CVE-2024-1086, CVE-2024-23849)
- Go (CVE-2023-39326, CVE-2023-45285)
- VMWare: open-vm-tools (CVE-2023-34058, CVE-2023-34059)
- docker (CVE-2024-24557)
- nghttp2 (CVE-2023-44487)
- runc (CVE-2024-21626)
- samba (CVE-2023-4091)
- zlib (CVE-2023-45853)
Bug fixes:
- Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release (Flatcar#1332, update_engine#38)
- Forwarded the proxy environment variables of
update-engine.service
to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy (Flatcar#1326) - Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma (scripts#1280)
Changes:
- torcx was replaced by systemd-sysext in the OS image. Learn more about sysext and how to customise OS images here.
(which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates).- Torcx entered deprecation 2 years ago in favour of deploying plain Docker binaries
- Torcx has been removed entirely; if you use torcx to extend the Flatcar base OS image, please refer to our conversion script and to the sysext documentation mentioned above for migrating.
- Consequently,
update_engine
will not perform torcx sanity checks post-update anymore. - Relevant changes: scripts#1216, update_engine#30, Mantle#466, Mantle#465.
- NOTE: The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the
overlay2
driver
(changelog, upstream pr). - NOTE: If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the
btrfs
storage driver for backwards-compatibility with your deployment. - Docker will remove the
btrfs
driver entirely in a future version. Please consider migrating your deployments to theoverlay2
driver.
Using the btrfs driver can still be enforced by creating a respective docker config at/etc/docker/daemon.json
. - cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see "updates").
- GCP OEM images now use a systemd-sysext image for layering additional platform-specific software on top of
/usr
and being part of the OEM A/B updates (flatcar#1146) - Added a
flatcar-update --oem-payloads <yes|no>
flag to skip providing OEM payloads, e.g., for downgrades (init#114)
Updates:
- Linux (6.1.77 (includes 6.1.76, 6.1.75, 6.1.74))
- Linux Firmware (20231111 (includes 20231030))
- Go (1.20.12)
- Azure: WALinuxAgent (v2.9.1.1)
- DEV: Azure (3.11.6)
- DEV: iperf (3.15)
- DEV: smartmontools (7.4)
- SDK: Rust (1.73.0)
- SDK: Python (3.11.0 (includes 23.2))
- VMWare: open-vm-tools (12.3.5)
- acpid (2.0.34)
- ca-certificates (3.97)
- containerd (1.7.9 (includes 1.7.8, 1.7.13, 1.7.10))
- cri-tools (1.27.0)
- ding-libs (0.6.2)
- docker (24.0.9 (includes 24.0.6, 23.0))
- efibootmgr (18)
- efivar (38)
- ethtool (6.5)
- hwdata (v0.375 (includes 0.374))
- iproute2 (6.5.0)
- ipvsadm (1.31 (includes 1.30, 1.29, 1.28))
- json-c (0.17)
- libffi (3.4.4 (includes 3.4.3, 3.4.2))
- liblinear (246)
- libmnl (1.0.5)
- libnetfilter_conntrack (1.0.9)
- libnetfilter_cthelper (1.0.1)
- libnetfilter_cttimeout (1.0.1)
- libnfnetlink (1.0.2)
- libsodium (1.0.19)
- libunistring (1.1)
- libunwind (1.7.2 (includes 1.7.0))
- liburing (2.3)
- mpc (1.3.1 (includes 1.3.0))
- mpfr (4.2.1)
- nghttp2 (1.57.0 (includes 1.56.0, 1.55.1, 1.55.0, 1.54.0, 1.53.0, 1.52.0))
- nspr (4.35)
- ntp (4.2.8p17)
- nvme-cli (v2.6 (includes [v1.6](https://github.com/linux-nvme/...
lts-3510.3.2
Changes since LTS 3510.3.1
Security fixes:
- Linux (CVE-2022-47940, CVE-2023-1193, CVE-2023-1194, CVE-2023-25775, CVE-2023-32247, CVE-2023-32250, CVE-2023-32252, CVE-2023-32254, CVE-2023-32257, CVE-2023-32258, CVE-2023-38427, CVE-2023-38430, CVE-2023-38431, CVE-2023-3867, CVE-2023-46343, CVE-2023-46813, CVE-2023-46838, CVE-2023-46862, CVE-2023-51779, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-52340, CVE-2023-5717, CVE-2023-6040, CVE-2023-6121, CVE-2023-6606, CVE-2023-6622, CVE-2023-6817, CVE-2023-6915, CVE-2023-6931, CVE-2023-6932, CVE-2024-0584, CVE-2024-0607, CVE-2024-0646, CVE-2024-1085, CVE-2024-22705)
- runc (CVE-2024-21626)
Bug fixes:
- Forwarded the proxy environment variables of
update-engine.service
to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy (Flatcar#1326)
Changes:
- Added a
flatcar-update --oem-payloads <yes|no>
flag to skip providing OEM payloads, e.g., for downgrades (init#114) - Backported the OEM payload support to update-engine to avoid the fallback download path for clients on a restricted network and rather use the URLs passed from
flatcar-update -E
or with self-hosted Nebraska payloads (Flatcar#1332, Flatcar#1326) - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes
- OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the
.gz
or.bz2
images)
Updates:
beta-3850.1.0
Changes since Beta 3815.1.0
Security fixes:
- Linux (CVE-2022-27672, CVE-2022-36402, CVE-2022-36402, CVE-2022-40982, CVE-2022-4269, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-48425, CVE-2023-0160, CVE-2023-0160, CVE-2023-0459, CVE-2023-1032, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1118, CVE-2023-1192, CVE-2023-1194, CVE-2023-1206, CVE-2023-1281, CVE-2023-1380, CVE-2023-1380, CVE-2023-1513, CVE-2023-1583, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1859, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2002, CVE-2023-2002, CVE-2023-20569, CVE-2023-20588, CVE-2023-20593, CVE-2023-2124, CVE-2023-21255, CVE-2023-21264, CVE-2023-2156, CVE-2023-2156, CVE-2023-2163, CVE-2023-2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2248, CVE-2023-2248, CVE-2023-2269, CVE-2023-2269, CVE-2023-2483, CVE-2023-25012, CVE-2023-25775, CVE-2023-25775, CVE-2023-2598, CVE-2023-26545, CVE-2023-28466, CVE-2023-28866, CVE-2023-2898, CVE-2023-2985, CVE-2023-30456, CVE-2023-30772, CVE-2023-3090, CVE-2023-31085, CVE-2023-3117, CVE-2023-31248, CVE-2023-3141, CVE-2023-31436, CVE-2023-31436, CVE-2023-3212, CVE-2023-3220, CVE-2023-32233, CVE-2023-32233, CVE-2023-32247, CVE-2023-32247, CVE-2023-32248, CVE-2023-32248, CVE-2023-32250, CVE-2023-32250, CVE-2023-32252, CVE-2023-32252, CVE-2023-32254, CVE-2023-32254, CVE-2023-32257, CVE-2023-32257, CVE-2023-32258, CVE-2023-32258, CVE-2023-3268, CVE-2023-3268, CVE-2023-3269, CVE-2023-3269, CVE-2023-3312, CVE-2023-3312, CVE-2023-3317, CVE-2023-33203, CVE-2023-33250, CVE-2023-33250, CVE-2023-33288, CVE-2023-3355, CVE-2023-3390, CVE-2023-33951, CVE-2023-33951, CVE-2023-33952, CVE-2023-33952, CVE-2023-34255, CVE-2023-34256, CVE-2023-34256, CVE-2023-34319, CVE-2023-34324, CVE-2023-35001, CVE-2023-35788, CVE-2023-35823, CVE-2023-35823, CVE-2023-35824, CVE-2023-35824, CVE-2023-35826, CVE-2023-35826, CVE-2023-35827, CVE-2023-35828, CVE-2023-35828, CVE-2023-35829, CVE-2023-35829, CVE-2023-3609, CVE-2023-3610, CVE-2023-3610, CVE-2023-3611, CVE-2023-37453, CVE-2023-37453, CVE-2023-3772, CVE-2023-3773, CVE-2023-3776, CVE-2023-3777, CVE-2023-38409, CVE-2023-38426, CVE-2023-38427, CVE-2023-38428, CVE-2023-38429, CVE-2023-38430, CVE-2023-38431, CVE-2023-38432, CVE-2023-38432, CVE-2023-3863, CVE-2023-3863, CVE-2023-3865, CVE-2023-3865, CVE-2023-3866, CVE-2023-3866, CVE-2023-3867, CVE-2023-39189, [CVE-2023-3919...