Changes since Beta 3760.1.1
Security fixes:
- Linux (CVE-2023-1193, CVE-2023-51779, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-6531, CVE-2023-6606, CVE-2023-6622, CVE-2023-6817, CVE-2023-6931)
- Go (CVE-2023-39326, CVE-2023-45285)
- VMWare: open-vm-tools (CVE-2023-34058, CVE-2023-34059)
- nghttp2 (CVE-2023-44487)
- samba (CVE-2023-4091)
- zlib (CVE-2023-45853)
Bug fixes:
- AWS: Fixed the Amazon SSM agent that was crashing. (Flatcar#1307)
- Fixed a bug resulting in coreos-cloudinit resetting the instance hostname to 'localhost' if no metadata could be found (coreos-cloudinit#25, Flatcar#1262), with contributions from MichaelEischer
- Fixed supplying extension update payloads with a custom base URL in Nebraska (Flatcar#1281)
- Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma (scripts#1280)
Changes:
- Torcx, the mechanism to provide a custom Docker version, was replaced by systemd-sysext in the OS image. Learn more about sysext and how to customise OS images here and read the blogpost about the replacement here.
- Torcx entered deprecation 2 years ago in favour of deploying plain Docker binaries
(which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates). - Torcx has been removed entirely; if you use Torcx to extend the Flatcar base OS image, please refer to our conversion script and to the sysext documentation mentioned above for migrating.
- Consequently,
update_enginewill not perform torcx sanity checks post-update anymore. - Relevant changes: scripts#1216, update_engine#30, Mantle#466, Mantle#465.
- Torcx entered deprecation 2 years ago in favour of deploying plain Docker binaries
- cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see "updates").
- NOTE: The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the
overlay2driver
(changelog, upstream pr).
Using the btrfs driver can still be enforced by creating a respective docker config at/etc/docker/daemon.json. - NOTE: If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the
btrfsstorage driver for backwards-compatibility with your deployment.- Docker will remove the
btrfsdriver entirely in a future version. Please consider migrating your deployments to theoverlay2driver.
- Docker will remove the
- NOTE: The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the
- GCP OEM images now use a systemd-sysext image for layering additional platform-specific software on top of
/usrand being part of the OEM A/B updates (flatcar#1146)
Updates:
- Azure: WALinuxAgent (v2.9.1.1)
- DEV, AZURE: python (3.11.6)
- DEV: iperf (3.15)
- DEV: smartmontools (7.4)
- Go (1.20.12 (includes 1.20.11))
- Linux (6.1.73 (includes 6.1.72, 6.1.71, 6.1.70, 6.1.69, 6.1.68, 6.1.67, 6.1.60 and 6.1.59))
- Linux Firmware (20231111 (includes 20231030))
- SDK: Rust (1.73.0)
- SDK: python packaging (23.2), platformdirs (3.11.0)
- VMWare: open-vm-tools (12.3.5)
- acpid (2.0.34)
- ca-certificates (3.96.1 (includes 3.96))
- containerd (1.7.10 includes (1.7.9 and 1.7.8))
- cri-tools (1.27.0)
- ding-libs (0.6.2)
- docker (24.0.6, includes changes from 23.0)
- efibootmgr (18)
- efivar (38)
- ethtool (6.5)
- hwdata (0.375 includes (0.374))
- iproute2 (6.5.0)
- ipvsadm (1.31 (includes 1.28, 1.29 and 1.30))
- json-c (0.17)
- libffi (3.4.4 (includes 3.4.2 and 3.4.3))
- liblinear (246)
- libmnl (1.0.5)
- libnetfilter_conntrack (1.0.9)
- libnetfilter_cthelper (1.0.1)
- libnetfilter_cttimeout (1.0.1)
- libnfnetlink (1.0.2)
- libsodium (1.0.19)
- libunistring (1.1)
- libunwind (1.7.2 (includes 1.7.0))
- liburing (2.3)
- mpc (1.3.1 (includes 1.3.0)
- mpfr (4.2.1)
- nghttp2 (1.57.0 (includes 1.52.0, 1.53.0, 1.54.0, 1.55.0, 1.55.1 and 1.56.0))
- nspr (4.35)
- ntp (4.2.8p17)
- nvme-cli (v2.6, libnvme v1.6)
- protobuf (21.12 (includes 21.10 and 21.11))
- samba (4.18.8)
- sqlite (3.43.2)
- squashfs-tools (4.6.1 (includes 4.6))
- thin-provisioning-tools (1.0.6)
Changes since Alpha 3815.0.0
Security fixes:
- Linux (CVE-2023-1193, CVE-2023-51779, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-6531, CVE-2023-6606, CVE-2023-6622, CVE-2023-6817, CVE-2023-6931)
Bug fixes:
- AWS: Fixed the Amazon SSM agent that was crashing. (Flatcar#1307)
- Fixed a bug resulting in coreos-cloudinit resetting the instance hostname to 'localhost' if no metadata could be found (coreos-cloudinit#25, Flatcar#1262), with contributions from MichaelEischer
- Fixed supplying extension update payloads with a custom base URL in Nebraska (Flatcar#1281)