Changes since Beta 4459.1.0
Security fixes:
- Linux (CVE-2025-40109, CVE-2025-40107, CVE-2025-40028, CVE-2025-40027, CVE-2025-40026, CVE-2025-40000, CVE-2025-39995, CVE-2025-40052, CVE-2025-40061, CVE-2025-40060, CVE-2025-40059, CVE-2025-40058, CVE-2025-40057, CVE-2025-40056, CVE-2025-40055, CVE-2025-40081, CVE-2025-40080, CVE-2025-40079, CVE-2025-40078, CVE-2025-40071, CVE-2025-40070, CVE-2025-40068, CVE-2025-40067, CVE-2025-40062, CVE-2025-40053, CVE-2025-40029, CVE-2025-40038, CVE-2025-40037, CVE-2025-40036, CVE-2025-40035, CVE-2025-40033, CVE-2025-40051, CVE-2025-40049, CVE-2025-40031, CVE-2025-40048, CVE-2025-40047, CVE-2025-40045, CVE-2025-40044, CVE-2025-40043, CVE-2025-40039, CVE-2025-40030, CVE-2025-40018, CVE-2025-40004, CVE-2025-40032, CVE-2025-40042, CVE-2025-40019)
- containerd (CVE-2024-25621, CVE-2025-64329)
- runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881)
Bug fixes:
- Enabled
CONFIG_MEMCG_V1to mitigate cgroupsv1 removal (e.g JVM) (Flatcar#1884) - Excluded TUN/TAP interfaces from the default DHCP network configuration to solve conflicts with the programs that created them (Flatcar#1933)
- Fixed Intel microcode updates which were broken in recent Alpha and Beta releases by switching back to built-in extra firmware instead of early cpio inclusion (Flatcar#1909)
- Fixed that the needed Flatcar extensions don't get removed on update which caused a re-download (update_engine#51)
Changes:
- Scaleway: The Linux console is now attached to the correct console port. (scripts#3383)