• Add Alicloud support
• Set sshd AllowTcpForwarding configuration value to true to fix gardenctl ssh
• Remove symlink to non-existing cdrom0 file
• Adapt ssh configuration to new SGS hardening guide
• Remove containerd configuration to allow Gardener to configure it
• Set memlock default value which should resolve go issue #35777 (it is related to this kernel bug #205663 but the Garden Linux kernel is not affected). Go however does not detect the kernel version correctly and the Go workaround may be responsible for the failures.
• Add project quota on root filesystem
• Add pam fixes required by security
• Fix security vulnerabilities:
  • gnutls: CVE-2020-13777
  • libsqlite: CVE-2020-13630