- Add Alicloud support
- Set sshd AllowTcpForwarding configuration value to true to fix gardenctl ssh
- Remove symlink to non-existing cdrom0 file
- Adapt ssh configuration to new SGS hardening guide
- Remove containerd configuration to allow Gardener to configure it
- Set memlock default value which should resolve go issue #35777 (it is related to this kernel bug #205663 but the Garden Linux kernel is not affected). Go however does not detect the kernel version correctly and the Go workaround may be responsible for the failures.
- Add project quota on root filesystem
- Add pam fixes required by security
- Fix security vulnerabilities:
- gnutls: CVE-2020-13777
- libsqlite: CVE-2020-13630