This release is K3S's first in the v1.28 line. This release updates Kubernetes to v1.28.1.
⚠️ IMPORTANT: This release includes remediation for CVE-2023-32187, a potential Denial of Service attack vector on K3s servers. See GHSA-m4hf-6vgr-75r2 for more information, including documentation on changes in behavior that harden clusters against this vulnerability.
Kubernetes v1.28 contains a critical regression (kubernetes/kubernetes#120247) that causes init containers to run at the same time as app containers following a restart of the node. This issue will be fixed in v1.28.2. We do not recommend using K3s v1.28 at this time if your application depends on init containers.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.27.5+k3s1:
- Update to v1.28.1 (#8239)
- CLI Removal for v1.28.0 (#8203)
- Secrets Encryption V3 (#8111)
- Add new CLI flag to disable TLS SAN CN filtering (#8252)
- Added a new
--tls-san-securityoption.
- Added a new
- Add RWMutex to address controller (#8268)
Embedded Component Versions
| Component | Version |
|---|---|
| Kubernetes | v1.28.1 |
| Kine | v0.10.3 |
| SQLite | 3.42.0 |
| Etcd | v3.5.9-k3s1 |
| Containerd | v1.7.3-k3s2 |
| Runc | v1.1.8 |
| Flannel | v0.22.2 |
| Metrics-server | v0.6.3 |
| Traefik | v2.9.10 |
| CoreDNS | v1.10.1 |
| Helm-controller | v0.15.4 |
| Local-path-provisioner | v0.0.24 |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here