Security fixes:
- Linux - CVE-2020-25645, CVE-2020-25643, CVE-2020-25211
Bug fixes:
- Ensured that the
/etc/coreosto/etc/flatcarsymlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives forupdate:orlocksmith:while also reformatting the rootfs (baselayout PR#7) - Azure: Exclude bonded SR-IOV network interfaces with newer drivers from networkd (in addition to the old drivers) to prevent them being configured instead of just the bond interface (init PR#29, bootengine PR#19)
Changes:
- Compress kernel modules with xz (overlay PR#628)
- Add containerd-runc-shim-v* binaries required by kubelet custom CRI endpoints (overlay PR#623)
- AWS arm64: Enable elastic network adapter module (overlay PR#631)
- Equinix Metal (Packet): Exclude unused network interfaces from networkd, disregard the state of the bonded interfaces for the
network-online.targetand only require the bond interface itself to have at least one active link instead ofroutablewhich requires both links to be active (afterburn PR#10) - QEMU: Use flatcar.autologin kernel command line parameter for auto login on the console (Flatcar #71)
Updates: