Security fixes:
- Linux - CVE-2020-27194
- c-ares - CVE-2017-1000381
- file - CVE-2019-18218
- json-c - CVE-2020-12762
- libuv - CVE-2020-8252
- libxml2 - CVE-2019-20388 CVE-2020-7595
- re2c - CVE-2020-11958
- tar - CVE-2019-9923
Bug fixes:
- Ensured that the
/etc/coreosto/etc/flatcarsymlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives forupdate:orlocksmith:while also reformatting the rootfs (baselayout PR#7) - Allow inactive network interfaces to be bound to a bonding interface, by encoding additional configuration for systemd-networkd-wait-online (afterburn PR #10)
- Azure: Exclude bonded SR-IOV driver mlx5-core from network interfaces managed by systemd-networkd (bootengine PR #19) (init PR #29)
- Do not configure ccache in Jenkins (scripts PR #100)
Changes:
- Remove unnecessary kernel module nf-conntrack-ipv4 (overlay PR#649)
Updates:
- Linux 5.8.16
- c-ares 1.61.1
- cryptsetup 2.3.2
- json-c 0.15
- libuv 1.39.0
- libxml2 2.9.10
- tar 1.32
- Go 1.15.3, 1.12.17 (only in SDK)
- file 5.39 (only in SDK)
- gdbus-codegen 2.64.5 (only in SDK)
- meson 0.55.3 (only in SDK)
- re2c 2.0.3 (only in SDK)
Note: Please note that ARM images remain experimental for now.