Generic Kernel version-release: kernel-5.15.158.2-1
Added azl-compliance package.
Added tzdata dependency for php-pecl-zip.
Added back-compat symlink for docker-proxy to moby-engine.
Added fix for cloud-init growpart to selinux-policy.
Added patch for kubevirt CVE-2024-24786.
Added patch for pytorch CVE-2024-27318.
Added patch for ruby CVE-2024-35176.
Added patch for rubygem-rexml CVE-2024-35176.
Added patch in cri-o for CVE-2024-21626.
Added patch to moby-engine to address CVE-2023-44487.
Added patch to nodejs18 to address CVE-2023-21100.
Added patch to add network interface renaming support for CAPM3 Met.
Added stable release maintainers to CODEOWNERS.
Addressed graphviz CVE-2023-46045 & CVE-2020-18032.
Addressed hvloader openssl related CVEs (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).
Addressed reaper CVE-2024-4068.
Addressed hyperv-daemons CVE-2024-26951, CVE-2024-26961, CVE-2024-26965, CVE-2024-26966, CVE-2024-26973, CVE-2024-26977, CVE-2024-26984, CVE-2024-26993, CVE-2024-27000, CVE-2024-27018, CVE-2024-35848, CVE-2024-35912, CVE-2024-36008, CVE-2023-3269, CVE-2023-3338, CVE-2023-33951, CVE-2023-33952, CVE-2023-35826.
Addressed kernel CVE-2022-38096, CVE-2023-47233, CVE-2023-52827, CVE-2024-25739, CVE-2024-26900, CVE-2024-26902, CVE-2024-26929, CVE-2024-26934, CVE-2024-26949, CVE-2024-26952, CVE-2024-26979, CVE-2024-27013, CVE-2024-27015, CVE-2024-27016, CVE-2024-27018, CVE-2024-27019, CVE-2024-27020, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35990, CVE-2024-35997, CVE-2024-36008, CVE-2023-52447, CVE-2024-21803, CVE-2024-26587, CVE-2024-26588.
Attached EOL manifest to base containers as well.
Built redis with BUILD_TLS=yes.
CVE-2022-34169: docbook-style-xsl - upgraded embedded xalan jar from 2.7.2 to 2.7.3.
Enabled KNI module in DPDK build.
Fixed ceph CVE-2023-43040.
Fixed dhcp CVE-2022-38177, CVE-2022-38178, CVE-2022-2795 for bind.
Fixed fluent-bit CVE-2024-34250.
Fixed Fluent-bit issues #8198 and #8025.
Fixed glibc nscd breakage and patched CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602.
Fixed kubernetes missing autopatch for CVE-2023-5408.
Fixed moby-compose CVE-2024-24786, CVE-2024-23650, CVE-2023-2253.
Fixed openssl CVE-2023-50782 affecting python-cryptography.
Fixed openssl to only free buffers when done.
Fixed prometheus-adapter CVE-2024-24786.
Fixed python-jinja2 for CVE-2024-34064.
Fixed pytorch CVE-2024-31584.
Fixed CVE-2023-45288 in multiple packages.
Fixed CVE-2023-48795 in moby-compose by patching vendor packages.
Fixed CVE-2024-3154 in package cri-o.
Fixed CVE-2024-34459 for libxml2.
Fixed epoch matching in 'InstallPackageRegex'.
Fixed Kubernetes missing auto patch.
Fixed Perl automatic requires and provides.
Fixed Ptest zchunk.
Mitigated libdwarf CVE-2024-2002.
Moved nmi from SPEC to SPEC-EXTENDED.
Moved src tarballs to AME - mariner 2.0.
Patched apparmor for CVE-2024-31755.
Patched bluez for CVE-2023-50229.
Patched ceph for multiple CVEs.
Patched coredns cache plugin to address CVE-2024-0874.
Patched cups CVE-2022-26691.
Patched dhcp for CVE-2023-2828.
Patched frr CVE-2024-27913 and CVE-2024-34088.
Patched libvirt for CVE-2024-4418.
Patched python-requests CVE-2024-35195.
Patched python-tqdm CVE-2024-34062.
Patched python-werkzeug CVE-2024-34069.
Patched ruby CVE-2024-27282.
Patched CVE-2024-26147 for cert-manager.
Re-fixed telegraf CVE-2024-28110.
Refactored Golden Container main.
Removed newly added explicit version dependencies in gdal and netcdf.
Resolved hvloader CVEs in edk2's bundled openssl.
Resolved telegraf CVE-2024-27289.
Resolved overflow warnings from installutils.go:ProvisionUserSSHCerts.
Resolved regressed ansible CVE-2023-5764.
Tuned some kernel configs for aarch64.
Updated facter version to support Mariner.
Updated kernel-mos to 5.15.158.2.
Updated python h5py to fix build break caused by recent HDF5 update.
Updated and corrected ruby CVE-2024035176.patch.
Updated OpenSSL version in python-cryptography to fix CVE-2023-50782.
Upgraded azcopy to 10.24.0 to fix multiple security issues.
Upgraded azl-compliance to version 1.0.2.
Upgraded clamav to 1.0.6.
Upgraded cri-o to v1.22.3 to resolve regressed CVE-2022-0811.
Upgraded cri-tools to 1.29.0 CVE-2023-45142.
Upgraded fluent-bit to 2.2.3 to fix CVE-2024-4323.
Upgraded git to 2.39.4 Fix CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465.
Upgraded hdf5 to 1.14.4. to fix several CVEs.
Upgraded httpd to fix CVE-2024-27316, CVE-2023-38709, and CVE-2024-24795.
Upgraded iperf3 3.14 -> 3.17 to address CVE-2024-26306.
Upgraded kata(-cc) to LSG release v2405.9.2.
Upgraded kernel to 5.15.158.2.
Upgraded msft-golang 1.22.2 -> 1.22.3 to address CVE-2024-24787 & CVE-2024-24788.
Upgraded net-snmp to 5.9.4 Fixes for CVE-2022-44792 and CVE-2022-44793.
Upgraded nodejs18 to 18.20.2 address CVEs.
Upgraded openvswitch to 2.17.9 to fix CVE-2023-5366 and CVE-2023-3966.
Upgraded php to 8.1.28 to fix CVE-2024-2756, CVE-2024-3096.
Upgraded postgresql to 14.12 CVE-2024-4317.
Upgraded rubygem-rexml to 3.2.7 to resolve CVE-2024-35176.
Upgraded zeromq to 4.3.5.
Upgraded Kata to 3.2.0.azl1.
Used legacy builder for distroless golden containers.