Releases: flatcar/scripts
Releases · flatcar/scripts
beta-3549.1.0
Changes since Beta 3510.1.0
Security fixes:
- Linux (CVE-2022-4269, CVE-2022-4379, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1118, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-23004, CVE-2023-25012, CVE-2023-28466, CVE-2023-30456, CVE-2023-30772)
- containerd (CVE-2023-25153, CVE-2023-25173)
- curl (CVE-2023-23914, CVE-2023-23915, CVE-2023-23916)
- e2fsprogs (CVE-2022-1304)
- git (CVE-2023-22490, CVE-2023-23946)
- GnuTLS (CVE-2023-0361)
- Go (CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24532)
- intel-microcode (CVE-2022-21216, CVE-2022-33196, CVE-2022-38090)
- less (CVE-2022-46663)
- OpenSSH (CVE-2023-25136)
- OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401)
- torcx (CVE-2022-32149)
- vim (CVE-2023-0288, CVE-2023-0433)
- SDK: dnsmasq (CVE-2022-0934)
- SDK: pkgconf (CVE-2023-24056)
- SDK: python (CVE-2023-24329)
Bug fixes:
- Ensured that
/var/log/journal/
is created early enough for systemd-journald to persist the logs on first boot (bootengine#60, baselayout#29) - Fixed
journalctl --user
permission issue (Flatcar#989) - Restored the support to specify OEM partition files in Ignition when
/usr/share/oem
is given as initrd mount point (bootengine#58)
Changes:
- Added a new
flatcar-reset
tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift (bootengine#55, init#91) - Added new image signing pub key to
flatcar-install
, needed for download verification of releases built from July 2023 onwards, if you have copies offlatcar-install
or the image signing pub key, you need to update them as well (init#92) - Added
pigz
to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports (coreos-overlay#2504) - Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core (coreos-overlay#2489)
/etc
is now set up as overlayfs with the original/etc
folder being the store for changed files/directories and/usr/share/flatcar/etc
providing the lower default directory tree (bootengine#53, scripts#666)- On boot any files in
/etc
that are the same as provided by the booted/usr/share/flatcar/etc
default for the overlay mount on/etc
are deleted to ensure that future updates of/usr/share/flatcar/etc
are propagated - to opt out create/etc/.no-dup-update
in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied (bootengine#54) - Specifying the OEM filesystem in Ignition to write files to
/usr/share/oem
is not needed anymore (bootengine#58) - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit (coreos-overlay#2436)
Updates:
- Linux (5.15.106 (includes 5.15.105, 5.15.104, 5.15.103 5.15.102, 5.15.101, 5.15.100, 5.15.99))
- Linux Firmware (20230310 (includes 20230210))
- bind tools (9.16.37)
- btrfs-progs (6.0.2 (includes 6.0))
- ca-certificates (3.89)
- containerd (1.6.19 (includes 1.6.18))
- curl (7.88.1 (includes 7.88.0))
- diffutils (3.9)
- e2fsprogs (1.46.6)
- findutils (4.9.0)
- Go (1.19.7 (includes 1.19.6))
- gcc (12.2.1)
- git (2.39.2)
- GLib (2.74.5)
- GnuTLS (3.8.0)
- ignition (2.15.0)
- intel-microcode (20230214)
- iputils (20221126)
- less (608)
- libpcap (1.10.3 (includes 1.10.2))
- libpcre2 (10.42)
- OpenSSH (9.2)
- OpenSSL (3.0.8)
- qemu guest agent (7.1.0)
- socat (1.7.4.4)
- strace (6.1)
- traceroute (2.1.1)
- vim (9.0.1363)
- SDK: cmake (3.25.2)
- SDK: dnsmasq (2.89)
- SDK: portage (3.0.44)
- SDK: python (3.10.10 (includes [3.10.9](https://docs.python.org/3.10/whatsnew/changelog.html...
alpha-3572.0.0
Changes since Alpha 3549.0.0
Security fixes:
- Linux (CVE-2022-4269, CVE-2022-4379, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-28466, CVE-2023-30456, CVE-2023-30772)
- Docker (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842)
- Go (CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538)
- runc (CVE-2023-25809, CVE-2023-27561, CVE-2023-28642)
- tar (CVE-2022-48303)
- vim (CVE-2023-1127, CVE-2023-1175, CVE-2023-1170)
Bug fixes:
- Ensured that
/var/log/journal/
is created early enough for systemd-journald to persist the logs on first boot (bootengine#60, baselayout#29) - Fixed
journalctl --user
permission issue (Flatcar#989)
Changes:
- Improved the OS reset tool to offer preview, backup and restore (init#94)
Updates:
alpha-3549.0.0
Changes since Alpha 3535.0.0
Security fixes:
- Go (CVE-2023-24532)
- GnuTLS (CVE-2023-0361)
- curl (CVE-2023-23914, CVE-2023-23915, CVE-2023-23916)
- git (CVE-2023-22490, CVE-2023-23946)
- pkgconf (CVE-2023-24056)
- python (CVE-2023-24329)
- vim (CVE-2023-0288, CVE-2023-0433)
Bug fixes:
- Restored the support to specify OEM partition files in Ignition when
/usr/share/oem
is given as initrd mount point (bootengine#58)
Changes:
- Added
pigz
to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports (coreos-overlay#2504) - Added new image signing pub key to
flatcar-install
, needed for download verification of releases built from July 2023 onwards, if you have copies offlatcar-install
or the image signing pub key, you need to update them as well (init#92) - Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core (coreos-overlay#2489)
- Specifying the OEM filesystem in Ignition to write files to
/usr/share/oem
is not needed anymore (bootengine#58)
Updates:
- Go (1.19.7)
- Linux (5.15.103 (includes 5.15.102, 5.15.101, 5.15.100, 5.15.99))
- Linux Firmware (20230310)
- Rust (1.68.0)
- ca-certificates (3.89)
- open-vm-tools (12.2.0)
- GLib (2.74.5)
- GnuTLS (3.8.0)
- SDK: portage (3.0.44)
- SDK: python (3.10.10)
- bind tools (9.16.37)
- curl (7.88.1 (includes 7.88.0))
- diffutils (3.9)
- gcc (12.2.1)
- git (2.39.2)
- libpcap (1.10.3 (includes 1.10.2))
- qemu guest agent (7.1.0)
- socat (1.7.4.4)
- traceroute (2.1.1)
- vim (9.0.1363)
stable-3374.2.5
Changes since Stable 3374.2.4
Security fixes:
Bug fixes:
- Excluded the special Kubernetes network interfaces
nodelocaldns
andkube-ipvs0
from being managed with systemd-networkd which interfered with the setup (init#89).
Updates:
lts-3033.3.10
Changes since LTS 3033.3.9
Security fixes:
- Linux (CVE-2022-2196, CVE-2022-3707, CVE-2022-4129, CVE-2022-4382, CVE-2023-1073, CVE-2023-1074, CVE-2023-1078, CVE-2023-22998, CVE-2023-23559, CVE-2023-26545)
Updates:
beta-3510.1.0
Changes since Beta 3493.1.0
Security fixes:
- Linux (CVE-2022-2196, CVE-2022-27672, CVE-2022-3707, CVE-2023-1078, CVE-2023-26545)
- curl (CVE-2022-43551, CVE-2022-43552)
- sudo (CVE-2023-22809)
- vim (CVE-2023-0049, CVE-2023-0051, CVE-2023-0054)
- SDK: qemu (CVE-2022-4172)
Bug fixes:
- Excluded the special Kubernetes network interfaces
nodelocaldns
andkube-ipvs0
from being managed with systemd-networkd which interfered with the setup (init#89).
Updates:
- Linux (5.15.98 (includes 5.15.97, 5.15.96, 5.15.95, 5.15.94, 5.15.93))
- Docker (20.10.23)
- bind tools (9.16.36 (includes 9.16.34 and 9.16.35))
- bpftool (5.19.12)
- ca-certificates (3.88.1)
- containerd (1.6.16)
- curl (7.87.0)
- git (2.39.1 (includes 2.39.0))
- iptables (1.8.8)
- sudo (1.9.12_p2)
- systemd (252.5)
- vim (9.0.1157)
- XZ utils (5.4.1 (includes 5.4.0))
- SDK: boost (1.81.0)
- SDK: file (5.44)
- SDK: portage (3.0.43 (includes 3.0.42))
- SDK: qemu (7.2.0)
- SDK: Rust (1.67.0)
Changes since Alpha 3510.0.0
Security fixes:
Bug fixes:
- Excluded the special Kubernetes network interfaces
nodelocaldns
andkube-ipvs0
from being managed with systemd-networkd which interfered with the setup (init#89).
Updates:
alpha-3535.0.0
Changes since Alpha 3510.0.0
Security fixes:
- Linux (CVE-2022-2196, CVE-2022-27672, CVE-2022-3707, CVE-2023-1078, CVE-2023-26545)
- Go (CVE-2022-41723, CVE-2022-41724, CVE-2022-41725)
- OpenSSH (CVE-2023-25136)
- OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401)
- containerd (CVE-2023-25153, CVE-2023-25173)
- e2fsprogs (CVE-2022-1304)
- intel-microcode (CVE-2022-21216, CVE-2022-33196, CVE-2022-38090)
- less (CVE-2022-46663)
- torcx (CVE-2022-32149)
- SDK: dnsmasq (CVE-2022-0934)
Bug fixes:
- Excluded the special Kubernetes network interfaces
nodelocaldns
andkube-ipvs0
from being managed with systemd-networkd which interfered with the setup (init#89).
Changes:
- Added a new
flatcar-reset
tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift (bootengine#55, init#91) - On boot any files in
/etc
that are the same as provided by the booted/usr/share/flatcar/etc
default for the overlay mount on/etc
are deleted to ensure that future updates of/usr/share/flatcar/etc
are propagated - to opt out create/etc/.no-dup-update
in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied (bootengine#54) - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit (coreos-overlay#2436)
/etc
is now set up as overlayfs with the original/etc
folder being the store for changed files/directories and/usr/share/flatcar/etc
providing the lower default directory tree (bootengine#53, scripts#666)
Updates:
- Linux (5.15.98 (includes 5.15.97, 5.15.96, 5.15.95, 5.15.94, 5.15.93))
- Go (1.19.6)
- Linux Firmware (20230210)
- OpenSSH (9.2)
- OpenSSL (3.0.8)
- btrfs-progs (6.0.2, includes 6.0)
- containerd (1.6.19 (includes 1.6.18))
- e2fsprogs (1.46.6)
- findutils (4.9.0)
- ignition (2.15.0)
- intel-microcode (20230214)
- iputils (20221126)
- less (608)
- libpcre2 (10.42)
- strace (6.1)
- SDK: cmake (3.25.2)
- SDK: dnsmasq (2.89)
- SDK: python (3.10.9 (includes 3.10))
- SDK: Rust (1.67.1)
stable-3374.2.4
Changes since Stable 3374.2.3
Security fixes:
- Linux (CVE-2022-36280, CVE-2022-41218, CVE-2022-47929, CVE-2023-0045, CVE-2023-0179, CVE-2023-0210, CVE-2023-0266, CVE-2023-0394, CVE-2023-23454, CVE-2023-23455)
Updates:
alpha-3510.0.0
Changes since Alpha 3493.0.0
Security fixes:
- Linux (CVE-2022-4842)
- curl (CVE-2022-43551, CVE-2022-43552)
- sudo (CVE-2023-22809)
- vim (CVE-2023-0049, CVE-2023-0051, CVE-2023-0054)
- SDK: qemu (CVE-2022-4172)
Bug fixes:
Changes:
Updates:
- Linux (5.15.92 (includes 5.15.91, 5.15.90))
- bind tools (9.16.36 (includes 9.16.34 and 9.16.35))
- bpftool (5.19.12)
- containerd (1.6.16)
- cri-tools (1.24.2)
- curl (7.87.0)
- Docker (20.10.23)
- git (2.39.1 (includes 2.39.0))
- iptables (1.8.8)
- sudo (1.9.12_p2)
- systemd (252.5 (includes 252))
- XZ utils (5.4.1 (includes 5.4.0))
- vim (9.0.1157)
- SDK: boost (1.81.0)
- SDK: file (5.44)
- SDK: portage (3.0.43 (includes 3.0.42))
- SDK: qemu (7.2.0)
- SDK: Rust (1.67.0)
stable-3374.2.3
Changes since Stable 3374.2.2
Security fixes:
- Linux (CVE-2022-3169, CVE-2022-3344, CVE-2022-3424, CVE-2022-3521, CVE-2022-3534, CVE-2022-3545, CVE-2022-3643, CVE-2022-4378, CVE-2022-45869, CVE-2022-45934, CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521)
- git (CVE-2022-23521, CVE-2022-41903)
Bug fixes:
- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we stay with Kernel 5.15.86. (Flatcar#847, coreos-overlay#2402)