Kubernetes v1.28.12 is live!

142 views
Skip to first unread message

Carlos Tadeu Panato Jr

unread,
Jul 17, 2024, 7:08:32 AMJul 17
to dev, kubernetes-announce
Kubernetes Community,

Kubernetes v1.28.12 has been built and pushed using Golang version 1.22.5.

The release notes have been updated in CHANGELOG-1.28.md, with a pointer to them on GitHub:


v1.28.12

Downloads for v1.28.12

Source Code

filenamesha512 hash
kubernetes.tar.gzf8bd6e65af7abffde8ba359254ddc167c2945464e989f56ca52a9ec75357fecd64f1c149c2f44be15d737221d9823acf57453d0a498f9232fee84a5dedb334f6
kubernetes-src.tar.gzb9e0d50b7726886013dab700aa55f3f63498f0e32608643ba244efd0969fcd579c67f1efe8254d9515c7a8e01b95f1bde145bf0cd3ee27ea8daacffa3100e6bf

Client Binaries

filenamesha512 hash
kubernetes-client-darwin-amd64.tar.gzad03e83915a45c9099f3609cef0421f8828b124a633cddb2bac8e9e0f1533a8dd5e4763cf4384c69b73359f0fa0bf4c981a36d2f8919a74f3bd9e117ecb0ebe1
kubernetes-client-darwin-arm64.tar.gz654248ad1a3b684ec6876cd69bea449a7fdeef8711334c71110d1f6693ec8259f5a7c0aa7f6ece1a853be698ee529b1f0a6fcc8ef5e70562f221a71d41981747
kubernetes-client-linux-386.tar.gzd157ed5c78b0f2c234fbdb52ce0be3e6fc2bed12c6c6d3cad5bd4d83b46b7fbb9efd0e4c02624b9915f48f79174e75a18d6cc59d02cfe8ee9d4a9ed7f84aac02
kubernetes-client-linux-amd64.tar.gz096468159d29ea3bde4ae798eab257e967bcfd4837d5cd31ded074482d1338b4c3faaf6f41a61406c0ba58246104ca3b1847772479373055500ee442f8b5b375
kubernetes-client-linux-arm.tar.gz92e4bdeb0e44a9f92d43443383f0415298ad80c1aaf07d7aaf8b7cd68442ba2d841dd394f549c94d1dab45263369ee45b44de419456d6fa87adfac9a9c06df18
kubernetes-client-linux-arm64.tar.gzde0131addf3719195a99d5efc8bde70229c18ac66c6b69dbf53131dc1719264e8570ef5c7fe4fd1da01d32fde8ad775ac294f0fd36051884c7ee8f4c9e749905
kubernetes-client-linux-ppc64le.tar.gz79ccb60e7f23cfb1b6c4c6f224336df1718a9a36294906a14bb442062a4bacf23fcc166b1a0799d0b6ff8e0abc2648617942b4d2bd7a66953f7758569156a7bd
kubernetes-client-linux-s390x.tar.gza82d50c28db1c00088c12c1dd69e08f30b691bf6b833f5038be73b1b23eb70c3c1d1ceaf4093efaa7e0b4dbe80c9f6d258e803e1e7df6e85b289a28496a9e05e
kubernetes-client-windows-386.tar.gz70ac0d538e9122cb523da5c6455c4c1ac964fe8bcaae5a0ded8af7eb155550a881c334f4cda5dd169832ebe75fec4559085d942515f2bd2a88ea4ec20773babc
kubernetes-client-windows-amd64.tar.gzafbfe1cb54926997eb66d015d37bf4804f7d1af85a8453ddf1b44000b99d77140f502f313c330b5b9261b55aed6b046b02cbde898c51a443e4c859f40e9ec339
kubernetes-client-windows-arm64.tar.gz71036bc67f853cf8477f9231a316f7e10414d4ced28bdad301919e4dff87db6c1870049e141299cb3ad4e085d5bfe401bc598246aeff4ca6305c42b2a6ebca54

Server Binaries

filenamesha512 hash
kubernetes-server-linux-amd64.tar.gzbd63f5561c198c3e36b076c2fac01d5dd1c70d2d82ced73da38b6a8bca6f4cc6b3c1dd0692206f02d2425009c084984ec692f11d88d2d41d538af48be259f10d
kubernetes-server-linux-arm64.tar.gz187d0e2b6bb7bfcf7a675df934bf7e4b66547a357faafe26a9ae343983fff6a644b0303e12c0095ffb6c501c4dc2e1b1fbf9d03a019a5994f5e3e8fb1333a0c8
kubernetes-server-linux-ppc64le.tar.gz165ff3f9e187b044538c7c5dc5811ac455fc5bb9ea31e805f3914d84e927b84c80241e2d5a1e42b66f9038dcac347d79b89a2ed6c4157bbf92aedfae9fec2679
kubernetes-server-linux-s390x.tar.gz8a39aafaed3de50c25091c67dad8e5b494b7b6692ba17c516105e807a6213421b24573e3b630b50a5e7cb87a0fd12eaf69ac8dece3d62f86fdab84e4be3f8958

Node Binaries

filenamesha512 hash
kubernetes-node-linux-amd64.tar.gz62b418226adbe1dd21bee280a9e49eefa55d4b064c010aedb8e0cca5b13ba8ad4bd3a4f774b036fe5cdd6ae70e56fae4ed5f018feb509b87b2effb28a1074774
kubernetes-node-linux-arm64.tar.gz066b5b7b0c388256f2fedda56ebc16e5cc4d3665f4d585acd9728c7cff70aca2778fc7975a501d04c136d137fa1cf3a310cf14a0f420ff21f8d59d4ea6c13e6b
kubernetes-node-linux-ppc64le.tar.gza375fac0c44a008176c3dc88bd95d7f7480db22be7ede0bada8d003e9732b1a74018d98916676e82fb01a23b644bebb1d94c8cf3adfe11be07475c245390d96c
kubernetes-node-linux-s390x.tar.gz3e4c7b70f2cdf8a399afd9b6d4008904c5ab048ad09dd04d51217e79dbee9c55d6cc1dcfb1b53ebe292a166c05f5fb119d73f1b7ae4044cb80df7113395032fb
kubernetes-node-windows-amd64.tar.gz646c6cf360506e70d7a43739a0f3295c60dc5dccd40f017cbbe02961111fa94ee4d8cf0fae24e11720dfe8aeaef7edb5f43718485a28a227b38d485558e6aa9e

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

namearchitectures
registry.k8s.io/conformance:v1.28.12amd64arm64ppc64les390x
registry.k8s.io/kube-apiserver:v1.28.12amd64arm64ppc64les390x
registry.k8s.io/kube-controller-manager:v1.28.12amd64arm64ppc64les390x
registry.k8s.io/kube-proxy:v1.28.12amd64arm64ppc64les390x
registry.k8s.io/kube-scheduler:v1.28.12amd64arm64ppc64les390x
registry.k8s.io/kubectl:v1.28.12amd64arm64ppc64les390x

Changelog since v1.28.11

Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2024-5321: Incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

Affected Versions:

  • kubelet <= 1.27.15
  • kubelet <= 1.28.11
  • kubelet <= 1.29.6
  • kubelet <= 1.30.2

Fixed Versions:

  • kubelet 1.27.16
  • kubelet 1.28.12
  • kubelet 1.29.7
  • kubelet 1.30.3

This vulnerability was reported by Paulo Gomes @pjbgf from SUSE.

CVSS Rating: Medium (6.1) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Changes by Kind

Feature

  • Kubernetes is now built with go 1.22.4 (#125670@cpanato) [SIG Release and Testing]
  • Kubernetes is now built with go 1.22.5 (#125897@cpanato) [SIG Release and Testing]

Bug or Regression

  • Add /sys/devices/virtual/powercap to default masked paths. It avoids the potential security risk that the ability to read these files may offer a power-based sidechannel attack against any workloads running on the same kernel. (#125970@carlory) [SIG Node]

  • Fix a bug that Pods could stuck in the unschedulable pod pool if they're rejected by PreEnqueue plugins that could change its result by a change in resources apart from Pods.

    DRA plugin is the only plugin that meets the criteria of the bug in in-tree, and hence if you have DynamicResourceAllocation feature flag enabled, your DRA Pods could be affected by this bug. (#125645@sanposhiho) [SIG Scheduling]

  • Fix endpoints status out-of-sync when the pod state changes rapidly (#125675@tnqn) [SIG Apps, Network and Testing]

  • For statically provisioned PVs, if its volume source is CSI type or it has migrated annotation, when it's deleted, the PersisentVolume controller won't changes its phase to the Failed state.

    With this patch, the external provisioner can remove the finalizer in next reconcile loop. Unfortunately if the provious existing pv has the Failed state, this patch won't take effort. It requires users to remove finalizer. (#126045@carlory) [SIG Apps and Storage]

  • NONE (#126127@cji) [SIG Node and Windows]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.



Contributors, the CHANGELOG-1.28.md has been bootstrapped with v1.28.12 release notes and you may edit now as needed.



Published by your Kubernetes Release Managers.

Reply all
Reply to author
Forward
0 new messages