Announcing new releases Alpha 3975.0.0, Beta 3941.1.0 and Stable 3815.2.3

[Flatcar Container Linux User]

Hello,

We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta, Stable channel.

Alpha 3975.0.0

Changes since Alpha 3941.0.0

Security fixes:

• Linux (CVE-2023-28746, CVE-2023-47233, CVE-2023-52639, CVE-2023-6270, CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24861, CVE-2024-26642, CVE-2024-26643, CVE-2024-26651, CVE-2024-26652, CVE-2024-26654, CVE-2024-26656, CVE-2024-26783, CVE-2024-26809)
• expat (CVE-2023-52425, CVE-2024-28757)
• glibc (CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602)
• gnutls (CVE-2024-28834, CVE-2024-28835)
• intel-microcode (CVE-2023-22655, CVE-2023-28746, CVE-2023-38575, CVE-2023-39368, CVE-2023-43490)
• less (CVE-2024-32487)
• SDK: python (CVE-2023-6597, CVE-2024-0450, gh-81194, gh-113659, gh-102388, gh-114572, gh-115243)

Changes:

• Added Hetzner images (scripts#1880)
• Added KubeVirt qcow2 image for amd64/arm64 (scripts#1962)
• Added azure-nvme-utils to the image, which is used by udev to create symlinks for NVMe disks on Azure v6 instances under /dev/disk/azure/. (scripts#1950)
• Backported systemd-sysext mutable overlays functionality from yet-unreleased systemd v256. (scripts#1753)
• Provided a Podman Flatcar extension as optional systemd-sysext image with the release. Write 'podman' to /etc/flatcar/enabled-sysext.conf through Ignition and the sysext will be installed during provisioning (scripts#1964)
• Scaleway: images are now provided directly as .qcow2 to ease the import on Scaleway (scripts#1953)

Updates:

• Linux (6.6.30 (includes 6.6.29, 6.6.28, 6.6.27, 6.6.26, 6.6.25, 6.6.24, 6.6.23, 6.6.22))
• Linux Firmware (20240513)
• ca-certificates (3.100)
• containerd (1.7.17 (includes 1.7.16))
• expat (2.6.2 (includes 2.6.1 and 2.6.0))
• gnutls (3.8.5 (includes 3.8.4))
• intel-microcode (20240312)
• libunistring (1.2)
• systemd (255.4)
• SDK: python (3.11.9)
• SDK: Rust (1.77.2)

Beta 3941.1.0

Changes since Beta 3913.1.0

Security fixes:

• Linux (CVE-2023-28746, CVE-2023-47233, CVE-2023-52639, CVE-2023-6270, CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24861, CVE-2024-26642, CVE-2024-26643, CVE-2024-26651, CVE-2024-26652, CVE-2024-26654, CVE-2024-26656, CVE-2024-26783, CVE-2024-26809)
• c-ares (CVE-2024-25629)
• coreutils (coreutils-2024-03-28)
• curl (CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466)
• glibc (CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602)
• nghttp2 (CVE-2024-28182)

Changes:

• Added zram-generator package to the image (scripts#1772)
• Add Intel igc driver to support I225/I226 family NICs. (scripts#1786)
• Added Hetzner images (scripts#1880)
• Added Hyper-V VHDX image (scripts#1791)
• Enabled amd-pstate,amd-pstate-epp cpufreq drivers for some AMD CPUs in the kernel. (scripts#1770)
• Enabled ntpd by default on AWS & GCP, enabled chronyd by default on Azure. The native time sync source is used on each cloud. (scripts#1792)
• Enabled the ptp_vmw module in the kernel.
• Hyper-V images, both .vhd and .vhdx files are available as zip compressed, switching from bzip2 to a built-in available Windows compression - zip (scripts#1878)
• OpenStack, Brightbox: Added the flatcar.autologin kernel cmdline parameter by default as the hypervisor manages access to the console (scripts#1866)
• Removed actool from the image and acbuild from the SDK as these tools are deprecated and not used (scripts#1817)
• Scaleway: images are now provided directly as .qcow2 to ease the import on Scaleway (scripts#1953)
• Switched ptp_kvm from kernel builtin to module.
• The default VM memory was bumped to 2 GB in the Qemu script and for VMware OVFs

Updates:

• Linux (6.6.30 (includes 6.6.29, 6.6.28, 6.6.27, 6.6.26, 6.6.25, 6.6.24, 6.6.23, 6.6.22))
• acl (2.3.2)
• attr (2.5.2)
• bpftool (6.7.6)
• c-ares (1.27.0 (includes 1.26.0))
• ca-certificates (3.100 (includes 3.99))
• containerd (1.7.15 includes (1.7.14))
• coreutils (9.5)
• curl (8.7.1 (includes 8.7.0))
• ethtool (6.7)
• git (2.43.2)
• inih (58)
• ipset (7.21 (includes 7.20))
• iputils (20240117 (includes 20231222)
• libnvme (1.8)
• nghttp2 (1.61.0 (includes 1.58.0, 1.59.0 and 1.60.0))
• nvme-cli (2.8)
• open-vm-tools (12.4.0)
• samba (4.18.9)
• selinux-refpolicy (2.20240226)
• SDK: libpng (1.6.43 (includes 1.6.42 and 1.6.41))

• SDK: Rust (1.77.1 (includes 1.77.0))

Changes since Alpha 3941.0.0

Security fixes:

• Linux (CVE-2023-28746, CVE-2023-47233, CVE-2023-52639, CVE-2023-6270, CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24861, CVE-2024-26642, CVE-2024-26643, CVE-2024-26651, CVE-2024-26652, CVE-2024-26654, CVE-2024-26656, CVE-2024-26783, CVE-2024-26809)
• glibc (CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602)

Changes:

• Added Hetzner images (scripts#1880)
• Scaleway: images are now provided directly as .qcow2 to ease the import on Scaleway (scripts#1953)

Updates:

• Linux (6.6.30 (includes 6.6.29, 6.6.28, 6.6.27, 6.6.26, 6.6.25, 6.6.24, 6.6.23, 6.6.22))
• ca-certificates (3.100)

Stable 3815.2.3

Changes since Stable 3815.2.2

Updates:

• Linux (6.1.90 (includes 6.1.89, 6.1.88, 6.1.87, 6.1.86))
• ca-certificates (3.100)

Best,

The Flatcar Container Linux Maintainers