Announcing Flatcar Container Linux Stable release 2605.11.0, Beta release 2705.1.1 and Alpha release 2748.0.0

[Flatcar Container Linux User]

Hello,

We are pleased to announce Flatcar Container Linux maintenance releases for our Stable and Beta channels, as well as a new release for the Alpha channel.

New Alpha release 2748.0.0

Security fixes

• Linux - CVE-2020-27815, CVE-2020-27830, CVE-2020-27835, CVE-2020-28588, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661

Bug fixes

• afterburn (coreos-metadata): Restart on failure and keep coreos-metadata unit active (kinvolk/coreos-overlay#768)

• networkd: avoid managing MAC addresses for veth devices (kinvolk/init#33)

Changes

• Updated nsswitch.conf to use systemd-resolved (kinvolk/baselayout#10)

• Enabled systemd-resolved stub listeners (kinvolk/baselayout#11)

• systemd-resolved: Disabled DNSSEC for the mean time (kinvolk/baselayout#14)

• kernel: enabled CONFIG_DEBUG_INFO_BTF (kinvolk/coreos-overlay#753)

• containerd: Switched to default upstream socket location while keeping a symlink for the previous location in Flatcar (kinvolk/coreos-overlay#771)

• containerd: Disabled shim debug logs (kinvolk/coreos-overlay#766)

Updates

• Linux (5.10.4)

• Linux firmware (20201218)

• SDK: Rust (1.48.0)

Note: Please note that ARM images remain experimental for now.

Maintenance Beta release 2705.1.1

Security fixes

• Linux - CVE-2020-27835, CVE-2020-29661, CVE-2020-29660, CVE-2020-27830, CVE-2020-28588

Bug fixes

• The sysctl `net.ipv4.conf.*.rp_filter` is set to `0` for the Cilium CNI plugin to work (kinvolk/Flatcar#181)

• Package downloads in the developer container now use the correct URL again (kinvolk/Flatcar#298)

• networkd: avoid managing MAC addresses for veth devices (kinvolk/init#33)

Changes

• The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 (kinvolk/baselayout#13)

• Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker (kinvolk/Flatcar#283)

• For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances (kinvolk/update-engine#8)

Updates

• Linux (5.9.16)

• containerd (1.4.3)

• Docker (19.03.14)

Maintenance Stable release 2605.11.0

Security fixes

• Linux - CVE-2020-27815, CVE-2020-29568, CVE-2020-29569

Bug fixes

• networkd: avoid managing MAC addresses for veth devices (kinvolk/init#33)

Updates

• Linux (5.4.87)

Best,

The Flatcar Container Linux team at Kinvolk