Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Announcing new releases Alpha 4152.0.0, Beta 4116.1.0 and Stable 4081.2.0

10 views
Skip to first unread message

Flatcar Container Linux User

unread,
Nov 13, 2024, 10:38:03 AM11/13/24
to Flatcar Container Linux User

Hello,

We are pleased to announce a new Flatcar Container Linux major release for the Alpha, Beta and Stable channel.

⚠️⚠️⚠️ End of support for CGroupsV1 in early 2025 ⚠️⚠️⚠️

Flatcar will stop supporting the cgroups v1 backwards compatibility mode in Q1 2025. With our adoption of systemd-256, support for legacy CGroupsV1 will end in Alpha, Beta, and eventually Stable. Enabling legacy CGroupsV1 during deployment will not be supported anymore. Nodes that use CGroupsV1 legacy mode will fail to update. This ensures your workloads will not be disrupted. Enable CGroupsV2 on your legacy CGroupsV1 nodes in order to successfully update.

LTS-2024 will support CGroupsV1 until late 2025.

Stable 4081.2.0

Changes since Stable 3975.2.2

Security fixes: Bug fixes:
  • CloudSigma: Disabled the new DHCP RapidCommit feature which is enabled by default since systemd 255. CloudSigma provides an incompatible implementation which results in cloud-init not being applied as no IP is issued. See: (flatcar/scripts#2016)
  • Fixed bad usage of gpg that prevented flatcar-install from being used with custom signing keys (Flatcar#1471)
  • Fixed the initrd option in the QEMU launcher script. It was -R, but this was already taken by the read-only pflash option, so use -r instead. (scripts#2239)
Changes:
  • As part of the update to Catalyst 4 (used to build the SDK), the coreos package repository has been renamed to coreos-overlay to match its directory name. This will be reflected in package listings and package manager output. (flatcar/scripts#2115)
  • Provided a Python Flatcar extension as optional systemd-sysext image with the release. Write 'python' to /etc/flatcar/enabled-sysext.conf through Ignition and the sysext will be installed during provisioning (scripts#1979)
  • Added Akamai / Linode images (flatcar/scripts#1806)
  • Removed unused grub executable duplicate files and removed grub modules that are already assembled in the grub executable (flatcar/scripts#1955).
  • Replace nmap netcat with openbsd variant. The license didn't get an exception from CNCF. Something about the definition of "derivative works" being too broad.
  • The docker build command will now use buildx as its backend as the old one became deprecated and a loud "DEPRECATED" information is printed every time it's used.
  • The kernel security module Landlock is now enabled for programs to sandbox themselves (flatcar/scripts#2158)
  • libcrypt is now provided by the libxcrypt library instead of glibc. Glibc libcrypt was deprecated long time ago.
  • Disable CONFIG_NFS_V4_2_READ_PLUS kernel config to fix nfs-ganesha (flatcar/scripts#2390)
Updates:

Changes since Beta 4081.1.0

Security fixes: Changes: Updates: Beta 4116.1.0

Changes since Beta 4081.1.0

Security fixes: Changes:
  • Kernel lockdown in integrity mode is now enabled when secure boot is enabled. This prevents loading unsigned kernel modules and matches the behavior of all major distros. (scripts#2299)
  • The /usr/sbin directory is now merged into /usr/bin, so the former became a symlink to the latter. The SDK now has the same base layout as the generic images. (flatcar/scripts#2068)
  • Disable CONFIG_NFS_V4_2_READ_PLUS kernel config to fix nfs-ganesha (flatcar/scripts#2390)
Updates:

Changes since Alpha 4116.0.0

Security fixes: