Announcing new Alpha release 3185.0.0, Beta release 3139.1.1, Stable release 3033.2.4
12 views
Skip to first unread message
Flatcar Container Linux User
Mar 24, 2022, 8:08:53 AM3/24/22
to Flatcar Container Linux User
Hello,
We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta, and Stable channel.
New Alpha Release 3185.0.0
Changes since Alpha-3165.0.0
Security fixes- Linux (CVE-2022-25636)
- Go (CVE-2022-24921)
- containerd (CVE-2022-23648)
- cryptsetup (CVE-2021-4122)
- intel-microcode (CVE-2021-0127, CVE-2021-0146)
- nvidia-drivers (CVE-2022-21814, CVE-2022-21813)
- openssl (CVE-2022-0778)
- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) (Flatcar#665, coreos-overlay#1723)
- Re-added the brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used (bootengine#40)
- Merge the Flatcar Pro features into the regular Flatcar images (coreos-overlay#1679)
- Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the docs section for details
- Made SELinux enabled by default in default containerd configuration file. (coreos-overlay#1699)
- Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments (coreos-overlay#1700)
- Enabled systemd-sysext.service to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service ensure-sysext.service which reloads the systemd units to reevaluate the sockets, timers, and multi-user targets when systemd-sysext.service is (re)started, making it possible to enable units that are part of a sysext image (init#65)
- For amd64 /usr/lib used to be a symlink to /usr/lib64 but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case /usr/lib64 was used to access, e.g., the modules folder or the systemd folder (coreos-overlay#1713, flatcar-scripts#255)
- Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don’t have a strong coupling, meaning the only metadata required is SYSEXT_LEVEL=1.0 and ID=flatcar (#643)
- OpenStack: In addition to the bz2 image, a gz compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.
- DigitalOcean: In addition to the bz2 image, a gz compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.
- SDK: The image compression format is now configurable. Supported formats are: bz2, gz, zip, none, zst. Selecting the image format can now be done by passing the --image_compression_formats option. This flag gets a comma separated list of formats.
- Linux (5.15.30 (from 5.15.25, includes 5.15.26, 5.15.27, 5.15.28, 5.15.29))
- Linux Firmware (20220310)
- Go (1.17.8)
- ca-certificates (3.76)
- containerd (1.6.1)
- cryptsetup (2.4.3)
- Docker (20.10.13)
- dosfstools (4.2)
- grep (3.7)
- ignition (2.13.0)
- intel-microcode (20220207_p20220207)
- iperf (3.10.1)
- less (590)
- lsscsi (0.32)
- nvidia-drivers (510.47.03)
- nvme-cli (1.16)
- openssl (3.0.2)
- pam (1.5.1_p20210622)
- pambase (20220214)
- pinentry (1.2.0)
- quota (4.06)
- rpcbind (1.2.6)
- socat (1.7.4.3)
- thin-provisioning-tools (0.9.0)
- timezone-data (2021a)
- whois (5.5.11)
- xfsprogs (5.14.2)
- VMWare: open-vm-tools (12.0.0)
- SDK: man-db (2.9.4)
- SDK: Rust (1.59.0)
New Beta Release 3139.1.1
Changes since Beta-3139.1.0
Security fixes- Linux (CVE-2022-25636)
- Go (CVE-2022-24921)
- systemd (CVE-2021-3997)
- containerd (CVE-2022-23648)
- openssl (CVE-2022-0778)
- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) (Flatcar#665, coreos-overlay#1723)
- Re-added the brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used (bootengine#40)
- (none)
- Linux (5.15.30 (from 5.15.25, includes 5.15.26, 5.15.27, 5.15.28, 5.15.29))
- Go (1.17.8)
- systemd (249.10)
- ca-certificates (3.76)
- containerd (1.5.10)
- openssl (3.0.2)
New Stable Release 3033.2.4
Changes since Stable-3033.2.3
Security fixes- Linux (CVE-2022-25636)
- Go (CVE-2022-24921)
- systemd (CVE-2021-3997)
- containerd (CVE-2022-23648)
- openssl (CVE-2022-0778)
- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) (Flatcar#665, coreos-overlay#1720)
- Added support for switching back to CGroupsV1 without requiring a reboot. Create /etc/flatcar-cgroupv1 through ignition. (coreos-overlay#1666)
- Linux (5.10.107 (from 5.10.102, includes 5.10.103, 5.10.104, 5.10.105, 5.10.106))
- Go (1.17.8)
- systemd (249.10)
- ca-certificates (3.76)
- containerd (1.5.10)
- openssl (1.1.1n)
Best,
The Flatcar Container Linux Maintainers
Reply all
Reply to author
Forward
0 new messages