Announcing new releases Alpha 4547.0.0, Beta 4515.1.0, Stable 4459.2.2

3 views

Skip to first unread message

Flatcar Container Linux User

unread,

Dec 18, 2025, 10:58:10 AM (16 hours ago) Dec 18

to Flatcar Container Linux User

Hello,
We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta and Stable channels.

For Equinix Metal users, from this release Flatcar testing is now stopped on this plaform but Equinix Metal Flatcar images will be produced until June 2026.

New Alpha 4547.0.0 release

Changes since Alpha 4515.0.1

Security fixes:

Bug fixes:

Dropped debug symbols from containerd, incus, and overlaybd system extensions to reduce download size.

Changes:

/etc/shadow, /etc/gshadow are now owned by the shadow group, /usr/bin/unix_chkpwd, /usr/bin/chage and /usr/bin/expiry are now also owned by the shadow group with a sticky bit enabled.

Updates:

Linux (6.12.61 (includes 6.12.59, 6.12.60))
Linux firmware (20251125 (includes 20251111))
base, dev: btrfs-progs (6.17)
base, dev: cifs-utils (7.4)
base, dev: coreutils (9.8)
base, dev: hwdata (0.400 (includes 0.399))
base, dev: inih (62 (includes 61))
base, dev: intel-microcode (20251111_p20251112)
base, dev: iproute2 (6.17.0)
base, dev: jose (14 (includes 13))
base, dev: kbd (2.9.0)
base, dev: less (685)
base, dev: libgpg-error (1.56)
base, dev: libtirpc (1.3.7)
base, dev: openssl (3.5.4 (includes 3.5.0, 3.5.1, 3.5.2, 3.5.3))
base, dev: pam (1.7.1 (includes 1.6.0, 1.6.1, 1.7.0))
base, dev: pambase (20251013)
base, dev: samba (4.22.5 (includes 4.22.4))
base, dev: strace (6.17)
base, dev: thin-provisioning-tools (1.3.0 (includes 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.1.0, 1.2.0, 1.2.1, 1.2.2))
base, dev: util-linux (2.41.2)
ca-certificates (3.119 (includes 3.118.1))
dev: portage (3.0.69.3 (includes 3.0.69, 3.0.69.1, 3.0.69.2))
ignition (2.24.0)
sdk: cmake (4.1.2 (includes 4.0, 4.1, 4.1.1))
sdk: go (1.25.3)
sdk: meson (1.9.1 (includes 1.8.0))
sdk: nasm (3.01 (includes 3.00))
sysext-overlaybd: overlaybd (1.0.16)
sysext-podman: aardvark-dns (1.15.0)
sysext-podman: netavark (1.16.1 (includes 1.16.0))
sysext-python: more-itertools (10.8.0)
sysext-python: platformdirs (4.5.0)
sysext-python: resolvelib (1.2.1)
sysext-python: rich (14.2.0)
sysext-python: setuptools-scm (9.2.0 (includes 9.0.0, 9.1.0))
sysext-python: trove-classifiers (2025.9.11.17 (includes 2025.9.8.13, 2025.9.9.12))

New Beta 4515.1.0 release

Changes since Alpha 4515.0.1

Security fixes:

Linux (CVE-2025-40275, CVE-2025-40274, CVE-2025-40273, CVE-2025-40272, CVE-2025-40271, CVE-2025-40289, CVE-2025-40288, CVE-2025-40287, CVE-2025-40269, CVE-2025-40286, CVE-2025-40285, CVE-2025-40284, CVE-2025-40283, CVE-2025-40282, CVE-2025-40281, CVE-2025-40280, CVE-2025-40279, CVE-2025-40278, CVE-2025-40277, CVE-2025-40268, CVE-2025-40214, CVE-2025-40212, CVE-2024-58087, CVE-2024-57879, CVE-2024-57880, CVE-2024-55642, CVE-2024-55641, CVE-2024-55639, CVE-2024-54683, CVE-2024-54460, CVE-2024-54191, CVE-2024-53689, CVE-2024-53682, CVE-2024-53687, CVE-2024-56770, CVE-2024-56661, CVE-2024-56660, CVE-2024-56659, CVE-2024-56658, CVE-2024-56657, CVE-2024-56656, CVE-2024-56655, CVE-2024-56675, CVE-2024-56674, CVE-2024-56673, CVE-2024-56672, CVE-2024-56654, CVE-2024-56671, CVE-2024-56670, CVE-2024-56669, CVE-2024-56668, CVE-2024-56667, CVE-2024-56666, CVE-2024-56665, CVE-2024-56664, CVE-2024-56663, CVE-2024-56662, CVE-2024-56652, CVE-2024-56653, CVE-2024-53241, CVE-2024-53240, CVE-2025-40261, CVE-2025-40266, CVE-2025-40264, CVE-2025-40263, CVE-2025-40262, CVE-2025-40254, CVE-2025-40253, CVE-2025-40252, CVE-2025-40251, CVE-2025-40250, CVE-2025-40259, CVE-2025-40258, CVE-2025-40257, CVE-2025-40246, CVE-2025-40248, CVE-2025-40345)

Updates:

Linux (6.12.61 (includes 6.12.59, 6.12.60))
ca-certificates (3.119 (includes 3.118.1))

Changes since Beta 4459.1.2

Security fixes:

Linux (CVE-2025-40275, CVE-2025-40274, CVE-2025-40273, CVE-2025-40272, CVE-2025-40271, CVE-2025-40289, CVE-2025-40288, CVE-2025-40287, CVE-2025-40269, CVE-2025-40286, CVE-2025-40285, CVE-2025-40284, CVE-2025-40283, CVE-2025-40282, CVE-2025-40281, CVE-2025-40280, CVE-2025-40279, CVE-2025-40278, CVE-2025-40277, CVE-2025-40268, CVE-2025-40214, CVE-2025-40212, CVE-2024-58087, CVE-2024-57879, CVE-2024-57880, CVE-2024-55642, CVE-2024-55641, CVE-2024-55639, CVE-2024-54683, CVE-2024-54460, CVE-2024-54191, CVE-2024-53689, CVE-2024-53682, CVE-2024-53687, CVE-2024-56770, CVE-2024-56661, CVE-2024-56660, CVE-2024-56659, CVE-2024-56658, CVE-2024-56657, CVE-2024-56656, CVE-2024-56655, CVE-2024-56675, CVE-2024-56674, CVE-2024-56673, CVE-2024-56672, CVE-2024-56654, CVE-2024-56671, CVE-2024-56670, CVE-2024-56669, CVE-2024-56668, CVE-2024-56667, CVE-2024-56666, CVE-2024-56665, CVE-2024-56664, CVE-2024-56663, CVE-2024-56662, CVE-2024-56652, CVE-2024-56653, CVE-2024-53241, CVE-2024-53240, CVE-2025-40261, CVE-2025-40266, CVE-2025-40264, CVE-2025-40263, CVE-2025-40262, CVE-2025-40254, CVE-2025-40253, CVE-2025-40252, CVE-2025-40251, CVE-2025-40250, CVE-2025-40259, CVE-2025-40258, CVE-2025-40257, CVE-2025-40246, CVE-2025-40248, CVE-2025-40345)
binutils (CVE-2025-5244, CVE-2025-5245 CVE-2025-8225)
curl (CVE-2025-9086, CVE-2025-10148)
expat (CVE-2025-59375)
go (CVE-2025-47910)
intel-microcode (CVE-2024-28956, CVE-2024-43420, CVE-2024-45332, CVE-2025-20012, CVE-2025-20054, CVE-2025-20103, CVE-2025-20623, CVE-2025-24495, CVE-2025-20053, CVE-2025-20109, CVE-2025-22839, CVE-2025-22840, CVE-2025-22889, CVE-2025-26403)
libpcre2 (CVE-2025-58050)
libxml2 (libxml2-20250908)
libxslt (CVE-2025-7424, CVE-2025-7425)
net-tools (CVE-2025-46836)
nvidia-drivers (CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345)
openssh (CVE-2025-61984, CVE-2025-61985)
openssl (CVE-2025-9230, CVE-2025-9231, CVE-2025-9232)

Bug fixes:

Alpha only: Added Fusion SCSI disk drivers back to the initrd after they got lost in the rework (Flatcar#1924)
Alpha only: Fixed systemd-sysext payload handling for air-gapped/self-hosted updates which was a known bug for 4487.0.0 (ue-rs#93)
Configured the services in the overlaybd sysext to start automatically like the other sysexts. Note that the sysext must be enabled at boot time for this to happen, otherwise you need to call systemd-tmpfiles --create and systemctl daemon-reload first.
Fixed SSSD startup failure by adding back LDB modules into the image, which got lost after a Samba update (Flatcar#1919)
Fixed a kernel boot warning when loading an explicit list of kernel modules in the minimal first-stage initrd (Flatcar#1934)

Changes:

Added support for the kernel cmdline parameters flatcar.release_file_server_url and flatcar.dev_file_server_url to specify custom servers where Flatcar extensions should be downloaded on boot (bootengine#112)
Alpha only: Reduced Azure image size again to 30 GB as before by shrinking the root partition to compensate for the growth of the other partitions (scripts#3460)
Increased all partition sizes: /boot to 1 GB, the two /usr partitions to 2 GB, /oem to 1 GB so that we can use more space in a few years when we can assume that most nodes run the new partition layout - existing nodes can still update for the next years (scripts#3027)
Reduced the kernel+initrd size on /boot by half. Flatcar now uses a minimal first stage initrd just to access the /usr partition and then switches to the full initrd that does the full system preparation as before. Since this means that the set of kernel modules available in the first initrd is reduced, please report any impact.
The way that files for building custom kernel modules are installed has changed from a Ubuntu-inspired method to the standard upstream kernel method. In the unlikely event that this breaks your module builds, please let the Flatcar team know immediately.

Updates:

Linux (6.12.61 (includes 6.12.49, 6.12.50, 6.12.59, 6.12.60))
Linux firmware (20251021 (includes 20250917, 20251011))
Afterburn (5.10.0)
azure, dev: inotify-tools (4.25.9.0)
azure, stackit: chrony (4.8)
base, dev: bash (5.3_p3)
base, dev: bind (9.18.38)
base, dev: bpftool (7.6.0)
base, dev: btrfs-progs (6.16.1 (includes 6.16))
base, dev: coreutils (9.7 (includes 9.6))
base, dev: cryptsetup (2.8.1)
base, dev: curl (8.16.0)
base, dev: expat (2.7.3 (includes 2.7.2))
base, dev: gcc (14.3.1_p20250801)
base, dev: gettext (0.23.2 (includes 0.23.0, 0.23.1))
base, dev: git (2.51.0 (includes 2.50.0))
base, dev: hwdata (0.398)
base, dev: intel-microcode (20250812 (includes 20250512))
base, dev: libffi (3.5.2)
base, dev: libnftnl (1.3.0)
base, dev: libxml2 (2.14.6 (includes 2.13.9, 2.14.0, 2.14.1, 2.14.2, 2.14.3, 2.14.4, 2.14.5))
base, dev: ncurses (6.5_p20250802)
base, dev: nftables (1.1.5 (includes 1.1.4))
base, dev: nvidia-drivers-service (570.195.03 (includes 535.274.02))
base, dev: openssh (10.2_p1 (includes 10.1))
base, dev: openssl (3.4.3)
base, dev: readline (8.3_p1)
base, dev: samba (4.22.3 (includes 4.21.0, 4.22.0, 4.22.1, 4.22.2))
base, dev: talloc (2.4.3)
base, dev: tdb (1.4.13)
base, dev: tevent (0.16.2)
base, dev: xfsprogs (6.16.0 (includes 6.15.0))
ca-certificates (3.119 (includes 3.118.1))
dev, sysext-incus: squashfs-tools (4.7.2 (includes 4.7.1))
dev: binutils (2.45)
sdk: azure-core (1.16.1)
sdk: azure-identity (1.13.1)
sdk: cmake (3.31.9)
sdk: go (1.25.1 (includes 1.24.7, 1.25))
sdk: pkgcheck (0.10.37)
sdk: qemu (10.0.5)
sdk: rust (1.89.0)
sysext-containerd: containerd (2.1.4)
sysext-containerd: runc (1.3.1)
sysext-incus, sysext-podman, vmware: fuse (3.17.4)
sysext-nvidia-drivers-535: nvidia-drivers (535.274.02)
sysext-nvidia-drivers-570: nvidia-drivers (570.195.03 (includes 570.190))
sysext-podman: crun (1.21)
sysext-podman: gpgme (2.0.0)
sysext-podman: netavark (1.15.2 (includes 1.15.0, 1.15.1))
sysext-podman: passt (2025.06.11)
sysext-python: charset-normalizer (3.4.3)
sysext-python: jaraco-functools (4.3.0)
sysext-python: markdown-it-py (4.0.0)
sysext-python: pip (25.2)
sysext-python: platformdirs (4.4.0)
sysext-python: requests (2.32.5)
sysext-python: typing-extensions (4.15.0)
systemd (257.9)
vmware: open-vm-tools (13.0.5)

New Stable 4459.2.2 release

Changes since Stable 4459.2.1

Security fixes:

Linux (CVE-2025-40275, CVE-2025-40274, CVE-2025-40273, CVE-2025-40272, CVE-2025-40271, CVE-2025-40289, CVE-2025-40288, CVE-2025-40287, CVE-2025-40269, CVE-2025-40286, CVE-2025-40285, CVE-2025-40284, CVE-2025-40283, CVE-2025-40282, CVE-2025-40281, CVE-2025-40280, CVE-2025-40279, CVE-2025-40278, CVE-2025-40277, CVE-2025-40268, CVE-2025-40214, CVE-2025-40212, CVE-2024-58087, CVE-2024-57879, CVE-2024-57880, CVE-2024-55642, CVE-2024-55641, CVE-2024-55639, CVE-2024-54683, CVE-2024-54460, CVE-2024-54191, CVE-2024-53689, CVE-2024-53682, CVE-2024-53687, CVE-2024-56770, CVE-2024-56661, CVE-2024-56660, CVE-2024-56659, CVE-2024-56658, CVE-2024-56657, CVE-2024-56656, CVE-2024-56655, CVE-2024-56675, CVE-2024-56674, CVE-2024-56673, CVE-2024-56672, CVE-2024-56654, CVE-2024-56671, CVE-2024-56670, CVE-2024-56669, CVE-2024-56668, CVE-2024-56667, CVE-2024-56666, CVE-2024-56665, CVE-2024-56664, CVE-2024-56663, CVE-2024-56662, CVE-2024-56652, CVE-2024-56653, CVE-2024-53241, CVE-2024-53240, CVE-2025-40261, CVE-2025-40266, CVE-2025-40264, CVE-2025-40263, CVE-2025-40262, CVE-2025-40254, CVE-2025-40253, CVE-2025-40252, CVE-2025-40251, CVE-2025-40250, CVE-2025-40259, CVE-2025-40258, CVE-2025-40257, CVE-2025-40246, CVE-2025-40248, CVE-2025-40345)

Updates:

Linux (6.12.61 (includes (6.12.59, 6.12.60)))
ca-certificates (3.119 (includes 3.118.1))

Best,
The Flatcar Container Linux Maintainers

Reply all

Reply to author

Forward

0 new messages