Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Announcing new releases Alpha 4081.0.0, Beta 4054.1.0 and Stable 3975.2.1

3 views
Skip to first unread message

Flatcar Container Linux User

unread,
Sep 5, 2024, 10:23:27 AM9/5/24
to Flatcar Container Linux User

Hello,

We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta and Stable channel.

Alpha 4081.0.0

Changes since Alpha 4054.0.0

Security fixes: Bug fixes:
  • Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
  • Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)
  • Fixed slow boots PXE and ISO boots caused by the decrypt-root.service. (Flatcar#1514)
  • Fixed the initrd option in the QEMU launcher script. It was -R, but this was already taken by the read-only pflash option, so use -r instead. (scripts#2239)
Changes:
  • Replace nmap netcat with openbsd variant. The license didn't get an exception from CNCF. Something about the definition of "derivative works" being too broad.
  • The docker build command will now use buildx as its backend as the old one became deprecated and a loud "DEPRECATED" information is printed every time it's used.
Updates: Beta 4054.1.0

Changes since Beta 4012.1.0

Security fixes: Bug fixes:
  • Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
  • Fixed bad usage of gpg that prevented flatcar-install from being used with custom signing keys (Flatcar#1471)
  • Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)
Changes:
  • As part of the update to Catalyst 4 (used to build the SDK), the coreos package repository has been renamed to coreos-overlay to match its directory name. This will be reflected in package listings and package manager output. (flatcar/scripts#2115)
  • The kernel security module Landlock is now enabled for programs to sandbox themselves (flatcar/scripts#2158)
Updates:

Changes since Alpha 4054.0.0

Security fixes: Bug fixes:
  • Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
  • Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)
Updates: Stable 3975.2.1

Changes since Stable 3975.2.0

Security fixes: Bug fixes:
  • Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
  • Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)
Updates:

Best,

The Flatcar Container Linux Maintainers

Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages