Kubernetes v1.28.1 is live!

109 views
Skip to first unread message

Marko Mudrinić

unread,
Aug 24, 2023, 7:28:57 PM8/24/23
to kubernetes-announce, dev
Kubernetes Community,

Kubernetes v1.28.1 has been built and pushed using Golang version 1.20.7.

The release notes have been updated in CHANGELOG-1.28.md, with a pointer to them on GitHub:

v1.28.1

Downloads for v1.28.1

Source Code

filename sha512 hash
kubernetes.tar.gz 87829907851a0f75bdca725d89c1290ca898fb92c0c6271fc6ddda8c06361bb0131306700b5c7c96d9f083b223e61e3d4cc55479de21cd4de64ab942ce2f91e2
kubernetes-src.tar.gz 52297b3ef9082933d55973bddd54249dccb0b3aeb6ca131d80a35d6c60c70711042b6373d66fb1bf9e79046a4a366060a31faef0033ae5e29f14df8e5f1c6f87

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 2a0bdb8dffb4d710ee01ca48437da9f80f8568efb4c9ac7a13b201d307e9f68698b2c102b8fcd2f59e4082cd330229ac5febfb6e99dea2a90c2aa93aa176d720
kubernetes-client-darwin-arm64.tar.gz 7824c1907510fda1a91870f55adad9ff4d5e7b01d2cfb9805e7b8c56c24aaa4b6aefd3ad5f374eb6f97056142d5d5ea9ed552347d293789eafe3bc56fcd17326
kubernetes-client-linux-386.tar.gz ef812e222d771bb29209d3a66e4168c0f03922b3cc8585151833ce304f30b124e97cec27fa2ae5abe990bf901f27db81835c817e70ae6738d2b58e863854e996
kubernetes-client-linux-amd64.tar.gz b5e9823886c8c26c22078cf5cd233612f38240e5ceb3c7bc5c032fbbfee59f6a631b53aa541bf8afc2eba496f5d0476357d1738cf771aaa95661c83d91372b51
kubernetes-client-linux-arm.tar.gz fae089315283125f5a30103260319daefaf092aa488175000ad19ff55bb90b62f9b7d3b9fe446b3103087f06fd353d96f521a8f8f33cd2cf3e0887183ff3087f
kubernetes-client-linux-arm64.tar.gz a46645ca155fb3a98159678b92f0075a14ea731a0e0feebc1f2f243e2b50f7413272969aabd6feb7a68f1d64de66fb330e389edc326c8ec90457b3c7c9b25783
kubernetes-client-linux-ppc64le.tar.gz 45259cabe085abba6d0255bdecd6890c89a098a7dcc8f65013acdaf1471a013d4671c04b047f36c160b7623e476266c375e0c87e3e1d3ba666c9f27a184bfc78
kubernetes-client-linux-s390x.tar.gz 72f8a4f15745bec71328bd3ec346cf886b0a56bc409bc0c756828bfa74e6e52e7bf444a40da133a9de899df60c2e44082fd60e5532d9f1fef8c948827e8ef51e
kubernetes-client-windows-386.tar.gz 7a2b3d717f586b14720c97642a2f7a8bbb6720f874a4dbb22a8f450598017e3247ed1c1e861993a489fedb10ebd782aa074182061323b0c3509ace10534b9a3f
kubernetes-client-windows-amd64.tar.gz ebc759a5164fbe9c292db46c9ed2070d6162a2ba7bc2d246d2538d5d9322ca08d309507e428b954616e0c4fe21db32671300970bb0fbd8286e85461d9dcc4487
kubernetes-client-windows-arm64.tar.gz a77c2ed43148fe914d483862481dbe70ef459bf56d1c4b7a75e4146b67be41b5d54756b94414ad6013c31a13affe13594600462551a64bc0ce82883b8b44cc35

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 5727d958896b8032667111da019b0ea39ed1040f966c6758180f5f42656c5c78965cd61c162d64ae9df830fcfaddf61c1d05433430facb20fe2b96e4e1a4716f
kubernetes-server-linux-arm64.tar.gz ab3df8c2d10a91ab155b2c615b4ae95650d949294503a3863fd93181417287e50a4b1b3641e48e6f729c2fa666b4d62e620234841c5047ed9789d567cb600a37
kubernetes-server-linux-ppc64le.tar.gz 4a8a86e10b90944fbb0a80f55b99bba77ff5e82806cb11a13286c9e434523eee3723960ad9615a5d44e74e693041575624f2e82132c17441d9faa4bd21170a59
kubernetes-server-linux-s390x.tar.gz 12ebaeba75861087d058cbf65b2853d54a802d61408f7fd05480d0f00ebb06240d00b84cbfc445f66478f359deb65a265e0108f7e4f1f82dc664c12be82a17f9

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz d736a6abfeec797a48944caf926c737fb67e9cb2fa20913b4d5c2b1b12b2aca550a82bb4a20836f15fe8c4054e5fe7aebd3f380845054eaad9774fd68296ac48
kubernetes-node-linux-arm64.tar.gz c1f7984b4f173c98bc0020348848eee50a42193fb49803229bc79efafc89ea4e9d23398aea96f393265e6ba2705b0c0edb1372b0052f6567b455a12798ec9f4e
kubernetes-node-linux-ppc64le.tar.gz 94f4fe0cc6185d8ee361b04c49abdbd768863877f54bb641eb02c787f8d6011ad6dfc074e496c1a9004f9fa3143e1d546f3904059ded0866d9d4ab9eca0ab670
kubernetes-node-linux-s390x.tar.gz e81b885ea5eb00628f67715f72bcd4b9d5d143b0bef4f9a40f592c3ee7ffefb01a35241e4801c3a3e1e353944eb91797c9346e834410478345a781e8b8ae1b40
kubernetes-node-windows-amd64.tar.gz 0b049a819495249820c64f7b728b6abf31548c977a501cd4a9a60ab60bed35c688677db443002735033dbb3a2f6ae13842b07b81c7f72eb3d13f2f900f4d421a

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
registry.k8s.io/conformance:v1.28.1 amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.28.1 amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.28.1 amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.28.1 amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.28.1 amd64, arm64, ppc64le, s390x
registry.k8s.io/kubectl:v1.28.1 amd64, arm64, ppc64le, s390x

Changelog since v1.28.0

Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Affected Versions:

  • kubelet <= v1.28.0
  • kubelet <= v1.27.4
  • kubelet <= v1.26.7
  • kubelet <= v1.25.12
  • kubelet <= v1.24.16

Fixed Versions:

  • kubelet v1.28.1
  • kubelet v1.27.5
  • kubelet v1.26.8
  • kubelet v1.25.13
  • kubelet v1.24.17

This vulnerability was discovered by James Sturtevant @jsturtevant and Mark Rossetti @marosset during the process of fixing CVE-2023-3676 (that original CVE was reported by Tomer Peled @tomerpeled92)

CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

Affected Versions:

  • kubelet <= v1.28.0
  • kubelet <= v1.27.4
  • kubelet <= v1.26.7
  • kubelet <= v1.25.12
  • kubelet <= v1.24.16

Fixed Versions:

  • kubelet v1.28.1
  • kubelet v1.27.5
  • kubelet v1.26.8
  • kubelet v1.25.13
  • kubelet v1.24.17

This vulnerability was reported by Tomer Peled @tomerpeled92

CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Changes by Kind

Other (Cleanup or Flake)

  • Fixes ability to build 1.28 without network access (#119982, @liggitt) [SIG Testing]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.


Contributors, the CHANGELOG-1.28.md has been bootstrapped with v1.28.1 release notes and you may edit now as needed.



Published by your Kubernetes Release Managers.

Reply all
Reply to author
Forward
0 new messages