Kubernetes v1.27.8 is live!

951 views
Skip to the first unread message

Marko Mudrinić

unread,
15 Nov 2023, 15:51:5615/11/2023
to kubernetes-announce, dev
Kubernetes Community,

Kubernetes v1.27.8 has been built and pushed using Golang version 1.20.11.

The release notes have been updated in CHANGELOG-1.27.md, with a pointer to them on GitHub:

v1.27.8

Downloads for v1.27.8

Source Code

filename sha512 hash
kubernetes.tar.gz f3d0a8d8b2c84d3d03ac49bc819cb4cc7e175feb9445c159e8271e045af64bb7fbf7023e1b11ca3bcbe502ec6e7d15d9ee84c165ad8d13716f58e5db1d345b21
kubernetes-src.tar.gz 119afe357398239dd00ac065a57327be75bd4f562a94ad800e472bd2068c58dadbd50970b6876e7cccaa66b4f34ccb2023c14173dbab0f44cfa41dfa6adafa37

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 54d48ff1afc5b33c0ec026f882f111098f096ffa9afb35e3b757bf9c106b82e4ecc35ad57448276d4419d069ad1d3cdaacc1d62a98c3c16de590840d9911557b
kubernetes-client-darwin-arm64.tar.gz 13d19a302ca82a80477c1a20ded6835221cff8302ec5c7203ea687f8cf683acbb347dbe7aeae5095461f5ed1f6431887825895aa8f91bb71bda0a4b0d1b55bc8
kubernetes-client-linux-386.tar.gz 9f79954501acc553cff3cffca7f5a77e51ab7171b013cb76a801b56343459df3adb202b7e21421dafd09fb87aae43a480514103da9a8000bf9f8b7e1f79c4571
kubernetes-client-linux-amd64.tar.gz d52faf06b8b5499564ddb06836f76e3a330f8f21e0fe7ffee8e6f36a95c40bbed7ef8db8aefd48f867b4d63fe02f1f562a146b71f669e960f1c6ed18820f36dd
kubernetes-client-linux-arm.tar.gz be14007563bf5d09556bb81608de1d63f1ec1ece3f8774e81bda1e05ecf6ef387a733483f96822c924611220b1edea926ade163cbfb5d610b6404cfb62e4890e
kubernetes-client-linux-arm64.tar.gz e0d3f3b9d6f003f5e51d9c995b6b73a4f1e0b8247b387923aca2a8bce2ffa79120e956d5041a9a7431c7b8f8fdc455d55b2d3270f7ca71228ef52bf06e887b6f
kubernetes-client-linux-ppc64le.tar.gz a53e0fb2395834dc40cf5647ec754d109e17e2dfc90c83b73867b770e01d7fa78c505602354a707df2212255e73a038af4452f233b50532cff6fbb089fa69176
kubernetes-client-linux-s390x.tar.gz ce097bc724f5ab8558174a8acbac92cbdb41a92a4297cddc69c875055f7c8dbbf12a8e7918adf1365524b57950f886ea6d81278f242c862870b51a802925085d
kubernetes-client-windows-386.tar.gz febefb0c8dbe92bae9280c027387942d131b2ec89853fa675645f9f881dee4a773a2fba42fd39e845fc05496539a02faf47eb2d90db93e4d9d25866fdeb1cc7c
kubernetes-client-windows-amd64.tar.gz 1ff515f3d7e68c7c87636c282ee61c02951e5f633840cddfcd01de4af34d75baa10d417f7f24bac141601aff893773e5e995d0bea2914431f38ff9daa7ea576f
kubernetes-client-windows-arm64.tar.gz 5a93472bdbb42d51c7d044890b2f97427feb44427cbfb05fcb5dc689be37723b19fbb85f1262ac69f396357c0db06bd9d8a65919c518f9daa4d2ed5d8033d598

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 663358df01ee06bd9a261aa22237d0b91dcccc9cacdf39fa65409d54e16efe91dbe3d246cc30011c123f2d4803583ea88eed8bd537e82ca894f11cb31559538f
kubernetes-server-linux-arm64.tar.gz 080acd75eff58f72dee89f49c34cf772f11214f4eb9857287f604d9b20e2d4d7e954039010cb6a510ea5f3c360ab71cad853bf4cdbdbd821c0bfe82e5bcb5df8
kubernetes-server-linux-ppc64le.tar.gz fb04b0f5d06156aed6c0d76ad4d9844d8274f295daa85920fb3befa9a7d57e2b4d9ff78b1cfdccedfe48e11ef5b4d24b703656b71bd497be1b078551b13921ed
kubernetes-server-linux-s390x.tar.gz 3929f0f31861ce6db6a2b00a6e798c8015a7da33a7f4b4e0e8caa732766201baa8d8e4e60bf12d51302d8896a19ed82266b0199ef1305d3d0861ca7cb1838476

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz b07e49275501535f21c69794e938741408a891fb5f1305f430c9d2fa679fe63263edf238afccc9e41b76dae7340244a1798583de6a0504a513b6986e376f24f7
kubernetes-node-linux-arm64.tar.gz f7b6e63945edeaa582c47f8407900a10fbe0739a16d974f413a57e0723639989af092f7a92571acc69d2c97666b79ad00175cef581bbc01966647353c676c5e9
kubernetes-node-linux-ppc64le.tar.gz 3b5ad668e8fa85fdde6d0225f2ededd7ddd1f59aa1e14cb50a06171585d373e077e050ebfe879ea7603223e26c69555f40ea15c4f89637bd00bbc124681f2ea3
kubernetes-node-linux-s390x.tar.gz 64145434328efd21189bf21c9a36bc709cb6e0166a0351a157392129ce22ac040adbaf51c265b3fb8c8ff8329c7cc7ce8d1af08a0b5500a595fe816435ebe22b
kubernetes-node-windows-amd64.tar.gz 914e840bd1375e42258121c6ea5fb1394b5cc8321e5fe4520c2ebb5b979fea881a2af262599742f751673bb1d557e6fab08281e5c9da4687614bf4dc0f3d6064

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
registry.k8s.io/conformance:v1.27.8 amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.27.8 amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.27.8 amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.27.8 amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.27.8 amd64, arm64, ppc64le, s390x

Changelog since v1.27.7

Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Affected Versions:

  • kubelet >= v1.8.0

Fixed Versions:

  • kubelet v1.28.4
  • kubelet v1.27.8
  • kubelet v1.26.11
  • kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"

CVSS Rating: High (7.2) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Changes by Kind

API Change

  • Retry NodeStageVolume calls if CSI node driver is not running (#120330, @rohitssingh) [SIG Apps, Storage and Testing]

Feature

  • Kubernetes is now built with Go 1.20.11 (#121811, @cpanato) [SIG Release and Testing]

Bug or Regression

  • Fix 121094 by re-introducing the readiness predicate for externalTrafficPolicy: Local services. (#121116, @alexanderConstantinescu) [SIG Cloud Provider and Network]
  • Fixed a regression in default configurations, which enabled PodDisruptionConditions by default, that prevented the control plane's pod garbage collector from deleting pods that contained duplicated field keys (env. variables with repeated keys or container ports). (#121380, @mimowo) [SIG Apps, Auth, Scheduling and Testing]
  • Fixed the issue where pod with ordinal number lower than the rolling partitioning number was being deleted it was coming up with updated image. (#120731, @adilGhaffarDev) [SIG Apps and Testing]
  • Fixes calculating the requeue time in the cronjob controller, which results in properly handling failed/stuck jobs (#121327, @soltysh) [SIG Apps]
  • Service Controller: update load balancer hosts after node's ProviderID is updated (#121138, @code-elinka) [SIG Cloud Provider, Network, Release and Testing]

Dependencies

Added

Changed

Removed

Nothing has changed.


Contributors, the CHANGELOG-1.27.md has been bootstrapped with v1.27.8 release notes and you may edit now as needed.



Published by your Kubernetes Release Managers.

Reply all
Reply to author
Forward
0 new messages