Kubernetes v1.25.15 is live!

515 views

Skip to first unread message

Marko Mudrinić

unread,

Oct 18, 2023, 12:25:34 PM10/18/23

to kubernetes-announce, dev

Kubernetes Community,

Kubernetes v1.25.15 has been built and pushed using Golang version 1.20.10.

The release notes have been updated in CHANGELOG-1.25.md, with a pointer to them on GitHub:

v1.25.15

Downloads for v1.25.15

Source Code

filename	sha512 hash
kubernetes.tar.gz	6871520678c03cdab86e4a2daa2eb3a75af8dc9b8054e2ce786efa6debeb98bb46681e3a096996a8832516686bcf1ec13d48b5b666ef7f1b0811712cc5a3210a
kubernetes-src.tar.gz	42fcdbc7fde65dfd97c0606cf0dba2854f4795d69127bec93cc9d6c7e7258353117358fc88742ac11a87a43184a537d354f864c7aef4b191cc0a0df158663a82

Client Binaries

filename	sha512 hash
kubernetes-client-darwin-amd64.tar.gz	1ba3de7dffed3fb374350b8aeb83687cfe4543cc37b3c3c2c78d318c042186e50c72d457d303fc950fa05803a4260f758de8a3834a8bb5d3d3f04df7ecae070c
kubernetes-client-darwin-arm64.tar.gz	f26afb76ebc5fb7fb1bac81f15f0c7e4c382c7f9f1438e63ca327c1bfcaa01addc4807cbd067f1753ce82ecf8b0335e24b49bbbf2a03ca7bc7edcb6bcf307d06
kubernetes-client-linux-386.tar.gz	6a752cc7db963a0c515111a3ee83ef229a79478f4130613def4aa4bb76fd9017f090909b92a392583a6a53cb6bef5bb52f749ba0fbf87665cf16cdef359802b9
kubernetes-client-linux-amd64.tar.gz	b5b098e3060014738f687fe063bf3842cb06c7594048acb40b33325c86441f2bf5a0373f0b7ca721f4e0c9e70a3201540747d83bbe6f8b98e180b44629a94443
kubernetes-client-linux-arm.tar.gz	bada4d45443277f4378ede281e85f13c19c40b95e1d2787ce9cfcc387014c36da7e8be2a6c552ca907472aafb27641fa04d16fa9cec98ad4250def7a6e83b1e7
kubernetes-client-linux-arm64.tar.gz	76de56fcfc29b57e29265a6217e5a958208d8967c65517f17aceab0fc2b77a99f779f96b7e5651b932782e42c95d2346d6bc5768f68bd85294347fce9e0f07ee
kubernetes-client-linux-ppc64le.tar.gz	18364a4901843228a8627d137768217830c6e5ce4cb4af5dde34df24b1cd7b1007f48dda7977323d75422c66741a1e6df46f4aaa30da75a8c1d538957722a453
kubernetes-client-linux-s390x.tar.gz	fc6c20bb932e24fc79fda41be2eed12915c510ace17bf6378378b9a994daf38461f694ac6894af0390720e3130d1fc9fc57dc29fda92ac367e294105d74c4d13
kubernetes-client-windows-386.tar.gz	1ee87cdeb421a86e50d14428309425bf45324b00c54ee336ad419a597e82efab21959f32b46c55716d6b2cb20a652b00df3c5902fea3f30d492859659dc405a7
kubernetes-client-windows-amd64.tar.gz	a68f9ce70385225be174df2ffe8ef744af5de817e1b965d042e00a51c9a1d683208c4841302f2239cf0fad9f5b3dc75a43bab4ca2dd06888cc0d990d59313022
kubernetes-client-windows-arm64.tar.gz	0c9af476790947f715a4179952a0c03bb4c7e37ab7b13d0927d87b295a185fffbb997def5a3f0dd159b32b714ed1700425c64c8ce60ce65b8691a9bd7469076c

Server Binaries

filename	sha512 hash
kubernetes-server-linux-amd64.tar.gz	7531e4516efbfd3f217a34860a737606d3f098b186736de8de864aae7037a67416905c585ae3df56b167f7c7fa38a82f05cc6268e37afa9a7335a7e4126f381e
kubernetes-server-linux-arm.tar.gz	b1c89432094435666611577177a4900eaf7e7f7fd0cad0327b642cf040a33b53218ec92977bcca8530f3cea40fb54d7fd87371811924c2f735c9f0046541e625
kubernetes-server-linux-arm64.tar.gz	0f1cb1cf7e6c1be6a08de042a0677429b83114e0bf8686b017b428978d48e7f7c9f90482744430abb0b5919d3470aadd670592324259ce9a16a362646f1680b7
kubernetes-server-linux-ppc64le.tar.gz	3acbc9635350484ad938bc8926ae294cff5fb2911c16fb59426a4a97c22bd157485aeb5d8bcf51f8543b0067f1893e4edf225d56a4854a09656af06bf9404c5c
kubernetes-server-linux-s390x.tar.gz	5a2dc4d99627d1b6836bdd340144766674865fcedcc1d994aa3f96db9dc19ec3b01eea2eb0eead6ee9fbfa9161d52a81afe1e803910a9f3aad321d4a90f7223a

Node Binaries

filename	sha512 hash
kubernetes-node-linux-amd64.tar.gz	09cf4cc4dce2eb753a52579379a851446ccd2604e73cfb8168d235d554e952bfa4ea1d2c3de96b7f286b3cff63e673de1354ea158ce69b52521efddd051268e7
kubernetes-node-linux-arm.tar.gz	1a6014e521c7691621fb10b2eb2697c671b76652b702cb8c8cabccce6d37fe5f39c8faf7284779f2f06096c543e1d880b704b0181bd1ff9969d67e1b95b383b7
kubernetes-node-linux-arm64.tar.gz	4c4176cb9a6401764d771b6b01d8f601163942fdb46e16e062ec0c1cea9e9318ebc9635d5755848ef03b67a6c4f72d4ca199bd6a7f0a531d0d421ecc8ab1951a
kubernetes-node-linux-ppc64le.tar.gz	e0c77fb0f0a4097a95b72a7dbf579b6a519fe6b0ad04083d3ecdaa327f4c0479d259eb37b09a489aa3d3777bc9f39d19fe924d9d8fef883c431874a4bc160687
kubernetes-node-linux-s390x.tar.gz	f37c39adab7bbd1935cfb912da9036d0769a561a3d5937fdc67e064a1f85dbeb19824b31309f2493a1d37a4b9d9b5caf6e19a873901a8ea05e0da19493525bf2
kubernetes-node-windows-amd64.tar.gz	ed3553437414b71cb2e4044555837266bd356a9015a95100817b30082fd3c98d904d1c065f0288238b80e58b5f29feb07a1a9d25203fbe9f83f38d0af06c3831

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name	architectures
registry.k8s.io/conformance:v1.25.15	amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.25.15	amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.25.15	amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.25.15	amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.25.15	amd64, arm, arm64, ppc64le, s390x

Changelog since v1.25.14

Changes by Kind

Feature

Kubernetes is now built with Go 1.20.10 (#121150, @cpanato) [SIG Release and Testing]
Kubernetes is now built with Go 1.20.9 (#121022, @cpanato) [SIG Release and Testing]

Bug or Regression

Adds an opt-in mitigation for http/2 DOS vulnerabilities for CVE-2023-44487 and CVE-2023-39325 for the API server when the client is unauthenticated. The mitigation may be enabled by setting the UnauthenticatedHTTP2DOSMitigation feature gate to true (it is disabled by default). An API server fronted by an L7 load balancer that already mitigates these http/2 attacks may choose not to enable the kube-apiserver mitigation to avoid disrupting load balancer → kube-apiserver connections if http/2 requests from multiple clients share the same backend connection. An API server on a private network may choose not to enable the kube-apiserver mitigation to prevent performance regressions for unauthenticated clients. Authenticated requests rely on the fix in golang.org/x/net v0.17.0 alone. https://issue.k8s.io/121197 tracks further mitigation of http/2 attacks by authenticated clients. (#121201, @enj) [SIG API Machinery]
Fix a bug in cronjob controller where already created jobs may be missing from the status. (#120649, @andrewsykim) [SIG Apps]
Fixed a 1.25.12 regression where kube-controller-manager can crash when StatefulSet with Parallel policy and PVC labels is scaled up. (#121187, @aleksandra-malinowska) [SIG Apps]
Fixes a bug where Services using finalizers may hold onto ClusterIP and/or NodePort allocated resources for longer than expected if the finalizer is removed using the status subresource (#120657, @aojea) [SIG Network and Testing]
Fixes creationTimestamp: null causing unnecessary writes to etcd (#116865, @alexzielenski) [SIG API Machinery and Testing]
Revised the logic for DaemonSet rolling update to exclude nodes if scheduling constraints are not met. This eliminates the problem of rolling updates to a DaemonSet getting stuck around tolerations. (#120792, @mochizuki875) [SIG Apps and Testing]
Sometimes, the scheduler incorrectly placed a pod in the "unschedulable" queue instead of the "backoff" queue. This happened when some plugin previously declared the pod as "unschedulable" and then in a later attempt encounters some other error. Scheduling of that pod then got delayed by up to five minutes, after which periodic flushing moved the pod back into the "active" queue. (#120334, @pohly) [SIG Scheduling]

Other (Cleanup or Flake)

Etcd: update to v3.5.9 (#118077, @nikhita) [SIG Cloud Provider, Cluster Lifecycle and Testing]
Fixes an issue where the vsphere cloud provider will not trust a certificate if:
- The issuer of the certificate is unknown (x509.UnknownAuthorityError)
- The requested name does not match the set of authorized names (x509.HostnameError)
- The error surfaced after attempting a connection contains one of the substrings: "certificate is not trusted" or "certificate signed by unknown authority" (#120765, @MadhavJivrajani) [SIG Architecture and Cloud Provider]
Set the resolution for the job_controller_job_sync_duration_seconds metric from 4ms to 1min (#120670, @mimowo) [SIG Apps and Instrumentation]

Dependencies

Added

Nothing has changed.

Changed

github.com/vmware/govmomi: v0.30.0 → v0.30.6
golang.org/x/crypto: 3147a52 → v0.14.0
golang.org/x/net: v0.8.0 → v0.17.0
golang.org/x/sys: v0.6.0 → v0.13.0
golang.org/x/term: v0.6.0 → v0.13.0
golang.org/x/text: v0.8.0 → v0.13.0

Removed

Nothing has changed.

Contributors, the CHANGELOG-1.25.md has been bootstrapped with v1.25.15 release notes and you may edit now as needed.