Kubernetes v1.28.4 is live!
962 views
Skip to first unread message
Marko Mudrinić
Nov 15, 2023, 3:51:42 PM11/15/23
to kubernetes-announce, dev
Kubernetes Community,
Kubernetes v1.28.4 has been built and pushed using Golang version 1.20.11.
The release notes have been updated in CHANGELOG-1.28.md, with a pointer to them on GitHub:
v1.28.4
Downloads for v1.28.4
Source Code
| filename | sha512 hash |
|---|---|
| kubernetes.tar.gz | 9b1aa58395d4fe0efd75382dc4fac3c3203570f80f71e5a4e354983b597d4af442475bbcc65a7fccb2c2faa874954b69d09122c84e5ee78caa2ddc4cd8b82b26 |
| kubernetes-src.tar.gz | 70b929f5ab11b0bb14d0e7870a2f4e3b4b1c5d52016cec4560198a339fe3363c6e9de0ebc50b643ba12d569bd527737141c36d8abccb559596e772624a8219cb |
Client Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | ed701ec7c67260bfb5cb910ef890732d171e72f3abff552d321a014ae59f1f45fa1339949c0711a9e82626eed5d55916489c8e339381e120c4a9b63970b8b3c0 |
| kubernetes-client-darwin-arm64.tar.gz | 43b6c1daa9b5597281536a4875f6f63258111f1a6fa1a38c41f95d07309991dba4f2eccf2321db5ea126d0f51ace2ed390ed10919ce7280f134078aebfc54d1a |
| kubernetes-client-linux-386.tar.gz | fe0299567d47edf8625ea84b12233e07559cacae0fc3797afb249c86171b803125d2c34c15bdbc4a25a05646c8480bf9943b8dd9a2583cbedf70bccef309113f |
| kubernetes-client-linux-amd64.tar.gz | 8da3b845e44ecbf94f2766d18dcccd2cd55f5645038c5ca50ae2163989cec5a330fc6c4b55780e4986f2b619edacd21c0236a5637b9623cb452b97b590a2f483 |
| kubernetes-client-linux-arm.tar.gz | 0e51666c37cc3e151ec67457a9d51820d6b7a2fe52d6bcb6c187b8a7461d64e6279c762ce34a272baa05c0feae47859df390e2aceb6f8396ba471a103456b9b5 |
| kubernetes-client-linux-arm64.tar.gz | 57293627a6f4b2bd45db5101f81a8b8d6e4986f5a11d24f4f782c87b5867b8b8015654b8355dd51292cb663b1719d34282259a514d566993fd9c16db95768a7b |
| kubernetes-client-linux-ppc64le.tar.gz | 789fc636d69e58c41fd2fd83f07ed66bc96ea2e929114d5b7fcf2522a3a5c61b49c56986ac866d093224f5ef6878e9dfb6ffbe8674df5228b869864ae140680b |
| kubernetes-client-linux-s390x.tar.gz | 99f3cd73dbfdb0bcade8552c5adc050b67a416edf68f35bde0e62fd93fcc88d160fa416d23ee72f0ec2d7a375f990d218c4fe8b69ebc0923bf68c4cbd992ab10 |
| kubernetes-client-windows-386.tar.gz | 9a60ead2cc4333138936a561a6d07671f8b17b865733d98f8d64cd91f0551897adfe1a1ca660dc2bf474375128ecdc4654983eb63285be50656b59a54ba7bf77 |
| kubernetes-client-windows-amd64.tar.gz | ba174234eba338f563a4ba6fb66d12db62df272d5fdf2c68fd12d7660c88036f5c35881705f07e4b0bad58dad2d49465643c40547d14a718f5a2098468e233d0 |
| kubernetes-client-windows-arm64.tar.gz | 7e830b5aadef11109ff3bfb24d57455ab9292f51e37f8c60d84c09ccd9adf4db2cd338c7402d8c03242db5d96877275dddf56f45531392ac7f7071d85bb1ec7c |
Server Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-server-linux-amd64.tar.gz | c7d7016860ff44c15322040a5764d4acbde32ffebeb84802b9be820b4be22d9e0a1f8c2ee4547dccebaf133acc22f624d46be0de567ac5f98eb97303bbd5d7a9 |
| kubernetes-server-linux-arm64.tar.gz | 4f1d2299f0d0ca52ff4a793d41b8bcb4c50fc9fe6584559a92f88e91966fc6d47b78cff407076e9169d6a592cddbadebeb2348c7c96192eb5fba0f71818a3752 |
| kubernetes-server-linux-ppc64le.tar.gz | 1f86ee121c0f91f7cd0e0006fea01248b2a3afd49c748da99a85774a5c8dc0b98a2a4b3668186cb59fd77321287b8a745e6feb2d29dfc0a178795361b5b8a4ff |
| kubernetes-server-linux-s390x.tar.gz | 98be6cfd43643ac86771ce36856925e7827cb57bec9482a33c23b6ee04c6a208e9f359027f762a825c8b62163dbf1786ec64ff51dd47b495d6f09cce6423d0e1 |
Node Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 845afdaa584d917cd29d46963bc337560eecb59c97b9ce0f664e3bd9ebe9c803fb239fcd6af69b852c2f553480d09b2b0a34db109d9fb8ea315a0df0fbbce0d0 |
| kubernetes-node-linux-arm64.tar.gz | cf17d5cce0519fff510a4599e014f1972e3e34d7f2f453c75d556296cdffc550271c76c1742ced1b5890ffd934c49c6aee67b769c0f758c914a7e40a402ccd3a |
| kubernetes-node-linux-ppc64le.tar.gz | 8338669995d7179807a3cd82f6788830907440d19d91f0d5d8572f8a84a2fda101f878548fa2332736ee7e09c8d70af7402a195b54019a15ff95850751420edc |
| kubernetes-node-linux-s390x.tar.gz | 65e0742ca66a62ab971fc11d5e5c19ea776fedea9f3648b5dac7689005f951ec63dc0455ef2d004aeada094ba1922d0c827e6af678f2ddb68134f1a936daf258 |
| kubernetes-node-windows-amd64.tar.gz | a147c116fc4d6c49e624a2ea0a59bdebbe61e9fa7f28743cd543459f61b6f22f7c77d0f4926a46e3d116fc30c39b2df89395d4da44f5c6a443bda35392139f51 |
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.28.3
Important Security Information
This release contains changes that address the following vulnerabilities:
CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
Affected Versions:
- kubelet >= v1.8.0
Fixed Versions:
- kubelet v1.28.4
- kubelet v1.27.8
- kubelet v1.26.11
- kubelet v1.25.16
This vulnerability was reported by Tomer Peled @tomerpeled92"
CVSS Rating: High (7.2) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Changes by Kind
API Change
- Retry NodeStageVolume calls if CSI node driver is not running (#120330, @rohitssingh) [SIG Apps, Storage and Testing]
Feature
Bug or Regression
- Fix 121094 by re-introducing the readiness predicate for externalTrafficPolicy: Local services. (#121116, @alexanderConstantinescu) [SIG Cloud Provider and Network]
- Fixed a regression in default configurations, which enabled PodDisruptionConditions by default, that prevented the control plane's pod garbage collector from deleting pods that contained duplicated field keys (env. variables with repeated keys or container ports). (#121379, @mimowo) [SIG Apps, Auth, Node, Scheduling and Testing]
- Fixed the issue where pod with ordinal number lower than the rolling partitioning number was being deleted it was coming up with updated image. (#120731, @adilGhaffarDev) [SIG Apps and Testing]
- Fixes calculating the requeue time in the cronjob controller, which results in properly handling failed/stuck jobs (#121327, @soltysh) [SIG Apps]
- Service Controller: update load balancer hosts after node's ProviderID is updated (#120492, @cezarygerard) [SIG Cloud Provider and Network]
Dependencies
Added
Nothing has changed.
Changed
- cloud.google.com/go/compute: v1.19.0 → v1.19.1
- github.com/cncf/xds/go: 06c439d → e9ce688
- github.com/envoyproxy/go-control-plane: v0.10.3 → 9239064
- github.com/envoyproxy/protoc-gen-validate: v0.9.1 → v0.10.1
- github.com/golang/glog: v1.0.0 → v1.1.0
- google.golang.org/grpc: v1.54.0 → v1.56.3
- google.golang.org/protobuf: v1.30.0 → v1.31.0
Removed
Nothing has changed.
Contributors, the
CHANGELOG-1.28.md has been bootstrapped with
v1.28.4 release notes and you may edit now as needed.
Published by your
Kubernetes Release
Managers.
Reply all
Reply to author
Forward
0 new messages