Kubernetes v1.26.8 is live!
Marko Mudrinić
Kubernetes v1.26.8 has been built and pushed using Golang version 1.20.7.
The release notes have been updated in CHANGELOG-1.26.md, with a pointer to them on GitHub:
v1.26.8
Downloads for v1.26.8
Source Code
| filename | sha512 hash |
|---|---|
| kubernetes.tar.gz | d05a927b6bc3a8f2f2518e26b8403b3659ddd9f6453052e8c5e1041fadba556ebe8b5a114e9bb518a3a284f545a80c52cddc7e596289c09aaa1724f79244a56e |
| kubernetes-src.tar.gz | 753830d94c25788d0f4cfed0f5ee3422a469b51347567d636eeb41ef35ef3fc9d6854ee53ee3617df43e4b89368fbc708a0c34392a66a20eefc170a48a4711f1 |
Client Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | e736767bdd069afb4b05dd6c8fb827095a9196ec84f05ef23fc70474da4f58a8b2bf3f86c832c0903a1b6ae1d250a0632c0982ecb4d0d7bbdcf8bb1df759e449 |
| kubernetes-client-darwin-arm64.tar.gz | bc9d2da1ee1c5d1b409fa3a0655960585565a621777641118e2f174d1d7b78ceeacd7520dac98c312a937142ee486078481a5849fdc7c8ae680dd2f535ce92b3 |
| kubernetes-client-linux-386.tar.gz | 073ba93363d7876a60149215e086aedcbdde587ddf0097a879839035bd6eb67e49ecc35f9aca8efae87e8cde85ea1e9d23ee812b9f6946b51823a99917c43bd0 |
| kubernetes-client-linux-amd64.tar.gz | 98d7f82c1e3b2615e13b5e6b05d9711859908dd6bdc2d1a546bbc7a89ee59e17b9396e11f543e2165dcf090227cffad0cdf984a1348ff6a0b444458f0bfaa6e3 |
| kubernetes-client-linux-arm.tar.gz | db99eef429747e01a6a6abb3eac3d3559d19ade94e14bdc0d541311a681ea3a645ef8aa95c3c8ad9e55b5f3bad080b3c652c39f245f92661db31367751ea6c68 |
| kubernetes-client-linux-arm64.tar.gz | 8f0a39a9dc5ebe13227dfcfd558de792c8de8eafcca636570c65463ced79d65907fd302f766f0f69f5724c45ee1dc33005b25f915e9218f699268b41d6ef438d |
| kubernetes-client-linux-ppc64le.tar.gz | c67800e40946d7ddd13ed6652624bb44bba7c1e58f20ba0265ebe1d05fa1fb58096dc1510d2331785e81fc51d3e8395ecebf20cd09ac4d6fba78a623b10408f2 |
| kubernetes-client-linux-s390x.tar.gz | d244e243d165291a593bfff7598383063ee64c4fdf1494f4ec7ab39109fd249b82c08e861da70105d84e5dbbdbbba0cda8d4187ee21749523891fdcbf8aa1b49 |
| kubernetes-client-windows-386.tar.gz | 548f91a91173be73cbe048410ad02c1d0f44cce1bafd2b53437a1a4b08dd34f0c015ea1795a112982ac0e72058c4c3272b73ddd350b6859691406658f4329806 |
| kubernetes-client-windows-amd64.tar.gz | b3dd181d6191eaa156895175bf71e1fd1493d46faf95e7b107536d11fdaf165058ce061f6a009f7c7926e44ed2b60a1fed2eac065091192b8d946f0abe54036e |
| kubernetes-client-windows-arm64.tar.gz | f031a47a955e3f517af324eba81b7a67b0d3c7f2fca55dc61df1fee323998b86f956ab803c05f2dd49fa0b277d73e21f1183b3efa08a5c879eab933d52eca6a4 |
Server Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-server-linux-amd64.tar.gz | d6b8d6c65ed2cd6cd3c9fcceca8b94febcfeec8ea4bdc868020473dbc3ab92b55483bdcd62d8cd71e70e1a85a427db9378075156bd4bda6566b61644f9bda9e3 |
| kubernetes-server-linux-arm.tar.gz | 73319f07a94b5a3188a49aab2d94c1064c805a91227f135b2906e8f43c2ff7a5c3e23dc7393ba253b2a1807ad5de278539f72c343423c32b97fcad0eea7ca48f |
| kubernetes-server-linux-arm64.tar.gz | 7eaa74d7db28642a5cc377721cedba1521bbe4f9f64f54827d847d94a2578d3f42f2bf2dc8fce78618e87263808c789581f5818a93261cb6ba458b6743989ee7 |
| kubernetes-server-linux-ppc64le.tar.gz | 7a410a48a78dd5ba39baba16890c4f8a7a63bf66195442649a471f9ddfe07ea6de0d8d3f8365106728f4c535c4eb4790776870eae4cd84c5e51ca0c9b5b21f4c |
| kubernetes-server-linux-s390x.tar.gz | c688e667404a627c2e150410ab461141018249c79f2cf8a105fa0c384f44541c9b9b6a5fae9e4a84f0e26a5a7ae0a815940d2883f0a15a4f16fc6f7269fb81e0 |
Node Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-node-linux-amd64.tar.gz | d43905822a0ee9ec7e249e41fbac5301513719e624a13761f226e2a745f288697b2ae1180bdfd76ecdc380d5be74de59129372c815d143d03561c4d27684abc6 |
| kubernetes-node-linux-arm.tar.gz | e2631abb69a80618f4dee64b8c0f769bee159e9938cf623d243ea581a827e94ae300604b5b0bb872c8be453b86970e7afceeae93461f6703a45a37ecab4d4fb4 |
| kubernetes-node-linux-arm64.tar.gz | 722e8ef87b7424c3e84f4eb3b45fe5cc6350651ea3247b1b37e9875d536122580ca84c49732f477dd7ca98e32bf920020a43d505dcf0406524c027008a875802 |
| kubernetes-node-linux-ppc64le.tar.gz | 98924287839ee63e3d4340df22efc1871c4ee19ed7ebb4620ce965a2e60192250221360880dc6d32503bf1db7ee30aa1c45a6a4be9cd35b659bb61f18fb99d76 |
| kubernetes-node-linux-s390x.tar.gz | d1276aa1972c16e7002438bd057cc32a9fbea76a7cb71c1a1551fca9e118d2c1c525eb13c4c1ff80e4b5f6c8ba1465eb812b6ecdd7e7b126410cb074faea0a87 |
| kubernetes-node-windows-amd64.tar.gz | 8ec8392b98492522f54fdc4599cecc7c80fff73c2bdec8041b454f42df0f739ebb8cbc777b3e78f6da4b811dbebe7682f7e3a60a8068dfac26ce26f91f050f64 |
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.7
Important Security Information
This release contains changes that address the following vulnerabilities:
CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Affected Versions:
- kubelet <= v1.28.0
- kubelet <= v1.27.4
- kubelet <= v1.26.7
- kubelet <= v1.25.12
- kubelet <= v1.24.16
Fixed Versions:
- kubelet v1.28.1
- kubelet v1.27.5
- kubelet v1.26.8
- kubelet v1.25.13
- kubelet v1.24.17
This vulnerability was discovered by James Sturtevant @jsturtevant and Mark Rossetti @marosset during the process of fixing CVE-2023-3676 (that original CVE was reported by Tomer Peled @tomerpeled92)
CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Affected Versions:
- kubelet <= v1.28.0
- kubelet <= v1.27.4
- kubelet <= v1.26.7
- kubelet <= v1.25.12
- kubelet <= v1.24.16
Fixed Versions:
- kubelet v1.28.1
- kubelet v1.27.5
- kubelet v1.26.8
- kubelet v1.25.13
- kubelet v1.24.17
This vulnerability was reported by Tomer Peled @tomerpeled92
CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Changes by Kind
API Change
- Aggregated discovery now returns
responseKind: {}for resources which are missing group/version/kind information, to ensure compatibility with v0.26.0-v0.26.3 clients. (#119835, @liggitt) [SIG API Machinery and Testing]
Feature
- Kubeadm: generate CA certificates with a start time that is offset 5 minutes in the past relative to the current system time to workaround cases of clock desync. client-go: allow to set NotBefore in NewSelfSignedCACert() (#119114, @champtar) [SIG API Machinery, Auth and Cluster Lifecycle]
- Kubernetes is now built with Go 1.20.7 (#119830, @jeremyrickard) [SIG Release and Testing]
Bug or Regression
-
Fix Topology Aware Hints not working when the
topology.kubernetes.io/zonelabel is added after Node creation -
Revert kubelet prober metrics
podtag to include actual pod name (#118549, @a7i) [SIG Node] -
Update kube-apiserver's priority & fairness work estimator such that 'max seats' is MIN(0.15 x nominalCL, nominalCL / handSize)
This fixes a bug where clients with requests using hand size x max seats greater than the nominal concurrency limit can starve other requests in the same priority level. (#118601, @andrewsykim) [SIG API Machinery]
-
Update the Event series starting count when emitting isomorphic events from 1 to 2. (#119375, @dgrisonnet) [SIG API Machinery and Testing]
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors, the
CHANGELOG-1.26.md has been bootstrapped with
v1.26.8 release notes and you may edit now as needed.
Published by your
Kubernetes Release
Managers.