Releases: flatcar/scripts
Releases · flatcar/scripts
alpha-4344.0.0
alpha-4344.0.0
This tag was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
87f0c43
This commit was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
Changes since Alpha 4284.0.0
Breaking changes
- Azure:
hv_fcopy_daemonbinary and its servicehv_fcopy_daemon.servicehave been renamed to respectivelyhv_fcopy_uio_daemonandhv_fcopy_uio_daemon.servicefollowing 6.12 Kernel update
Security fixes:
- afterburn (CVE-2025-3416)
- azure, dev, gce, sysext-python: python (CVE-2025-0938)
- c-ares (CVE-2025-31498)
- cifs-utils (CVE-2025-2312)
- containerd (CVE-2024-40635)
- curl (curl-20250205)
- dev: iperf (CVE-2024-53580)
- expat (CVE-2024-8176)
- go (CVE-2025-22871)
- libarchive (CVE-2025-25724)
- libxml2 (CVE-2024-56171, CVE-2025-24928, CVE-2025-27113)
- SDK: perl (CVE-2024-56406)
- socat (socat-20250221)
- sysext-podman: crun (CVE-2025-24965)
- vmware: libxslt (CVE-2025-24855, CVE-2024-55549)
- vmware: open-vm-tools (CVE-2025-22247)
- xz-utils (CVE-2025-31115)
Bug fixes:
- Added back some BCC tools (scripts#2900)
- Fixed path handling in the QEMU .sh launcher scripts. Given paths now are relative to the current directory and absolute paths work as you would expect. (scripts#2808)
- Fixed the inclusion of Intel and AMD CPU microcode in the initrd. This was accidentally dropped some time ago. (scripts#2837)
- update-ssh-keys: More intuitive --help text and the -n (no-replace) option has been fixed. (flatcar/Flatcar#1554)
Changes:
- Added
nftables-load.serviceandnftables-store.serviceservices to load/store rules from/in/var/lib/nftables/rules-save(Flatcar#900) - Allow per-sysext USE flags and architecture-specific sysexts. (scripts#2798)
- Always truncate hostnames on the first occurrence of
.(cloud-init#32) - Compile OS-dependent NVIDIA kernel module sysexts signed for secure boot. (scripts#2798)
- Enabled virtiofs and fuse-dax modules in the kernel for advaned Qemu usecases. Thank you @aaronk6! (Flatcar#2825)
- Ensure hostnames never exceeds 63 characters, regardless of the metadata provider (cloud-init#31)
- Provided an Incus Flatcar extension as optional systemd-sysext image with the release. Write 'incus' to
/etc/flatcar/enabled-sysext.confthrough Ignition and the sysext will be installed during provisioning. (scripts#1655) - Sign out-of-tree kernel modules using the ephemeral signing key so that ZFS and NVIDIA sysexts can work with secure boot. (scripts#2636)
- The kernel image and its embedded initrd are now compressed with xz rather than zstd. This gives greater compression at the cost of decompression performance. Systems may therefore now be ever so slightly slower to boot, but this was necessary to avoid running out of space in the /boot partition. Further measures to address the space issue are planned, and perhaps we can switch back to zstd in a later release. (scripts#2835)
- The qemu script (
flatcar_production_qemu*.sh) received two new options.-D(or-image-disk-opts) can be used to add extra options to thevirtio-blk-pcidevice for primary disk.-d(or-disk) can be used to add extra disks to the machine - this one takes a path to a raw or qcow2 image file and, after a comma,virtio-blk-pcioptions. To learn what disk options can be passed to-Dor-d, callqemu-system-x86_64 -device virtio-blk-pci,help(qemu-system-aarch64can be used too). (scripts#2847) - systemd now uses OpenSSL instead of gcrypt for cryptography to reduce the size of the initrd. This change disables systemd-journal's Forward Secure Sealing feature, but it is generally not useful for Flatcar. (scripts#2837)
Updates:
- AWS: Amazon SSM Agent (3.3.2299.0)
- Ignition (2.21.0)
- Linux (6.12.30 (includes 6.12.29, 6.12.28, 6.12.27, 6.12.26, 6.12.25, 6.12.24, 6.12.23, 6.12.22, 6.12.21, 6.12.20, 6.12.19, 6.12.18, 6.12.17, 6.12.16, 6.12.15, 6.12.14, 6.12.13, 6.12.12, 6.12.11, 6.12.10, 6.12.9, 6.12.8, 6.12.7, 6.12.6, 6.12.5, 6.12.4, 6.12.3, 6.12.2, 6.12.1, 6.12, 6.6.89, 6.6.88, 6.6.87, 6.6.86, 6.6.85, 6.6.84))
- Linux Firmware (20250509 (includes 20250410))
- SDK: go (1.24.2 (includes 1.24.1))
- SDK: perl (5.40.2 (includes 5.40.1))
- SDK: pkgcheck (0.10.34))
- SDK: rust (1.85.1 (includes 1.85.0))
- afterburn (5.8.2)
- azure, dev, gce, sysext-python: gdbm (1.25)
- azure, dev, gce, sysext-python: python (3.11.12)
- base, dev: azure-vm-utils (0.6.0 (includes 0.5.2, 0.5.1, 0.5.0))
- base, dev: bind (9.18.31 (includes 9.18.30))
- base, dev: btrfs-progs (6.13)
- base, dev: cifs-utils (7.3 (includes 7.2, 7.1))
- base, dev: curl (8.13.0)
- base, dev: dbus (1.16.2 (includes [1.16.0](https://gi...
Contributors
aaronk6
Assets 2
stable-4152.2.3
stable-4152.2.3
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
a584898
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Stable 4152.2.2
Security fixes:
- Linux (CVE-2025-21993, CVE-2025-21992, CVE-2025-21991, CVE-2025-21967, CVE-2025-21975, CVE-2025-21971, CVE-2025-21970, CVE-2025-21969, CVE-2025-21986, CVE-2025-21981, CVE-2025-21980, CVE-2025-21979, CVE-2025-21978, CVE-2025-21968, CVE-2025-21962, CVE-2025-21960, CVE-2025-21959, CVE-2025-21957, CVE-2025-21956, CVE-2025-21955, CVE-2025-21966, CVE-2025-21964, CVE-2025-21963, CVE-2025-22015, CVE-2025-22014, CVE-2025-22013, CVE-2025-22010, CVE-2025-22008, CVE-2025-22009, CVE-2025-22004, CVE-2025-22003, CVE-2025-22001, CVE-2025-21999, CVE-2025-21997, CVE-2025-22007, CVE-2025-22005, CVE-2025-21995, CVE-2025-21996, CVE-2025-21994, CVE-2025-22021, CVE-2025-22020, CVE-2025-22018, CVE-2025-38575, CVE-2025-38240, CVE-2025-38152, CVE-2025-37893, CVE-2025-39735, CVE-2025-39728, CVE-2025-38637, CVE-2025-37785, CVE-2025-23138, CVE-2025-23136, CVE-2025-22066, CVE-2025-22075, CVE-2025-22074, CVE-2025-22073, CVE-2025-22072, CVE-2025-22071, CVE-2025-22097, CVE-2025-22095, CVE-2025-22093, CVE-2025-22090, CVE-2025-22089, CVE-2025-22088, CVE-2025-22086, CVE-2025-22083, CVE-2025-22081, CVE-2025-22080, CVE-2025-22079, CVE-2025-22077, CVE-2025-22033, CVE-2025-22042, CVE-2025-22041, CVE-2025-22040, CVE-2025-22038, CVE-2025-22064, CVE-2025-22063, CVE-2025-22060, CVE-2025-22058, CVE-2025-22057, CVE-2025-22056, CVE-2025-22055, CVE-2025-22054, CVE-2025-22053, CVE-2025-22035, CVE-2025-22050, CVE-2025-22049, CVE-2025-22048, CVE-2025-22047, CVE-2025-22045, CVE-2025-22044, CVE-2025-22043, CVE-2025-22027, CVE-2025-22025, CVE-2025-22029, CVE-2023-53034)
Updates:
lts-4081.3.3
lts-4081.3.3
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
e935573
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since LTS 4081.3.2
Security fixes:
- Linux (CVE-2025-21993, CVE-2025-21992, CVE-2025-21991, CVE-2025-21967, CVE-2025-21975, CVE-2025-21971, CVE-2025-21970, CVE-2025-21969, CVE-2025-21986, CVE-2025-21981, CVE-2025-21980, CVE-2025-21979, CVE-2025-21978, CVE-2025-21968, CVE-2025-21962, CVE-2025-21960, CVE-2025-21959, CVE-2025-21957, CVE-2025-21956, CVE-2025-21955, CVE-2025-21966, CVE-2025-21964, CVE-2025-21963, CVE-2025-22015, CVE-2025-22014, CVE-2025-22013, CVE-2025-22010, CVE-2025-22008, CVE-2025-22009, CVE-2025-22004, CVE-2025-22003, CVE-2025-22001, CVE-2025-21999, CVE-2025-21997, CVE-2025-22007, CVE-2025-22005, CVE-2025-21995, CVE-2025-21996, CVE-2025-21994, CVE-2025-22021, CVE-2025-22020, CVE-2025-22018, CVE-2025-38575, CVE-2025-38240, CVE-2025-38152, CVE-2025-37893, CVE-2025-39735, CVE-2025-39728, CVE-2025-38637, CVE-2025-37785, CVE-2025-23138, CVE-2025-23136, CVE-2025-22066, CVE-2025-22075, CVE-2025-22074, CVE-2025-22073, CVE-2025-22072, CVE-2025-22071, CVE-2025-22097, CVE-2025-22095, CVE-2025-22093, CVE-2025-22090, CVE-2025-22089, CVE-2025-22088, CVE-2025-22086, CVE-2025-22083, CVE-2025-22081, CVE-2025-22080, CVE-2025-22079, CVE-2025-22077, CVE-2025-22033, CVE-2025-22042, CVE-2025-22041, CVE-2025-22040, CVE-2025-22038, CVE-2025-22064, CVE-2025-22063, CVE-2025-22060, CVE-2025-22058, CVE-2025-22057, CVE-2025-22056, CVE-2025-22055, CVE-2025-22054, CVE-2025-22053, CVE-2025-22035, CVE-2025-22050, CVE-2025-22049, CVE-2025-22048, CVE-2025-22047, CVE-2025-22045, CVE-2025-22044, CVE-2025-22043, CVE-2025-22027, CVE-2025-22025, CVE-2025-22029, CVE-2023-53034)
Updates:
beta-4230.1.1
beta-4230.1.1
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
c5bfa52
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Beta 4230.1.0
Security fixes:
- Linux (CVE-2025-21993, CVE-2025-21992, CVE-2025-21991, CVE-2025-21967, CVE-2025-21975, CVE-2025-21971, CVE-2025-21970, CVE-2025-21969, CVE-2025-21986, CVE-2025-21981, CVE-2025-21980, CVE-2025-21979, CVE-2025-21978, CVE-2025-21968, CVE-2025-21962, CVE-2025-21960, CVE-2025-21959, CVE-2025-21957, CVE-2025-21956, CVE-2025-21955, CVE-2025-21966, CVE-2025-21964, CVE-2025-21963, CVE-2025-22015, CVE-2025-22014, CVE-2025-22013, CVE-2025-22010, CVE-2025-22008, CVE-2025-22009, CVE-2025-22004, CVE-2025-22003, CVE-2025-22001, CVE-2025-21999, CVE-2025-21997, CVE-2025-22007, CVE-2025-22005, CVE-2025-21995, CVE-2025-21996, CVE-2025-21994, CVE-2025-22021, CVE-2025-22020, CVE-2025-22018, CVE-2025-38575, CVE-2025-38240, CVE-2025-38152, CVE-2025-37893, CVE-2025-39735, CVE-2025-39728, CVE-2025-38637, CVE-2025-37785, CVE-2025-23138, CVE-2025-23136, CVE-2025-22066, CVE-2025-22075, CVE-2025-22074, CVE-2025-22073, CVE-2025-22072, CVE-2025-22071, CVE-2025-22097, CVE-2025-22095, CVE-2025-22093, CVE-2025-22090, CVE-2025-22089, CVE-2025-22088, CVE-2025-22086, CVE-2025-22083, CVE-2025-22081, CVE-2025-22080, CVE-2025-22079, CVE-2025-22077, CVE-2025-22033, CVE-2025-22042, CVE-2025-22041, CVE-2025-22040, CVE-2025-22038, CVE-2025-22064, CVE-2025-22063, CVE-2025-22060, CVE-2025-22058, CVE-2025-22057, CVE-2025-22056, CVE-2025-22055, CVE-2025-22054, CVE-2025-22053, CVE-2025-22035, CVE-2025-22050, CVE-2025-22049, CVE-2025-22048, CVE-2025-22047, CVE-2025-22045, CVE-2025-22044, CVE-2025-22043, CVE-2025-22027, CVE-2025-22025, CVE-2025-22029, CVE-2023-53034)
Bug fixes:
- Fixed PXE boot failures that arose since upgrading to systemd v256. Users were dumped to an emergency shell. (flatcar/bootengine#103)
Updates:
alpha-4284.0.0
alpha-4284.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
b1a485c
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Alpha 4230.0.1
Security fixes:
- Linux (CVE-2025-21835, CVE-2025-21836, CVE-2024-58086, CVE-2025-21823, CVE-2025-21821, CVE-2025-21787, CVE-2025-21785, CVE-2025-21784, CVE-2025-21782, CVE-2025-21783, CVE-2025-21781, CVE-2025-21780, CVE-2025-21796, CVE-2025-21795, CVE-2025-21794, CVE-2025-21793, CVE-2025-21792, CVE-2025-21791, CVE-2025-21790, CVE-2025-21789, CVE-2025-21779, CVE-2024-58020, CVE-2024-57834, CVE-2024-54458, CVE-2024-54456, CVE-2025-21776, CVE-2025-21775, CVE-2025-21772, CVE-2025-21773, CVE-2025-21767, CVE-2025-21766, CVE-2025-21765, CVE-2025-21764, CVE-2025-21763, CVE-2025-21761, CVE-2025-21762, CVE-2025-21760, CVE-2025-21759, CVE-2025-21758, CVE-2025-21756, CVE-2025-21704, CVE-2023-52655, CVE-2023-52434, CVE-2025-21848, CVE-2025-21847, CVE-2025-21846, CVE-2025-21866, CVE-2025-21865, CVE-2025-21864, CVE-2025-21863, CVE-2025-21862, CVE-2025-21844, CVE-2025-21859, CVE-2025-21858, CVE-2025-21857, CVE-2025-21856, CVE-2025-21855, CVE-2025-21854, CVE-2025-21853, CVE-2024-58088, CVE-2025-21838)
- afterburn (CVE-2025-0977)
- binutils (CVE-2024-53589, CVE-2025-1176, CVE-2025-1178, CVE-2025-1179, CVE-2025-1180, CVE-2025-1181, CVE-2025-1182)
- curl (CVE-2025-0167, CVE-2025-0665, CVE-2025-0725)
- git (CVE-2024-50349, CVE-2024-52005, CVE-2024-52006)
- glib (CVE-2024-52533)
- glibc (CVE-2025-0395)
- gnutls (CVE-2024-12243)
- intel-microcode (CVE-2023-34440, CVE-2023-43758, CVE-2024-24582, CVE-2024-28047, CVE-2024-28127, CVE-2024-29214, CVE-2024-31157, CVE-2024-39279, CVE-2024-31068, CVE-2024-36293, CVE-2024-37020, CVE-2024-39355)
- libarchive (CVE-2024-57970)
- libcap (CVE-2025-1390)
- libtasn1 (CVE-2024-12133)
- mit-krb5 (CVE-2025-24528)
- openssh (CVE-2025-26465, CVE-2025-26466)
- openssl (CVE-2024-12797, CVE-2024-13176)
- podman (CVE-2024-11218)
- rsync (CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747)
- socat (CVE-2024-54661)
- vim (CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43790, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814)
Bug fixes:
- Fix non-conforming GPT partition table (flatcar/Flatcar#1651)
- Fix update-ca-certificates behavior when concatenating certificates with missing trailing newlines. (flatcar/scripts#2667)
- Fixed PXE boot failures that arose since upgrading to systemd v256. Users were dumped to an emergency shell. (flatcar/bootengine#103)
- The kernel module build directory now contains native binaries in arm64 images instead of the previous amd64 binaries (scripts#2694)
- Nvidia driver installer service now supports the 570 driver branch by forcing the use of the proprietary kernel module. The 570 branch defaults to the kernel-open driver which requires loading firmware, which is not yet supported on Flatcar. (scripts#2694)
- azure: Fixed issue of wa-linux-agent overriding ssh public key from ignition configuration during provisioning (flatcar/Flatcar#1661)
Changes:
- Add changes for our secureboot signed images with our signed release process until the official shim signing (scripts#2754)
- Added support for ARM64 architecture in the NVIDIA driver installer service (scripts#2694)
- Added new image signing pub key to
flatcar-install, needed for download verification of releases built from March 2025 onwards, if you have copies offlatcar-installor the image signing pub key, you need to update them as well (init#129) - Build Intel iGPU i915 driver as module (scripts#2349)
- Enabled EROFS module with XATTR support (Flatcar#1659)
Updates:
- AMD64: nvidia-drivers ([535.230.02](https://docs.nvidia.com/datacenter/tesla/tesla-releas...
stable-4152.2.2
stable-4152.2.2
This tag was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
56cf1b1
This commit was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
Changes since Stable 4152.2.1
Security fixes:
- Linux (CVE-2025-21835, CVE-2025-21836, CVE-2024-58086, CVE-2025-21823, CVE-2025-21821, CVE-2025-21787, CVE-2025-21785, CVE-2025-21784, CVE-2025-21782, CVE-2025-21783, CVE-2025-21781, CVE-2025-21780, CVE-2025-21796, CVE-2025-21795, CVE-2025-21794, CVE-2025-21793, CVE-2025-21792, CVE-2025-21791, CVE-2025-21790, CVE-2025-21789, CVE-2025-21779, CVE-2024-58020, CVE-2024-57834, CVE-2024-54458, CVE-2024-54456, CVE-2025-21776, CVE-2025-21775, CVE-2025-21772, CVE-2025-21773, CVE-2025-21767, CVE-2025-21766, CVE-2025-21765, CVE-2025-21764, CVE-2025-21763, CVE-2025-21761, CVE-2025-21762, CVE-2025-21760, CVE-2025-21759, CVE-2025-21758, CVE-2025-21756, CVE-2025-21704, CVE-2023-52655, CVE-2023-52434, CVE-2025-21848, CVE-2025-21847, CVE-2025-21846, CVE-2025-21866, CVE-2025-21865, CVE-2025-21864, CVE-2025-21863, CVE-2025-21862, CVE-2025-21844, CVE-2025-21859, CVE-2025-21858, CVE-2025-21857, CVE-2025-21856, CVE-2025-21855, CVE-2025-21854, CVE-2025-21853, CVE-2024-58088, CVE-2025-21838)
Bug fixes:
- azure: Fix issue of wa-linux-agent overriding ssh public key from ignition configuration during provisioning (flatcar/Flatcar#1661)
- Fix update-ca-certificates behavior when concatenating certificates with missing trailing newlines. (flatcar/scripts#2667)
Changes:
- Added new image signing pub key to
flatcar-install, needed for download verification of releases built from March 2025 onwards, if you have copies offlatcar-installor the image signing pub key, you need to update them as well (init#129)
Updates:
lts-4081.3.2
lts-4081.3.2
This tag was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
c5c39e1
This commit was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
Changes since LTS 4081.3.1
Security fixes:
- Linux (CVE-2025-21835, CVE-2025-21836, CVE-2024-58086, CVE-2025-21823, CVE-2025-21821, CVE-2025-21787, CVE-2025-21785, CVE-2025-21784, CVE-2025-21782, CVE-2025-21783, CVE-2025-21781, CVE-2025-21780, CVE-2025-21796, CVE-2025-21795, CVE-2025-21794, CVE-2025-21793, CVE-2025-21792, CVE-2025-21791, CVE-2025-21790, CVE-2025-21789, CVE-2025-21779, CVE-2024-58020, CVE-2024-57834, CVE-2024-54458, CVE-2024-54456, CVE-2025-21776, CVE-2025-21775, CVE-2025-21772, CVE-2025-21773, CVE-2025-21767, CVE-2025-21766, CVE-2025-21765, CVE-2025-21764, CVE-2025-21763, CVE-2025-21761, CVE-2025-21762, CVE-2025-21760, CVE-2025-21759, CVE-2025-21758, CVE-2025-21756, CVE-2025-21704, CVE-2023-52655, CVE-2023-52434, CVE-2025-21848, CVE-2025-21847, CVE-2025-21846, CVE-2025-21866, CVE-2025-21865, CVE-2025-21864, CVE-2025-21863, CVE-2025-21862, CVE-2025-21844, CVE-2025-21859, CVE-2025-21858, CVE-2025-21857, CVE-2025-21856, CVE-2025-21855, CVE-2025-21854, CVE-2025-21853, CVE-2024-58088, CVE-2025-21838)
Bug fixes:
- Fix update-ca-certificates behavior when concatenating certificates with missing trailing newlines. (flatcar/scripts#2667)
Changes:
- Added new image signing pub key to
flatcar-install, needed for download verification of releases built from March 2025 onwards, if you have copies offlatcar-installor the image signing pub key, you need to update them as well (init#129)
Updates:
lts-3510.3.7
lts-3510.3.7
This tag was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
5d865f8
This commit was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
Changes since LTS 3510.3.6
Security fixes:
- Linux (CVE-2024-57874, CVE-2025-23128, CVE-2024-57850, CVE-2024-57849, CVE-2024-57838, CVE-2024-47143, CVE-2024-45828, CVE-2024-43098, CVE-2024-53680, CVE-2024-52332, CVE-2024-50051, CVE-2024-48881, CVE-2024-56787, CVE-2024-56785, CVE-2024-56781, CVE-2024-56780, CVE-2024-56779, CVE-2024-56778, CVE-2024-56777, CVE-2024-56776, CVE-2024-56774, CVE-2024-56754, CVE-2024-56756, CVE-2024-56728, CVE-2024-56726, CVE-2024-56724, CVE-2024-56723, CVE-2024-56748, CVE-2024-56747, CVE-2024-56746, CVE-2024-56745, CVE-2024-56741, CVE-2024-56739, CVE-2024-56720, CVE-2024-56694, CVE-2024-56701, CVE-2024-56700, CVE-2024-56698, CVE-2024-56708, CVE-2024-56705, CVE-2024-56704, CVE-2024-56681, CVE-2024-56679, CVE-2024-56678, CVE-2024-56693, CVE-2024-56691, CVE-2024-56690, CVE-2024-56688, CVE-2024-56640, CVE-2024-56637, CVE-2024-56636, CVE-2024-56634, CVE-2024-56633, CVE-2024-56650, CVE-2024-56648, CVE-2024-56645, CVE-2024-56644, CVE-2024-56643, CVE-2024-56642, CVE-2024-56615, CVE-2024-56623, CVE-2024-56622, CVE-2024-56619, CVE-2024-56630, CVE-2024-56629, CVE-2024-56625, CVE-2024-56590, CVE-2024-56589, CVE-2024-56587, CVE-2024-56614, CVE-2024-56586, CVE-2024-56610, CVE-2024-56606, CVE-2024-56605, CVE-2024-56603, CVE-2024-56602, CVE-2024-56601, CVE-2024-56600, CVE-2024-56598, CVE-2024-56597, CVE-2024-56596, CVE-2024-56595, CVE-2024-56594, CVE-2024-56593, CVE-2024-56562, CVE-2024-56581, CVE-2024-56578, CVE-2024-56576, CVE-2024-56558, CVE-2024-56575, CVE-2024-56574, CVE-2024-56572, CVE-2024-56571, CVE-2024-56570, CVE-2024-56569, CVE-2024-56568, CVE-2024-56567, CVE-2024-56539, CVE-2024-56533, CVE-2024-56548, CVE-2024-56531, CVE-2024-56532, CVE-2024-53217, CVE-2024-53215, CVE-2024-53239, CVE-2024-53237, CVE-2024-53214, CVE-2024-53227, CVE-2024-53226, CVE-2024-53180, CVE-2024-53184, CVE-2024-53183, CVE-2024-53206, CVE-2024-53198, CVE-2024-53197, CVE-2024-53194, CVE-2024-53181, CVE-2024-53173, CVE-2024-53172, CVE-2024-53171, CVE-2024-53174, CVE-2022-49034, CVE-2024-53165, CVE-2024-53151, CVE-2024-53150, CVE-2024-53148, CVE-2024-53161, CVE-2024-53158, CVE-2024-53157, CVE-2024-53156, CVE-2024-53155, CVE-2024-53145, CVE-2024-53146, CVE-2024-56770, CVE-2024-56661, CVE-2024-56659, CVE-2024-56670, CVE-2024-56662, CVE-2024-53241, CVE-2024-53240, CVE-2024-58087, CVE-2024-57946, CVE-2024-57938, CVE-2024-57931, CVE-2024-57841, CVE-2024-57802, CVE-2024-54031, CVE-2024-36476, [CVE-20...
beta-4230.1.0
beta-4230.1.0
This tag was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
239a531
This commit was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
Changes since Beta 4186.1.1
Security fixes:
- Linux (CVE-2025-21835, CVE-2025-21836, CVE-2024-58086, CVE-2025-21823, CVE-2025-21821, CVE-2025-21787, CVE-2025-21785, CVE-2025-21784, CVE-2025-21782, CVE-2025-21783, CVE-2025-21781, CVE-2025-21780, CVE-2025-21796, CVE-2025-21795, CVE-2025-21794, CVE-2025-21793, CVE-2025-21792, CVE-2025-21791, CVE-2025-21790, CVE-2025-21789, CVE-2025-21779, CVE-2024-58020, CVE-2024-57834, CVE-2024-54458, CVE-2024-54456, CVE-2025-21776, CVE-2025-21775, CVE-2025-21772, CVE-2025-21773, CVE-2025-21767, CVE-2025-21766, CVE-2025-21765, CVE-2025-21764, CVE-2025-21763, CVE-2025-21761, CVE-2025-21762, CVE-2025-21760, CVE-2025-21759, CVE-2025-21758, CVE-2025-21756, CVE-2025-21704, CVE-2023-52655, CVE-2023-52434, CVE-2025-21848, CVE-2025-21847, CVE-2025-21846, CVE-2025-21866, CVE-2025-21865, CVE-2025-21864, CVE-2025-21863, CVE-2025-21862, CVE-2025-21844, CVE-2025-21859, CVE-2025-21858, CVE-2025-21857, CVE-2025-21856, CVE-2025-21855, CVE-2025-21854, CVE-2025-21853, CVE-2024-58088, CVE-2025-21838)
- curl (CVE-2024-11053, CVE-2024-9681)
- sysext-podman: containers-storage, podman (CVE-2024-9676)
- amd64: nvidia-drivers (CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869)
Bug fixes:
- azure: Fix issue of wa-linux-agent overriding ssh public key from ignition configuration during provisioning (flatcar/Flatcar#1661)
- Fix update-ca-certificates behavior when concatenating certificates with missing trailing newlines. (flatcar/scripts#2667)
- Fixed creating netdev arguments to correctly include commas when no port forwards are passed (flatcar/scripts#2581)
- The kernel module build directory now contains native binaries in arm64 images instead of the previous amd64 binaries (scripts#2694)
- Nvidia driver installer service now supports the 570 driver branch by forcing the use of the proprietary kernel module. The 570 branch defaults to the kernel-open driver which requires loading firmware, which is not yet supported on Flatcar. (scripts#2694)
Changes:
- Added support for ARM64 architecture in the NVIDIA driver installer service (scripts#2694)
- Added new image signing pub key to
flatcar-install, needed for download verification of releases built from March 2025 onwards, if you have copies offlatcar-installor the image signing pub key, you need to update them as well (init#129) - Added support for multiple port forwarding parameters in the QEMU startup script. Users can now specify multiple port forwards using the
-foption. (flatcar/scripts#2575)
Updates:
- AMD64: nvidia-drivers (535.230.02)
- ARM64: nvidia-drivers (570.86.15)
- Go (1.22.11)
- Linux (6.6.83 (includes 6.6.79, 6.6.80, 6.6.81, 6.6.82))
- Linux Firmware (20250109)
- SDK: qemu (8.2.7)
- base, dev: audit (4.0.2)
- base, dev: bpftool (7.5.0)
- base, dev: btrfs-progs (6.12)
- base, dev: c-ares (1.34.3 (includes 1.34.0, 1.34.1, 1.34.2))
- base, dev: ethtool (6.10)
- base, dev: glib (2.80.5 (includes 2.80.0, 2.80.1, 2.80.2, 2.80.3, 2.80.4))
- base, dev: gnupg (2.4.6)
- base, dev: hwdata (0.390)
- base, dev: intel-microcode (20241112 (includes 20241029))
- base, dev: iproute2 (6.12.0)
- base, dev: kexec-tools (2.0.30)
- base, dev: libcap (2.71)
- base, dev: libgpg-error (1.51)
- base, dev: libnvme (1.11.1 (includes 1.11))
- base, dev: libxml2 (2.12.9)
- base, dev: lsof (4.99.4)
- base, dev: npth ([1.8](https://git.gnupg.org/cgi-bi...
stable-4152.2.1
stable-4152.2.1
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
1cf3366
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Stable 4152.2.0
Security fixes:
- openssh (CVE-2025-26465, CVE-2025-26466)
Updates:
- openssh(9.8_p1-r4)