@crawford crawford released this May 20, 2016 · 144 commits to master since this release

Assets 2

Security Fixes:

  • Fall back to pam_deny in authentication (Security Brief)
  • Remove login shell for operator user
  • Stop disabling SHA512 password hashes in PAM
    • This restores the previous pre-PAM behavior of allowing SHA512 password hashes

Changes:

  • The image signing key has been updated again, revoking the sub-key that signed 1045.0.0 and 1047.0.0 and adding a new sub-key for this and future releases.
  • Add rkt-admin group which has access to /etc/rkt
  • GCE images are now provisioned by Ignition instead of coreos-cloudinit

Updates: