@crawford crawford released this Oct 27, 2016 · 107 commits to master since this release

Assets 2

Security Fixes:

  • Update nss-usrfiles with glibc 2.23 (CVE-2014-8121 and CVE-2015-5277)
  • Update OpenSSL to 1.0.2j (CVE-2016-8610)
    • Note: SSLv2 methods have been disabled, changing the libssl ABI

Bug Fixes:

  • Fix password-length requirement and password logins for SSSD-managed accounts in PAM configuration
  • Add support for C.UTF-8 locale (#112)
  • Correctly set GPT flags on update-engine restart (#1625)

Changes:

  • New installations will have dm-verity enabled by default for the /usr mount.
  • Enable support for more Mellanox cards (CONFIG_MLX5_CORE_EN and CONFIG_MLX5_CORE_EN_DCB)
  • Enable support for more MegaRAID cards (CONFIG_MEGARAID_NEWGEN)
  • Enable support for kprobe and bpf (CONFIG_BPF_SYSCALL, CONFIG_KPROBES, CONFIG_OPTPROBES, CONFIG_KPROBES_ON_FTRACE, CONFIG_KRETPROBES, CONFIG_KPROBE_EVENT, and CONFIG_BPF_EVENTS)
  • The support scripts and utilities for GCE images have been moved from the OEM partition into a container image, executed by rkt
  • The kubelet-wrapper script has been updated, changing a few variable names
    • KUBELET_VERSION has been deprecated in favor of KUBELET_IMAGE_TAG
    • KUBELET_ACI has been deprecated in favor of KUBELET_IMAGE_URL
    • RKT_OPTS has been deprecated in favor of RKT_RUN_ARGS
  • The etcd-wrapper script has been updated along with the addition of etcd-member.service
  • A flannel-wrapper script has been introduced and flanneld.service updated to use it
  • The DigitalOcean images are now provisioned via Ignition instead of coreos-cloudinit
  • Docker's containerd has been split out into a separate containerd.service

Updates: