alpha-4722.0.0
·
4 commits
to main
since this release
alpha-4722.0.0
tormath1
Mathieu Tortuyaux
This tag was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
Changes since Alpha 4694.0.1
Security fixes:
- Linux (CVE-2026-46323, CVE-2026-46315, CVE-2026-46275, CVE-2026-46244, CVE-2026-46243, CVE-2026-46322, CVE-2026-46321, CVE-2026-46316)
- bubblewrap (CVE-2026-41163)
- curl (CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805)
- expat (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-41080, CVE-2026-45186)
- gnutls (CVE-2026-33845, CVE-2026-33846, CVE-2026-3832, CVE-2026-3833, CVE-2026-42009, CVE-2026-42010, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013, CVE-2026-42014, CVE-2026-42015, CVE-2026-5260, CVE-2026-5419)
- go (CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61731, CVE-2025-68119, CVE-2025-68121, CVE-2025-61732, CVE-2026-25679, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501)
- libarchive (CVE-2026-4426)
- libcap (CVE-2026-4878)
- libgcrypt (CVE-2026-41989)
- libxml2 (CVE-2026-0989, CVE-2026-0990, CVE-2026-0992, CVE-2026-1757, libxml2-20260415)
- openssh (CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414)
- openssl (CVE-2026-2673, CVE-2026-28386, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31790)
- rsync (CVE-2026-41035, CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232)
- sssd (CVE-2026-6245)
- systemd (CVE-2026-40223, CVE-2026-40225, CVE-2026-40226)
- util-linux (CVE-2026-27456)
- x11-drivers/nvidia-drivers (CVE-2025-33221, CVE-2026-24182, CVE-2026-24187, CVE-2026-24190, CVE-2026-24192, CVE-2026-24193, CVE-2026-24194, CVE-2026-24195, CVE-2026-24196, CVE-2026-24197, CVE-2026-24198, CVE-2026-24199)
- xz-utils (CVE-2026-34743)
- zlib (CVE-2026-27171)
Bug fixes:
- Fixed booting the VirtualBox image, which was broken since upstream Ignition changed how their VirtualBox support works. The Vagrant VirtualBox image was unaffected.
- Fixed using Ignition to create new partitions with number 0 to get the next available slot. (ignition#2234)
- Updated the GCE udev disk rules to include NVMe disks. (scripts#3606)
Changes:
- Exoscale: images are now built as 10G .qcow2 so they can be directly used with Exoscale Custom Templates (scripts#4075)
- Added Oracle Cloud Infrastructure images (scripts#3846)
- Added kernel config options to support HuC firmware authentication which is required for Intel Arc (DG2) hardware offloading for video. (scripts#4019)
- All the legacy OEMs (CloudSigma, CloudStack, Exoscale, Vagrant, VirtualBox) have been converted to sysexts. The transition should be seamless, but the Flatcar team was only able to test VirtualBox with and without Vagrant, so please report any issues.
- Dropped support for Equinix Metal (Packet). The servers are due to be switched off on June 30th 2026.
- Dropped support for Rackspace, including OnMetal. Rackspace-specific images are no longer built or published. Flatcar only had community level support for Rackspace, and the Flatcar team is no longer confident that this support actually works. Rackspace themselves have pivoted from being an independent cloud provider to being a management platform for other clouds.
- Dropped the VMware "insecure" image. This was added a long time ago, and it is not clear to the current Flatcar team what purpose it served. It included the Vagrant insecure SSH key but without the other Vagrant files. If you want to use Vagrant, then do so with VirtualBox or Parallels. If you want to deploy onto VMware quickly, then use the OVA image.
- Dropped the Vagrant VirtualBox image because the regular Vagrant image also targets VirtualBox. The only difference between them was that the former was geared for provisioning with Ignition and Afterburn rather than cloud-config and Vagrant itself. The Ignition support was broken when it was dropped by upstream. A single image can handle Ignition, cloud-config, and Vagrant. The Afterburn support has been dropped entirely.
- Refreshed the Vagrant and Vagrant Parallels images for use with recent Vagrant releases, adding implicit support for provisioning with Ignition (VirtualBox only) or cloud-config. Vagrant 2.2.5 is now required. See the revised documentation for further details.
- Refreshed the VirtualBox OVF (which is also used by the Vagrant image) so that VMs are configured with modern hardware, including a VirtIO storage controller and UEFI. The clock is configured for UTC rather than local time.
- Enabled
/dev/kfd/in amdgpu driver on AMD64 (scripts#4053)
Updates:
- Linux (6.12.93 (includes 6.12.92))
- SDK: bubblewrap (0.11.2)
- SDK: go (1.26.3 (includes 1.25.8,1.25.7, 1.25.6))
- SDK: qemu (10.2.2)
- SDK: rust (1.93.1 (includes 1.93.0))
- azure, dev, gce, sysext-python: python (3.12.13_p1)
- azure, dev, sysext-python: urllib3 (2.7.0)
- base, dev: adcli (0.9.3.1 (includes 0.9.3))
- base, dev: audit (4.1.4 (includes 4.1.3, 4.1.2, 4.1.1, 4.1.0))
- base, dev: bpftool (7.7.0)
- base, dev: btrfs-progs (6.19.1 (includes 6.19))
- base, dev: checkpolicy (3.9)
- base, dev: cifs-utils (7.5)
- base, dev: conntrack-tools (1.4.9)
- base, dev: coreutils (9.11 (includes 9.10))
- base, dev: cryptsetup (2.8.6 (includes 2.8.4))
- base, dev: curl (8.19.0)
- base, dev: dracut (110)
- base, dev: e2fsprogs (1.47.4)
- base, dev: elfutils (0.195)
- base, dev: ethtool (6.19)
- base, dev: expat (2.8.1 (includes 2.8.0, 2.7.5))
- base, dev: git (2.53.0)
- base, dev: gnupg (2.5.18)
- base, dev: gnutls (3.8.13)
- base, dev: hwdata (0.401)
- base, dev: intel-microcode (20260512_p20260513)
- base, dev: iproute2 (6.19.0)
- base, dev: iptables (1.8.13 (includes 1.8.12))
- base, dev: less (692 (includes 691))
- base, dev: libarchive (3.8.7 (includes 3.8.6))
- base, dev: libcap (2.78)
- base, dev: libcap-ng (0.9.3 (includes 0.9.2, 0.9.1, 0.9))
- base, dev: libgcrypt (1.12.2 (includes 1.12.1, 1.12.0))
- base, dev: libgpg-error (1.59)
- base, dev: libksba (1.6.8)
- base, dev: libnetfilter_conntrack (1.1.1)
- base, dev: libselinux (3.9)
- base, dev: libsepol (3.9)
- base, dev: libsodium (1.0.22)
- base, dev: libxml2 (2.15.3 (includes 2.15.2))
- base, dev: lsof (4.99.6)
- base, dev: lvm2 (2.03.39 (includes 2.03.38. 2.03.37, 2.03.36, 2.03.35, 2.03.34, 2.03.33, 2.03.32, 2.03.31, 2.03.30, 2.03.29, 2.03.28, 2.03.27, 2.03.26, 2.03.25, 2.03.24, 2.03.23, 2.03.22))
- base, dev: mdadm (4.6 (includes 4.5))
- base, dev: multipath-tools (0.14.3 (includes 0.14.2, 0.14.1, 0.14.0, 0.13.0, 0.12.0, 0.11.0, 0.10.0, 0.9.9))
- base, dev: ncurses (6.5_p20251220)
- base, dev: nfs-utils (2.8.5 (includes 2.8.4, 2.8.3, 2.8.2, 2.8.1)
- base, dev: ngtcp2 (1.22.1)
- base, dev: openssh (10.3_p1)
- base, dev: openssl (3.5.6)
- base, dev: parted (3.7)
- base, dev: pciutils (3.15.0)
- base, dev: procps (4.0.6)
- base, dev: rsync (3.4.3 (includes 3.4.2))
- base, dev: samba (4.23.6 (includes 4.23.5, 4.23.4, 4.23.3, 4.23.2, 4.23.1, 4.23.0))
- base, dev: semodule-utils (3.9)
- base, dev: shadow (4.19.4 (includes 4.19.3, 4.19.2, 4.19.1, 4.19.0, 4.18.0, 4.17.0, 4.16.0, 4.15.0))
- base, dev: socat (1.8.1.1)
- base, dev: sqlite (3.51.3)
- base, dev: sssd (2.13.0 (includes 2.12.0, 2.11.0, 2.10.0))
- base, dev: strace (6.19)
- base, dev: systemd (260.1 (includes 259.4))
- base, dev: tdb (1.4.14)
- base, dev: tevent (0.17.1 (includes 0.17.0))
- base, dev: timezone-data (2026a)
- base, dev: userspace-rcu (0.15.6)
- base, dev: util-linux (2.41.4)
- base, dev: whois (5.6.6)
- base, dev: xfsprogs (6.19.0)
- base, dev: xz-utils (5.8.3)
- base, dev: zlib (1.3.2)
- dev, sysext-incus: squashfs-tools (4.7.5)
- dev: debugedit (5.3)
- dev: file (5.47)
- dev: gentoolkit (0.7.2)
- dev: getuto (1.18)
- dev: iperf (3.21)
- dev: man-pages (6.17 (includes 6.16, 6.15, 6.14, 6.13, 6.12, 6.11))
- dev: minicom (2.11.1 (includes 2.11))
- dev: mpc (1.4.1 (includes 1.4.0))
- sysext-containerd: containerd (2.2.2)
- sysext-docker: docker-cli (29.1.3 (includes 29.1.2, 29.1.1, 29.1.0, 29.0.4, 29.0.3, 29.0.2, 29.0.1, 29.0.0, 28.5.2, 28.5.1, 28.5.0))
- sysext-incus, sysext-podman, vmware: fuse (3.18.2)
- sysext-incus: dnsmasq (2.92_p2)
- sysext-nvidia-drivers-535, sysext-nvidia-drivers-535-open: nvidia-drivers (535.309.01)
- sysext-overlaybd: overlaybd (1.0.17)
- sysext-python: charset-normalizer (3.4.7 (includes 3.4.6, 3.4.5))
- sysext-python: idna (3.14 (includes 3.13, 3.12))
- sysext-python: jaraco-context (6.1.2)
- sysext-python: jaraco-text (4.2.0)
- sysext-python: linkify-it-py (2.1.0)
- sysext-python: more-itertools (11.0.2 (includes 11.0.1, 11.0.0))
- sysext-python: packaging (26.1)
- sysext-python: pip (26.0.1)
- sysext-python: platformdirs (4.9.6 (includes 4.9.0, 4.8.0, 4.7.0, 4.6.0))
- sysext-python: requests (2.33.1 (includes 2.33.0))
- sysext-python: rich (15.0.0 (includes 14.3.0))
- sysext-python: setuptools-scm (10.0.5 (includes 10.0.0))
- sysext-python: uc-micro-py (2.0.0)
- sysext-python: wheel (0.47.0)
- sysext-zfs: zfs (2.3.6 (includes 2.3.5))
- vmware: libdnet (1.18.2)
- vmware: xmlsec (1.3.10 (includes 1.3.9, 1.3.8))