v4.1.1
Warning
Security Notice: The standard images in this release contain known CVEs from upstream components (k3s and k0s). These vulnerabilities originate from the Kubernetes distribution binaries and are outside our control. Please review the security scan results before deploying to production.
What's Changed
- docs: fix stale governance links and ubuntu 24.04 fips readme by @immanuwell in #4076
- Update hadron image references to v0.2.1 by @Copilot in #4087
- ⬆️ Update quay.io/kairos/kairos-init Docker tag to v0.13.1 by @renovate[bot] in #4066
- Bump hadron to v0.3.0 by @jimmykarily in #4103
- ⬆️ Update quay.io/kairos/kairos-init Docker tag to v0.14.0 by @renovate[bot] in #4118
- Don't enforce security scans on master by @jimmykarily in #4127
New Contributors
- @immanuwell made their first contribution in #4076
Full Changelog: v4.1.0...v4.1.1
Changes since previous version (v4.1.0)
Kairos changes
- docs: fix stale governance links and ubuntu 24.04 fips readme by @immanuwell in #4076
- Update hadron image references to v0.2.1 by @Copilot in #4087
- Bump hadron to v0.3.0 by @jimmykarily in #4103
- Don't refer to non-existing artifacts (hardcoded by mistake) by @jimmykarily in bee8fbb
- Don't hardcode tags in public cloud image workflow by @jimmykarily in 85b76a9
- Fix backup header on GCP after resizing by @jimmykarily in d757c3e
- Fix gcloud image creation by @jimmykarily in 0e51b47
- Bump kairos-init to v0.14.3 by @jimmykarily in 9679e68
- Bump kairos-init (again) by @jimmykarily in 57350d8
- Bump kairos-init by @jimmykarily in af74352
- Don't enforce security scans on master by @jimmykarily in #4127
- Don't block releases on CVEs of k3s/k0s (on sarif scan) by @jimmykarily in #4133
- Don't block master builds on grype reports by @jimmykarily in #4145
- Release scan report only by @jimmykarily in #4146
- Release scan report only by @jimmykarily in #4147
kairos-init changes
- Version: v0.13.0 -> v0.14.6
- riscv64: UPX overrides and Fedora grub EFI packages by @mauromorales in #352
- Disable systemd-networkd in sles5.5 too by @jimmykarily in #353
- feat: Enable VMware tools for systemd and OpenRC by @Itxaka in #354
- Fix newline at end of 26_vm.yaml by @Itxaka in c2eda6d
- fix: Update model detection for Thor by @Itxaka in #361
- Configure Renovate to update only semver-tagged Hadron images in GitHub workflows by @Copilot in #362
- Bump kcrypt-discovery-challenger to v0.13.2 by @mauromorales in #367
- Bump deps by @jimmykarily in 7274d1e
- chore(deps): bump x/net and go to fix CVEs by @mauromorales in #370
- Add retry flags to curl and show errors by @jimmykarily in #371
- Bump edgevpn to v0.35.2 by @jimmykarily in 5c56c85
Immucore changes
- Version: v0.16.1 -> v0.16.2
- fix(deps): update golang.org/x dependencies by @Itxaka in e899765
- Potential fix for code scanning alert no. 186: Workflow does not contain permissions by @Itxaka in #566
- Potential fix for code scanning alert no. 187: Workflow does not contain permissions by @Itxaka in #565
- Potential fix for code scanning alert no. 188: Workflow does not contain permissions by @Itxaka in #564
kairos-agent changes
- Version: v2.29.1 -> v2.29.4
- fix: support riscv64 platform detection by @mauromorales in #1216
- Update renovate.json configuration by @Itxaka in 4457477
- fix(grub): skip shim copy on riscv64 EFI install by @mauromorales in #1230
- fix(deps): bump golang.org/x/image to v0.41.0 by @mauromorales in #1231
kairos-sdk changes
- Version: v0.20.0 -> v0.22.0
- Remove Go version constraint from renovate.json by @Itxaka in ce71ab1
- chore: bump Go toolchain to 1.26.3 for stdlib CVE remediation by @Copilot in #763
- Add riscv64 platform support by @mauromorales in #762
- Support insecure registries when fetching images by @jimmykarily in #769
- Bump go and golang.org/x/net to fix CVEs reported by OSV scanner by @jimmykarily in #772
kcrypt-discovery-challenger changes
- Version: v0.13.1 -> v0.13.2
- fix(deps): address Go security advisories by @mauromorales in #226
provider-kairos changes
- Version: v2.16.0 -> v2.16.1
- feat(role): make auto role-coordination resilient to lost ledger writes by @mudler in #909
- feat(cli): allow --api and --network-id to be set via environment by @mudler in #913
- feat(bootstrap): honor EDGEVPN_API env for the bootstrap event handler by @mudler in #914
edgevpn changes
- Version: v0.32.2 -> v0.35.2
- fix(blockchain): resolve equal-index ledger split-brain with a deterministic tie-break by @mudler in #1011
- Support android interfaces by @jimmykarily in #1008
- feat: improve pubsub reliability and NAT detection for small clusters by @mudler in #1014
- feat: improve pubsub reliability and NAT detection for small clusters by @mudler in #1020
- deps: use mudler/go-libp2p-pubsub fork to enable pubsub over relayed conns by @mudler in #1027
- feat(api): harden local API unix socket listener by @mudler in #1028
- feat(relay): expose circuit-v2 relay-service resource knobs by @mudler in #1031
- feat(relay): NetworkOnly ACL — gate reservations on cluster membership by @mudler in #1032
- Fix GitHub Pages CI by migrating docs build to Hugo Modules by @Copilot in #1033
- feat(blockchain): authenticated, per-owner ledger entries (experimental) by @mudler in #1034
- Bump go toolchain and crypto to get rid of security reports by @jimmykarily in #1035
- Bump golang.org/x/net to fix GO-2026-5026 by @jimmykarily in #1039
entities changes
- Version: v0.8.3-0.20260109121712-af3b96567af9 -> v0.8.3
- fix: Update Go module dependencies and improve shadow handling by @Itxaka in #20
go-pluggable changes
- No changes (v0.0.0-20230126220627-7710299a0ae5)
yip changes
- Version: v1.23.6 -> v1.24.0
- chore: Update Go module dependencies by @Itxaka in #284
- feat: Add support for noformat partitions by @Itxaka in #292
xpasswd changes
- No changes (v0.4.7)
Contributors
mauromorales, Itxaka, and 4 other contributors