Skip to content

alpha-4081.0.0

Compare
Choose a tag to compare
@tormath1 tormath1 released this 05 Sep 11:37
· 1473 commits to main since this release
alpha-4081.0.0
96ab0ce

Changes since Alpha 4054.0.0

Security fixes:

Bug fixes:

  • Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
  • Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)
  • Fixed slow boots PXE and ISO boots caused by the decrypt-root.service. (Flatcar#1514)
  • Fixed the initrd option in the QEMU launcher script. It was -R, but this was already taken by the read-only pflash option, so use -r instead. (scripts#2239)

Changes:

  • Replace nmap netcat with openbsd variant. The license didn't get an exception from CNCF. Something about the definition of "derivative works" being too broad.
  • The docker build command will now use buildx as its backend as the old one became deprecated and a loud "DEPRECATED" information is printed every time it's used.

Updates: