alpha-4487.0.0
·
1308 commits
to main
since this release
alpha-4487.0.0
sayanchowdhury
Sayan Chowdhury
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
9bec79a
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Alpha 4459.0.0
Known bugs:
- Updating with OEM or Flatcar extensions is broken when ue-rs parses the Omaha response and thusfalls back to downloading from the release server or bincache which may fail for self-hosted Nebraska updates or payloads passed with flatcar-update (ue-rs#92)
Security fixes:
- Linux (CVE-2025-39927, CVE-2025-39926, CVE-2025-39923, CVE-2025-39913, CVE-2025-39912, CVE-2025-39911, CVE-2025-39909, CVE-2025-39907, CVE-2025-39917, CVE-2025-39916, CVE-2025-39914, CVE-2025-39885, CVE-2025-39886, CVE-2025-39876, CVE-2025-39873, CVE-2025-39871, CVE-2025-39870, CVE-2025-39869, CVE-2025-39884, CVE-2025-39883, CVE-2025-39882, CVE-2025-39881, CVE-2025-39880, CVE-2025-39877, CVE-2025-39963, CVE-2025-39961, CVE-2025-39957, CVE-2025-39956, CVE-2025-39955, CVE-2025-39938, CVE-2025-39937, CVE-2025-39934, CVE-2025-39953, CVE-2025-39952, CVE-2025-39951, CVE-2025-39950, CVE-2025-39932, CVE-2025-39949, CVE-2025-39948, CVE-2025-39947, CVE-2025-39946, CVE-2025-39945, CVE-2025-39944, CVE-2025-39943, CVE-2025-39942, CVE-2025-39940, CVE-2025-39929, CVE-2025-39931, CVE-2024-57878, CVE-2024-57877, CVE-2024-57875, CVE-2024-57876, CVE-2024-57874, CVE-2025-23128, CVE-2025-23127, CVE-2025-23126, CVE-2025-23125, CVE-2025-23124, CVE-2024-57872, CVE-2024-57850, CVE-2024-57849, CVE-2024-57839, CVE-2024-57843, CVE-2024-48875, CVE-2024-48873, CVE-2024-47809, CVE-2024-47794, CVE-2024-47143, CVE-2024-47141, CVE-2024-45828, CVE-2024-43098, CVE-2024-53680, CVE-2024-52332, CVE-2024-50051, CVE-2024-49569, CVE-2024-48881, CVE-2024-48876, CVE-2024-41932, CVE-2024-41935, CVE-2024-56787, CVE-2024-56786, CVE-2024-56785, CVE-2024-56784, CVE-2024-56783, CVE-2024-56781, CVE-2024-56782, CVE-2024-56640, CVE-2024-56639, CVE-2024-56638, CVE-2024-56637, CVE-2024-56636, CVE-2024-56635, CVE-2024-56634, CVE-2024-56651, CVE-2024-56633, CVE-2024-56650, CVE-2024-56649, CVE-2024-56648, CVE-2024-56647, CVE-2024-56646, CVE-2024-56645, CVE-2024-56644, CVE-2024-56643, CVE-2024-56642, CVE-2024-56641, CVE-2024-56631, CVE-2024-56632, CVE-2024-56615, CVE-2024-56624, CVE-2024-56623, CVE-2024-56622, CVE-2024-56621, CVE-2024-56620, CVE-2024-56619, CVE-2024-56618, CVE-2024-56617, CVE-2024-56630, CVE-2024-56629, CVE-2024-56628, CVE-2024-56627, CVE-2024-56626, CVE-2024-56625, CVE-2024-56616, CVE-2024-56592, CVE-2024-56591, CVE-2024-56590, CVE-2024-56589, CVE-2024-56588, CVE-2024-56587, CVE-2024-56614, CVE-2024-56613, CVE-2024-56586, CVE-2024-56612, CVE-2024-56611, CVE-2024-56610, CVE-2024-56609, CVE-2024-56608, CVE-2024-56607, CVE-2024-56606, CVE-2024-56605, CVE-2024-56604, CVE-2024-56603, CVE-2024-56585, CVE-2024-56602, CVE-2024-56601, CVE-2024-56600, CVE-2024-56599, CVE-2024-56598, CVE-2024-56597, CVE-2024-56596, CVE-2024-56595, CVE-2024-56594, CVE-2024-56593, CVE-2024-56583, CVE-2024-56584)
- binutils (CVE-2025-5244, CVE-2025-5245, CVE-2025-8225)
- curl (CVE-2025-9086, CVE-2025-10148)
- go (CVE-2025-47910)
- libpcre2 (CVE-2025-58050)
- libxml2 (libxml2-20250908)
- libxslt (CVE-2025-7424, CVE-2025-7425)
- net-tools (CVE-2025-46836)
Bug fixes:
- Enabled
CONFIG_MEMCG_V1to mitigate cgroupsv1 removal (e.g JVM) (Flatcar#1884) - Fixed the QEMU launcher script to include HVF acceleration on arm64-based Macs for faster performance (Flatcar#1901)
Changes:
- Increased all partition sizes:
/bootto 1 GB, the two/usrpartitions to 2 GB,/oemto 1 GB so that we can use more space in a few years when we can assume that most nodes run the new partition layout - existing nodes can still update for the next years (scripts#3027) - Reduced the kernel+initrd size on
/bootby half. Flatcar now uses a minimal first stage initrd just to access the/usrpartition and then switches to the full initrd that does the full system preparation as before. Since this means that the set of kernel modules available in the first initrd is reduced, please report any impact. - Scaleway: SSH keys are now fetched via Afterburn (scripts#3277)
- Scaleway: The hostname is now set via Afterburn (scripts#3277)
Updates:
- Afterburn (5.10.0)
- Linux (6.12.51 (includes 6.12.48, 6.12.49, 6.12.50))
- Linux Firmware (20250917)
- SDK: azure-core (1.16.1)
- SDK: azure-identity (1.13.1)
- SDK: go (1.24.7)
- SDK: pkgcheck (0.10.37)
- SDK: rust (1.89.0)
- base, dev: bash (5.3_p3)
- base, dev: btrfs-progs (6.16)
- base, dev: coreutils (9.7 (includes 9.6))
- base, dev: cryptsetup (2.8.1)
- base, dev: curl (8.16.0)
- base, dev: expat (2.7.2)
- base, dev: gcc (14.3.1_p20250801)
- base, dev: hwdata (0.398)
- base, dev: libffi (3.5.2)
- base, dev: libnftnl (1.3.0)
- base, dev: libxml2 (2.13.9)
- base, dev: ncurses (6.5_p20250802)
- base, dev: nftables (1.1.4)
- base, dev: readline (8.3_p1)
- base, dev: samba (4.22.3 (includes 4.21.0, 4.22.0, 4.22.1, 4.22.2))
- base, dev: talloc (2.4.3)
- base, dev: tdb (1.4.13)
- base, dev: tevent (0.16.2)
- ca-certificates (3.117 (includes 3.116))
- dev, sysext-incus: squashfs-tools (4.7.2 (includes 4.7.1))
- dev: binutils (2.45)
- open-vm-tools (13.0.5)
- sysext-incus, sysext-podman, vmware: fuse (3.17.4)
- sysext-nvidia-drivers-570, sysext-nvidia-drivers-570-open: nvidia-drivers (570.190)
- sysext-podman: gpgme (2.0.0)
- sysext-python: charset-normalizer (3.4.3)
- sysext-python: jaraco-functools (4.3.0)
- sysext-python: markdown-it-py (4.0.0)
- sysext-python: pip (25.2)
- sysext-python: requests (2.32.5)