Release Channels

3227.2.2
Release Date: Sep 1, 2022

The Stable channel is intended for use in production clusters. Versions of Flatcar Container Linux have been tested as they move through Alpha and Beta channels before being promoted to stable.

3277.1.2
Release Date: Sep 1, 2022

The Beta channel is where Flatcar Container Linux stability is solidified. We encourage including some beta machines in production clusters in order to catch any issues that may arise with your setup.

3346.0.0
Release Date: Sep 1, 2022

The Alpha channel follows a more frequent release cadence and is where new updates are introduced. Users can try the new versions of the Linux kernel, systemd and other core packages.

3033.3.5
Release Date: Sep 1, 2022

LTS release streams will be maintained for an extended lifetime of 18 months. The yearly LTS streams have an overlap of 6 months.

Release Notes

Release Date: Sep 1, 2022  amd64 arm64

containerd - 1.6.6
docker - 20.10.14
ignition - 2.13.0
kernel - 5.15.63
systemd - 250

Note: The ARM64 AWS AMI of the Stable release has an unknown issue of corrupted images which we are still investigating. We will release the AMI as soon as we have resolved the issue. Follow #840 for more information

Changes since Stable 3227.2.1

Security fixes:

Bug fixes:

Changes:

  • The new image signing subkey was added to the public key embedded into flatcar-install (the old expired on 10th August 2022), only an updated flatcar-install script can verify releases signed with the new key (init#79)

Updates:


Release Date: Aug 4, 2022  amd64 arm64

containerd - 1.6.6
docker - 20.10.14
ignition - 2.13.0
kernel - 5.15.58
systemd - 250

New Stable Release 3227.2.1

Changes since Stable 3227.2.0

Security fixes:

Bug fixes:

  • Added support for Openstack for cloud-init activation (flatcar-linux/init#76)
  • Excluded Wireguard interface from systemd-networkd default management (Flatcar#808)
  • Fixed /etc/resolv.conf symlink by pointing it at resolv.conf instead of stub-resolv.conf. This bug was present since the update to systemd v250 (coreos-overlay#2057)
  • Fixed excluded interface type from default systemd-networkd configuration (flatcar-linux/init#78)
  • Fixed space escaping in the networkd Ignition translation (Flatcar#812)

Changes:

Updates:


Release Date: Jul 21, 2022  amd64 arm64

containerd - 1.6.6
docker - 20.10.14
ignition - 2.13.0
kernel - 5.15.55
systemd - 250

New Stable Release 3227.2.0

Changes since Beta 3227.1.1

Security fixes:

Bug fixes:

  • The Ignition v3 kargs directive failed before when used with the generic image where no grub.cfg exists, this was fixed by creating it first (bootengine#47)

Changes:

  • Enabled containerd.service unit, br_netfilter and overlay modules by default to follow Kubernetes requirements (coreos-overlay#1944, init#72)

Updates:

Changes compared to Stable 3139.2.3

Security fixes:

Bug fixes:

  • Added networkd translation to files section when converting from Ignition 2.x to Ignition 3.x (coreos-overlay#1910, flatcar#741)
  • Added a remount action as systemd-sysext.service drop-in unit to restore the OEM partition mount after the overlay mounts in /usr are done (init#69)
  • Fixed Ignition’s OEM ID to be metal to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID pxe was used (bootengine#45)
  • Made Ignition write the SSH keys into a file under authorized_keys.d/ignition again and added a call to update-ssh-keys after Ignition ran to create the merged authorized_keys file, which fixes the problem that keys added by Ignition get lost when update-ssh-keys runs (init#66)
  • Skipped starting ensure-sysext.service if systemd-sysext.service won’t be started, to prevent reporting a dependency failure (Flatcar#710)
  • The Ignition v3 kargs directive failed before when used with the generic image where no grub.cfg exists, this was fixed by creating it first (bootengine#47)

Changes:

  • Added auditd.service but left it disabled by default, a custom configuration can be created by removing /etc/audit/auditd.conf and replacing it with an own file (coreos-overlay#1636)
  • Added cryptsetup to the initramfs for the Ignition luks directive (flatcar-linux/coreos-overlay#1760)
  • Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the docs section for details
  • Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. coreos-overlay#1664
  • Enabled CONFIG_INTEL_RAPL on AMD64 Kernel config to compile intel_rapl_common module in order to allow power monitoring on modern Intel processors (coreos-overlay#1801)
  • Enabled containerd.service unit, br_netfilter and overlay modules by default to follow Kubernetes requirements (coreos-overlay#1944, init#72)
  • Enabled systemd-sysext.service to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service ensure-sysext.service which reloads the systemd units to reevaluate the sockets, timers, and multi-user targets when systemd-sysext.service is (re)started, making it possible to enable units that are part of a sysext image (init#65)
  • For amd64 /usr/lib used to be a symlink to /usr/lib64 but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case /usr/lib64 was used to access, e.g., the modules folder or the systemd folder (coreos-overlay#1713, scripts#255)
  • Made SELinux enabled by default in default containerd configuration file. (coreos-overlay#1699)
  • Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments (coreos-overlay#1700)
  • The systemd-networkd ManageForeignRoutes and ManageForeignRoutingPolicyRules settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under /etc/systemd/networkd.conf.d/ because drop-in files take precedence over /etc/systemd/networkd.conf (init#61)
  • Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.
  • Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don’t have a strong coupling, meaning the only metadata required is SYSEXT_LEVEL=1.0 and ID=flatcar (Flatcar#643)
  • ARM64: Added cifs-utils for ARM64
  • ARM64: Added sssd, adcli and realmd for ARM64
  • AWS EC2: Removed the setup of /etc/hostname from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP (Flatcar#707)
  • Azure: Set up /etc/hostname from instance metadata with Afterburn
  • DigitalOcean: In addition to the bz2 image, a gz compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.
  • OpenStack: In addition to the bz2 image, a gz compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.
  • SDK: The image compression format is now configurable. Supported formats are: bz2, gz, zip, none, zst. Selecting the image format can now be done by passing the --image_compression_formats option. This flag gets a comma separated list of formats.
  • SDK / ARM64: Added go-tspi bindings for ARM64

Updates:


Release Date: Jun 23, 2022  amd64 arm64

containerd - 1.5.11
docker - 20.10.12
ignition - 0.36.1
kernel - 5.15.48
systemd - 249

New Stable Release 3139.2.3

Changes since Stable 3139.2.2

Security fixes:

Updates:


Release Date: Jun 2, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.15.43
systemd - 249

New Stable Release 3139.2.2

Changes since Stable 3139.2.1

Security fixes:

Bug fixes:

Updates:


Release Date: May 9, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.15.37
systemd - 249

New Stable Release 3139.2.1

Changes since Stable 3139.2.0

Security fixes:

Bug fixes:

  • AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances (coreos-overlay#1628)
  • GCE: Restored oem-gce.service functionality on GCP (coreos-overlay#1813)
  • Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an ‘invalid relocation target’ error (coreos-overlay#1839)

Changes:

  • Merge the Flatcar Pro features into the regular Flatcar images (coreos-overlay#1679)
  • GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP (coreos-overlay#1802)
  • SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the ghcr.io/flatcar/mantle image (coreos-overlay#1827, scripts#275)

Updates:


Release Date: Apr 7, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.15.32
systemd - 249

New Stable Release 3139.2.0

Changes since Stable 3033.2.4

Security fixes:

Bug fixes:

  • Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check (init#55)
  • Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail (bootengine#33)
  • network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting (init#51, coreos-cloudinit#12, bootengine#30)
  • flatcar-update: Stopped checking for the USER environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional sudo invocation (init#58)
  • Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) (Flatcar#665, coreos-overlay#1723)
  • Re-added the brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used (bootengine#40)

Changes:

  • Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates (init#53)
  • Update-engine now creates the /run/reboot-required flag file for kured (update_engine#15)
  • Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference (init#56)
  • Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config (coreos-overlay#1524)
  • Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in grub.cfg (check it taking effect with cat /proc/sys/crypto/fips_enabled) (coreos-overlay#1602)
  • Enabled FIPS mode for cryptsetup (portage-stable#312)
  • Rework the way we set up the default python intepreter in SDK - it is now without specifying a version. This should work fine as long as we keep having one version of python in SDK.
  • Add a way to remove packages that are hard-blockers for update. A hard-blocker means that the package needs to be removed (for example with emerge -C) before an update can happen.
  • Removed the pre-shipped /etc/flatcar/update.conf file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the /use/share/flatcar/update.conf (scripts#212)

Updates:

Changes since Beta 3139.1.1

Security fixes:

Changes:

Updates:


Release Date: Mar 23, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.10.107
systemd - 249

New Stable Release 3033.2.4

Changes since Stable-3033.2.3

Security fixes

Bug fixes

Changes

  • Added support for switching back to CGroupsV1 without requiring a reboot. Create /etc/flatcar-cgroupv1 through ignition. (coreos-overlay#1666)

Updates


Release Date: Mar 7, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.10.102
systemd - 249

New Stable Release 3033.2.3

Changes since Stable 3033.2.2

Security fixes

Bug fixes

  • Disabled the systemd-networkd settings ManageForeignRoutes and ManageForeignRoutingPolicyRules by default to ensure that CNIs like Cilium don’t get their routes or routing policy rules discarded on network reconfiguration events (Flatcar#620).
  • Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory when creating a btrfs root filesystem (ignition#35)
  • Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium (Flatcar#626, coreos-overlay#1682)

Updates


Release Date: Feb 9, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.34.0
kernel - 5.10.96
systemd - 249

New Stable Release 3033.2.2

Changes since Stable 3033.2.1

Security fixes

Bug fixes

  • SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)
  • Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in policycoreutils instead of /var/lib/selinux (flatcar-linux/Flatcar#596)

Updates


Release Date: Jan 26, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.34.0
kernel - 5.10.93
systemd - 249

New Stable release 3033.2.1

Changes since Stable 3033.2.0

Known issues:

  • The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (flatcar-linux/Flatcar#596)

Security fixes:

Bug fixes:

  • Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
  • dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
  • SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)

Changes:

Updates:


Release Date: Dec 15, 2021  amd64 arm64

docker - 20.10.11
ignition - 0.34.0
kernel - 5.10.84
systemd - 249

New Stable release 3033.2.0

Changes since Stable 2983.2.1

Security fixes

Bug fixes

  • arm64: the Polkit service does not crash anymore. (flatcar-linux/Flatcar#156)
  • toolbox: fixed support for multi-layered docker images (toolbox#5)
  • Run emergency.target on ignition/torcx service unit failure in dracut (bootengine#28)
  • Fix vim warnings on missing file, when built with USE=”minimal” (portage-stable#260)
  • The Torcx profile docker-1.12-no got fixed to reference the current Docker version instead of 19.03 which wasn’t found on the image, causing Torcx to fail to provide Docker (PR#1456)

Changes

  • Added GPIO support (coreos-overlay#1236)
  • Enabled SELinux in permissive mode on ARM64 (coreos-overlay#1245)
  • The iptables command uses the nftables kernel backend instead of the iptables backend, you can also migrate to using the nft tool instead of iptables. Containers with iptables binaries that use the iptables backend will result in mixing both kernel backends which is supported but you have to look up the rules separately (on the host you can use the iptables-legacy and friends).

Updates

Changes since Beta 3033.1.1

Security fixes

Bug fixes

  • Fix vim warnings on missing file, when built with USE=”minimal” (portage-stable#260)

Updates


Release Date: Nov 25, 2021  amd64

docker - 20.10.11
ignition - 0.34.0
kernel - 5.10.80
systemd - 247

New Stable Release 2983.2.1

Changes since Stable 2983.2.0

Security fixes

Updates

Changes

  • Added missing SELinux rule as initial step to resolve Torcx unpacking issue (coreos-overlay#1426)

Release Date: Nov 9, 2021  amd64

docker - 20.10.10
ignition - 0.34.0
kernel - 5.10.77
systemd - 247

New Stable release 2983.2.0

Update to CGroupsV2

CGroups V2 is coming to Stable! Introduced in Alpha 2969.0.0, the feature has been stabilising for almost three months now and will be included in Stable 2983.2.0.
NOTE that only new nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to https://kinvolk.io/docs/flatcar-container-linux/latest/container-runtimes/switching-to-unified-cgroups/

Changes since Beta 2983.1.2

Security fixes

Bug fixes

Updates

Changes since Stable 2905.2.6

Security fixes

Bug fixes

  • Use https protocol instead of git for Github URLs (flatcar-linux/coreos-overlay#1394)
  • Skip tcsd.service for TPM2 devices to fix failures on c3.small.x86 instances of Equinix Metal (Flatcar#208)
  • Fixed containerd config after introduction of CGroupsV2 (coreos-overlay#1214)
  • Fixed path for amazon-ssm-agent in base-ec2.ign (coreos-overlay#1228)
  • Fixed locksmith adhering to reboot window when getting the etcd lock (locksmith#10)
  • Add the systemd tag in udev for Azure storage devices, to fix /boot automount (init#41)

Changes

Updates


Release Date: Oct 25, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.75
systemd - 247

New Stable release 2905.2.6

Changes since Stable 2905.2.5

Security fixes

Bux fixes

Updates


Release Date: Sep 30, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.69
systemd - 247

New Stable release 2905.2.5

Changes since Stable 2905.2.4

Security fixes

Bug fixes

  • The Mellanox NIC Linux driver issue introduced in the previous release was fixed (Flatcar#520)

Updates


Release Date: Sep 27, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.67
systemd - 247

New Stable release 2905.2.4

Changes since Stable 2905.2.3

Security fixes

Updates


Release Date: Sep 1, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.61
systemd - 247

New Stable release 2905.2.3

Changes since Stable 2905.2.2

Security fixes

Bug Fixes

Updates


Release Date: Aug 19, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.59
systemd - 247

Changes since Stable 2905.2.1

Security fixes

Bug Fixes

Changes

Updates


Release Date: Aug 4, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.55
systemd - 247

Security fixes

Bug fixes

  • Set the cilium_vxlan interface to be not managed by networkd’s default setup with DHCP as it’s managed by Cilium. (init#43)
  • Disabled SELinux by default on dockerd wrapper script (coreos-overlay#1149)
  • GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service (coreos-overlay#1146)

Updates


Release Date: Jul 28, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.52
systemd - 247

Changes since Beta 2905.1.0

Security Fixes

Updates

Changes since Stable 2765.2.6

Security Fixes:

Bug Fixes:

Changes

  • Docker: disabled SELinux support in the Docker daemon
  • The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. (baselayout#17)
  • The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. (coreos-overlay#857)
  • toolbox: replace rkt with docker (coreos-overlay#881)
  • flatcar-install: add parameters to make wget more resilient (init#35)
  • flatcar-install: Add -D flag to only download the image file (Flatcar#248)
  • flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag (Flatcar#332)
  • motd: Add OEM information to motd output (init#34)
  • open-iscsi: Command substitution in iscsi-init system service (coreos-overlay#801)
  • sshd: use secure crypto algos only (kinvolk/coreos-overlay#852)
  • kernel: enable kernel config CONFIG_BPF_LSM (kinvolk/coreos-overlay#846)
  • bootengine: set hostname for EC2 and OpenStack from metadata (kinvolk/coreos-overlay#848)
  • Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn’t start, disrupting the whole boot. (bootengine#23)
  • Enable using iSCSI netroot devices on Flatcar (bootengine#22)
  • systemd-networkd: Do not manage loopback network interface (bootengine#24 init#40)
  • containerd: Removed the containerd-stress binary (coreos-overlay#858)
  • dhcpcd: Removed the dhcpcd binary from the image, systemd-networkd is the only DHCP client (coreos-overlay#858)
  • samba: Update to EAPI=7, add new USE flags and remove deps on icu (kinvolk/coreos-overlay#864)
  • GCE: The oem-gce.service was ported to use systemd-nspawn instead of rkt. A one-time action is required to fetch the new service file because the OEM partition is not updated: sudo curl -s -S -f -L -o /etc/systemd/system/oem-gce.service https://raw.githubusercontent.com/kinvolk/coreos-overlay/fe7b0047ef5b634ebe04c9627bbf1ce3008ee5fa/coreos-base/oem-gce/files/units/oem-gce.service && sudo systemctl daemon-reload && sudo systemctl restart oem-gce.service
  • SDK: update portage and related packages to newer versions (coreos-overlay#840)
  • SDK: Drop jobs parameter in flatcar-scripts (flatcar-scripts#121)
  • SDK: delete Go 1.6 (coreos-overlay#827)
  • Update sys-apps/coreutils and make sure they have split-usr disabled for generic images (coreos-overlay#829)
  • systemd: Fix unit installation (coreos-overlay#810)

Updates

Deprecation

  • docker-1.12, rkt and kubelet-wrapper are deprecated and removed from Stable, also from subsequent channels in the future. Please read the removal announcement to know more

Release Date: Jun 17, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.43
systemd - 247

Security fixes

Bug fixes

  • Update-engine sent empty requests when restarted before a pending reboot (Flatcar#388)
  • motd login prompt list of failed services: The output of “systemctl list-units –state=failed –no-legend” contains a bullet point which is not expected and ended up being taken as the unit name of failed units which was previously on the start of the line. Filtered the bullet point out to stay compatible with the old behavior in case upstream would remove the bullet point again. (coreos-overlay#1042)

Updates


Release Date: May 21, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.38
systemd - 247

Bug fixes

  • The Linux kernel IOMMU-related crash introduced in the 5.10.37 update got fixed through the 5.10.38 update (Flatcar#400)

Updates


Release Date: May 19, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.37
systemd - 247

Security fixes

Updates


Release Date: Apr 28, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.32
systemd - 247

Release Date: Mar 25, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.25
systemd - 247

Security fixes

Bug Fixes

  • GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. (init#38)

Changes

  • The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. (init#38)

Updates


Release Date: Mar 11, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.21
systemd - 247

Security fixes

Bug fixes

  • Include firmware files for all modules shipped in our image (Issue #359, PR #887)
  • Add explicit path to the binary call in the coreos-metadata unit file (Issue #360)

Updates


Release Date: Mar 3, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.19
systemd - 247

Security fixes

Updates


Release Date: Dec 7, 2020  amd64

docker - 19.03.14
ignition - 0.34.0
kernel - 5.4.81
systemd - 246

Security fixes:

Bug fixes

  • Added systemd-tmpfiles directives for /opt and /opt/bin to ensure that the folders have correct permissions even when /opt/ was once created by containerd (Flatcar#279)
  • Make the automatic filesystem resizing more robust against a race and add more logging (kinvolk/init#31)
  • Allow inactive network interfaces to be bound to a bonding interface, by encoding additional configuration for systemd-networkd-wait-online (afterburn PR #10)
  • Do not configure ccache in Jenkins (scripts PR #100)
  • Azure: Exclude bonded SR-IOV network interfaces with newer drivers from networkd (in addition to the old drivers) to prevent them being configured instead of just the bond interface (init PR#29, bootengine PR#19)

Changes:

  • Update-engine now detects rollbacks and reports them as errors to the update server (PR#6)
  • The zstd tools were added (version 1.4.4)
  • The kernel config CONFIG_PSI was set to support Pressure Stall Information, more information also under https://facebookmicrosites.github.io/psi/docs/overview (Flatcar#162)
  • The kernel config CONFIG_BPF_JIT_ALWAYS_ON was set to use the BPF just-in-time compiler by default for faster execution
  • The kernel config CONFIG_POWER_SUPPLY was set
  • The kernel configs CONFIG_OVERLAY_FS_METACOPY and CONFIG_OVERLAY_FS_REDIRECT_DIR were set. With the first overlayfs will only copy up metadata when a metadata-specific operation like chown/chmod is performed. The full file will be copied up later when the file is opened for write operations. With the second, which is equivalent to setting “redirect_dir=on” in the kernel command-line, overlayfs will copy up the directory first before the actual content (Flatcar#170).
  • Remove unnecessary kernel module nf-conntrack-ipv4 (overlay PR#649)
  • Compress kernel modules with xz (overlay PR#628)
  • Add containerd-runc-shim-v* binaries required by kubelet custom CRI endpoints (overlay PR#623)
  • Equinix Metal (Packet): Exclude unused network interfaces from networkd, disregard the state of the bonded interfaces for the network-online.target and only require the bond interface itself to have at least one active link instead of routable which requires both links to be active (afterburn PR#10)
  • QEMU: Use flatcar.autologin kernel command line parameter for auto login on the console (Flatcar #71)

Updates:


Release Date: Nov 19, 2020  amd64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.4.77
systemd - 245

Security fixes:

Bug fixes:

  • network: Restore KeepConfiguration=dhcp-on-stop (kinvolk/init#30)
  • systemd-stable-245.8: ingest latest fixes on top of upstream release (#1, #2, #3)

Updates:


Release Date: Oct 28, 2020  amd64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.4.72
systemd - 245

Security fixes:

Bug fixes:

  • Ensured that the /etc/coreos to /etc/flatcar symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for update: or locksmith: while also reformatting the rootfs (baselayout PR#7)

Updates:


Release Date: Sep 30, 2020  amd64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.4.67
systemd - 245

Bug fixes:

  • Enabled missing systemd services (#191, PR #612)
  • Fixed Docker torcx image unpacking error on machines with less than ~600 MB total RAM (#32)
  • Solved adcli Kerberos Active Directory incompatibility (#194)
  • Fixed the makefile path when building kernel modules with the developer container (#195)
  • Removed the /etc/portage/savedconfig/ folder that contained a dump of the firmware config flatcar-linux/coreos-overlay#613

Changes:

  • GCE: Improved oslogin support and added shell aliases to run a Python Docker image (PR #592)

Updates:


Release Date: Sep 22, 2020  amd64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.4.66
rkt - 1.30.0
systemd - 245

Security fixes:

Updates:


Release Date: Jan 28, 2021  amd64

docker - 19.03.14
ignition - 0.34.0
kernel - 5.4.92
systemd - 246

Security fixes

Bug fixes

  • /etc/iscsi/initiatorname.iscsi is generated by the iscsi-init service (#321)
  • Prevent iscsiadm buffer overflow (#318)

Changes

  • Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam (Issue #315 PR #774)
  • The containerd socket is now available in the default location (/run/containerd/containerd.sock) and also as a symlink in the previous location (/run/docker/libcontainerd/docker-containerd.sock) (#771)
  • With the iscsi update, the service unit has changed from iscsid to iscsi (#791)
  • AWS Pro: include scripts to facilitate setup of EKS workers (#794).
  • Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi (#682)

Updates


Release Date: Jan 12, 2021  amd64

docker - 19.03.14
ignition - 0.34.0
kernel - 5.4.87
systemd - 246

Security fixes

Bug fixes

  • networkd: avoid managing MAC addresses for veth devices (kinvolk/init#33)

Updates


Release Date: Dec 16, 2020  amd64

docker - 19.03.14
ignition - 0.34.0
kernel - 5.4.83
systemd - 246

Security fixes:

Bug fixes:

  • The sysctl net.ipv4.conf.*.rp_filter is set to 0 for the Cilium CNI plugin to work (Flatcar#181)
  • Package downloads in the developer container now use the correct URL again (Flatcar#298)

Changes:

  • The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 (baselayout#13)
  • Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker (Flatcar#283)
  • For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances (update-engine#8)

Updates:


Release Date: Sep 16, 2020  amd64

docker - 18.06.3
ignition - 0.34.0
kernel - 4.19.145
rkt - 1.30.0
systemd - 241

Changes:

Updates:


Release Date: Sep 7, 2020  amd64

docker - 18.06.3
ignition - 0.34.0
kernel - 4.19.143
rkt - 1.30.0
systemd - 241

Security fixes:

Updates:


Release Date: Aug 20, 2020  amd64

docker - 18.06.3
ignition - 0.34.0
kernel - 4.19.140
rkt - 1.30.0
systemd - 241

Security fixes:

Bug fixes:

Changes:

Updates:


Release Date: Jun 17, 2020  amd64

docker - 18.06.3
ignition - 0.34.0
kernel - 4.19.128
rkt - 1.30.0
systemd - 241

Flatcar updates

Security fixes:

Changes:

  • A source code and licensing overview is available under /usr/share/licenses/INFO

Updates:


Release Date: May 26, 2020  amd64

docker - 18.06.3
ignition - 0.34.0
kernel - 4.19.124
rkt - 1.30.0
systemd - 241

Flatcar updates

Security fixes:

Bug fixes:

  • When writing the update kernel, prefer /boot/coreos only if /boot/coreos/vmlinux-* exists (https://github.com/flatcar/update_engine/pull/5)
  • Fixed sysroot-boot initramfs service race which resulted in a warning that this service failed
  • Use the correct BINHOST URLs in the development container to download binary packages

Changes:

  • Support the CoreOS GRUB /boot/coreos/first_boot flag file (https://github.com/flatcar/bootengine/pull/13)
  • Fetch container images in docker format rather than ACI by default in etcd-member.service, flanneld.service, and kubelet-wrapper
  • Use flatcar.autologin kernel command line parameter on Azure and VMware for auto login on the serial console
  • Include conntrack (conntrack-tools)
  • Include journalctl output, pstore kernel crash logs, and coredumpctl list output in the mayday report
  • Update wa-linux-agent to 2.2.46 on Azure
  • Support both coreos.config.* and flatcar.config.* guestinfo variables on VMware OEM

Updates:


Release Date: Mar 31, 2020  amd64

docker - 18.06.3
ignition - 0.34.0
kernel - 4.19.107
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Changes:

Updates:


Release Date: Mar 2, 2020  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.106
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Upstream Container Linux updates

Security fixes:

Updates:


Release Date: Feb 10, 2020  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.95
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Upstream Container Linux updates:

Updates:


Release Date: Dec 18, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.86
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Updates:


Release Date: Dec 5, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.86
rkt - 1.30.0
systemd - 241

Release Date: Nov 21, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.84
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix CFS scheduler throttling highly-threaded I/O-bound applications (#2623)

Updates:


Release Date: Nov 11, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.78
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix time zone for Brazil (#2627)

Updates:


Release Date: Oct 17, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.78
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

No changes for stable promotion


Release Date: Sep 5, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.68
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix pam_systemd bug allowing authenticated remote users to perform polkit actions as if locally logged in (CVE-2019-3842)
  • Fix systemd-resolved bug allowing unprivileged users to change DNS settings (CVE-2019-15718)

Bug fixes:

  • Fix GCE agent crash loop in new installs (#2608)

Updates:


Release Date: Aug 30, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.66
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix wget buffer overflow allowing arbitrary code execution (CVE-2019-5953)

Updates:


Release Date: Aug 16, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.65
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:

Flatcar updates

Bug fixes:

Changes:


Release Date: Aug 1, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.56
rkt - 1.30.0
systemd - 241

Release Date: Jul 3, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.50
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix Ignition panic when no guestinfo.(coreos|ignition).config parameters are specified on VMware (coreos/ignition#821)

Updates:


Release Date: Jul 1, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.50
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

No changes for stable promotion


Release Date: Jun 19, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.43
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix invalid bzip2 compression of Container Linux release images (#2589)

Release Date: Jun 6, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.43
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix systemd MountFlags=shared option (#2579)

Changes:

  • Pin network interface naming to systemd v238 scheme (#2578)

Release Date: May 16, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.43
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Apr 26, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.34
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:


Release Date: Apr 25, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.34
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:


Release Date: Apr 24, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.34
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

No changes for stable promotion


Release Date: Mar 12, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.25
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix systemd crash from a specially-crafted D-Bus message (CVE-2019-6454)

Bug fixes:

  • Fix systemd-journald memory leak (#2564)

Updates:


Release Date: Feb 27, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.23
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:


Release Date: Feb 21, 2019  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.96
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix kernel POSIX timer rearming (#2549)

Release Date: Feb 14, 2019  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.96
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:


Release Date: Jan 30, 2019  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.96
rkt - 1.30.0
systemd - 238

Release Date: Jan 28, 2019  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.88
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

No changes for stable promotion

Flatcar updates

Changes:


Release Date: Jan 28, 2019  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.88
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

No changes for stable promotion


Release Date: Dec 21, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.84
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix Go CPU denial of service in X.509 verification (CVE-2018-16875)
  • Fix PolicyKit always authorizing UIDs greater than INT_MAX (CVE-2018-19788)

Updates:


Release Date: Nov 27, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.81
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Disable containerd CRI plugin to stop it from listening on a TCP port (#2524)

Updates:


Release Date: Nov 8, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.78
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix systemd re-executing with arbitrary supplied state (CVE-2018-15686)
  • Fix systemd race allowing changing file permissions (CVE-2018-15687)
  • Fix systemd-networkd buffer overflow in the dhcp6 client (CVE-2018-15688)

Release Date: Oct 26, 2018  amd64

docker - 18.06.1
ignition - 0.26.0
kernel - 4.14.74
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix Git remote code execution during recursive clone (CVE-2018-17456)

Updates:


Release Date: Oct 11, 2018  amd64

docker - 18.06.1
ignition - 0.26.0
kernel - 4.14.67
rkt - 1.30.0
systemd - 238

Flatcar updates

Changes:


Release Date: Sep 14, 2018  amd64

docker - 18.06.1
ignition - 0.26.0
kernel - 4.14.67
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix Docker mounting named volumes (#2497)

Release Date: Aug 17, 2018  amd64

docker - 18.03.1
ignition - 0.25.1
kernel - 4.14.63
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Aug 8, 2018  amd64

docker - 18.03.1
ignition - 0.25.1
kernel - 4.14.59
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix failure to mount large ext4 filesystems (#2485)

Release Date: Jul 31, 2018  amd64

docker - 18.03.1
ignition - 0.25.1
kernel - 4.14.59
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix kernel CIFS client (#2480)

Updates:


Release Date: Jul 26, 2018  amd64

docker - 18.03.1
ignition - 0.25.1
kernel - 4.14.55
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

No changes for stable promotion


Release Date: Jun 15, 2018  amd64

docker - 18.03.1
ignition - 0.24.1
kernel - 4.14.48
rkt - 1.29.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix TCP connection stalls (#2457)

Release Date: Jun 13, 2018  amd64

docker - 18.03.1
ignition - 0.24.1
kernel - 4.14.48
rkt - 1.29.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix Hyper-V network driver regression (#2454)

Updates:


Release Date: Jun 1, 2018  amd64

docker - 18.03.1
ignition - 0.24.1
kernel - 4.14.44
rkt - 1.29.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix Git arbitrary code execution when cloning untrusted repositories (CVE-2018-11235)

Bug fixes:

  • Fix failure to set network interface MTU (#2443)

Updates:


Release Date: May 27, 2018  amd64

docker - 18.03.1
ignition - 0.24.1
kernel - 4.14.42
rkt - 1.29.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix inadvertent change of network interface names (#2437)

Release Date: May 26, 2018  amd64

docker - 18.03.1
ignition - 0.24.1
kernel - 4.14.42
rkt - 1.29.0
systemd - 238

Release Date: Apr 25, 2018  amd64

docker - 17.12.1
ignition - 0.22.0
kernel - 4.14.32
rkt - 1.29.0
systemd - 237

Flatcar updates

Initial Flatcar release.

Bug fixes:

Notes:

  • Previous test images have been removed from the release servers. This is due to a new update key being generated using our updated security policy which we included in the first public image.

Upstream Container Linux updates:

Bug fixes:


Release Date: Sep 1, 2022  amd64 arm64

containerd - 1.6.6
docker - 20.10.17
ignition - 2.14.0
kernel - 5.15.63
systemd - 250

Changes since Beta 3277.1.1

Security fixes:

Bug fixes:

Changes:

  • The new image signing subkey was added to the public key embedded into flatcar-install (the old expired on 10th August 2022), only an updated flatcar-install script can verify releases signed with the new key (init#79)
  • AWS: Added AWS IMDSv2 support to coreos-cloudinit (flatcar-linux/coreos-cloudinit#13)

Updates:


Release Date: Aug 4, 2022  amd64 arm64

containerd - 1.6.6
docker - 20.10.17
ignition - 2.14.0
kernel - 5.15.58
systemd - 250

New Beta Release 3277.1.1

Changes since Beta 3277.1.0

Security fixes:

Bug fixes:

  • Added support for Openstack for cloud-init activation (flatcar-linux/init#76)
  • Excluded Wireguard interface from systemd-networkd default management (Flatcar#808)
  • Fixed /etc/resolv.conf symlink by pointing it at resolv.conf instead of stub-resolv.conf. This bug was present since the update to systemd v250 (coreos-overlay#2057)
  • Fixed excluded interface type from default systemd-networkd configuration (flatcar-linux/init#78)
  • Fixed space escaping in the networkd Ignition translation (Flatcar#812)

Changes:

Updates:


Release Date: Jul 21, 2022  amd64 arm64

containerd - 1.6.6
docker - 20.10.17
ignition - 2.14.0
kernel - 5.15.55
systemd - 250

New Beta Release 3277.1.0

Changes since Alpha 3277.0.0

Security fixes:

Bug fixes:

  • The Ignition v3 kargs directive failed before when used with the generic image where no grub.cfg exists, this was fixed by creating it first (bootengine#47)

Updates:

Changes since Beta 3227.1.1

Security fixes:

Bug fixes:

  • The Ignition v3 kargs directive failed before when used with the generic image where no grub.cfg exists, this was fixed by creating it first (bootengine#47)

Changes:

  • Added efibootmgr binary to the image (coreos-overlay#1955)
  • Added VMware networking configuration in the initramfs via guestinfo settings (bootengine#44, flatcar#717)
  • Enabled containerd.service unit, br_netfilter and overlay modules by default to follow Kubernetes requirements (coreos-overlay#1944, init#72)
  • flatcar-install: Added option to create UEFI boot entry (init#74)
  • VMWare: Added ignition-delete-config.service to remove Ignition config from VM metadata, see also here (coreos-overlay#1948)

Updates:


Release Date: Jun 23, 2022  amd64 arm64

containerd - 1.6.6
docker - 20.10.14
ignition - 2.13.0
kernel - 5.15.48
systemd - 250

New Beta Release 3227.1.1

Changes since Beta 3227.1.0

Security fixes:

Changes:

Updates:


Release Date: Jun 2, 2022  amd64 arm64

docker - 20.10.14
ignition - 2.13.0
kernel - 5.15.43
systemd - 250

New Beta Release 3227.1.0

Changes since Beta 3185.1.1

Security fixes:

Bug fixes:

  • Ensured /etc/flatcar/update.conf exists because it happens to be used as flag file for Ansible (init#71)
  • Fixed Ignition’s OEM ID to be metal to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID pxe was used (bootengine#45)
  • Added networkd translation to files section when converting from Ignition 2.x to Ignition 3.x (coreos-overlay#1910, flatcar#741)
  • GCP: Fixed shutdown script execution (coreos-overlay#1912, flatcar#743)

Changes:

  • Enabled CONFIG_INTEL_RAPL on AMD64 Kernel config to compile intel_rapl_common module in order to allow power monitoring on modern Intel processors (flatcar#coreos-overlay#1801)

Updates:

Changes since Alpha 3227.0.0

Security fixes:

Bug fixes:

  • Ensured /etc/flatcar/update.conf exists because it happens to be used as flag file for Ansible (init#71)
  • Fixed Ignition’s OEM ID to be metal to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID pxe was used (bootengine#45)
  • Added networkd translation to files section when converting from Ignition 2.x to Ignition 3.x (coreos-overlay#1910, flatcar#741)
  • GCP: Fixed shutdown script execution (coreos-overlay#1912, flatcar#743)

Updates:


Release Date: May 9, 2022  amd64 arm64

docker - 20.10.13
ignition - 2.13.0
kernel - 5.15.37
systemd - 250

New Beta Release 3185.1.1

Changes since Beta 3185.1.0

Security fixes:

Bug fixes:

  • GCE: Restored oem-gce.service functionality on GCP (coreos-overlay#1813)
  • Skipped starting ensure-sysext.service if systemd-sysext.service won’t be started, to prevent reporting a dependency failure (Flatcar#710)
  • Added a remount action as systemd-sysext.service drop-in unit to restore the OEM partition mount after the overlay mounts in /usr are done (init#69)
  • Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an ‘invalid relocation target’ error (coreos-overlay#1839)

Changes:

  • GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP (coreos-overlay#1802)
  • Azure: Set up /etc/hostname from instance metadata with Afterburn
  • AWS EC2: Removed the setup of /etc/hostname from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP (Flatcar#707)
  • SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the ghcr.io/flatcar/mantle image (coreos-overlay#1827, scripts#275)

Updates:


Release Date: Apr 7, 2022  amd64 arm64

docker - 20.10.13
ignition - 2.13.0
kernel - 5.15.32
systemd - 250

New Beta Release 3185.1.0

Changes since Beta 3139.1.1

Security fixes:

Bug fixes:

  • AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances (coreos-overlay#1628)
  • Made Ignition write the SSH keys into a file under authorized_keys.d/ignition again and added a call to update-ssh-keys after Ignition ran to create the merged authorized_keys file, which fixes the problem that keys added by Ignition get lost when update-ssh-keys runs (init#66)

Changes:

  • Added auditd.service but left it disabled by default, a custom configuration can be created by removing /etc/audit/auditd.conf and replacing it with an own file (coreos-overlay#1636)
  • The systemd-networkd ManageForeignRoutes and ManageForeignRoutingPolicyRules settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under /etc/systemd/networkd.conf.d/ because drop-in files take precedence over /etc/systemd/networkd.conf (init#61)
  • Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. (coreos-overlay#1664)
  • Merge the Flatcar Pro features into the regular Flatcar images (coreos-overlay#1679)
  • Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the docs section for details
  • Made SELinux enabled by default in default containerd configuration file. (coreos-overlay#1699)
  • Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments (coreos-overlay#1700)
  • Enabled systemd-sysext.service to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service ensure-sysext.service which reloads the systemd units to reevaluate the sockets, timers, and multi-user targets when systemd-sysext.service is (re)started, making it possible to enable units that are part of a sysext image (coreos-overlay#65)
  • For amd64 /usr/lib used to be a symlink to /usr/lib64 but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case /usr/lib64 was used to access, e.g., the modules folder or the systemd folder (coreos-overlay#1713, scripts#255)
  • Enabled FIPS mode for cryptsetup (coreos-overlay#1747)
  • Added cryptsetup to the initramfs for the Ignition luks directive (flatcar-linux/coreos-overlay#1760)
  • Enabled FIPS mode for cryptsetup (portage-stable#312)
  • Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don’t have a strong coupling, meaning the only metadata required is SYSEXT_LEVEL=1.0 and ID=flatcar (Flatcar#643)
  • Azure: Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.
  • DigitalOcean: In addition to the bz2 image, a gz compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.
  • OpenStack: In addition to the bz2 image, a gz compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.
  • SDK: The image compression format is now configurable. Supported formats are: bz2, gz, zip, none, zst. Selecting the image format can now be done by passing the --image_compression_formats option. This flag gets a comma separated list of formats.

Updates:

Changes since Alpha 3185.0.0

Security fixes:

Bug fixes:

  • Made Ignition write the SSH keys into a file under authorized_keys.d/ignition again and added a call to update-ssh-keys after Ignition ran to create the merged authorized_keys file, which fixes the problem that keys added by Ignition get lost when update-ssh-keys runs (init#66)

Changes:

Updates:

  • Linux (5.15.32) (from 5.15.30)
  • ca-certificates (3.77)

Release Date: Mar 23, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.15.30
systemd - 249

New Beta Release 3139.1.1

Changes since Beta-3139.1.0

Security fixes

Bug fixes

  • Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) (Flatcar#665, coreos-overlay#1723)
  • Re-added the brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used (bootengine#40)

Changes

  • (none)

Updates


Release Date: Mar 7, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.15.25
systemd - 249

New Beta Release 3139.1.0

Changes since Alpha 3139.0.0

Security fixes

Bug fixes

  • Disabled the systemd-networkd settings ManageForeignRoutes and ManageForeignRoutingPolicyRules by default to ensure that CNIs like Cilium don’t get their routes or routing policy rules discarded on network reconfiguration events (Flatcar#620).
  • Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory when creating a btrfs root filesystem (ignition#35)
  • Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium (Flatcar#626, coreos-overlay#1682)

Changes

  • Added support for switching back to CGroupsV1 without requiring a reboot. Create /etc/flatcar-cgroupv1 through ignition. (coreos-overlay#1666)

Updates

Changes since Beta 3066.1.2

Security fixes

Bug fixes

  • Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check (init#55)
  • Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail (bootengine#33)
  • network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting (init#51, coreos-cloudinit#12, bootengine#30)
  • flatcar-update: Stopped checking for the USER environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional sudo invocation (init#58)
  • Disabled the systemd-networkd settings ManageForeignRoutes and ManageForeignRoutingPolicyRules by default to ensure that CNIs like Cilium don’t get their routes or routing policy rules discarded on network reconfiguration events (Flatcar#620).
  • Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory when creating a btrfs root filesystem (ignition#35)
  • Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium (Flatcar#626, coreos-overlay#1682)

Changes

  • Update-engine now creates the /run/reboot-required flag file for kured (update_engine#15)
  • Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference (init#56)
  • Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config (coreos-overlay#1524)
  • Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in grub.cfg (check it taking effect with cat /proc/sys/crypto/fips_enabled) (coreos-overlay#1602)
  • Added support for switching back to CGroupsV1 without requiring a reboot. Create /etc/flatcar-cgroupv1 through ignition. (coreos-overlay#1666)
  • Removed the pre-shipped /etc/flatcar/update.conf file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the /use/share/flatcar/update.conf (flatcar-linux/scripts#212)

Updates


Release Date: Feb 9, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.10.96
systemd - 249

New Beta Release 3066.1.2

Changes since Beta 3066.1.1

Security fixes

Bug fixes

  • SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)
  • Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in policycoreutils instead of /var/lib/selinux (flatcar-linux/Flatcar#596)

Updates


Release Date: Jan 26, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.10.93
systemd - 249

New Beta release 3066.1.1

Changes since Beta 3066.1.0

Known issues:

  • The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (flatcar-linux/Flatcar#596)

Security fixes:

Bug fixes:

  • Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
  • Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check (flatcar-linux/init#55)
  • dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
  • SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)

Changes:

Updates:


Release Date: Dec 15, 2021  amd64 arm64

docker - 20.10.11
ignition - 0.36.1
kernel - 5.10.84
systemd - 249

New Beta release 3066.1.0

Changes since Alpha 3066.0.0

Security fixes

Bug Fixes

Changes

  • Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates (flatcar-linux/init#53)

Updates

Changes since Beta 3033.1.1

Security fixes

Changes:

Bug Fixes

Updates


Release Date: Nov 25, 2021  amd64 arm64

docker - 20.10.11
ignition - 0.34.0
kernel - 5.10.80
systemd - 249

New Beta Release 3033.1.1

Changes since Beta 3033.1.0

Security fixes

Updates

Changes

  • Added missing SELinux rule as initial step to resolve Torcx unpacking issue (coreos-overlay#1426)

Release Date: Nov 9, 2021  amd64 arm64

docker - 20.10.10
ignition - 0.34.0
kernel - 5.10.77
systemd - 249

New Beta release 3033.1.0

Changes since Alpha 3033.0.0

Security fixes

Changes

Updates

Changes since Beta 2983.1.2

Security fixes

Bug fixes

Changes

Updates


Release Date: Oct 25, 2021  amd64

docker - 20.10.9
ignition - 0.34.0
kernel - 5.10.75
systemd - 247

Update to CGroupsV2

As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/

New Beta release 2983.1.2

Changes since Beta 2983.1.1

Security fixes

Bux fixes

Updates


Release Date: Sep 30, 2021  amd64

docker - 20.10.8
ignition - 0.34.0
kernel - 5.10.69
systemd - 247

New Beta release 2983.1.1

Changes since Beta 2983.1.0

Security fixes

Updates


Release Date: Sep 16, 2021  amd64

docker - 20.10.8
ignition - 0.34.0
kernel - 5.10.63
systemd - 247

New Beta release 2983.1.0

Changes since Beta 2942.1.2

Update to CGroupsV2

As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/

Security fixes

Bug Fixes

Changes

  • Added Azure Generation 2 VM support (coreos-overlay#1198)
  • cgroups v2 by default for new nodes (coreos-overlay#931).
  • Upgrade Docker to 20.10 (coreos-overlay#931)
  • Switched Docker ecosystem packages to go1.16 (coreos-overlay#1217)
  • Added lbzip2 binary to the image (coreos-overlay#1221)
  • flatcar-install uses lbzip2 if present, falls back on bzip2 if not (init#46)
  • Added Intel E800 series network adapter driver (coreos-overlay#1237)
  • Enabled ‘audit’ use flag for sys-libs/pam (coreos-overlay#1233)
  • Bumped etcd and flannel to respectively 3.5.0, 0.14.0 to get multiarch images for arm64 support. Note for users of the old etcd v2 support: ETCDCTL_API=2 must be set to use v2 store as well as ETCD_ENABLE_V2=true in the etcd-member.service - this support will be removed in 3.6.0 (coreos-overlay#1179)
  • Switched to zstd compression for the initramfs (coreos-overlay#1136)
  • Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. (coreos-overlay#1106)
  • Switched the arm64 kernel to use a 4k page size instead of 64k
  • Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data
  • Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. (coreos-overlay#1106)
  • Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition
  • Deleted the unused kernel+initramfs vmlinuz file from the /usr partition
  • devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID
  • Enabled ARM64 SDK bootstrap (scripts#134)
  • SDK: enabled experimental ARM64 SDK usage (flatcar-scripts#134) (flatcar-scripts#141)
  • AWS: Added amazon-ssm-agent (coreos-overlay#1162)
  • Azure: Compile OEM contents for all architectures (coreos-overlay#1196)
  • update_engine: add postinstall hook to stay on cgroupv1 (update_engine#13)

Updates

Changes since Alpha 2983.0.0

Security fixes

Updates


Release Date: Sep 1, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.61
systemd - 247

New Beta release 2942.1.2

Changes since Beta 2942.1.1

Security fixes

Bug Fixes

Updates


Release Date: Aug 19, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.59
systemd - 247

Changes since Beta 2942.1.0

Security fixes

Bug Fixes

Changes

Updates


Release Date: Aug 4, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.55
systemd - 247

Changes since Beta 2920.1.0

Security Fixes

Bug Fixes

  • Added the systemd tag in udev for Azure storage devices, to fix /boot automount (init#41)
  • Disabled SELinux by default on dockerd wrapper script (coreos-overlay#1149)
  • Set the cilium_vxlan interface to be not managed by networkd’s default setup with DHCP as it’s managed by Cilium. (init#43)
  • update_engine_client: Improve feedback when an update is not needed(update_engine#10)
  • GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service (coreos-overlay#1146)

Changes

Updates

Changes since Alpha 2942.0.0

Security fixes

Bug fixes

  • Set the cilium_vxlan interface to be not managed by networkd’s default setup with DHCP as it’s managed by Cilium. (init#43)
  • Disabled SELinux by default on dockerd wrapper script (coreos-overlay#1149)
  • GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service (coreos-overlay#1146)

Updates


Release Date: Jul 28, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.52
systemd - 247

Changes since Alpha 2920.0.0

Security Fixes

Updates

Changes since Beta 2905.1.0

Updates


Release Date: Jul 2, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.46
systemd - 247

Changes since Alpha 2905.0.0: Security fixes

Changes

Updates

Changes since Beta 2823.1.3: Security fixes

Bug Fixes

Updates

Deprecation

  • rkt and kubelet-wrapper are deprecated and removed from Beta, also from subsequent channels in the future. Please read the removal announcement to know more.

Release Date: Jun 17, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.43
systemd - 247

Security fixes

Bug fixes

  • Update-engine sent empty requests when restarted before a pending reboot (Flatcar#388)

Changes

Updates


Release Date: May 21, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.38
systemd - 247

Bug fixes

  • The Linux kernel IOMMU-related crash introduced in the 5.10.37 update got fixed through the 5.10.38 update (Flatcar#400)

Updates


Release Date: May 19, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.37
systemd - 247

Security fixes

Updates


Release Date: Apr 28, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.32
systemd - 247

Changes since Alpha 2823.0.0:

Security fixes

Bug fixes

Updates

Changes since Beta 2801.1.0:

Security fixes

Bug Fixes

Changes

  • The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. (baselayout#17)
  • The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. (coreos-overlay#857)

Updates


Release Date: Mar 25, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.25
systemd - 247

Security fixes

Bug Fixes

  • GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. (init#38)

Changes

  • The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. (init#38)

Updates

Deprecation

  • dhcpcd and containerd-stress are deprecated and removed from Beta, also from subsequent channels in the future. Users that relied on dhcpd should either migrate to systemd-networkd as a DHCP server or run dhcpd from a container.
  • Docker 1.12 is deprecated and removed from Beta, also from subsequent channels in the future.

Release Date: Feb 18, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.16
systemd - 247

Security fixes

Bug Fixes

Updates


Release Date: Jan 28, 2021  amd64

docker - 19.03.14
ignition - 0.34.0
kernel - 5.9.16
systemd - 246

Security fixes

Bug fixes

  • /etc/iscsi/initiatorname.iscsi is generated by the iscsi-init service (#321)
  • Prevent iscsiadm buffer overflow (#318)

Changes

  • Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam (Issue #315 PR #774)
  • The containerd socket is now available in the default location (/run/containerd/containerd.sock) and also as a symlink in the previous location (/run/docker/libcontainerd/docker-containerd.sock) (#771)
  • With the iscsi update, the service unit has changed from iscsid to iscsi (#791)
  • AWS Pro: include scripts to facilitate setup of EKS workers (#794).
  • Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi (#682)

Updates


Release Date: Jan 12, 2021  amd64

docker - 19.03.14
ignition - 0.34.0
kernel - 5.9.16
systemd - 246

Security fixes

Bug fixes

  • The sysctl net.ipv4.conf.*.rp_filter is set to 0 for the Cilium CNI plugin to work (kinvolk/Flatcar#181)
  • Package downloads in the developer container now use the correct URL again (kinvolk/Flatcar#298)
  • networkd: avoid managing MAC addresses for veth devices (kinvolk/init#33)

Changes

  • The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 (kinvolk/baselayout#13)
  • Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker (kinvolk/Flatcar#283)
  • For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances (kinvolk/update-engine#8)

Updates


Release Date: Dec 1, 2020  amd64

docker - 19.03.13
ignition - 0.34.0
kernel - 5.9.11
systemd - 246

Security fixes:

  • No changes since Alpha 2705.0.0

Bug fixes:

  • No changes since Alpha 2705.0.0

Changes:

  • No changes since Alpha 2705.0.0

Updates:

  • No changes since Alpha 2705.0.0

Release Date: Nov 19, 2020  amd64

docker - 19.03.13
ignition - 0.34.0
kernel - 5.8.18
systemd - 245

Security fixes:

Bug fixes:

Updates:


Release Date: Oct 16, 2020  amd64

docker - 19.03.13
ignition - 0.34.0
kernel - 5.8.14
systemd - 245

Security fixes:

Bug fixes:

  • Ensured that the /etc/coreos to /etc/flatcar symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for update: or locksmith: while also reformatting the rootfs (baselayout PR#7)

Updates:


Release Date: Sep 30, 2020  amd64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.8.11
rkt - 1.30.0
systemd - 245

Security fixes:

Bug fixes:

  • Enabled missing systemd services (#191, PR #612)
  • Fixed Docker torcx image unpacking error on machines with less than ~600 MB total RAM (#32)
  • Solved adcli Kerberos Active Directory incompatibility (#194)
  • Fixed the makefile path when building kernel modules with the developer container (#195)
  • Removed the /etc/portage/savedconfig/ folder that contained a dump of the firmware config flatcar-linux/coreos-overlay#613

Changes:

  • GCE: Improved oslogin support and added shell aliases to run a Python Docker image (PR #592)

Updates:


Release Date: Sep 16, 2020  amd64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.4.65
rkt - 1.30.0
systemd - 245

Bug fixes:

  • Fix resetting of DNS nameservers in systemd-networkd units (PR#12)

Changes:

  • Disable TX checksum offloading for the IP-in-IP tunl0 interface used by Calico (PR#26). This is a workaround for a Mellanox driver issue, currently tracked in Flatcar#183
  • Set sysctl net.ipv4.conf.(all|*).rp_filter to 0 (instead of the systemd upstream value 2) to be less restrictive which some network solutions rely on (PR#11)
  • flatcar-install allows installation to a multipath drive (PR#24)

Updates:


Release Date: Sep 7, 2020  amd64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.4.62
rkt - 1.30.0
systemd - 245

Security fixes:

Updates:


Release Date: Sep 3, 2020  amd64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.4.61
rkt - 1.30.0
systemd - 245

Changes from Alpha release 2605.1.0

Changes:


Release Date: Aug 20, 2020  amd64

docker - 19.03.11
ignition - 0.34.0
kernel - 5.4.59
rkt - 1.30.0
systemd - 243

Security fixes:

Bug fixes:

Updates:


Release Date: Jul 23, 2020  amd64

docker - 19.03.11
ignition - 0.34.0
kernel - 5.4.52
rkt - 1.30.0
systemd - 243

Changes since the Alpha release 2513.1.0

Bug Fixes:

Updates:


Release Date: Jun 17, 2020  amd64

docker - 18.06.3
ignition - 0.34.0
kernel - 4.19.128
rkt - 1.30.0
systemd - 241

Flatcar updates

Security fixes:

Changes:

  • A source code and licensing overview is available under /usr/share/licenses/INFO

Updates:


Release Date: May 26, 2020  amd64

docker - 18.06.3
ignition - 0.34.0
kernel - 4.19.124
rkt - 1.30.0
systemd - 241

Flatcar updates

Security fixes:

Bug fixes:

  • When writing the update kernel, prefer /boot/coreos only if /boot/coreos/vmlinux-* exists (https://github.com/flatcar/update_engine/pull/5)
  • Fixed sysroot-boot initramfs service race which resulted in a warning that this service failed
  • Use the correct BINHOST URLs in the development container to download binary packages

Changes:

  • Support the CoreOS GRUB /boot/coreos/first_boot flag file (https://github.com/flatcar/bootengine/pull/13)
  • Fetch container images in docker format rather than ACI by default in etcd-member.service, flanneld.service, and kubelet-wrapper
  • Use flatcar.autologin kernel command line parameter on Azure and VMware for auto login on the serial console
  • Include conntrack (conntrack-tools)
  • Include journalctl output, pstore kernel crash logs, and coredumpctl list output in the mayday report
  • Update wa-linux-agent to 2.2.46 on Azure
  • Support both coreos.config.* and flatcar.config.* guestinfo variables on VMware OEM

Updates:


Release Date: Mar 31, 2020  amd64

docker - 18.06.3
ignition - 0.34.0
kernel - 4.19.112
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Changes:

Updates:


Release Date: Mar 2, 2020  amd64

docker - 18.06.3
ignition - 0.34.0
kernel - 4.19.106
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Upstream Container Linux updates

Updates:


Release Date: Feb 10, 2020  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.102
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Upstream Container Linux updates:

Security fixes:

  • Fix systemd use-after-free upon receiving crafted D-Bus message from local unprivileged attacker (CVE-2020-1712)

Changes:

  • Enable qede kernel module

Updates:


Release Date: Jan 17, 2020  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.95
rkt - 1.30.0
systemd - 241

Release Date: Dec 18, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.87
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Updates:


Release Date: Dec 5, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.87
rkt - 1.30.0
systemd - 241

Release Date: Nov 21, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.84
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix CFS scheduler throttling highly-threaded I/O-bound applications (#2623)

Updates:


Release Date: Nov 11, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.81
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix time zone for Brazil (#2627)

Updates:


Release Date: Oct 17, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.79
rkt - 1.30.0
systemd - 241

Release Date: Oct 16, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.78
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix kernel crash with CephFS mounts, introduced in 2247.3.0 (#2616)

Updates:


Release Date: Sep 25, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.75
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Sep 13, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.71
rkt - 1.30.0
systemd - 241

Release Date: Sep 5, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.69
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix pam_systemd bug allowing authenticated remote users to perform polkit actions as if locally logged in (CVE-2019-3842)
  • Fix systemd-resolved bug allowing unprivileged users to change DNS settings (CVE-2019-15718)

Bug fixes:

  • Fix GCE agent crash loop in new installs (#2608)

Updates:


Release Date: Aug 30, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.68
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix wget buffer overflow allowing arbitrary code execution (CVE-2019-5953)

Updates:


Release Date: Aug 16, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.65
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:

Flatcar updates

Bug fixes:


Release Date: Aug 8, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.65
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix Linux information leak attack vector via speculative side channel (CVE-2019-1125)

Updates:

Flatcar updates

Changes:


Release Date: Aug 1, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.62
rkt - 1.30.0
systemd - 241

Release Date: Jul 17, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.56
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

No changes for beta promotion


Release Date: Jul 3, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.55
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix Ignition panic when no guestinfo.(coreos|ignition).config parameters are specified on VMware (coreos/ignition#821)

Updates:


Release Date: Jul 1, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.55
rkt - 1.30.0
systemd - 241

Release Date: Jun 19, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.50
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix invalid bzip2 compression of Container Linux release images (#2589)

Updates:


Release Date: May 21, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.44
rkt - 1.30.0
systemd - 241

Release Date: May 16, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.43
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: May 8, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.36
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix systemd MountFlags=shared option (#2579)

Changes:

  • Pin network interface naming to systemd v238 scheme (#2578)

Release Date: Apr 24, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.36
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Disable new sticky directory protections for backward compatibility (#2577)

Changes:

  • Enable atlantic kernel module (#2576)

Updates:


Release Date: Apr 17, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.34
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Disable new sticky directory protections for backwards compatibility (#2577)

Changes:

  • Enable atlantic kernel module (#2576)

Updates:


Release Date: Mar 26, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.31
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix systemd presets incorrectly handling escaped unit names (#2569)

Updates:


Release Date: Mar 12, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.28
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix systemd-journald memory leak (#2564)

Updates:


Release Date: Feb 27, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.25
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix Linux use-after-free in sockfs_setattr (CVE-2019-8912)
  • Fix systemd crash from a specially-crafted D-Bus message (CVE-2019-6454)

Updates:


Release Date: Feb 21, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.23
rkt - 1.30.0
systemd - 238

Release Date: Feb 14, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.20
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Changes:

  • Revert /sys/bus/rbd/add to Linux 4.14 behavior (#2544)

Updates:


Release Date: Jan 30, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.18
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Jan 18, 2019  amd64

docker - 18.06.1
ignition - 0.29.1
kernel - 4.19.13
rkt - 1.30.0
systemd - 238

Release Date: Dec 21, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.88
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix Go CPU denial of service in X.509 verification (CVE-2018-16875)
  • Fix PolicyKit always authorizing UIDs greater than INT_MAX (CVE-2018-19788)

Updates:


Release Date: Dec 6, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.84
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Changes:

  • Switch to the LTS Linux version 4.14.84 for the beta channel

Release Date: Nov 21, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.81
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Disable containerd CRI plugin to stop it from listening on a TCP port (#2524)

Updates:


Release Date: Nov 8, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.79
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix systemd re-executing with arbitrary supplied state (CVE-2018-15686)
  • Fix systemd race allowing changing file permissions (CVE-2018-15687)
  • Fix systemd-networkd buffer overflow in the dhcp6 client (CVE-2018-15688)

Changes:

  • Switch to the LTS Linux version 4.14.79 for the beta channel

Release Date: Oct 26, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.78
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix Git remote code execution during recursive clone (CVE-2018-17456)

Bug fixes:

  • Fix missing kernel headers (#2505)

Updates:


Release Date: Oct 11, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.74
rkt - 1.30.0
systemd - 238

Flatcar updates

Changes:

Bug fixes:

Upstream Container Linux updates:

Changes:

  • Switch to the LTS Linux version 4.14.74 for the beta channel

Release Date: Sep 14, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.14.69
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix Docker mounting named volumes (#2497)

Changes:

  • Switch to the LTS Linux version 4.14.69 for the beta channel

Updates:


Release Date: Sep 5, 2018  amd64

docker - 18.06.1
ignition - 0.26.0
kernel - 4.14.67
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Changes:

  • Drop AWS PV images from regions which do not support PV

Updates:


Release Date: Aug 17, 2018  amd64

docker - 18.06.0
ignition - 0.26.0
kernel - 4.14.63
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix PXE systems attempting to mount an ESP (#2491)

Changes:

  • Switch to the LTS Linux version 4.14.63 for the beta channel

Release Date: Aug 8, 2018  amd64

docker - 18.03.1
ignition - 0.26.0
kernel - 4.14.60
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix failure to mount large ext4 filesystems (#2485)

Updates:


Release Date: Jul 31, 2018  amd64

docker - 18.03.1
ignition - 0.26.0
kernel - 4.14.59
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix kernel CIFS client (#2480)

Updates:


Release Date: Jul 26, 2018  amd64

docker - 18.03.1
ignition - 0.26.0
kernel - 4.14.57
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Changes:

  • Switch to the LTS Docker version 18.03.1-ce for the beta channel
  • Switch to the LTS Linux version 4.14.57 for the beta channel

Release Date: Jul 13, 2018  amd64

docker - 18.03.1
ignition - 0.25.1
kernel - 4.14.55
rkt - 1.30.0
systemd - 238

Release Date: Jun 22, 2018  amd64

docker - 18.03.1
ignition - 0.25.1
kernel - 4.14.50
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Changes:

  • Switch to the LTS Docker version 18.03.1-ce for the beta channel
  • Switch to the LTS Linux version 4.14.50 for the beta channel

Release Date: Jun 15, 2018  amd64

docker - 18.03.1
ignition - 0.24.1
kernel - 4.14.49
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix TCP connection stalls (#2457)

Updates:


Release Date: Jun 13, 2018  amd64

docker - 18.03.1
ignition - 0.24.1
kernel - 4.14.48
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix Hyper-V network driver regression (#2454)

Updates:


Release Date: Jun 1, 2018  amd64

docker - 18.03.1
ignition - 0.24.1
kernel - 4.14.47
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix Git arbitrary code execution when cloning untrusted repositories (CVE-2018-11235)

Bug fixes:

  • Fix inadvertent change of network interface names (#2437)
  • Fix failure to set network interface MTU (#2443)

Updates:


Release Date: May 26, 2018  amd64

docker - 18.03.1
ignition - 0.24.1
kernel - 4.14.42
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Changes:

  • Switch to the LTS Docker version 18.03.1-ce for the beta channel
  • Switch to the LTS Linux version 4.14.42 for the beta channel

Updates:


Release Date: May 11, 2018  amd64

docker - 18.03.1
ignition - 0.24.0
kernel - 4.14.39
rkt - 1.29.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Apr 26, 2018  amd64

docker - 18.03.0
ignition - 0.24.0
kernel - 4.14.35
rkt - 1.29.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix docker2aci tar conversion (#2402)

Changes:

  • Switch to the LTS Linux version 4.14.35 for the beta channel

Release Date: Apr 25, 2018  amd64

docker - 17.12.1
ignition - 0.23.0
kernel - 4.14.30
rkt - 1.29.0
systemd - 237

Flatcar updates

Initial Flatcar release.

Bug fixes:

Notes:

  • Previous test images have been removed from the release servers. This is due to a new update key being generated using our updated security policy which we included in the first public image.

Upstream Container Linux updates:

Bug fixes:

  • Fix kernel panic with vxlan (#2382)

Release Date: Sep 1, 2022  amd64 arm64

containerd - 1.6.8
docker - 20.10.17
ignition - 2.14.0
kernel - 5.15.63
systemd - 250

Changes since Alpha 3305.0.1

Security fixes:

Bug fixes:

Changes:

  • Added symlink from nc to ncat. -q option is not yet supported (flatcar#545)
  • The new image signing subkey was added to the public key embedded into flatcar-install (the old expired on 10th August 2022), only an updated flatcar-install script can verify releases signed with the new key (init#79)
  • AWS: Added AWS IMDSv2 support to coreos-cloudinit (flatcar-linux/coreos-cloudinit#13)

Updates:


Release Date: Aug 4, 2022  amd64 arm64

containerd - 1.6.6
docker - 20.10.17
ignition - 2.14.0
kernel - 5.15.58
systemd - 250

New Alpha Release 3305.0.1

Changes since Alpha 3305.0.0

Security fixes:

Bug fixes:

  • Added support for Openstack for cloud-init activation (flatcar-linux/init#76)
  • Excluded Wireguard interface from systemd-networkd default management (Flatcar#808)
  • Fixed /etc/resolv.conf symlink by pointing it at resolv.conf instead of stub-resolv.conf. This bug was present since the update to systemd v250 (coreos-overlay#2057)
  • Fixed excluded interface type from default systemd-networkd configuration (flatcar-linux/init#78)
  • Fixed space escaping in the networkd Ignition translation (Flatcar#812)

Changes:

Updates:


Release Date: Jul 21, 2022  amd64 arm64

containerd - 1.6.6
docker - 20.10.17
ignition - 2.14.0
kernel - 5.15.54
systemd - 250

New Alpha Release 3305.0.0

Changes since Alpha 3277.0.0

Security fixes:

Bug fixes:

  • Removed outdated LTS channel information printed on login (init#75)
  • The Ignition v3 kargs directive failed before when used with the generic image where no grub.cfg exists, this was fixed by creating it first (bootengine#47)

Updates:


Release Date: Jun 23, 2022  amd64 arm64

containerd - 1.6.6
docker - 20.10.17
ignition - 2.14.0
kernel - 5.15.48
systemd - 250

New Alpha Release 3277.0.0

Changes since Alpha 3255.0.0

Security fixes:

Changes:

  • Added efibootmgr binary to the image (coreos-overlay#1955)
  • Enabled containerd.service unit, br_netfilter and overlay modules by default to follow Kubernetes requirements (coreos-overlay#1944, init#72)
  • flatcar-install: Added option to create UEFI boot entry (init#74)
  • ARM64: Added cifs-utils for ARM64
  • ARM64: Added sssd, adcli and realmd for ARM64
  • SDK / ARM64: Added go-tspi bindings for ARM64
  • VMWare: Added ignition-delete-config.service to remove Ignition config from VM metadata, see also here (coreos-overlay#1948)

Updates:


Release Date: Jun 2, 2022  amd64 arm64

docker - 20.10.16
ignition - 2.13.0
kernel - 5.15.43
systemd - 250

New Alpha Release 3255.0.0

Changes since Alpha 3227.0.0

Security fixes:

Bug fixes:

  • Ensured /etc/flatcar/update.conf exists because it happens to be used as flag file for Ansible (init#71)
  • Fixed Ignition’s OEM ID to be metal to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID pxe was used (bootengine#45)
  • Added networkd translation to files section when converting from Ignition 2.x to Ignition 3.x (coreos-overlay#1910, flatcar#741)
  • GCP: Fixed shutdown script execution (coreos-overlay#1912, flatcar#743)

Changes:

Updates:


Release Date: May 9, 2022  amd64 arm64

docker - 20.10.14
ignition - 2.13.0
kernel - 5.15.37
systemd - 250

New Alpha Release 3227.0.0

Changes since Alpha 3200.0.0

Security fixes:

Bug fixes:

  • GCE: Restored oem-gce.service functionality on GCP (coreos-overlay#1813)
  • Skipped starting ensure-sysext.service if systemd-sysext.service won’t be started, to prevent reporting a dependency failure (Flatcar#710)
  • Added a remount action as systemd-sysext.service drop-in unit to restore the OEM partition mount after the overlay mounts in /usr are done (init#69)
  • Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an ‘invalid relocation target’ error (coreos-overlay#1839)

Changes:

  • GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP (coreos-overlay#1802)
  • Enabled CONFIG_INTEL_RAPL on AMD64 Kernel config to compile intel_rapl_common module in order to allow power monitoring on modern Intel processors (coreos-overlay#1801)
  • Azure: Set up /etc/hostname from instance metadata with Afterburn
  • AWS EC2: Removed the setup of /etc/hostname from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP (Flatcar#707)
  • SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the ghcr.io/flatcar/mantle image (coreos-overlay#1827, scripts#275)

Updates:


Release Date: Apr 7, 2022  amd64 arm64

docker - 20.10.14
ignition - 2.13.0
kernel - 5.15.32
systemd - 250

New Alpha Release 3200.0.0

Changes since Alpha 3185.0.0

Security fixes:

Bug fixes:

  • Made Ignition write the SSH keys into a file under authorized_keys.d/ignition again and added a call to update-ssh-keys after Ignition ran to create the merged authorized_keys file, which fixes the problem that keys added by Ignition get lost when update-ssh-keys runs (init#66)

Changes:

Updates:


Release Date: Mar 23, 2022  amd64 arm64

docker - 20.10.13
ignition - 2.13.0
kernel - 5.15.30
systemd - 250

New Alpha Release 3185.0.0

Changes since Alpha-3165.0.0

Security fixes

Bug fixes

  • Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) (Flatcar#665, coreos-overlay#1723)
  • Re-added the brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used (bootengine#40)

Changes

  • Merge the Flatcar Pro features into the regular Flatcar images (coreos-overlay#1679)
  • Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the docs section for details
  • Made SELinux enabled by default in default containerd configuration file. (coreos-overlay#1699)
  • Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments (coreos-overlay#1700)
  • Enabled systemd-sysext.service to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service ensure-sysext.service which reloads the systemd units to reevaluate the sockets, timers, and multi-user targets when systemd-sysext.service is (re)started, making it possible to enable units that are part of a sysext image (init#65)
  • For amd64 /usr/lib used to be a symlink to /usr/lib64 but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case /usr/lib64 was used to access, e.g., the modules folder or the systemd folder (coreos-overlay#1713, flatcar-scripts#255)
  • Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don’t have a strong coupling, meaning the only metadata required is SYSEXT_LEVEL=1.0 and ID=flatcar (#643)
  • OpenStack: In addition to the bz2 image, a gz compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.
  • DigitalOcean: In addition to the bz2 image, a gz compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.
  • SDK: The image compression format is now configurable. Supported formats are: bz2, gz, zip, none, zst. Selecting the image format can now be done by passing the --image_compression_formats option. This flag gets a comma separated list of formats.

Updates


Release Date: Mar 7, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.15.25
systemd - 250

New Alpha Release 3165.0.0

Changes since Alpha 3139.0.0

Security fixes

Bug fixes

  • Disabled the systemd-networkd settings ManageForeignRoutes and ManageForeignRoutingPolicyRules by default to ensure that CNIs like Cilium don’t get their routes or routing policy rules discarded on network reconfiguration events (Flatcar#620).
  • AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances (coreos-overlay#1628)
  • Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory when creating a btrfs root filesystem (ignition#35)
  • Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium (Flatcar#626, coreos-overlay#1682)
  • Added auditd.service but left it disabled by default, a custom configuration can be created by removing /etc/audit/auditd.conf and replacing it with an own file (coreos-overlay#1636)

Changes

  • The systemd-networkd ManageForeignRoutes and ManageForeignRoutingPolicyRules settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under /etc/systemd/networkd.conf.d/ because drop-in files take precedence over /etc/systemd/networkd.conf (init#61)
  • Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. (coreos-overlay#1664)
  • Added support for switching back to CGroupsV1 without requiring a reboot. Create /etc/flatcar-cgroupv1 through ignition. (coreos-overlay#1666)
  • Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.

Updates


Release Date: Feb 9, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.15.19
systemd - 249

New Alpha Release 3139.0.0

Changes since Alpha 3127.0.0

Security fixes

Bug fixes

Changes

  • Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in grub.cfg (check it taking effect with cat /proc/sys/crypto/fips_enabled) (flatcar-linux/coreos-overlay#1602)

Updates


Release Date: Jan 26, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.15.16
systemd - 249

New Alpha release 3127.0.0

Changes since Alpha 3115.0.0

Security fixes:

Bug fixes:

  • Fixed the dracut emergency Ignition log printing that had a scripting error causing the print command to fail (flatcar-linux/bootengine#33)
  • Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in policycoreutils instead of /var/lib/selinux (flatcar-linux/Flatcar#596)

Changes:

  • Removed the pre-shipped /etc/flatcar/update.conf file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the /use/share/flatcar/update.conf (flatcar-linux/scripts#212)
  • Moved tracepath and traceroute6 from /usr/sbin to /usr/bin

Updates:


Release Date: Jan 13, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.15.13
systemd - 249

New Alpha release 3115.0.0

Changes since Alpha 3066.0.0

Known issues

  • With Kubernetes 1.23 and Linux 5.15 outgoing connects from calico pods fail - it’s recommended to switch over iptables instead of ipvs for kube-proxy mode. (projectcalico/calico#5011)
  • The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (Flatcar#596)

Security fixes

Bug fixes

  • Added configuration files for logrotate (flatcar-linux/coreos-overlay#1442)
  • Fixed ETCD_NAME conflicting with --name for etcd-member to start (flatcar-linux/coreos-overlay#1444)
  • The Torcx profile docker-1.12-no got fixed to reference the current Docker version instead of 19.03 which wasn’t found on the image, causing Torcx to fail to provide Docker (flatcar-linux/coreos-overlay#1456)
  • Fix vim warnings on missing file, when built with USE=”minimal” (portage-stable#260)
  • Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check (flatcar-linux/init#55)
  • Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
  • AWS: Published missing arm64 AMIs for stable & beta (flatcar-linux/scripts#188, flatcar-linux/scripts#189)
  • dev container: Fixed github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
  • SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)

Changes

  • Flatcar is in the NIST CPE dictionary. Programmatically build the CPE_NAME in the build process in order to be scanned (flatcar-linux/Flatcar#536)
  • Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates (flatcar-linux/init#53)
  • Update-engine now creates the /run/reboot-required flag file for kured (flatcar-linux/update_engine#15)
  • Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference (flatcar-linux/init#56)
  • Backported elf support for iproute2 (flatcar-linux/coreos-overlay#1256)
  • Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config (flatcar-linux/coreos-overlay#1524)

Updates


Release Date: Nov 25, 2021  amd64 arm64

docker - 20.10.11
ignition - 0.36.1
kernel - 5.10.80
systemd - 249

New Alpha Release 3066.0.0

Changes since Alpha 3033.0.0

Security fixes

Bug fixes

Changes

Updates

Known Issues

  • The logrotate.service is failing, a fix (coreos-overlay#1442) is merged and will be included in a follow-up release

Release Date: Nov 9, 2021  amd64 arm64

docker - 20.10.10
ignition - 0.34.0
kernel - 5.10.77
systemd - 249

New Alpha release 3046.0.0

Changes since Alpha 3033.0.0

Security fixes

Bug fixes

Changes

Updates


Release Date: Oct 25, 2021  amd64 arm64

docker - 20.10.9
ignition - 0.34.0
kernel - 5.10.75
systemd - 249

Update to CGroupsV2

As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/

New Alpha release 3033.0.0

Changes since Alpha 3005.0.0

Security fixes

Bux fixes

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Sep 30, 2021  amd64 arm64

docker - 20.10.8
ignition - 0.34.0
kernel - 5.10.69
systemd - 247

Update to CGroupsV2

As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/

New Alpha release 3005.0.1

Changes since Alpha 3005.0.0

Security fixes

Bug fixes

  • The Mellanox NIC Linux driver issue introduced in the previous release was fixed (Flatcar#520)

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Sep 27, 2021  amd64 arm64

docker - 20.10.8
ignition - 0.34.0
kernel - 5.10.67
systemd - 247

Update to CGroupsV2

As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/

New Alpha release 3005.0.0

Changes since Alpha 2983.0.0

Security fixes

Bug Fixes

  • Randomize OEM filesystem UUID if mounting fails (init#47)
  • Run emergency.target on ignition/torcx service unit failure in dracut (bootengine#28)

Changes

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Sep 1, 2021  amd64 arm64

docker - 20.10.8
ignition - 0.34.0
kernel - 5.10.61
systemd - 247

New Alpha release 2983.0.0

Update to CGroupsV2

As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/

Changes since Alpha 2969.0.0

Security fixes

Bug Fixes

Changes

  • Added Azure Generation 2 VM support (coreos-overlay#1198)
  • Switched Docker ecosystem packages to go1.16 (coreos-overlay#1217)
  • Added lbzip2 binary to the image (coreos-overlay#1221)
  • flatcar-install uses lbzip2 if present, falls back on bzip2 if not (init#46)
  • Added Intel E800 series network adapter driver (coreos-overlay#1237)
  • Enabled ‘audit’ use flag for sys-libs/pam (coreos-overlay#1233)
  • Bumped etcd and flannel to respectively 3.5.0, 0.14.0 to get multiarch images for arm64 support. Note for users of the old etcd v2 support: ETCDCTL_API=2 must be set to use v2 store as well as ETCD_ENABLE_V2=true in the etcd-member.service - this support will be removed in 3.6.0 (coreos-overlay#1179)

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Aug 19, 2021  amd64 arm64

docker - 20.10.7
ignition - 0.34.0
kernel - 5.10.59
systemd - 247

Update to CGroupsV2

Flatcar Container Linux migrates to the unified cgroup hierarchy (aka cgroups v2)! New nodes will utilize cgroups v2 by default. Existing nodes remain on cgroups v1 and need to be manually migrated to cgroups v2. To learn more about the cgroups v2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/

Security fixes

Bug fixes

Changes

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Aug 4, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.55
systemd - 247

Security fixes

Bug fixes

  • Set the cilium_vxlan interface to be not managed by networkd’s default setup with DHCP as it’s managed by Cilium. (init#43)
  • Disabled SELinux by default on dockerd wrapper script (coreos-overlay#1149)
  • Fixed the network-cleanup service race in the initramfs which resulted in a failure being reported
  • GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service (coreos-overlay#1146)

Changes

  • Switched the arm64 kernel to use a 4k page size instead of 64k
  • Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data
  • Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. (coreos-overlay#1106)
  • Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition
  • Deleted the unused kernel+initramfs vmlinuz file from the /usr partition
  • devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID
  • Enabled ARM64 SDK bootstrap (scripts#134)

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Jul 28, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.52
systemd - 247

Security Fixes

Bug Fixes

  • Add the systemd tag in udev for Azure storage devices, to fix /boot automount (init#41)

Changes

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Jul 2, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.46
systemd - 247

Security fixes

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Jun 17, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.43
systemd - 247

Security fixes

Bug fixes

  • Update-engine sent empty requests when restarted before a pending reboot (Flatcar#388)

Changes

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: May 21, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.38
systemd - 247

Bug fixes

  • The Linux kernel IOMMU-related crash introduced in the 5.10.37 update got fixed through the 5.10.38 update (Flatcar#400)

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: May 19, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.37
systemd - 247

Security fixes

Bug fixes

  • systemd-networkd: Do not manage loopback network interface (bootengine#24 init#40)
  • flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag (Flatcar#332)

Changes

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Apr 28, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.32
systemd - 247

Security fixes

Bug fixes

Changes

  • Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn’t start, disrupting the whole boot. (bootengine#23)
  • Enable using iSCSI netroot devices on Flatcar (bootengine#22)

Updates

Deprecation

  • rkt and kubelet-wrapper are deprecated and removed from Alpha, also from subsequent channels in the future. Please read the removal announcement to know more.

[Alpha only] Note: Please note that ARM images remain experimental for now.


Release Date: Mar 25, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.25
systemd - 247

Security fixes

Bug Fixes

  • GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. (init#38)

Changes

  • The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. (init#38)
  • The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. (baselayout#17)
  • The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. (coreos-overlay#857)

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Mar 11, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.21
systemd - 247

Security fixes

Bug fixes

  • Include firmware files for all modules shipped in our image (Issue #359, PR #887)
  • Add explicit path to the binary call in the coreos-metadata unit file (Issue #360)

Updates


Release Date: Mar 3, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.19
systemd - 247

Security fixes

Changes

Updates

Deprecation

Note: Please note that ARM images remain experimental for now.


Release Date: Feb 18, 2021  amd64 arm64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.10.16
systemd - 247

Security fixes

Bug fixes

Changes

Updates

Deprecation

  • Docker 1.12 will be deprecated from Alpha, also from other channels in the future.

Note: Please note that ARM images remain experimental for now.


Release Date: Jan 28, 2021  amd64

docker - 19.03.14
ignition - 0.34.0
kernel - 5.10.10
systemd - 247

Security fixes

Bug fixes

  • /etc/iscsi/initiatorname.iscsi is generated by the iscsi-init service (#321)
  • Prevent iscsiadm buffer overflow (#318)

Changes

  • Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam (Issue #315 PR #774)
  • The containerd socket is now available in the default location (/run/containerd/containerd.sock) and also as a symlink in the previous location (/run/docker/libcontainerd/docker-containerd.sock) (#771)
  • AWS Pro: include scripts to facilitate setup of EKS workers (#794).
  • Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi (#682)

Updates

Note: This alpha release includes only AMD64 images.


Release Date: Jan 12, 2021  amd64 arm64

docker - 19.03.14
ignition - 0.34.0
kernel - 5.10.4
systemd - 246

Security fixes

Bug fixes

Changes

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Dec 18, 2020  amd64 arm64

docker - 19.03.14
ignition - 0.34.0
kernel - 5.9.14
systemd - 246

Security fixes

Bug fixes

  • The sysctl net.ipv4.conf.*.rp_filter is set to 0 for the Cilium CNI plugin to work (Flatcar#181)
  • Package downloads in the developer container now use the correct URL again (Flatcar#298)

Changes

  • A symlink vimdiff should not be created, if the USE flag minimal is enabled. (Flatcar/#221)
  • The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 (baselayout#13)
  • Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker (Flatcar#283)
  • For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances (update-engine#8)
  • Enable BCMGENET as a module on arm64_defconfig-5.9 (coreos-overlay#717)
  • Enable BCM7XXX_PHY as a module on arm64_defconfig-5.9 for Raspberry Pi 4 (coreos-overlay#716)
  • Disable jpeg USE flag from QEMU (coreos-overlay#729)
  • flatcar_production_qemu.sh: Use more CPUs for ARM if available (scripts#91)

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Nov 27, 2020  amd64 arm64

docker - 19.03.13
ignition - 0.34.0
kernel - 5.9.11
systemd - 246

Security fixes

Bug fixes

  • Added systemd-tmpfiles directives for /opt and /opt/bin to ensure that the folders have correct permissions even when /opt/ was once created by containerd (Flatcar#279)

Changes

  • Enabled the kernel config HOTPLUG_PCI_ACPI for arm64 to support attaching EC2 volumes (PR#705)

Updates

Note: Please note that ARM images remain experimental for now.


Release Date: Nov 20, 2020  amd64 arm64

docker - 19.03.13
ignition - 0.34.0
kernel - 5.9.8
systemd - 246

Security fixes:

Bug fixes:

  • network: Restore KeepConfiguration=dhcp-on-stop (kinvolk/init#30)
  • Make the automatic filesystem resizing more robust against a race and add more logging (kinvolk/init#31)
  • Default again to waiting only for one network interface to be ready with systemd-networkd-wait-online which was missing in the initial systemd 246 update
  • Default again to disabling IP Forwarding in systemd which was missing in the initial systemd 246 update
  • Make systemd detect updates again when the /usr partition changes which was missing in the initial systemd 246 update
  • Default again to set DefaultTasksMax=100% in systemd which was missing in the initial systemd 246 update
  • Default again to disable SELinux permissions checks in systemd which was missing in the initial systemd 246 update

Changes:

  • The zstd tools were added (version 1.4.4)
  • The kernel config CONFIG_PSI was set to support Pressure Stall Information, more information also under https://facebookmicrosites.github.io/psi/docs/overview (Flatcar#162)
  • The kernel config CONFIG_BPF_JIT_ALWAYS_ON was set to use the BPF just-in-time compiler by default for faster execution
  • The kernel config CONFIG_DEBUG_INFO_BTF was set to support BTF metadata (BPF Type Format), one important piece for portability of BPF programs (CO-RE: Compile Once - Run Everywhere) through relocation
  • The kernel config CONFIG_POWER_SUPPLY was set
  • The kernel configs CONFIG_OVERLAY_FS_METACOPY and CONFIG_OVERLAY_FS_REDIRECT_DIR were set. With the first overlayfs will only copy up metadata when a metadata-specific operation like chown/chmod is performed. The full file will be copied up later when the file is opened for write operations. With the second, which is equivalent to setting “redirect_dir=on” in the kernel command-line, overlayfs will copy up the directory first before the actual content (Flatcar#170).

Updates:

  • Linux (5.9.8)
  • Linux firmware (20200918)
  • systemd (246.6)
  • bzip2 (1.0.8)
  • cifs-utils (6.11)
  • dbus-glib (0.110)
  • elfutils (0.178)
  • glib (2.64.5)
  • ntp (4.2.8_p15)
  • open-iscsi (2.1.2)
  • samba (4.11.13)
  • shadow (4.8)
  • sssd (2.3.1)
  • strace (5.9)
  • talloc (2.3.1)
  • tdb (1.4.3)
  • tevent (0.10.2)
  • SDK/developer container: GCC (9.3.0), binutils (2.35), gdb (9.2)
  • SDK: Go (1.15.5)
  • VMware: open-vm-tools (11.2.0)

Release Date: Oct 28, 2020  amd64 arm64

docker - 19.03.13
ignition - 0.34.0
kernel - 5.8.16
systemd - 246

Security fixes:

Bug fixes:

  • Ensured that the /etc/coreos to /etc/flatcar symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for update: or locksmith: while also reformatting the rootfs (baselayout PR#7)
  • Allow inactive network interfaces to be bound to a bonding interface, by encoding additional configuration for systemd-networkd-wait-online (afterburn PR #10)
  • Azure: Exclude bonded SR-IOV driver mlx5-core from network interfaces managed by systemd-networkd (bootengine PR #19) (init PR #29)
  • Do not configure ccache in Jenkins (scripts PR #100)

Changes:

Updates:

Note: Please note that ARM images remain experimental for now.


Release Date: Oct 16, 2020  amd64 arm64

docker - 19.03.13
ignition - 0.34.0
kernel - 5.8.14
systemd - 246

Security fixes:

Bug fixes:

  • Ensured that the /etc/coreos to /etc/flatcar symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for update: or locksmith: while also reformatting the rootfs (baselayout PR#7)
  • Azure: Exclude bonded SR-IOV network interfaces with newer drivers from networkd (in addition to the old drivers) to prevent them being configured instead of just the bond interface (init PR#29, bootengine PR#19)

Changes:

  • Compress kernel modules with xz (overlay PR#628)
  • Add containerd-runc-shim-v* binaries required by kubelet custom CRI endpoints (overlay PR#623)
  • AWS arm64: Enable elastic network adapter module (overlay PR#631)
  • Equinix Metal (Packet): Exclude unused network interfaces from networkd, disregard the state of the bonded interfaces for the network-online.target and only require the bond interface itself to have at least one active link instead of routable which requires both links to be active (afterburn PR#10)
  • QEMU: Use flatcar.autologin kernel command line parameter for auto login on the console (Flatcar #71)

Updates:


Release Date: Sep 30, 2020  amd64

docker - 19.03.13
ignition - 0.34.0
kernel - 5.8.11
systemd - 245

Security fixes:

Bug fixes:

  • Enabled missing systemd services (#191, PR #612)
  • Fixed Docker torcx image unpacking error on machines with less than ~600 MB total RAM (#32)
  • Solved adcli Kerberos Active Directory incompatibility (#194)
  • Fixed the makefile path when building kernel modules with the developer container (#195)
  • Removed the /etc/portage/savedconfig/ folder that contained a dump of the firmware config flatcar-linux/coreos-overlay#613

Changes:

  • GCE: Improved oslogin support and added shell aliases to run a Python Docker image (PR #592)

Updates:

Note: Please note that ARM images remain experimental for now.


Release Date: Sep 16, 2020  amd64 arm64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.8.9
rkt - 1.30.0
systemd - 245

Bug fixes:

  • Fix resetting of DNS nameservers in systemd-networkd units (PR#12)

Changes:

  • Disable TX checksum offloading for the IP-in-IP tunl0 interface used by Calico (PR#26). This is a workaround for a Mellanox driver issue, currently tracked in Flatcar#183
  • Set sysctl net.ipv4.conf.(all|*).rp_filter to 0 (instead of the systemd upstream value 2) to be less restrictive which some network solutions rely on (PR#11)
  • Update-engine now detects rollbacks and reports them as errors to the update server (PR#6)
  • flatcar-install allows installation to a multipath drive (PR#24)
  • Support the lockdown kernel command line parameter (PR#533)
  • Update public key to include a new subkey

Updates:

Note: Please note that ARM images remain experimental for now.


Release Date: Sep 1, 2020  amd64 arm64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.4.61
rkt - 1.30.0
systemd - 245

Bug fixes:

Changes:

  • Mount /sys/fs/bpf into the toolbox container and allow BPF syscalls (PR#544)
  • Support loading BPF programs with tc Flatcar#172

Updates:

Note: Please note that ARM images remain experimental for now.


Release Date: Aug 20, 2020  amd64 arm64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.4.59
rkt - 1.30.0
systemd - 245

Security fixes:

Bug fixes:

Changes:

Updates:


Release Date: Aug 6, 2020  amd64 arm64

docker - 19.03.12
ignition - 0.34.0
kernel - 5.4.55
rkt - 1.30.0
systemd - 245

Bug Fixes:

Changes:

  • Since version 245 systemd-networkd ignores network unit files with an empty [Match] section. Add a Name=* entry to match all interfaces.
  • Weave network interfaces are excluded from systemd-networkd (flatcar-linux/init#22)
  • Enabled the mmio and vsock virtio kernel modules for Firecracker (flatcar-linux/coreos-overlay#485)
  • Enabled CONFIG_IKHEADERS to expose kernel headers under /sys/kernel/kheaders.tar.xz
  • Vultr support in Ignition (flatcar-linux/ignition#13)
  • VMware OVF settings default to ESXi 6.5 and Linux 3.x

Updates:

Note: Please note that ARM images remain experimental for now.


Release Date: Jun 30, 2020  amd64 arm64

docker - 19.03.11
ignition - 0.34.0
kernel - 5.4.47
rkt - 1.30.0
systemd - 243

Security Fixes:

Bugfixes:

Updates:

Note: Please note that ARM images remain experimental for now.


Release Date: Jun 17, 2020  amd64 arm64

docker - 19.03.8
ignition - 0.34.0
kernel - 5.4.46
rkt - 1.30.0
systemd - 243

Flatcar updates

Security fixes:

Changes:

  • A source code and licensing overview is available under /usr/share/licenses/INFO

Updates:


Release Date: May 26, 2020  amd64 arm64

docker - 19.03.8
ignition - 0.34.0
kernel - 5.4.41
rkt - 1.30.0
systemd - 243

Flatcar updates

Security fixes:

Bug fixes:

  • Revert adding the SELinux use flag for docker-runc until a regression is solved
  • When writing the update kernel, prefer /boot/coreos only if /boot/coreos/vmlinux-* exists (https://github.com/flatcar/update_engine/pull/5)
  • Fixed sysroot-boot initramfs service race which resulted in a warning that this service failed

Changes:

  • Support the CoreOS GRUB /boot/coreos/first_boot flag file (https://github.com/flatcar/bootengine/pull/13)
  • Fetch container images in docker format rather than ACI by default in etcd-member.service, flanneld.service, and kubelet-wrapper
  • Add wireguard kernel module from wireguard-linux-compat
  • Include wg (wireguard-tools)
  • Enable regex support for jq
  • Use flatcar.autologin kernel command line parameter on Azure for auto login on the serial console

Updates:


Release Date: Apr 30, 2020  amd64 arm64

docker - 19.03.8
ignition - 0.34.0
kernel - 5.4.35
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Updates:


Release Date: Apr 15, 2020  amd64 arm64

docker - 19.03.8
ignition - 0.34.0
kernel - 4.19.113
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Changes:

Updates:


Release Date: Mar 5, 2020  amd64 arm64

docker - 19.03.5
ignition - 0.34.0
kernel - 4.19.106
rkt - 1.30.0
systemd - 241

Flatcar updates

Bug fixes:

Updates:


Release Date: Feb 17, 2020  amd64 arm64

docker - 19.03.5
ignition - 0.34.0
kernel - 4.19.102
rkt - 1.30.0
systemd - 241

Flatcar updates

Security fixes:

  • Fix stack-based buffer overflow in sudo (CVE-2019-18634)
  • Fix incorrect access control leading to privileges escalation in runc (CVE-2019-19921)
  • Fix systemd use-after-free upon receiving crafted D-Bus message from local unprivileged attacker (CVE-2020-1712)

Bug fixes:

Changes:

Updates:


Release Date: Jan 21, 2020  amd64 arm64

docker - 19.03.5
ignition - 0.34.0
kernel - 4.19.97
rkt - 1.30.0
systemd - 241

Release Date: Dec 20, 2019  amd64 arm64

docker - 19.03.5
ignition - 0.33.0
kernel - 4.19.89
rkt - 1.30.0
systemd - 241

Flatcar updates

Security fixes:

  • Fix a denial-of-service issue via malicious access to /dev/kvm (CVE-2019-19332)

Bug fixes:

Updates:


Release Date: Dec 9, 2019  amd64 arm64

docker - 19.03.5
ignition - 0.33.0
kernel - 4.19.87
rkt - 1.30.0
systemd - 241

Flatcar updates

It is the first release done for both amd64 and arm64.

Bug fixes:

Updates:


Release Date: Dec 5, 2019  amd64

docker - 19.03.5
ignition - 0.33.0
kernel - 4.19.87
rkt - 1.30.0
systemd - 241

Flatcar updates

Security fixes:

Bug fixes:

Updates:


Release Date: Nov 25, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.84
rkt - 1.30.0
systemd - 241

Flatcar updates

Security fixes:

Bug fixes:

  • Fix CFS scheduler throttling highly-threaded I/O-bound applications (#2623)
  • Fix time zone for Brazil (#2627)

Updates:


Release Date: Nov 11, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.81
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix CFS scheduler throttling highly-threaded I/O-bound applications (#2623)
  • Fix time zone for Brazil (#2627)

Updates:


Release Date: Oct 23, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.80
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Changes:

  • Pin rkt to Go 1.12

Updates:


Release Date: Oct 17, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.79
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix sudo allowing a user to run commands as root if configured to permit the user to run commands as everyone other than root (CVE-2019-14287)

Bug fixes:

  • Fix kernel crash with CephFS mounts, introduced in 2275.0.0 (#2616)

Updates:


Release Date: Oct 16, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.78
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix kernel crash with CephFS mounts, introduced in 2275.0.0 (#2616)

Updates:


Release Date: Sep 25, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.75
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Sep 13, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.71
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix systemd-resolved bug allowing unprivileged users to change DNS settings (CVE-2019-15718)

Bug fixes:

  • Fix GCE agent crash loop in new installs (#2608)

Updates:


Release Date: Sep 5, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.69
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix systemd-resolved bug allowing unprivileged users to change DNS settings (CVE-2019-15718)

Bug fixes:

  • Fix GCE agent crash loop in new installs (#2608)

Updates:


Release Date: Aug 30, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.68
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Aug 16, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.65
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:

Flatcar updates

Bug fixes:


Release Date: Aug 8, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.65
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix Linux information leak attack vector via speculative side channel (CVE-2019-1125)

Updates:

Flatcar updates

Changes:


Release Date: Aug 1, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.62
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix Ignition fetching from S3 URLs when network is slow to start (ignition#826)

Updates:


Release Date: Jul 17, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.58
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Fix Docker device or resource busy error when creating overlay mounts, introduced in 2191.0.0

Updates:


Release Date: Jul 3, 2019  amd64

docker - 18.06.3
ignition - 0.33.0
kernel - 4.19.56
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix Ignition panic when no guestinfo.(coreos|ignition).config parameters are specified on VMware (coreos/ignition#821)

Updates:


Release Date: Jul 1, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.55
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Temporarily revert bunzip2 change in 2163.0.0 causing decompression failures for invalid archives created by older versions of lbzip2, including Container Linux release images (#2589)

Updates:


Release Date: Jun 19, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.50
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Jun 12, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.47
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Bug fixes:

  • Temporarily revert bunzip2 change in 2163.0.0 causing decompression failures for invalid archives created by older versions of lbzip2, including Container Linux release images (#2589)

Release Date: Jun 6, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.47
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix curl TFTP buffer overflow with non-default block size (CVE-2019-5436)

Updates:


Release Date: May 21, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.44
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Updates:


Release Date: May 16, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.43
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: May 8, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.37
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix systemd MountFlags=shared option (#2579)

Changes:

  • Use Amazon’s recommended NVMe timeout for new EC2 installs (#2484)
  • Pin network interface naming to systemd v238 scheme (#2578)
  • Enable XDP sockets (#2580)

Updates:


Release Date: May 3, 2019  amd64

docker - 18.06.3
ignition - 0.32.0
kernel - 4.19.36
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Disable new sticky directory protections for backward compatibility (#2577)

Changes:

  • Enable atlantic kernel module (#2576)

Updates:


Release Date: Apr 9, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.34
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Mar 26, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.31
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

  • Fix OpenSSH scp allowing remote servers to change target directory permissions (CVE-2018-20685)
  • Fix OpenSSH outputting ANSI control codes from remote servers (CVE-2019-6109, CVE-2019-6110)
  • Fix OpenSSH scp allowing remote servers to overwrite arbitrary files (CVE-2019-6111)
  • Fix OpenSSL side-channel timing attack (CVE-2018-5407)
  • Fix OpenSSL padding oracle attack in misbehaving applications (CVE-2019-1559)
  • Fix ntp ntpd denial of service by authenticated user (CVE-2019-8936)
  • Fix ntp buffer overflow in ntpq and ntpdc (CVE-2018-12327)

Bug fixes:

  • Fix systemd presets incorrectly handling escaped unit names (#2569)

Updates:


Release Date: Mar 12, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.28
rkt - 1.30.0
systemd - 241

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix systemd-journald memory leak (#2564)

Changes:

  • Enable vhost_vsock kernel module (#2563)

Updates:


Release Date: Feb 27, 2019  amd64

docker - 18.06.3
ignition - 0.31.0
kernel - 4.19.25
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Feb 14, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.20
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Changes:

  • Revert /sys/bus/rbd/add to Linux 4.14 behavior (#2544)
  • Add a new subkey for signing release images

Updates:


Release Date: Jan 30, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.18
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Updates:


Release Date: Jan 18, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.15
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Changes:

  • Add ip_vs_mh kernel module (#2542)

Updates:


Release Date: Jan 18, 2019  amd64

docker - 18.06.1
ignition - 0.30.0
kernel - 4.19.13
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix monitoring process events over netlink (#2537)

Updates:


Release Date: Dec 21, 2018  amd64

docker - 18.06.1
ignition - 0.29.1
kernel - 4.19.9
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix Go CPU denial of service in X.509 verification (CVE-2018-16875)
  • Fix PolicyKit always authorizing UIDs greater than INT_MAX (CVE-2018-19788)

Bug fixes:

  • Fix AWS, Azure, and GCE disk aliases in the initramfs for Ignition (#2531)

Updates:


Release Date: Dec 6, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.19.6
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Updates:


Release Date: Nov 21, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.19.2
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Disable containerd CRI plugin to stop it from listening on a TCP port (#2524)
  • Fix curl buffer overrun in NTLM authentication code (CVE-2018-14618)
  • Fix OpenSSL TLS client denial of service (CVE-2018-0732)
  • Fix OpenSSL timing side channel in DSA signature generation (CVE-2018-0734)
  • Fix OpenSSL timing side channel via SMT port contention (CVE-2018-5407)

Updates:


Release Date: Nov 8, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.19.1
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix systemd re-executing with arbitrary supplied state (CVE-2018-15686)
  • Fix systemd race allowing changing file permissions (CVE-2018-15687)
  • Fix systemd-networkd buffer overflow in the dhcp6 client (CVE-2018-15688)

Bug fixes:

  • Add AWS and GCE disk aliases in the initramfs for Ignition (#2481)
  • Add compatibility nf_conntrack_ipv4 kernel module to fix kube-proxy IPVS on Linux 4.19 (#2518)

Updates:


Release Date: Oct 26, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.19.0
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix missing kernel headers (#2505)

Updates:


Release Date: Oct 11, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.18.12
rkt - 1.30.0
systemd - 238

Flatcar updates

Changes:

Bug fixes:

Upstream Container Linux updates:

Updates:


Release Date: Oct 1, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.18.9
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix Google Compute Engine OS Login activation (#2503)

Updates:


Release Date: Sep 14, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.18.7
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix Docker mounting named volumes (#2497)
  • Fix Azure disk detection in Ignition (#2481)

Changes:

  • Add support for Google Compute Engine OS Login
  • Enable support for Mellanox Ethernet switches

Updates:


Release Date: Aug 29, 2018  amd64

docker - 18.06.1
ignition - 0.28.0
kernel - 4.18.5
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Changes:

  • Add CIFS userspace utilities (#571)
  • Drop AWS PV images from regions which do not support PV

Updates:


Release Date: Aug 17, 2018  amd64

docker - 18.06.0
ignition - 0.27.0
kernel - 4.17.15
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix PXE systems attempting to mount an ESP (#2491)

Updates:


Release Date: Aug 8, 2018  amd64

docker - 18.06.0
ignition - 0.26.0
kernel - 4.17.12
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix failure to mount large ext4 filesystems (#2485)

Updates:


Release Date: Jul 31, 2018  amd64

docker - 18.06.0
ignition - 0.26.0
kernel - 4.17.11
rkt - 1.30.0
systemd - 238

Release Date: Jul 26, 2018  amd64

docker - 18.06.0
ignition - 0.26.0
kernel - 4.17.9
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Changes:

  • Add torcx remotes support

Updates:


Release Date: Jul 5, 2018  amd64

docker - 18.05.0
ignition - 0.26.0
kernel - 4.17.3
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Changes:

  • Reads of /dev/urandom early in boot will block until entropy pool is fully initialized
  • Support friendly AWS EBS NVMe device names (#2399)

Updates:


Release Date: Jun 22, 2018  amd64

docker - 18.05.0
ignition - 0.26.0
kernel - 4.16.16
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix Hyper-V network driver regression (#2454)

Changes:

Updates:


Release Date: Jun 13, 2018  amd64

docker - 18.05.0
ignition - 0.25.1
kernel - 4.16.14
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix Hyper-V network driver regression (#2454)

Release Date: Jun 12, 2018  amd64

docker - 18.05.0
ignition - 0.25.1
kernel - 4.16.14
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix failure to set network interface MTU (#2443)
  • Fix inadvertent change of network interface names (#2437)
  • Fix Docker bind mounts from root filesystem (#2440)

Changes:

  • Update VMware virtual hardware version to 11 (ESXi > 6.0)

Updates:


Release Date: Jun 1, 2018  amd64

docker - 18.05.0
ignition - 0.25.1
kernel - 4.16.13
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

  • Fix Git arbitrary code execution when cloning untrusted repositories (CVE-2018-11235)

Bug fixes:

  • Fix failure to set network interface MTU (#2443)

Updates:


Release Date: May 27, 2018  amd64

docker - 18.05.0
ignition - 0.25.1
kernel - 4.16.10
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix inadvertent change of network interface names (#2437)
  • Fix Docker bind mounts from root filesystem (#2440)

Release Date: May 26, 2018  amd64

docker - 18.05.0
ignition - 0.25.1
kernel - 4.16.10
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Changes:

  • Enable QLogic FCoE offload support (#2367)
  • Enable hardware RNG kernel drivers (#2430)
  • Add notrap to ntpd default access restrictions (#2220)
  • Allow booting default GRUB menu entry if GRUB password is enabled (#1597)
  • coreos-install -i no longer modifies grub.cfg (#2291)
  • QEMU wrapper script now enables VirtIO RNG device

Updates:


Release Date: May 11, 2018  amd64

docker - 18.04.0
ignition - 0.24.0
kernel - 4.16.7
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Bug fixes:

  • Fix GRUB free magic error on existing systems (#2400)

Changes:

  • Support storing sudoers in SSSD and LDAP
  • No longer publish Oracle Cloud release images

Updates:


Release Date: Apr 26, 2018  amd64

docker - 18.04.0
ignition - 0.24.0
kernel - 4.16.3
rkt - 1.30.0
systemd - 238

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Pass /etc/machine-id from the host to the kubelet
  • Fix docker2aci tar conversion (#2402)
  • Switch /boot from FAT16 to FAT32 (#2246)

Changes:

  • Make Ignition failures more visible on the console

Updates:


Release Date: Apr 25, 2018  amd64

docker - 18.03.0
ignition - 0.24.0
kernel - 4.15.15
rkt - 1.29.0
systemd - 238

Flatcar updates

Initial Flatcar release.

Notes:

  • Previous test images have been removed from the release servers. This is due to a new update key being generated using our updated security policy which we included in the first public image.

Upstream Container Linux updates:

Security fixes:

Bug fixes:

  • Fix GRUB crash at boot (#2284)

Updates:


Release Date: Sep 1, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.10.137
systemd - 249

Changes since LTS 3033.3.4

Security fixes:

Changes:

  • The new image signing subkey was added to the public key embedded into flatcar-install (the old expired on 10th August 2022), only an updated flatcar-install script can verify releases signed with the new key (init#79)

Updates:


Release Date: Aug 4, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.10.134
systemd - 249

New LTS-2022 Release 3033.3.4

Changes since LTS-2022 3033.3.3

Security fixes:

Bug fixes:

Changes:

Updates:


Release Date: Jul 21, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.10.131
systemd - 249

New LTS-2022 Release 3033.3.3

Changes since LTS 3033.3.2

Security fixes:

Bug fixes:

  • Removed outdated LTS channel information printed on login (init#75)

Changes:

  • Enabled containerd.service unit, br_netfilter and overlay modules by default to follow Kubernetes requirements (coreos-overlay#1944, init#72)
  • DigitalOcean: In addition to the bz2 image, a gz compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.
  • OpenStack: In addition to the bz2 image, a gz compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.
  • SDK: The image compression format is now configurable. Supported formats are: bz2, gz, zip, none, zst. Selecting the image format can now be done by passing the --image_compression_formats option. This flag gets a comma separated list of formats.

Updates:


Release Date: Jun 23, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.10.123
systemd - 249

New LTS-2022 Release 3033.3.2

Changes since LTS 3033.3.1

Security fixes:

Updates:


Release Date: Jun 2, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.10.118
systemd - 249

New LTS-2022 Release 3033.3.1

Changes since LTS-2022 3033.3.0

Security fixes:

Bug fixes:

  • Ensured /etc/flatcar/update.conf exists because it happens to be used as flag file for Ansible (init#71)

Updates:


Release Date: May 5, 2022  amd64 arm64

docker - 20.10.12
ignition - 0.36.1
kernel - 5.10.109
systemd - 249

New LTS-2022 Release 3033.3.0

Changes since LTS-2021 2605.27.1

Update to CGroupsV2: Flatcar Container Linux migrates to the unified cgroup hierarchy (aka cgroups v2)! New nodes will utilize cgroups v2 by default. Existing nodes remain on cgroups v1 and need to be manually migrated to cgroups v2. To learn more about the cgroups v2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/

Other notable changes: cri-tools and lbzip2 got added, PAM tally2 got replaced by PAM faillock, only a single Docker version is now shipped (20.10), and rkt, kubelet-wapper, dhcpcd, and containerd-stress got removed.

Security fixes:

(Note: Not all fixed issues may have been present in the old versions)

Bug fixes:

  • The Torcx profile docker-1.12-no got fixed to reference the current Docker version instead of 19.03 which wasn’t found on the image, causing Torcx to fail to provide Docker (coreos-overlay#1456)
  • Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (init#57)
  • SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (coreos-overlay#1502)
  • Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in policycoreutils instead of /var/lib/selinux (flatcar-linux/Flatcar#596)
  • Disabled the systemd-networkd settings ManageForeignRoutes and ManageForeignRoutingPolicyRules by default to ensure that CNIs like Cilium don’t get their routes or routing policy rules discarded on network reconfiguration events (Flatcar#620).
  • AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances (coreos-overlay#1628)
  • Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory when creating a btrfs root filesystem (ignition#35)
  • Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium (Flatcar#626, coreos-overlay#1682)
  • Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) (Flatcar#665, coreos-overlay#1720)
  • Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an ‘invalid relocation target’ error (coreos-overlay#1839)
  • vim with USE=minimal was fixed to run without warning in the beginning portage-stable#260
  • dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. scripts#194
  • Added missing SELinux rule as initial step to resolve Torcx unpacking issue (coreos-overlay#1426)
  • Randomize OEM filesystem UUID if mounting fails (init#47)
  • Run emergency.target on ignition/torcx service unit failure in dracut (bootengine#28)
  • Re-enabled kernel config FS_ENCRYPTION (coreos-overlay#1212)
  • Fixed Perl in dev-container (coreos-overlay#1238)
  • Fixed containerd config after introduction of CGroupsV2 (coreos-overlay#1214)
  • Fixed path for amazon-ssm-agent in base-ec2.ign (coreos-overlay#1228)
  • flatcar-install: randomized OEM filesystem UUID if mounting fails (init#47)
  • Fixed null-pointer deref crash in Ignition when specifying the OEM filesystem without a label (ignition#25)
  • Fixed locksmith adhering to reboot window when getting the etcd lock (locksmith#10)
  • Fixed pam.d sssd LDAP auth with sudo (coreos-overlay#1170)
  • Let network-cleanup.service finish before entering rootfs (coreos-overlay#1182)
  • Fixed SELinux policy for Flannel CNI (coreos-overlay#1181)
  • Set the cilium_vxlan interface to be not managed by networkd’s default setup with DHCP as it’s managed by Cilium. (init#43)
  • Disabled SELinux by default on dockerd wrapper script (coreos-overlay#1149)
  • Fixed the network-cleanup service race in the initramfs which resulted in a failure being reported
  • GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service (coreos-overlay#1146)
  • Add the systemd tag in udev for Azure storage devices, to fix /boot automount (init#41)
  • Update-engine sent empty requests when restarted before a pending reboot (Flatcar#388)
  • systemd-networkd: Do not manage loopback network interface (bootengine#24 init#40)
  • flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag (Flatcar#332)
  • GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. (init#38)
  • Include firmware files for all modules shipped in our image (Issue #359, coreos-overlay#887)
  • Add explicit path to the binary call in the coreos-metadata unit file (Issue #360)
  • sys-apps/systemd: Fix unit installation (coreos-overlay#810)
  • passwd: use correct GID for tss (baselayout#15)
  • coreos-base/gmerge: Stop installing gmerge script (coreos-overlay#828)
  • Update sys-apps/coreutils and make sure they have split-usr disabled for generic images (coreos-overlay#829)
  • afterburn (coreos-metadata): Restart on failure and keep coreos-metadata unit active (coreos-overlay#768)
  • network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting (flatcar-linux/init#51, flatcar-linux/cloudinit#12, flatcar-linux/bootengine#30)
  • Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates (flatcar-linux/init#53)
  • Default again to disable SELinux permissions checks in systemd which was missing in the initial systemd 246 update
  • Default again to set DefaultTasksMax=100% in systemd which was missing in the initial systemd 246 update
  • Make systemd detect updates again when the /usr partition changes which was missing in the initial systemd 246 update
  • Default again to disabling IP Forwarding in systemd which was missing in the initial systemd 246 update
  • Default again to waiting only for one network interface to be ready with systemd-networkd-wait-online which was missing in the initial systemd 246 update

Changes:

  • Backported elf support for iproute2 (coreos-overlay#1256)
  • Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in grub.cfg (check it taking effect with cat /proc/sys/crypto/fips_enabled) (coreos-overlay#1602)
  • Merge the Flatcar Pro features into the regular Flatcar images (coreos-overlay#1679)
  • Added support for switching back to CGroupsV1 without requiring a reboot. Create /etc/flatcar-cgroupv1 through ignition. (coreos-overlay#1666)
  • Enabled FIPS mode for cryptsetup (coreos-overlay#1747)
  • GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP (coreos-overlay#1802)
  • Enabled FIPS mode for cryptsetup (portage-stable#312)
  • Added GPIO support (coreos-overlay#1236)
  • Added Azure Generation 2 VM support (coreos-overlay#1198)
  • Switched Docker ecosystem packages to go1.16 (coreos-overlay#1217)
  • Added lbzip2 binary to the image (coreos-overlay#1221)
  • flatcar-install uses lbzip2 if present, falls back on bzip2 if not (init#46)
  • Added Intel E800 series network adapter driver (coreos-overlay#1237)
  • Enabled ‘audit’ use flag for sys-libs/pam (coreos-overlay#1233)
  • Bumped etcd and flannel to respectively 3.5.0, 0.14.0 to get multiarch images for arm64 support. Note for users of the old etcd v2 support: ETCDCTL_API=2 must be set to use v2 store as well as ETCD_ENABLE_V2=true in the etcd-member.service - this support will be removed in 3.6.0 (coreos-overlay#1179)
  • cgroups v2 by default for new nodes (coreos-overlay#931)
  • Upgrade Docker to 20.10 (coreos-overlay#931)
  • update_engine: add postinstall hook to stay on cgroupv1 (update_engine#13)
  • Switched to zstd compression for the initramfs (coreos-overlay#1136)
  • Embedded new subkey in flatcar-install (coreos-overlay#1180)
  • Azure: Compile OEM contents for all architectures (coreos-overlay#1196)
  • AWS: Added amazon-ssm-agent (coreos-overlay#1162)
  • Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data
  • Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. (coreos-overlay#1106)
  • Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition
  • Deleted the unused kernel+initramfs vmlinuz file from the /usr partition
  • devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID
  • Enabled ARM64 SDK bootstrap (scripts#134)
  • Enable telnet support for curl (coreos-overlay#1099)
  • Enable MDIO_BCM_UNIMAC for arm64 (coreos-overlay#929)
  • Disabled SELinux for Docker (coreos-overlay#1055)
  • flatcar-install: Add -D flag to only download the image file (Flatcar#248)
  • Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn’t start, disrupting the whole boot. (bootengine#23)
  • Enable using iSCSI netroot devices on Flatcar (bootengine#22)
  • The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. (init#38)
  • The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. (baselayout#17)
  • The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. (coreos-overlay#857)
  • sshd: use secure crypto algos only (coreos-overlay#852)
  • samba: Update to EAPI=7, add new USE flags and remove deps on icu (coreos-overlay#864)
  • kernel: enable kernel config CONFIG_BPF_LSM (coreos-overlay#846)
  • bootengine: set hostname for EC2 and OpenStack from metadata (coreos-overlay#848)
  • sys-block/open-iscsi: Command substitution in iscsi-init system service (coreos-overlay#801)
  • scripts/motdgen: Add OEM information to motd output (init#34)
  • torcx: delete Docker 1.12 (coreos-overlay#826)
  • portage update: update portage and related packages to newer versions (coreos-overlay#840)
  • bin/flatcar-install: add parameters to make wget more resilient (init#35)
  • With the open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi (coreos-overlay#682)
  • Updated nsswitch.conf to use systemd-resolved (baselayout#10)
  • Enabled systemd-resolved stub listeners (baselayout#11)
  • systemd-resolved: Disabled DNSSEC for the mean time (baselayout#14)
  • kernel: enabled CONFIG_DEBUG_INFO_BTF (coreos-overlay#753)
  • containerd: Disabled shim debug logs (coreos-overlay#766)
  • Enable BCMGENET as a module on arm64_defconfig-5.9 (coreos-overlay#717)
  • Enable BCM7XXX_PHY as a module on arm64_defconfig-5.9 for Raspberry Pi 4 (coreos-overlay#716)
  • flatcar_production_qemu.sh: Use more CPUs for ARM if available (scripts#91)
  • Enabled the kernel config HOTPLUG_PCI_ACPI for arm64 to support attaching EC2 volumes (coreos-overlay#705)
  • Support the lockdown kernel command line parameter (coreos-overlay#533)
  • AWS arm64: Enable elastic network adapter module (coreos-overlay#631)
  • rkt and kubelet-wrapper are deprecated and removed from Alpha, also from subsequent channels in the future. Please read the removal announcement to know more.

Updates:

Changes since Stable 3033.2.4

Security fixes:

Bug fixes:

Changes:

  • The systemd-networkd ManageForeignRoutes and ManageForeignRoutingPolicyRules settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under /etc/systemd/networkd.conf.d/ because drop-in files take precedence over /etc/systemd/networkd.conf (init#61)
  • Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference (init#56)
  • Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates (flatcar-linux/init#53)
  • Merge the Flatcar Pro features into the regular Flatcar images (coreos-overlay#1679)
  • Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in grub.cfg (check it taking effect with cat /proc/sys/crypto/fips_enabled) (coreos-overlay#1602)
  • Merge the Flatcar Pro features into the regular Flatcar images (coreos-overlay#1679)
  • Enabled FIPS mode for cryptsetup (flatcar-linux/coreos-overlay#1747, portage-stable#312)
  • GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP (coreos-overlay#1802)
  • SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the ghcr.io/flatcar/mantle image (coreos-overlay#1827, scripts#275)

Updates:


Release Date: Sep 1, 2022  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.210
systemd - 246

NOTE LTS-2021 is near the designated end of its 18 month lifespan and will only receive 1 more update by the end of September. If you use a fixed LTS channel please switch to LTS-2022, the new LTS which has been published in May. After the next update by end of September there will be no more releases for the LTS-2021 channel. Please check your nodes' GROUP= setting in /etc/flatcar/update.conf to determine if you need to take action. Please refer to the Flatcar documentation on switching channels to switch to LTS-2022.

Changes since LTS 2605.30.1

Security fixes:

Changes:

  • The new image signing subkey was added to the public key embedded into flatcar-install (the old expired on 10th August 2022), only an updated flatcar-install script can verify releases signed with the new key (init#79)

Updates:

Note: LTS 2605.32.1 i.e the next release to be release in the month of September would be the last release for LTS-2021. Post that there will be no more releases for the channel. Please upgrade your workloads to LTS-2022 as soon as possible.


Release Date: Aug 4, 2022  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.206
systemd - 246

New LTS-2021 Release 2605.30.1

Changes since LTS-2021 2605.29.1

Security fixes:

Bug fixes:

  • Removed outdated LTS channel information printed on login (init#75)

Changes:

Updates:


Release Date: Jun 23, 2022  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.199
systemd - 246

New LTS-2021 Release 2605.29.1

Changes since LTS 2605.28.1

Security fixes:

Updates:


Release Date: Jun 23, 2022  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.196
systemd - 246

Release Date: Apr 7, 2022  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.188
systemd - 246

New LTS-2021 Release 2605.27.1

Changes since LTS 2605.26.1

Security fixes:

Updates:

  • Linux (5.4.188) (from 5.4.181)
  • ca-certificates (3.77)

Release Date: Mar 7, 2022  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.181
systemd - 246

New LTS-2605 Release 2605.26.1

Changes since LTS 2605.25.1

Security fixes

Updates


Release Date: Jan 26, 2022  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.173
systemd - 246

New LTS release 2605.25.1

Changes since LTS 2605.24.1

Security fixes

Updates


Release Date: Dec 15, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.164
systemd - 246

New LTS release 2605.24.1

Changes since LTS 2605.23.1

Security Fixes

Updates


Release Date: Nov 9, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.157
systemd - 246

New LTS release 2605.23.1

Changes since LTS 2605.22.1

Security fixes

Bug fixes

Updates


Release Date: Oct 25, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.155
systemd - 246

New LTS release 2605.22.1

Changes since LTS 2605.21.1

Security fixes

Bux fixes

Updates


Release Date: Sep 27, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.147
systemd - 246

New LTS release 2605.21.1

Changes since LTS 2605.20.1

Security fixes

Updates


Release Date: Sep 1, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.143
systemd - 246

New LTS release 2605.20.1

Changes since LTS 2605.19.1

Security fixes

Updates


Release Date: Aug 19, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.141
systemd - 246

Changes since LTS 2605.18.1

Security fixes

Updates


Release Date: Jul 28, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.134
systemd - 246

Release Date: Jun 17, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.125
systemd - 246

Release Date: May 19, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.119
systemd - 246

Security fixes

Updates


Release Date: Apr 28, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.114
systemd - 246

Security fixes

Bug fixes

Updates


Release Date: Mar 25, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.107
systemd - 246

Release Date: Mar 2, 2021  amd64

docker - 19.03.15
ignition - 0.34.0
kernel - 5.4.101
systemd - 246

Security fixes

Bug fixes

  • login message (motd): filter out bullet point when parsing failed units (baselayout#16)
  • tcsd.service: use correct file permissions (coreos-overlay#809)
  • Use LTS 2021 as OS codename instead of the wrong LTS 2020 name
  • Flatcar Pro for AWS: flatcar-eks: add missing mkdir and update to latest versions (coreos-overlay#817)

Updates


Release Date: Feb 2, 2021  amd64

docker - 19.03.14
ignition - 0.34.0
kernel - 5.4.92
systemd - 246

Security fixes