Kubernetes - v1.24.14

Security

Changelog since v1.24.13

Changes by Kind

API Change

  • Added error handling for seccomp localhost configurations that do not properly set a localhostProfile (#117020, @cji) [SIG API Machinery and Node]
  • Fixed an issue where kubelet does not set case-insensitive headers for http probes. (#117182, @dddddai) (#117331, @dddddai) [SIG API Machinery, Apps and Node]
  • On compatible systems, a mounter's Unmount implementation is changed to not return an error when the specified target can be detected as not a mount point. On Linux, the behavior of detecting a mount point depends on umount command is validated when the mounter is created. Additionally, mount point checks will be skipped in CleanupMountPoint/CleanupMountWithForce if the mounter's Unmount having the changed behavior of not returning error when target is not a mount point. (#109676, @cartermckinnon) [SIG Storage]

Feature

  • Kubernetes is now built with Go 1.19.9 (#117776, @xmudrii) [SIG Release and Testing]

Bug or Regression

  • Fix "dbus: connection closed by user" error after dbus daemon restart
    CVE-2023-27561 CVE-2023-25809 CVE-2023-28642: Bump fix runc v1.1.4 -> v1.1.5
    Fixed cgroup removal error when using runc binary >= 1.1.6 (#117892, @kolyshkin) [SIG Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
  • Fix incorrect calculation for ResourceQuota with PriorityClass as its scope. (#117891, @Huang-Wei) [SIG API Machinery]
  • Fix: the volume is not detached after the pod and PVC objects are deleted (#117358, @cvvz) [SIG Storage]
  • Number of errors reported to the metric storage_operation_duration_seconds_count for emptyDir decreased significantly because previously one error was reported for each projected volume created. (#117022, @mpatlasov) [SIG Storage]
  • Setting a mirror pod's phase to Succeeded or Failed can prevent the corresponding static pod from restarting due mutation of a Kubelet cache. (#116482, @smarterclayton) [SIG Node]

Other (Cleanup or Flake)

  • A v2-level info log will be added, which will output the details of the pod being preempted, including victim and preemptor (#117214, @HirazawaUi) [SIG Scheduling]

Dependencies

Added

  • github.com/shurcooL/sanitized_anchor_name: v1.0.0

Changed

  • github.com/opencontainers/runc: v1.1.1 → v1.1.6
  • github.com/seccomp/libseccomp-golang: 3879420 → f33da4d
  • golang.org/x/mod: 86c51ed → v0.8.0
  • golang.org/x/net: v0.7.0 → v0.8.0
  • golang.org/x/sync: 886fb93 → v0.1.0
  • golang.org/x/sys: v0.5.0 → v0.6.0
  • golang.org/x/term: v0.5.0 → v0.6.0
  • golang.org/x/text: v0.7.0 → v0.8.0
  • golang.org/x/tools: v0.1.12 → v0.6.0
  • sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.36 → v0.0.37

Removed

Nothing has changed.

Details

date
May 17, 2023, 11:53 p.m.
name
Kubernetes v1.24.14
type
Patch
official page
https://github.com/kubernetes/kubernetes/releases/tag/v1.24.14
👇
Register or login to:
  • 🔍View and search all Kubernetes releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or