Kubernetes - v1.24.14
Security
Changelog since v1.24.13
Changes by Kind
API Change
- Added error handling for seccomp localhost configurations that do not properly set a localhostProfile (#117020, @cji) [SIG API Machinery and Node]
- Fixed an issue where kubelet does not set case-insensitive headers for http probes. (#117182, @dddddai) (#117331, @dddddai) [SIG API Machinery, Apps and Node]
- On compatible systems, a mounter's Unmount implementation is changed to not return an error when the specified target can be detected as not a mount point. On Linux, the behavior of detecting a mount point depends on
umount
command is validated when the mounter is created. Additionally, mount point checks will be skipped in CleanupMountPoint/CleanupMountWithForce if the mounter's Unmount having the changed behavior of not returning error when target is not a mount point. (#109676, @cartermckinnon) [SIG Storage]
Feature
Bug or Regression
- Fix "dbus: connection closed by user" error after dbus daemon restart
CVE-2023-27561 CVE-2023-25809 CVE-2023-28642: Bump fix runc v1.1.4 -> v1.1.5
Fixed cgroup removal error when using runc binary >= 1.1.6 (#117892, @kolyshkin) [SIG Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] - Fix incorrect calculation for ResourceQuota with PriorityClass as its scope. (#117891, @Huang-Wei) [SIG API Machinery]
- Fix: the volume is not detached after the pod and PVC objects are deleted (#117358, @cvvz) [SIG Storage]
- Number of errors reported to the metric
storage_operation_duration_seconds_count
for emptyDir decreased significantly because previously one error was reported for each projected volume created. (#117022, @mpatlasov) [SIG Storage] - Setting a mirror pod's phase to Succeeded or Failed can prevent the corresponding static pod from restarting due mutation of a Kubelet cache. (#116482, @smarterclayton) [SIG Node]
Other (Cleanup or Flake)
- A v2-level info log will be added, which will output the details of the pod being preempted, including victim and preemptor (#117214, @HirazawaUi) [SIG Scheduling]
Dependencies
Added
- github.com/shurcooL/sanitized_anchor_name: v1.0.0
Changed
- github.com/opencontainers/runc: v1.1.1 → v1.1.6
- github.com/seccomp/libseccomp-golang: 3879420 → f33da4d
- golang.org/x/mod: 86c51ed → v0.8.0
- golang.org/x/net: v0.7.0 → v0.8.0
- golang.org/x/sync: 886fb93 → v0.1.0
- golang.org/x/sys: v0.5.0 → v0.6.0
- golang.org/x/term: v0.5.0 → v0.6.0
- golang.org/x/text: v0.7.0 → v0.8.0
- golang.org/x/tools: v0.1.12 → v0.6.0
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.36 → v0.0.37
Removed
Nothing has changed.
Security
Details
date
May 17, 2023, 11:53 p.m.
name
Kubernetes v1.24.14
type
Patch
👇
Register or login to:
- 🔍View and search all Kubernetes releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!