Kubernetes - v1.26.5
Security
Changelog since v1.26.4
Changes by Kind
API Change
- Added error handling for seccomp localhost configurations that do not properly set a localhostProfile (#117020, @cji) [SIG API Machinery and Node]
- Fixed an issue where kubelet does not set case-insensitive headers for http probes. (#117182, @dddddai) (#117323, @dddddai) [SIG API Machinery, Apps and Node]
- Revised the comment about the feature-gate level for PodFailurePolicy from alpha to beta (#117814, @kerthcet) [SIG Apps]
Feature
Failing Test
- Allow Azure Disk e2es to use newer topology labels if available from nodes (#117216, @gnufied) [SIG Storage and Testing]
Bug or Regression
- CVE-2023-27561 CVE-2023-25809 CVE-2023-28642: Bump fix runc v1.1.4 -> v1.1.5
- Fixed cgroup removal error when using runc binary >= 1.1.6 (#117691, @dims) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
- During device plugin allocation, resources requested by the pod can only be allocated if the device plugin has registered itself to kubelet AND healthy devices are present on the node to be allocated. If these conditions are not sattisfied, the pod would fail with
UnexpectedAdmissionError
error. (#116337, @swatisehgal) [SIG Node and Testing] - Fix incorrect calculation for ResourceQuota with PriorityClass as its scope. (#117826, @Huang-Wei) [SIG API Machinery]
- Fix: the volume is not detached after the pod and PVC objects are deleted (#117340, @cvvz) [SIG Storage]
- Fixed a memory leak in the Kubernetes API server that occurs during APIService processing. (#117311, @enj) [SIG API Machinery]
- Fixes a regression in kubectl and client-go discovery when configured with a server URL other than the root of a server. (#117686, @ardaguclu) [SIG API Machinery]
- Number of errors reported to the metric
storage_operation_duration_seconds_count
for emptyDir decreased significantly because previously one error was reported for each projected volume created. (#117022, @mpatlasov) [SIG Storage] - Recreate DaemonSet pods completed with Succeeded phase (#117496, @mimowo) [SIG Apps and Testing]
- Resolves a spurious "Unknown discovery response content-type" error in client-go discovery requests by tolerating extra content-type parameters in API responses (#117638, @seans3) [SIG API Machinery]
- Setting a mirror pod's phase to Succeeded or Failed can prevent the corresponding static pod from restarting due mutation of a Kubelet cache. (#116482, @smarterclayton) [SIG Node]
- [KCCM] service controller: change the cloud controller manager to make
providerID
a predicate when synchronizing nodes. This change allows load balancer integrations to ensure that theproviderID
is set when configuring
load balancers and targets. (#117452, @alexanderConstantinescu) [SIG Cloud Provider and Network]
Other (Cleanup or Flake)
- A v2-level info log will be added, which will output the details of the pod being preempted, including victim and preemptor (#117214, @HirazawaUi) [SIG Scheduling]
Dependencies
Added
Nothing has changed.
Changed
- github.com/opencontainers/runc: v1.1.4 → v1.1.6
- golang.org/x/mod: v0.6.0 → v0.8.0
- golang.org/x/net: v0.7.0 → v0.8.0
- golang.org/x/sync: 886fb93 → v0.1.0
- golang.org/x/sys: v0.5.0 → v0.6.0
- golang.org/x/term: v0.5.0 → v0.6.0
- golang.org/x/text: v0.7.0 → v0.8.0
- golang.org/x/tools: v0.2.0 → v0.6.0
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.36 → v0.0.37
Removed
Nothing has changed.
Security
Details
date
May 17, 2023, 9:55 p.m.
name
Kubernetes v1.26.5
type
Patch
👇
Register or login to:
- 🔍View and search all Kubernetes releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!