Container-Optimized OS - Release Notes

Current Active Releases

The following images are currently available in the cos-cloud image project:

StableBetaDev
cos-stable-59-9460-73-0
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.11.2
cos-beta-60-9592-70-0
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.13.1
cos-dev-61-9765-8-0
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v17.03.2

Release Schedule

Actual dates may float slightly.

MilestoneStable AfterDeprecated After
62Oct 17, 2017Jan 18, 2018
61Sep 12, 2017Nov 30, 2017
60Aug 01, 2017Oct 12, 2017
59Jun 06, 2017Aug 31, 2017

Changelog

cos-dev-61-9765-8-0

Date:           Jul 27, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v17.03.2
Changelog (vs 61-9759-0-0):
    * Fixed build issues with open source codebase

cos-beta-60-9592-70-0

Date:           Jul 27, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.13.1
Changelog (vs 60-9592-65-0):
    * Updated sys-apps/coreutils to 8.25. Greatly reduced number of syscalls du makes and improved kubelet performance

cos-beta-60-9592-65-0

Date:           Jul 20, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.13.1
Changelog (vs 60-9592-52-0):
    * Fix for Linux kernel CVE-2017-11176
    * Fixed a bug in the ip sets command: sometimes valid entries in hash:* types of sets were evicted

cos-dev-61-9759-0-0

Date:           Jul 20, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v17.03.2
Changelog (vs 61-9733-0-0):
    * Updated sys-apps/coreutils to 8.25. Greatly reduced number of syscalls du makes and improved kubelet performance
    * Updated dev-go/dbus to use upstream commit bd29ed602e2c
    * Fix for Linux kernel CVE-2017-11176

cos-stable-59-9460-73-0

Date:           Jul 14, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.11.2
Changelog (vs 59-9460-64-0):
    * Fix for Linux kernel CVE-2017-1000364
    * Fix for Linux kernel CVE-2017-1000365
    * Fix for Linux kernel CVE-2017-1000370
    * Fix for Linux kernel CVE-2017-1000371
    * Fix for Linux kernel CVE-2017-1000379
    * Fix for glibc CVE-2017-1000366

cos-dev-61-9733-0-0

Date:           Jul 11, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v17.03.2
Changelog (vs 61-9715-0-0):
    * Upgraded Docker to v17.03.2
    * Fixed a bug in the ip sets command: sometimes valid entries in hash:* types of sets were evicted
    * Fix for Linux kernel CVE-2017-1000364

cos-beta-60-9592-52-0

Date:           Jul 11, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.13.1
Changelog (vs 60-9592-31-0):
    * Fix for Linux kernel CVE-2017-1000364
    * Fix for Linux kernel CVE-2017-1000365
    * Fix for Linux kernel CVE-2017-1000370
    * Fix for Linux kernel CVE-2017-1000371
    * Fix for Linux kernel CVE-2017-1000379
    * Fix for glibc CVE-2017-1000366

cos-dev-61-9715-0-0

Date:           Jul 05, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v17.03.1
Changelog (vs 61-9696-0-0):
    * Fixed a regression in cos-dev builds starting with 61-9655-0-0 that caused the image size to grow beyond 10GB.

cos-dev-61-9696-0-0

Date:           Jun 29, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v17.03.1
Changelog (vs 61-9678-0-0):
    * Switched to LLVM compiler
    * Fixed a bug that may lead to the kernel freezing with the following error message: "unregister_netdevice: waiting for lo to become free."

cos-dev-61-9678-0-0

Date:           Jun 26, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v17.03.1
Changelog (vs 61-9655-0-0):
    * Upgraded Docker to v17.03.1
    * Enabled live-restore and overlay2 for Docker by default
    * Updated default toolbox image tag to '20170615-00'
    * Fixed ext4 kernel panic caused by memory shortage in memory cgroup

cos-beta-60-9592-31-0

Date:           Jun 26, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.13.1
Changelog (vs 60-9592-23-0):
    * Fixed ext4 kernel panic caused by memory shortage in memory cgroup

cos-dev-61-9655-0-0

Date:           Jun 16, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.13.1
Changelog (vs 61-9626-0-0):
    * Disabled the default IP Aliases setting in the Google IP
      Forwarding Daemon
    * Upgraded docker-credential-gcr to v1.4.1
    * kernel: remove sysctl vm.disk_based_swap (default behavior is enabled)
    * Fix for Linux kernel CVE-2017-9075

cos-beta-60-9592-23-0

Date:           Jun 16, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.13.1
Changelog (vs 60-9592-11-0):
    * Disabled the default IP Aliases setting in the Google IP
      Forwarding Daemon
    * Fix for Linux kernel CVE-2017-9077
    * Fix for Linux kernel CVE-2017-9242

cos-stable-59-9460-64-0

Date:           Jun 16, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.11.2
Changelog (vs 59-9460-60-0):
    * Disabled the default IP Aliases setting in the Google IP
      Forwarding Daemon
    * Fix for Linux kernel CVE-2017-9077
    * Fix for Linux kernel CVE-2017-9242

cos-dev-61-9626-0-0

Date:           Jun 8, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.13.1
Changelog (vs 60-9592-2-0):
    * New milestone in dev channel
    * Fixed /etc/resolv.conf in toolbox container
    * Upgraded Kubernetes to v1.6.4
    * Support multiple network interfaces that are configured through DHCP
    * Updated to compute-image-packages-20170523
    * Fix for Linux kernel CVE-2017-9077
    * Fix for Linux kernel CVE-2017-9242

cos-beta-60-9592-11-0

Date:           Jun 8, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.13.1
Changelog (vs 60-9592-2-0):
    * Fixed /etc/resolv.conf in toolbox container
    * Upgraded Kubernetes to v1.6.4
    * Promoted to beta channel

cos-stable-59-9460-60-0

Date:           Jun 8, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.4
Docker:         v1.11.2
Changelog (vs 59-9460-57-0):
    * Upgraded Kubernetes to v1.6.4
    * Promoted to stable channel

cos-dev-60-9592-2-0

Date:           Jun 1, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.3
Docker:         v1.13.1
Changelog (vs 60-9588-0-0):
    * Minor bugfixes

cos-beta-59-9460-57-0

Date:           Jun 1, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.1
Docker:         v1.11.2
Changelog (vs 59-9460-51-0):
    * Minor bugfixes

cos-dev-60-9588-0-0

Date:           May 25, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.3
Docker:         v1.13.1
Changelog (vs 60-9565-0-0):
    * Fix for Linux kernel CVE-2017-8890
    * Fix a bug in CPU scheduler that may lead to kernel panic

cos-beta-59-9460-51-0

Date:           May 25, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.1
Docker:         v1.11.2
Changelog (vs 59-9460-43-0):
    * Fix for Linux kernel CVE-2017-8890

cos-stable-58-9334-74-0

Date:           May 25, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.6
Docker:         v1.11.2
Changelog (vs 58-9334-72-0):
    * Fix for Linux kernel CVE-2017-8890

cos-stable-57-9202-74-0

(gci-stable-57-9202-74-0 in google-containers project)

Date:           May 22, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Changelog (vs 57-9202-64-0):
    * Fix for Linux kernel CVE-2017-7895

cos-dev-60-9565-0-0

Date:           May 22, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.3
Docker:         v1.13.1
Changelog (vs 60-9540-0-0):
    * Fix for Linux kernel CVE-2017-7895
    * Upgraded Docker to v1.13.1
    * Upgraded Kubernetes to v1.6.3
    * /proc/config.gz available by default (without needed 'modprobe configs')
    * Added support for docker-credential-gcr
      (https://github.com/GoogleCloudPlatform/docker-credential-gcr)
    * Minor bugfix in audit subsystem

cos-stable-58-9334-72-0

Date:           May 18, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.6
Docker:         v1.11.2
Changelog (vs 58-9334-62-0):
    * Fix for Linux kernel CVE-2017-7895

cos-beta-59-9460-43-0

Date:           May 18, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.1
Docker:         v1.11.2
Changelog (vs 59-9460-20-0):
    * Fix for Linux kernel CVE-2017-7895

cos-dev-60-9540-0-0

Date:           May 11, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.1
Docker:         v1.11.2
Changelog (vs 60-9504-0-0):
    * Enabled kernel's static hugepage support
    * Enabled DM_THIN_PROVISIONING support
    * Enabled kernel address space layout randomization (KASLR)
    * Ensured cloud-init waits for user-data to become accessible
    * Added new gcr-online.target that can be used to launch tasks when Google
      Container Registry (GCR) becomes accessible on boot
    * Added support for DHCP option 119 (Domain Search List) in systemd

cos-dev-60-9504-0-0

Date:           May 3, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.1
Docker:         v1.11.2
Changelog (vs 59-9460-11-0):
    * Upgraded Kubernetes to version 1.6.1
    * Upgraded systemd to version 232
    * Upgraded D-Bus to version 1.10.12
    * Promoted to dev channel

cos-beta-59-9460-20-0

Date:           May 3, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.6.1
Docker:         v1.11.2
Changelog (vs 59-9460-11-0):
    * Upgraded Kubernetes to version 1.6.1
    * Promoted to beta channel

cos-stable-58-9334-62-0

Date:           May 3, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.6
Docker:         v1.11.2
Changelog (vs 58-9334-56-0):
    * No major changes since the last release
    * Promoted to stable channel

cos-dev-59-9460-11-0

Date:           Apr 27, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Changelog (vs 59-9460-4-0):
    * No major changes since the last release.

cos-beta-58-9334-56-0

Date:           Apr 27, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.6
Docker:         v1.11.2
Changelog (vs 58-9334-53-0):
    * Backported upstream kernel patch for error handling in encrypted ext4 filesystem

cos-beta-58-9334-53-0

Date:           Apr 20, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.6
Docker:         v1.11.2
Changelog (vs 58-9334-35-0):
    * Upgraded kubernetes to version 1.5.6

cos-dev-59-9460-4-0

Date:           Apr 20, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Changelog (vs 59-9452-0-0):
    * Fixed the incorrect kernel version shown in image description
    * Fixed the bug wherein journald doesn't persist logs across instance reboot
    * Changed compilation of runc, containerd and docker to dynamically-linked
    * Added support for journald as log driver for Docker containers
    * Run fsck for the stateful partition on every boot
    * Use new JSON file format for Docker configuration in dockercfg_update.sh

cos-dev-59-9452-0-0

Date:           Apr 12, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Changelog (vs 59-9436-0-0):
    * Minor internal implementation changes

cos-dev-59-9436-0-0

Date:           Apr 6, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Changelog (vs 59-9415-0-0):
    * Cherry-picked fixes for 'gcplogs' log-driver in Docker
      (https://github.com/docker/docker/issues/29344)
    * Enabled KPROBES kernel config so kprobes work

cos-beta-58-9334-35-0

Date:           Apr 6, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Changelog (vs 58-9334-28-0):
    * Cherry-picked fixes for 'gcplogs' log-driver in Docker
      (https://github.com/docker/docker/issues/29344)

cos-stable-57-9202-64-0

(gci-stable-57-9202-64-0 in google-containers project)

Date:           Apr 6, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Chaneglog (vs 57-9202-56-0):
    * Fixes for CVE-2017-7184, CVE-2017-7308
    * Cherry-picked fixes for 'gcplogs' log-driver in Docker
      (https://github.com/docker/docker/issues/29344)

cos-stable-56-9000-104-0

(gci-stable-56-9000-104-0 in google-containers project)

Date:           Apr 6, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.9
Docker:         v1.11.2
Changelog (vs 56-9000-103-0)
    * Fixes for CVE-2017-7184, CVE-2017-7308

cos-stable-56-9000-103-0

(gci-stable-56-9000-103-0 in google-containers project)

Date:           Apr 3, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.9
Docker:         v1.11.2
Changelog (vs 56-9000-84-2)
    * Updated Kubernetes to v1.4.9

cos-beta-58-9334-28-0

Date:           Mar 31, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Changelog (vs 58-9334-19-0):
    * Fixes for CVE-2017-7184, CVE-2017-7308

cos-dev-59-9415-0-0

Date:           Mar 31, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Changelog (vs 59-9394-0-0):
    * Upgraded libseccomp to version 2.3.1
    * Upgraded sys-kernel/linux-headers to version 4.4
    * Fixes for CVE-2017-7184, CVE-2017-7308

cos-stable-57-9202-56-0 rollback

(gci-stable-57-9202-56-0 rollback in google-containers project)

Date:           Mar 30, 2017
Rollback Reason:
    * Identified an issue where using the Docker API from inside a Docker
      container breaks in certain cases.

cos-dev-59-9394-0-0

Date:           Mar 24, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Changelog (vs 58-9334-11-0):
    * Improved metadata polling in device_policy_manager for lower latency

cos-beta-58-9334-19-0

Date:           Mar 24, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Changelog (vs 58-9334-11-0):
    * Upgraded kubernetes version to v1.5.4
    * Promoted to beta channel

cos-stable-57-9202-56-0

(gci-stable-57-9202-56-0 in google-containers project)

Date:           Mar 24, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.4
Docker:         v1.11.2
Chaneglog (vs 57-9202-51-0):
    * Upgraded kubernetes version to v1.5.4
    * Promoted to stable channel

cos-beta-57-9202-51-0

(gci-beta-57-9202-51-0 in google-containers project)

Date:           Mar  15, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.2
Docker:         v1.11.2
Changelog (vs 57-9202-38-0)
    * Minor changes

cos-dev-58-9334-11-0

Date:           Mar  15, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.2
Docker:         v1.11.2
Changelog (vs 58-9333-2-0)
    * Minor changes

cos-dev-58-9334-2-0

Date:           Mar  8, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.2
Docker:         v1.11.2
Changelog (vs 58-9330-0-0)
    * Fixed double-logging of audit messages
    * Updated compute-image-packages to v20170227

cos-dev-58-9330-0-0

Date:           Mar  3, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.2
Docker:         v1.11.2
Changelog (vs 58-9312-0-0)
    * Includes 3 network and 1 filesystem backports from upstream kernel

cos-dev-58-9312-0-0

Date:           Feb 24, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.2
Docker:         v1.11.2
Changelog (vs 58-9289-0-0)
    * Fixed CVE-2017-5551, CVE-2017-5967, CVE-2017-5970.
    * Allowed environment variables EDITOR, LANG, LC_ALL, PAGER, and TZ to be set through ssh.
    * Backported a patch for compute-image-packages to fix high cpu usage.

cos-beta-57-9202-38-0

(gci-beta-57-9202-38-0 in google-containers project)

Date:           Feb 24, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.2
Docker:         v1.11.2
Changelog (vs 57-9202-38-0)
    * Minor changes.

cos-dev-58-9289-0-0

Date:           Feb 17, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.2
Docker:         v1.11.2
Changelog (vs 57-9202-30-0)
    * device_policy_manager now supports full image name as the value for 'cos-update-strategy'.
    * device_policy_manager now performs channel switch when users try to update to a different channel.
    * Expanded bindmount@.service into .mount units.
    * Removed dependency on Upstart so that systemd is now the init process as PID 1.
    * Added a C.UTF-8 locale and made it default.
    * Moved all COS-specific system services under the cgroup slice '/system.slice/system-sysdaemons.slice/'.
    * Backported fixes for issues identified by KASAN.

cos-stable-56-9000-84-2

(gci-stable-56-9000-84-2 in google-containers project)

Date:           Fec 17, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.8
Docker:         v1.11.2
Changelog (vs 56-9000-84-0)
    * Promoted to stable channel.
    * Backported upstream kernel patches to fix iptables-restore performance regression in 4.4 kernel.
    * Fixed a bug in google-accounts-daemon which causes it to misbehave when network/metadata service becomes unavailable.

cos-beta-57-9202-30-0

(gci-beta-57-9202-30-0 google-containers project)

Date:           Feb 16, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.2
Docker:         v1.11.2
Changelog (vs 57-9202-26-0)
    * Fixed a bug in google-accounts-daemon which causes it to misbehave when network/metadata service becomes unavailable.
    * Improved handling of missing metadata keys in device_policy_manager.

cos-dev-57-9202-26-0

(gci-dev-57-9202-26-0 google-containers project)

Date:           Feb 13, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.2
Docker:         v1.11.2
Changelog (vs 57-9202-20-0)
    * Backported upstream kernel patches to fix iptables-restore performance regression in 4.4 kernel

cos-dev-57-9202-20-0

(gci-dev-57-9202-20-0 google-containers project)

Date:           Feb 09, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.5.2
Docker:         v1.11.2
Changelog (vs 57-9196-0-0)
    * Backported the get_metadata_value script from compute-image-packages 1.3.3
    * Changeed ID=gci to ID=cos in /etc/os-release
    * Added support metadata keys with 'cos-' prefix
    * Upgraded kubernetes to 1.5.2
    * Fixed CVE-2016-9962 in runc
    * Backported a few upstream kernel patches that fixed xfstest failures for ext4.

cos-beta-56-9000-84-0

(gci-beta-56-9000-84-0 in google-containers project)

Date:           Fec 08, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.8
Docker:         v1.11.2
Changelog (vs 56-9000-80-0)
    * Changed ID=gci to ID=cos in /etc/os-release

cos-stable-55-8872-79-0

(gci-stable-55-8872-79-0 in google-containers project)

Date:           Feb 03, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 55-8872-77-0)
    * Added support metadata keys with 'cos-' prefix
    * Changed ID=gci to ID=cos in /etc/os-release

cos-beta-56-9000-80-0

(gci-beta-56-9000-80-0 in google-containers project)

Date:           Jan 31, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.8
Docker:         v1.11.2
Changelog (vs 56-9000-76-0)
    * Backported get_metadata_value script
    * Added support metadata keys with 'cos-' prefix

cos-stable-55-8872-77-0

(gci-stable-55-8872-77-0 in google-containers project)

Date:           Jan 27, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 55-8872-76-0)
    * Fixed CVE-2016-9962 in runc component of Docker

cos-beta-56-9000-76-0

(gci-beta-56-9000-76-0 in google-containers project)

Date:           Jan 26, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.8
Docker:         v1.11.2
Changelog (vs 56-9000-66-0)
    * Updated Kubernetes to v1.4.8
    * Fix issue where net.ipv4.conf.eth0.forwarding and net.ipv4.ip_forward could
      get reset to 0 on systemd-networkd and/or systemd-sysctl service restart
    * Fixed CVE-2016-9962 in runc component of Docker

cos-dev-57-9196-0-0

(gci-dev-57-9196-0-0 google-containers project)

Date:           Jan 18, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 57-9102-0-0)
    * kernel: Use kernel default of net.ipv4.ip_forwarding
    * kernel: LSM: fix buffer over-read in printable_cmdline
    * kernel: Merge with stable kernel v4.4.35
    * glibc: roll to 2.23

gci-beta-56-9000-66-0

Date:           Jan 18, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 56-9000-36-0)
    * minor changes

gci-stable-55-8872-76-0

Date:           Jan 18, 2017
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 55-8872-71-0)
    * minor changes

gci-dev-56-9000-36-0

Date:           Dec 22, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 56-9000-21-0)
    * Fixed CVE-2016-7039, CVE-2016-8655, CVE-2016-9793

gci-dev-57-9102-0-0

Date:           Dec 19, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 56-9000-21-0):
    * default.target now refers to multi-user.target instead of graphical.target in systemd
    * fixes a bug in systemd that could cause toolbox to terminate unexpectedly
    * Fixed CVE-2016-7039, CVE-2016-8655, CVE-2016-9793
    * other bugfixes

gci-beta-56-9000-21-0

Date:           Dec 15, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog:
    * Promoted to beta from #gci-dev-56-9000-21-0

gci-stable-55-8872-71-0

Date:           Dec 14, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog:
    * Promoted to stable from #gci-beta-55-8872-71-0

gci-beta-55-8872-71-0

Date:           Dec 14, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 55-8872-70-0)
    * Fixed CVE-2016-7039, CVE-2016-8655, CVE-2016-9793

gci-beta-55-8872-70-0

Date:           Dec 09, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 55-8872-55-0)
    * Enabled BLK_DEV_THROTTLING and process stats accounting config options in kernel
    * Fixed CVE-2015-8964, CVE-2016-6828, CVE-2016-7042, CVE-2016-7097, CVE-2016-7917 and CVE-2016-8666

gci-dev-56-9000-21-0

Date:           Dec 09, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 56-8977-0-0)
    * Updated Kubernetes to v1.4.6
    * Added compute-image-packages (20160930 release)
    * Enabled BLK_DEV_THROTTLING, BLK_DEV_NVME and process stats accounting config options in kernel
    * Fixed Fixed CVE-2015-8964, CVE-2016-6828, CVE-2016-7042, CVE-2016-7097 and CVE-2016-7917

gci-stable-54-8743-89-0

Date:           Dec 06, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.10
Docker:         v1.11.2
Changelog (vs 54-8743-86-0)
    * Enabled BLK_DEV_THROTTLING kernel config
    * Enabled kernel configs related to process stats accounting
    * Fixed CVE-2015-8964, CVE-2016-6828, CVE-2016-7042, CVE-2016-7097, CVE-2016-7917 and CVE-2016-8666

gci-beta-55-8872-55-0

Date:           Nov 17, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.6
Docker:         v1.11.2
Changelog (vs 54-8872-47-0)
    * Updated Kubernetes to v1.4.6
    * Change the product name to 'Container-Optimized OS' in /etc/os-release

gci-stable-54-8743-86-0

Date:           Nov 17, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.10
Docker:         v1.11.2
Changelog (vs 54-8743-76-0)
    * Updated Kubernetes to v1.3.10
    * Change the product name to 'Container-Optimized OS' in /etc/os-release

gci-stable-53-8530-102-0

Date:           Nov 17, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.9
Docker:         v1.11.2
Changelog (vs 53-8530-100-0)
    * Change the product name to 'Container-Optimized OS' in /etc/os-release

gci-beta-55-8872-47-0

Date:           Nov 11, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.5
Docker:         v1.11.2
Changelog (vs 55-8872-40-0)
    * Cherry-pick runc PR#608: Eliminate redundant parsing of mountinfo

gci-dev-56-8977-0-0

Date:           Nov 10, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.5
Docker:         v1.11.2
Changelog (vs 56-8956-0-0)
    * Cherry-pick runc PR#608: Eliminate redundant parsing of mountinfo
    * Enabled various kernel modules needed for iptables and conntrack functionality to work correctly.
    * Updated Docker image used by toolbox and it now comes with several networking tools pre-installed.
    * Fixed CVE-2016-8666

gci-beta-55-8872-40-0

Date:           Nov 04, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.5
Docker:         v1.11.2
Changelog (vs 55-8872-26-0)
    * Updated kubernetes to v1.4.5

gci-dev-56-8956-0-0

Date:           Nov 03, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.5
Docker:         v1.11.2
Changelog (vs 56-8938-0-0)
    * Updated kubernetes to v1.4.5

gci-dev-56-8938-0-0

Date:           Oct 27, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.4
Docker:         v1.11.2
Changelog (vs 55-8872-18-0)
    * Updated kubernetes to v1.4.4
    * Fixed a bug in e2fsprogs that caused mke2fs to take a very long time. Upstream fix: http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=next&id=d33e690fe7a6cbeb51349d9f2c7fb16a6ebec9c2

gci-beta-55-8872-26-0

Date:           Oct 26, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.4
Docker:         v1.11.2
Changelog (vs 55-8872-18-0)
    * Updated kubernetes to v1.4.4
    * Fixed a bug in e2fsprogs that caused mke2fs to take a very long time. Upstream fix: http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=next&id=d33e690fe7a6cbeb51349d9f2c7fb16a6ebec9c2

gci-stable-54-8743-76-0

Date:           Oct 26, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.9
Docker:         v1.11.2
Changelog (vs 54-8743-71-0)
    * Fixed a bug in e2fsprogs that caused mke2fs to take a very long time. Upstream fix: http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=next&id=d33e690fe7a6cbeb51349d9f2c7fb16a6ebec9c2

gci-stable-54-8743-71-0

Date:           Oct 21, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.9
Docker:         v1.11.2
Changelog (vs 54-8743-69-0)
    * Fix for Linux Kernel CVE-2016-5195 (Dirty Cow)
    * Updated kubernetes to v1.3.9
    * Disabled timeout in systemd-networkd-wait-online.service to better deal with network bringup latency observed in some cases

gci-stable-53-8530-100-0

Date:           Oct 20, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.9
Docker:         v1.11.2
Changelog (vs 53-8530-85-0)
    * Fix for Linux Kernel CVE-2016-5195 (Dirty Cow)
    * Updated kubernetes to v1.3.9

gci-dev-55-8872-18-0

Date:           Oct 20, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.1
Docker:         v1.11.2
Changelog (vs 55-8872-16-0)
    * Fix for Linux Kernel CVE-2016-5195 (Dirty Cow)

gci-beta-54-8743-69-0

Date:           Oct 19, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.8
Docker:         v1.11.2
Changelog (vs 54-8743-54-0)
    * Minor bugfixes

gci-dev-55-8872-16-0

Date:           Oct 19, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.1
Docker:         v1.11.2
Changelog (vs 55-8866-0-0)
    * Updated kubernetes to v1.4.1
    * Toolbox started using gcr.io/google-containers/toolbox as base image
    * Enabled FSCACHE, CACHEFILES and NFS_FSCACHE kernel configurations for better NFS support

gci-dev-55-8866-0-0

Date:           Oct 5, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.4.0
Docker:         v1.11.2
Changelog (vs 55-8820-0-0)
    * Updated kubernetes to v1.4.0
    * Enabled VXLAN and IP_SET config options in kernel to support some networking tools
    * Patched OpenSSL (CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6303)

gci-beta-54-8743-54-0

Date:           Oct 4, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.8
Docker:         v1.11.2
Changelog (vs 54-8743-42-0):
    * Updated Kubernetes to v1.3.8
    * Backported OverlayFS fixes from v4.4.21 stable kernel

gci-stable-53-8530-94-0

Date:           Sep 28, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.8
Docker:         v1.11.2
Changelog (vs 53-8530-85-0):
    * Fixed performance regression in veth device driver in ChromiumOS kernel
    * Updated Kubernetes to v1.3.8

gci-dev-55-8820-0-0

Date:           Sep 20, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.7
Docker:         v1.11.2
Changelog:
    * Updated kubernetes to v1.3.7
    * Added ebtables and ethtools
    * Changed the binaries runc, containerd and docker to be statically linked
    * Patched systemd to prevent being OOM-killed when running as PID other than 1
    * Fixed performance regression in veth device driver in ChromiumOS kernel

gci-beta-54-8743-42-0

Date:           Sep 27, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.7
Docker:         v1.11.2
Changelog (vs 54-8743-25-0):
    * Updated Kubernetes to v1.3.7
    * Fixed performance regression in veth device driver in ChromiumOS kernel
    * Patched OpenSSL (CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6303)

gci-beta-54-8743-25-0

Date:           Sep 13, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.6
Docker:         v1.11.2
Changelog:
    * Promoted release milestone 54 to beta

gci-stable-53-8530-85-0

Date:           Sep 14, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.7
Docker:         v1.11.2
Changelog (vs 53-8530-81-0):
    * Updated Kubernetes to v1.3.7
    * Enable marketing name injection for model and name
    * CRAS: bt_device - Associate with adapter's object path

gci-stable-53-8530-81-0

Date:           Sep 8, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.6
Docker:         v1.11.2
Changelog (vs 53-8530-71-0):
    * docker: upgrade go-patricia to fix memory leak (Docker issue#24420)
    * overlayfs corruption fix (Kernel commit 45d11738969633ec07ca35d75d486bf2d8918df6)

gci-dev-54-8743-3-0

Date:           Aug 29, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.6
Docker:         v1.11.2
Changelog (vs 54-8711-0-0):
    * Updated Kubernetes to v1.3.6.
    * Docker: cherry-pick fix for memory leak in go-patricia
      (Docker commit 3d714b5ed58cfdfd5872ddd3654d171b09bb02d3)
    * Cloud-Init: execute users-groups before write-files
    * Kernel: make SHA256 the default hash for IMA

gci-beta-53-8530-71-0

Date:           Aug 29, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.6
Docker:         v1.11.2
Changelog (vs gci-beta-53-8530-57-0):
    * Updated Kubernetes to v1.3.6.

gci-stable-52-8350-75-0

Date:           August 25, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.2.6
Docker:         v1.9.1
Changelog (vs gci-stable-52-8350-60-0):
    * Fix for a ChromiumOS-specific memory leak in fs/namei.c

gci-dev-54-8711-0-0

Date:           Aug 16, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.5
Docker:         v1.11.2
Changelog (vs 54-8666-0-0):
    * Updated Kubernetes to v1.3.5.
    * Enable apparmor support by default
    * Enable GCR (Container Registry) mirror
    * Enable bcache as a module

gci-beta-53-8530-57-0

Date:           Aug 15, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.5
Docker:         v1.11.2
Changelog (vs gci-beta-53-8530-42-0):
    * Updated Kubernetes to v1.3.5.
    * Users creates by Google accounts manager daemon are automatically added to docker group
    * Fixed a filesystem-related memory leak in ChromiumOS kernel

gci-dev-54-8666-0-0

Date:           Aug 3, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.4
Docker:         v1.11.2
Changelog (vs gci-dev-53-8530-29-0):
    * Updated Kubernetes to v1.3.4.
    * Kernel: many unused features were disabled
    * Added apparmor support
    * Enabled seccomp support
    * Kernel updated to 4.4.14
    * Updated 'toolbox' image to 'jessie-backports'

gci-beta-53-8530-42-0

Date:           Aug 3, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.4
Docker:         v1.11.2
Changelog:
    * Updated Kubernetes to v1.3.4.

gci-beta-53-8530-40-0

Date:           Aug 2, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.3
Docker:         v1.11.2
Changelog:
    * Promoted release milestone 53 to beta (no code changes vs gci-dev-53-8530-29-0)

gci-stable-52-8350-60-0

Date:           July 28, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.2.6
Docker:         v1.9.1
Changelog:
    * Promoted release milestone 52 to stable (no code changes)

gci-dev-53-8530-29-0

Date:           July 25, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.3
Docker:         v1.11.2
Changelog:
    * Updated Kubernetes to v1.3.3.
    * Minor bugfix in crash/metrics reporting code.

gci-beta-52-8350-60-0

Date:           July 21, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.2.6
Docker:         v1.9.1
Changelog:
    * Updated Kubernetes to v1.2.6.

gci-dev-53-8530-20-0

Date:           July 18, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.2
Docker:         v1.11.2
Changelog:
    * Updated Kubernetes to v1.3.2.

gci-dev-53-8530-14-0

Date:           July 14, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.0
Docker:         v1.11.2
Changelog:
    * Minor fixes.

gci-dev-53-8530-6-0

Date:           July 07, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.0
Docker:         v1.11.2
Changelog:
    * Updated Kubernetes to v1.3.0
    * Fixed a typo in cloud-init's UID assignment code
    * Enabled NFS server and client support in the kernel
    * Enabled crash and metrics collection daemons (requires user opt-in, see
    Configuring a Container-VM instance)

gci-beta-52-8350-45-0

Date:           June 28, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.2.5
Docker:         v1.9.1
Changelog:
    * Updated Kubernetes to v1.2.5

gci-dev-53-8490-0-0

Date:           June 23, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.3.0-beta2
Docker:         v1.11.2
Changelog:
    * Updated Kubernetes to v1.3.0-beta2
    * Added a systemd service cloud-audit-setup to log network connections and binary executions (disabled by default)

gci-beta-52-8350-39-0

Date:           June 23, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.2.4
Docker:         v1.9.1
Changelog:
    * Promoted release milestone 52 to beta
    * Started to audit every binary execution

gci-stable-51-8172-47-0

Date:           June 9, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v.1.2.4
Docker:         v1.9.1
Changelog:
    * Promoted release milestone 51 to stable (no code changes since gci-beta-51-8172-38-0)

gci-dev-52-8352-0-0

Date:           May 23, 2016
Kernel:         ChromiumOS-4.4
Kubernetes:     v1.2.4
Docker:         v1.9.1
Changelog:
    * Kernel upgraded to v4.4
    * cloud-init: add patch to resolve metadata server locally
    * docker: backport fix for issue#18113
    * docker: Add error checks in dockercfg_update.sh

gci-beta-51-8172-38-0

Date:           May 18, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v1.2.4
Docker:         v1.9.1
Changelog:
    * cloud-init: add patch to resolve metadata server locally
    * docker: backport fix for issue#18113
    * docker: Add error checks in dockercfg_update.sh

gci-dev-52-8300-0-0

Date:           May 09, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v1.2.4
Docker:         v1.9.1
Changelog:
    * Updated Kubernetes to v1.2.4
    * Fixed device policy file corruption
    * Fixed image license
    * Switched to using grub2
    * Fixed manual rollback
    * Added /etc/os-release file

gci-beta-51-8172-26-0

Date:           May 09, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v1.2.4
Docker:         v1.9.1
Changelog:
    * Updated Kubernetes to v1.2.4

gci-stable-50-7978-71-0

Date:           May 05, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v1.1.8
Docker:         v1.9.1
Changelog:
    * Fixed image license
    * Internal cleanup changes

gci-beta-51-8172-23-0

Date:           May 04, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v1.2.3
Docker:         v1.9.1
Changelog:
    * Fixed image license
    * Fixed device-policy file corruption

gci-stable-50-7978-62-0

Date:           Apr 26, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v1.1.8
Docker:         v1.9.1
Changelog:
    * Promoted to Stable channel
    * Fix for CVE-2015-8785

gci-beta-51-8172-12-0

Date:           Apr 26, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v1.2.3
Docker:         v1.9.1
Changelog:
    * Promoted to Beta channel
    * Updated Kubernetes to 1.2.3
    * Added kubelet systemd service
    * glibc: backport fix for CVE-2013-7423
    * Fix for CVE-2015-8785

gci-dev-52-8244-0-0

Date:           Apr 26, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v1.2.3
Docker:         v1.9.1
Changelog:
    * Updated Kubernetes to 1.2.3
    * Added kubelet systemd service
    * Fixed /etc/localtime symlink
    * Rixed mount options usage in gci_startup
    * Improved error checks in dockercfg_update.sh
    * Send audit messages to journald
    * glibc: backport fix for CVE-2013-7423
    * Fix for CVE-2015-8785

gci-dev-51-8168-0-0

Date:           Apr 21, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v1.2.2
Docker:         v1.9.1
Changelog:
    * Bug fixes


gci-beta-50-7978-52-0

Date:           Apr 11, 2016
Kernel:         ChromiumOS-3.18
Kubernetes:     v1.1.8
Docker:         v1.9.1
Changelog:
    * Promoted to beta channel

Send feedback about...

Container-Optimized OS