You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
November 11, 2024
cos-dev-121-18747-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.59 | v24.0.9 | v1.7.23 | See List |
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.
Fixed CVE-2024-9143 in dev-libs/openssl.
Fixed KCTF-2e95c43 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811822 -> 811804
November 06, 2024
cos-dev-121-18736-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.59 | v24.0.9 | v1.7.23 | See List |
Updated the Linux kernel to v6.6.59.
Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-50602 in dev-libs/expat.
Runtime sysctl changes:
- Changed: fs.file-max: 811799 -> 811822
October 21, 2024
cos-dev-121-18718-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.56 | v24.0.9 | v1.7.23 | See List |
Updated app-containers/containerd to 1.7.23.
Updated the Linux kernel to v6.6.56.
Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.
Runtime sysctl changes:
- Changed: fs.file-max: 811780 -> 811799
October 14, 2024
cos-dev-121-18712-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.54 | v24.0.9 | v1.7.22 | See List |
Updated the Linux kernel to v6.6.54.
Update R535, default driver to v535.183.06.
Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.
Disabled MGLRU by default due to integration issues with Kubernetes.
Upgraded to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.
Runtime sysctl changes:
- Changed: fs.file-max: 811792 -> 811780
October 07, 2024
cos-dev-121-18699-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.52 | v24.0.9 | v1.7.22 | See List |
Upgraded chromeos-base/shill-client to v0.0.1-r4695.
Runtime sysctl changes:
- Changed: fs.file-max: 811711 -> 811792
September 30, 2024
cos-dev-121-18698-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.52 | v24.0.9 | v1.7.22 | See List |
Upgraded app-admin/google-guest-configs to v20240924.00.
Upgraded app-admin/google-osconfig-agent to v20240924.02.
Upgraded app-admin/google-guest-configs to v20240905.00.
Upgraded app-admin/fluent-bit to v3.1.8.
Upgraded app-containers/docker-credential-gcr to v2.1.25.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r642.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2449.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2801.
Upgraded chromeos-base/debugd-client to v0.0.1-r2712.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2947.
Upgraded chromeos-base/minijail to v18-r155.
Upgraded chromeos-base/shill-client to v0.0.1-r4688.
Upgraded dev-python/configobj to v5.0.9.
Upgraded net-firewall/iptables to v1.8.10-r1.
Upgraded net-libs/libtirpc to v1.3.5.
Upgraded dev-libs/nss to v3.104.
Upgraded net-dns/c-ares to v1.33.1.
Updated the Linux kernel to v6.6.52.
Update R550, latest driver to v550.90.12.
Updated cos-gpu-installer to v2.4.2. This enables creation of /dev/dri when loading nvidia-drm.ko for COS kernels build with loadable drm and dependent modules.
Removed sys-libs/libsepol and sys-libs/libselinux.
Removed dev-libs/libusb.
Removed sys-libs/gdbm.
Removed dev-python/zope-interface.
Updated net-misc/curl to 8.10.0.
September 16, 2024
cos-dev-121-18667-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.51 | v24.0.9 | v1.7.22 | See List |
Updated app-containers/containerd to v1.7.22.
Updated the Linux kernel to v6.6.51.
Fixed CVE-2023-27043 in dev-lang/python.
Fixed CVE-2024-7592 in dev-lang/python.
Fixed CVE-2024-6232 in dev-lang/python.
Fixed CVE-2024-6119 in net-libs/openssl.
Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.
Runtime sysctl changes:
- Changed: fs.file-max: 811768 -> 811782
September 09, 2024
cos-dev-121-18657-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.49 | v24.0.9 | v1.7.21 | See List |
Updated app-containers/containerd to 1.7.21.
Updated dev-go/oauth2 to v0.23.0. Removed dev-go/appengine.
Updated dev-lang/python to 3.8.19_p1. This fixes CVE-2007-4559.
Updated the Linux kernel to v6.6.49.
Removed chromeos-base/ec-utils and chromeos-base/ec-utils.
Removed dev-libs/confuse and dev-embedded/libftdi.
Removed dev-python/setuptools.
Removed dev-python/webcolors.
Replaced cos-extensions with new Go binary.
Updated google-osconfig-agent to v20240822.00.
Fixes CVE-2023-7256 in net-libs/libpcap.
Upgraded app-editors/vim, app-editors/vim-core to 9.1.0698. This fixed CVE-2024-43790, CVE-2024-43802.
Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Runtime sysctl changes:
- Changed: fs.file-max: 811752 -> 811768
August 26, 2024
cos-dev-121-18632-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.47 | v24.0.9 | v1.7.20 | See List |
Upgraded app-admin/google-guest-agent to v20240816.00.
Upgraded app-admin/fluent-bit to v3.1.6.
Upgraded chromeos-base/shill-client to v0.0.1-r4654.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r640.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2799.
Upgraded chromeos-base/debugd-client to v0.0.1-r2710.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2445.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2945.
Upgraded dev-db/sqlite to v3.46.1.
Upgraded sys-fs/xfsprogs to v6.9.0.
Upgraded net-dns/c-ares to v1.33.0.
Upgraded sys-apps/gentoo-functions to v1.7.2.
Updated the Linux kernel to v6.6.47.
Runtime sysctl changes:
- Added: vm.unprivileged_userfaultfd: 0
- Changed: fs.file-max: 811814 -> 811752
August 20, 2024
cos-dev-121-18623-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.46 | v24.0.9 | v1.7.20 | See List |
Upgraded app-admin/google-guest-configs to v20240725.00.
Upgraded app-containers/docker-credential-gcr to v2.1.23.
Updated app-emulation/kubernetes to 1.30.3.
Upgraded app-admin/google-guest-agent to v20240716.00.
Upgraded app-admin/fluent-bit to v3.1.3.
Upgraded app-emulation/kubernetes to 1.29.7.
Upgraded app-containers/containerd to 1.7.20.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2797.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r638.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2943.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2442.
Upgraded chromeos-base/debugd-client to v0.0.1-r2708.
Upgraded chromeos-base/shill-client to v0.0.1-r4637.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.
Upgraded chromeos-base/debugd-client to v0.0.1-r2707.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.
Upgraded chromeos-base/shill-client to v0.0.1-r4612.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.
Upgraded app-arch/lz4 to v1.10.0-r1.
Upgraded net-libs/libtirpc to v1.3.4-r3.
Upgraded sys-apps/gentoo-functions to v1.7.1.
Upgraded dev-libs/nss to v3.103.
Upgraded sys-apps/pv to v1.8.12.
Upgraded app-arch/gzip to v1.13-r1.
Upgraded net-libs/gnutls to v3.8.6.
Upgraded net-misc/rsync to v3.3.0-r1.
Upgraded sys-apps/less to v661.
Upgraded sys-libs/gdbm to v1.24.
Upgraded dev-libs/nss to v3.102.
Upgraded the Linux kernel to v6.6.46.
Added more service logs to the default Cloud Logging configuration.
Allowed GPU driver installation on dev-channel images without the -test flag.
Updated protobuf-legacy-api to v1.5.4.
Downgraded sys-apps/ethtool to v6.7.
Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.
Updated dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.
Updated dev-go/net to v0.27.0. This fixes CVE-2023-45288.
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.
Runtime sysctl changes:
- Changed: fs.file-max: 811776 -> 811814
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
July 22, 2024
cos-dev-117-18567-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.40 | v24.0.9 | v2.0.0rc2 | See List |
Updated the Linux kernel to v6.6.40.
Disable NVIDIA persistence mode with -no-verify flag
Fixed CVE-2024-39894 in net-misc/openssh.
July 15, 2024
cos-dev-117-18555-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.37 | v24.0.9 | v2.0.0rc2 | See List |
Upgrade fluent-bit to v3.0.6.
Upgraded app-admin/node-problem-detector to v0.8.19.
Upgraded app-containers/cni-plugins to v1.5.1.
Upgraded app-admin/google-guest-configs to v20240607.00.
Added support for TPU v6 devices.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2792.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2437.
Upgraded sys-apps/dbus to v1.14.10-r192.
Upgraded chromeos-base/shill-client to v0.0.1-r4577.
Upgraded chromeos-base/debugd-client to v0.0.1-r2703.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2937.
Upgraded chromeos-base/minijail to v18-r142.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r633.
Upgraded dev-embedded/libftdi to v1.5-r7.
Upgraded sys-apps/pv to v1.8.10.
Upgraded net-dns/c-ares to v1.31.0.
Upgraded app-admin/logrotate to v3.22.0.
Upgraded dev-python/pygobject to v3.46.0-r1.
Upgraded dev-db/sqlite to v3.46.0.
Upgraded dev-libs/nss to v3.101.
Upgraded sys-apps/hwdata to v0.383.
Upgraded net-misc/rsync to v3.3.0.
Upgraded sys-apps/findutils to v4.10.0.
Upgraded sys-libs/libseccomp to v2.5.5-r1.
Upgraded net-misc/curl to v8.8.0-r1.
Upgraded sys-apps/ethtool to v6.9.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.
Updated cos-gpu-installer to v2.3.5.
Added the package revision number to the SSH banner in net-misc/openssh.
Fixed glibc-2.36 build errors in sys-boot/syslinux.
Upgraded dev-lang/go to v1.22.4. This fixes CVE-2024-24790 and CVE-2024-24789.
Fixed CVE-2024-35195 in dev-python/requests.
Runtime sysctl changes:
- Added: net.ipv4.tcp_rto_min_us: 200000
- Changed: fs.file-max: 811785 -> 811776
June 24, 2024
cos-dev-117-18514-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.34 | v24.0.9 | v2.0.0rc2 | v535.183.01(default),v550.90.07(latest) |
Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".
Updated R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.
Updated R535, default driver to v535.183.01.This fixes CVE‑2024‑0090 and CVE‑2024‑0092.
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
- Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
- Changed: fs.fanotify.max_user_marks: 67560 -> 67544
- Changed: fs.file-max: 811880 -> 811785
- Changed: fs.inotify.max_user_watches: 63441 -> 63425
- Changed: kernel.threads-max: 63503 -> 63487
- Changed: net.core.optmem_max: 20480 -> 131072
- Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
- Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
- Changed: user.max_cgroup_namespaces: 31751 -> 31743
- Changed: user.max_fanotify_marks: 67560 -> 67544
- Changed: user.max_inotify_watches: 63441 -> 63425
- Changed: user.max_ipc_namespaces: 31751 -> 31743
- Changed: user.max_mnt_namespaces: 31751 -> 31743
- Changed: user.max_net_namespaces: 31751 -> 31743
- Changed: user.max_pid_namespaces: 31751 -> 31743
- Changed: user.max_time_namespaces: 31751 -> 31743
- Changed: user.max_user_namespaces: 31751 -> 31743
- Changed: user.max_uts_namespaces: 31751 -> 31743
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
June 18, 2024
cos-dev-117-18508-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.33 | v24.0.9 | v2.0.0rc2 | v535.161.08(default),v550.54.15(latest) |
Upgraded containerd to 2.0.0-rc.2
Upgraded app-containers/docker-credential-helpers to v0.8.2.
Upgraded app-admin/google-guest-agent to v20240528.00.
Upgraded app-containers/cni-plugins to v1.5.0.
Upgraded app-admin/google-guest-configs to v20240514.00.
Updated cos-gpu-installer to v2.3.1. This switches the default location of GPU drivers sourced from gs://nvidia-drivers-{region}-public to gs://cos-nvidia-gpu-drivers.
Upgraded app-admin/google-osconfig-agent to v20240501.00.
Upgraded sys-apps/makedumpfile to v1.7.5.
Upgraded app-admin/sosreport to v4.7.1.
Upgraded app-admin/node-problem-detector to v0.8.18.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2430.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2784.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r627.
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.
Upgraded chromeos-base/minijail to v18-r141.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2928.
Upgraded chromeos-base/debugd-client to v0.0.1-r2693.
Upgraded sys-apps/rootdev to v0.0.1-r50.
Upgraded chromeos-base/shill-client to v0.0.1-r4515.
Upgraded dev-util/puffin to v1.0.0-r451.
Upgraded net-dns/c-ares to v1.29.0.
Upgraded dev-libs/double-conversion to v3.3.0.
Upgraded sys-apps/sed to v4.9-r1.
Upgraded sys-process/procps to v4.0.4-r1.
Upgraded dev-libs/nss to v3.100.
Upgraded sys-fs/e2fsprogs to v1.47.0-r3.
Upgraded sys-libs/libcap to v2.70.
Upgraded dev-python/jinja to v3.1.4.
Upgraded sys-apps/pv to v1.8.9.
Upgraded net-libs/gnutls to v3.8.5-r1.
Upgraded sys-apps/hwdata to v0.382.
Upgraded sys-apps/dmidecode to v3.6.
Upgraded sys-fs/xfsprogs to v6.8.0.
Upgraded sys-apps/less to v643-r2.
Upgraded sys-apps/acl to v2.3.2-r1.
Upgraded sys-apps/grep to v3.11-r1.
Upgraded net-misc/curl to v8.8.0.
Upgraded net-libs/libtirpc to v1.3.4-r2.
Upgraded sys-apps/gentoo-functions to v1.6.
Upgraded net-misc/wget to v1.24.5.
Upgraded dev-embedded/libftdi to v1.5-r6.
Upgraded dev-libs/libusb to v1.0.27-r1.
Upgraded sys-libs/timezone-data to v2024a-r1.
Upgraded sys-libs/libcap-ng to v0.8.5.
Updated the Linux kernel to v6.6.33.
Mount efivarfs fs by default on EFI-enabled systems.
Added igzip CLI tool.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Updated cos-gpu-installer to v2.2.3.
New changes in cos-gpu-installer:v2.2.3:
1. Introduced --gcs-download-bucket-nvidia
and --gcs-download-prefix-nvidia
flags for customizing NVIDIA installer runfile downloads from Google Cloud Storage.
2. Introduced the --target-gpu
flag to facilitate precise GPU driver installations when no GPU is attached.
3. Replaced the HTTP client with a Google Cloud Storage client to improve the reliability of NVIDIA OSS installer runfiles downloads.
4. Implemented the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type. (Currently disabled)
5. Fixed an issue in the Google Cloud Storage Object download functionality to automatically remove the empty target file if a download fails.
6. Internal Cleanup: Migrated GPU device-related information to the deviceInfo package. Created a feature flags module in the features package. Added a config reader in the utils module to parse the cos-gpu-config.json.
Removed support for NVIDIA 470 drivers.
Removed net-libs/grpc.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Fix bug that cause constant restarts in fluent-bit stackdriver plugin.
Updated cos-gpu-installer to v2.3.3 - Resolved potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.
Updated cos-gpu-installer to v2.3.2. Added a validation check to ensure the '--no-verify' flag is specified when the '--target-gpu' flag is used in 'install' command.
Installed the google_optimize_local_ssd script.
Updated Konlet to v.0.12.0. This fixes an iptables compatibility issue.
Upgraded go to version 1.22.3.
Updated dev-go/pprof to v0.0.0_p20230811.
Updated dev-go/go-tools to v0.16.2_p20231218.
Updated dev-go/term to v0.15.0.
Updated dev-go/go-sys to v0.15.0.
Updated dev-go/sync to v0.5.0.
Updated dev-go/mod to v0.14.0.
Updated dev-go/demangle to v0.0.0_p20230524.
Updated dev-go/go-arch to v0.6.0.
Uprev GPU driver version to v470.239.06.
Updated cos-gpu-installer to v2.3.3 - Fix CVEs for cos-gpu-installer: Upgraded golang from 1.16 to 1.22.3, Upgraded google.golang.org/protobuf from v1.28.0 to v1.33.0, Upgraded google.golang.org/grpc from v1.48.0 to v1.56.3.
Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.
Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.
Fixed CVE-2024-34459 in the libxml2 package.
Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.
Fixed CVE-2023-32681 in dev-python/requests.
Fixed CVE-2024-3772 in dev-python/pydantic.
Fixed CVE-2023-5388 in dev-libs/nss.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Updated net-dns/c-ares to version 1.27. This fixed CVE-2024-25629.
Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.
Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to version 8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Runtime sysctl changes:
- Added: dev.tty.legacy_tiocsti: 1
- Added: kernel.io_uring_group: -1
- Added: kernel.kexec_load_limit_panic: -1
- Added: kernel.kexec_load_limit_reboot: -1
- Added: kernel.loadpin.enforce: 1
- Added: net.core.mem_pcpu_rsv: 256
- Added: net.core.rps_default_mask: 00
- Added: net.ipv4.tcp_plb_cong_thresh: 128
- Added: net.ipv4.tcp_plb_enabled: 0
- Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
- Added: net.ipv4.tcp_plb_rehash_rounds: 12
- Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
- Added: net.ipv4.tcp_syn_linear_timeouts: 4
- Added: net.ipv4.udp_child_hash_entries: 0
- Added: net.ipv4.udp_hash_entries: 4096
- Added: net.ipv6.icmp.error_anycast_as_unicast: 0
- Added: vm.memfd_noexec: 0
- Changed: fs.file-max: 812391 -> 811880
- Changed: net.core.optmem_max: 131072 -> 20480
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
- Deleted: net.ipv4.tcp_backlog_ack_defer: 1
April 15, 2024
cos-dev-117-18374-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.10 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Upgraded sys-boot/grub-lakitu to the FC 39's current version.
Updated the Linux kernel to v6.1.85.
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
April 01, 2024
cos-dev-117-18342-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.83 | v24.0.9 | v1.7.10 | v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Upgraded app-admin/google-guest-configs to v20240307.00.
Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.
Upgraded app-containers/cni-plugins to v1.4.1.
Upgraded app-admin/node-problem-detector to v0.8.17.
Upgraded app-admin/google-osconfig-agent to v20240320.00.
Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.
Upgraded app-admin/google-guest-agent to v20240314.00.
Update app-containers/nvidia-container-toolkit to v1.14.6.
Upgraded chromeos-base/debugd-client to v0.0.1-r2662.
Upgraded chromeos-base/vm_protos to v0.0.1-r563.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r613.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2889.
Upgraded chromeos-base/shill-client to v0.0.1-r4408.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2404.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2753.
Upgraded chromeos-base/hiberman-client to v0.0.1-r470.
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2788.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r610.
Upgraded app-benchmarks/bootchart to v0.9.2-r5.
Updated the Linux kernel to v6.1.83.
Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
Fixed a bug in google-guest-agent service enablement.
Downgraded app-misc/ca-certificates to v20230311.3.96.1.
March 27, 2024
cos-dev-117-18313-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.80 | v24.0.9 | v1.7.10 | v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Fixed integrity-fs dm-crypt creation flakiness.
March 22, 2024
cos-dev-117-18269-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.79 | v24.0.9 | v1.7.10 | v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded app-admin/sosreport to v4.7.0.
Upgraded app-containers/docker-credential-helpers to v0.8.1.
Upgraded app-emulation/cloud-init to v23.4.3.
Upgraded app-admin/google-guest-agent to v20240213.00.
Upgraded app-admin/google-osconfig-agent to v20240126.00.
Upgraded sys-auth/pambase to v20240128.
Upgraded net-misc/chrony to v4.5.
Upgraded app-containers/cni-plugins to v1.4.0.
Updated sys-apps/systemd to v254.9.
Updated app-emulation/kubernetes to v1.29.1.
Updated docker-credential-gcr to v2.1.22.
Upgraded app-admin/google-guest-agent to v20240122.00.
Upgraded app-admin/google-guest-configs to v20240122.00.
Upgraded app-admin/google-osconfig-agent to v20240123.01.
Upgraded sys-apps/makedumpfile to v1.7.4.
Updated app-containers/runc to v1.1.12.
Updated app-emulation/cloud-init to v23.4.2.
Updated app-admin/sosreport to v4.6.1.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r602.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2723.
Upgraded chromeos-base/shill-client to v0.0.1-r4341.
Upgraded chromeos-base/system_api to v0.0.1-r5653.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2861.
Upgraded chromeos-base/hiberman-client to v0.0.1-r456.
Upgraded chromeos-base/minijail to v18-r136.
Upgraded chromeos-base/system_api to v0.0.1-r5643.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2385.
Upgraded chromeos-base/hiberman-client to v0.0.1-r455.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2859.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r884.
Upgraded chromeos-base/vm_protos to v0.0.1-r552.
Upgraded chromeos-base/shill-client to v0.0.1-r4325.
Upgraded chromeos-base/minijail to v18-r135.
Upgraded chromeos-base/debugd-client to v0.0.1-r2641.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2722.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r601.
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.
Upgraded chromeos-base/debugd-client to v0.0.1-r2634.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2721.
Upgraded chromeos-base/shill-client to v0.0.1-r4308.
Upgraded dev-util/puffin to v1.0.0-r450.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r872.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2369.
Upgraded chromeos-base/hiberman-client to v0.0.1-r446.
Upgraded sys-fs/squashfs-tools to v4.6.1.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2849.
Upgraded sys-apps/sandbox to v2.29-r1.
Upgraded app-arch/xz-utils to v5.4.6-r1.
Upgraded app-misc/ca-certificates to v20230311.3.97.
Upgraded net-dns/c-ares to v1.26.0.
Upgraded net-dns/libidn2 to v2.3.7.
Upgraded sys-apps/attr to v2.5.2-r1.
Upgraded sys-apps/ethtool to v6.7.
Upgraded sys-apps/file to v5.45-r4.
Upgraded sys-libs/libcap to v2.69-r1.
Upgraded sys-libs/timezone-data to v2024a.
Upgraded sys-libs/zlib to v1.3.1-r1.
Upgraded dev-libs/libusb to v1.0.27.
Upgraded dev-libs/expat to v2.6.0.
Upgraded dev-db/sqlite to v3.45.1-r1.
Upgraded net-misc/curl to v8.5.0-r3.
Upgraded sys-apps/acl to v2.3.2.
Updated gzip to v1.13.
Updated cos-gpu-installer to v2.2.0.
Added automatic generation of known modules list to image build process.
Include nvidia plugin into sosreport.
Added support for iSCSI targets and RAM block devices.
Fixed a time-to-login slowdown introduced by cloud-init changes.
Upgrade docker to v24.0.9. This fixes CVE-2024-24557.
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in sys-boot/shim.
Fixed CVE-2023-40551 in sys-boot/shim.
Fixed CVE-2023-40547 in sys-boot/shim.
Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.
Fixed CVE-2024-0684 in sys-apps/coreutils.
Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853.
Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2024-23851 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
- Changed: fs.file-max: 812400 -> 812392
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
- Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
February 12, 2024
cos-dev-113-18203-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.5 | v1.7.10 | v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Update default and latest NVIDIA GPU drivers to 535.154.05.
Upgraded chromeos-base/shill-client to v0.0.1-r4278.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2712.
Upgraded chromeos-base/debugd-client to v0.0.1-r2628.
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r225.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r597.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r871.
Upgraded chromeos-base/hiberman-client to v0.0.1-r437.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2844.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2367.
Upgraded chromeos-base/shill-client to v0.0.1-r4263.
Upgraded dev-libs/nss to v3.97.
Upgraded net-libs/gnutls to v3.8.3.
Upgraded net-dns/c-ares to v1.25.0-r1.
Upgraded sys-apps/attr to v2.5.2.
Upgraded dev-python/jinja to v3.1.3.
Updated the Linux kernel to v6.1.75.
Changed default umask value for a user to 027.
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation
Removed legacy logging agent (fluentd).
Upgraded app-admin/google-guest-agent to v20240109.00.
Upgraded app-admin/google-guest-configs to v20240109.00.
Upgraded app-admin/google-osconfig-agent to v20231219.00.
Upgraded app-admin/node-problem-detector to v0.8.15.
Upgraded app-eselect/eselect-iptables to v20220320.
Upgraded sys-libs/libcap-ng to v0.8.4-r1.
Upgraded net-misc/rsync to v3.2.7-r4.
Upgraded net-misc/curl to v8.5.0-r2.
Upgraded dev-python/netifaces to v0.11.0-r2.
Fixed CVE-2024-21626 in app-containers/runc.
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
- Changed: fs.epoll.max_user_watches: 1809920 -> 1809474
- Changed: fs.fanotify.max_user_marks: 67577 -> 67560
- Changed: fs.file-max: 812606 -> 812400
- Changed: fs.inotify.max_user_watches: 63456 -> 63441
- Changed: kernel.threads-max: 63520 -> 63504
- Changed: net.core.optmem_max: 20480 -> 131072
- Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94068 125424 188136
- Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188136 250848 376272
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
- Changed: user.max_cgroup_namespaces: 31760 -> 31752
- Changed: user.max_fanotify_marks: 67577 -> 67560
- Changed: user.max_inotify_watches: 63456 -> 63441
- Changed: user.max_ipc_namespaces: 31760 -> 31752
- Changed: user.max_mnt_namespaces: 31760 -> 31752
- Changed: user.max_net_namespaces: 31760 -> 31752
- Changed: user.max_pid_namespaces: 31760 -> 31752
- Changed: user.max_time_namespaces: 31760 -> 31752
- Changed: user.max_user_namespaces: 31760 -> 31752
- Changed: user.max_uts_namespaces: 31760 -> 31752
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
Enhanced integrity-fs with disk resize and dm-clone.
Removed deprecated R525 NVIDIA GPU drivers.
Added support for dm-zero and dm-clone.
January 16, 2024
cos-dev-113-18146-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.71 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated the Linux kernel to v6.1.71.
Sosreport now includes GPU Installer logs.
Upgraded net-libs/libtirpc to v1.3.4-r1.
Upgraded app-admin/sudo to v1.9.15_p5.
Upgraded app-misc/ca-certificates to v20230311.3.96.1.
Upgraded app-misc/jq to v1.7.1.
Upgraded net-dns/libidn2 to v2.3.4-r2.
Upgraded net-misc/rsync to v3.2.7-r3.
Upgraded sys-apps/ethtool to v6.6.
Upgraded sys-apps/pv to v1.8.5.
Upgraded sys-libs/libcap-ng to v0.8.4.
Upgraded sys-libs/timezone-data to v2023d.
Upgraded sys-libs/zlib to v1.3-r3.
Upgraded sys-process/lsof to v4.99.3.
Upgraded app-editors/vim to v9.0.2167 and app-editors/vim-core to v9.0.2167.
Upgraded dev-libs/nss to v3.96.1.
Updated dev-lang/go to v1.21.5. This fixes CVE-2023-45285 and CVE-2023-39326.
Upgraded dev-db/sqlite to v3.44.2-r2. This fixes CVE-2023-7104.
January 08, 2024
cos-dev-113-18137-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.70 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded app-admin/google-guest-agent to v20231214.00.
Upgraded app-admin/google-guest-configs to v20231214.00.
Upgraded dev-util/puffin to v1.0.0-r449.
Upgraded dev-util/bsdiff to v4.3.1-r42.
Upgraded chromeos-base/shill-client to v0.0.1-r4236.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2362.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r864.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r594.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2704.
Upgraded chromeos-base/debugd-client to v0.0.1-r2614.
Upgraded chromeos-base/hiberman-client to v0.0.1-r426.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2834.
Upgraded net-misc/curl to v8.5.0.
Updated net-misc/openssh to v9.6_p1-r1.
Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.
Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969.
January 02, 2024
cos-dev-113-18125-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.69 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated cos-gpu-installer to v2.1.10.
Updated the Linux kernel to v6.1.69.
Added additional option to existing kernel cmdline flag that moves protected stateful partition integrity tags to memory.
Updated docker-credential-gcr to v2.1.21.
Updated net-misc/openssh to v9.6_p1-r1.
Fixed a performance issue that was observed in Postgres databases.
Runtime sysctl changes:
- Added: net.netfilter.nf_flowtable_tcp_timeout: 30
- Added: net.netfilter.nf_flowtable_udp_timeout: 30
December 19, 2023
cos-dev-113-18106-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.64 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed a container performance issue that occurred after
running systemctl start cloud-audit-setup
.
Upgraded chromeos-base/hiberman-client to v0.0.1-r408.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2357.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2826.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r857.
Upgraded chromeos-base/shill-client to v0.0.1-r4185.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2693.
Upgraded chromeos-base/debugd-client to v0.0.1-r2600.
Fixed a kernel crash that occurred when running Postgres databases.
Fixed CVE-2023-49083 in package dev-python/cryptography.
Fixed CVE-2023-6622 in the Linux kernel.
December 11, 2023
cos-dev-113-18091-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.64 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated app-containers/containerd to v1.7.10.
Upgraded chromeos-base/hiberman-client to v0.0.1-r407.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2356.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2823.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r855.
Upgraded chromeos-base/shill-client to v0.0.1-r4175.
Upgraded chromeos-base/debugd-client to v0.0.1-r2599.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r590.
Upgraded sys-libs/timezone-data to v2023c-r1.
Upgraded sys-apps/less to v643-r1.
Upgraded dev-libs/nss to v3.95.
Upgraded net-libs/gnutls to v3.8.2.
Upgraded net-dns/c-ares to v1.23.0.
Upgraded app-misc/ca-certificates to v20230311.3.95.
December 04, 2023
cos-dev-113-18080-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.64 | v24.0.5 | v1.7.7 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded chromeos-base/session_manager-client to v0.0.1-r2690.
Upgraded chromeos-base/shill-client to v0.0.1-r4162.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2819.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2354.
Updated the Linux kernel to v6.1.64.
Upgraded app-admin/google-guest-agent to 20231016.00.
Upgraded app-admin/oslogin to 20231004.00.
Upgraded chromeos-base/mojo_service_manager to v0.0.1-r271.
Upgraded chromeos-base/hiberman-client to v0.0.1-r404.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r851.
Upgraded chromeos-base/debugd-client to v0.0.1-r2597.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r588.
Upgraded net-dns/c-ares to v1.22.1.
Upgraded net-misc/socat to v1.8.0.0.
Upgraded dev-python/netifaces to v0.11.0-r1.
Upgraded dev-python/jsonpatch to v1.33.
Upgraded app-admin/sudo to v1.9.15_p2.
Upgraded dev-python/pyyaml to v6.0.1-r1.
Upgraded dev-lang/python-exec to v2.4.10.
Upgraded dev-python/six to v1.16.0-r1.
Upgraded sys-process/lsof to v4.99.0.
Upgraded dev-python/configobj to v5.0.8.
Upgraded dev-python/nose to v1.3.7_p20221026.
Upgraded dev-python/mock to v5.1.0.
Upgraded dev-libs/openssl to v3.0.12. This resolves CVE-2023-5363 and CVE-2023-5678.
Upgraded dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.
Runtime sysctl changes:
- Changed: fs.file-max: 812608 -> 812606
November 29, 2023
cos-dev-113-18059-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.62 | v24.0.5 | v1.7.7 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers.
November 15, 2023
cos-dev-113-18054-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.62 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Updated the Linux kernel to v6.1.62.
Updated the Linux kernel to v6.1.61.
Backported support for TCP RTO configuration in networkd.
Upgraded dev-python/pyserial to v3.5-r2.
Upgraded sys-apps/hwdata to v0.376.
Upgraded sys-libs/zlib to v1.3-r2.
Upgraded net-dns/c-ares to v1.21.0.
Upgraded app-arch/xz-utils to v5.4.5.
Updated dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated dev-go/net to v0.17.0. This fixes CVE-2023-44487 and CVE-2023-39325.
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
November 14, 2023
cos-dev-113-18054-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.62 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Updated the Linux kernel to v6.1.62.
Updated the Linux kernel to v6.1.61.
Backported support for TCP RTO configuration in networkd.
Upgraded dev-python/pyserial to v3.5-r2.
Upgraded sys-apps/hwdata to v0.376.
Upgraded sys-libs/zlib to v1.3-r2.
Upgraded net-dns/c-ares to v1.21.0.
Upgraded app-arch/xz-utils to v5.4.5.
Updated dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated dev-go/net to v0.17.0. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
November 07, 2023
cos-dev-113-18041-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.60 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Updated google-guest-configs to 20230929.00.
Upgraded chromeos-base/system_api to v0.0.1-r5482.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r578.
Upgraded chromeos-base/debugd-client to v0.0.1-r2581.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r836.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2803.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2335.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2669.
Upgraded chromeos-base/shill-client to v0.0.1-r4104.
October 30, 2023
cos-dev-113-18026-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.60 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Updated the Linux kernel to v6.1.60.
Updated default and latest NVIDIA GPU drivers to v535.104.12.
Updated app-containers/runc to v1.1.9.
Updated app-containers/containerd to v1.7.7.
Upgraded sys-apps/file to v5.45-r3.
Upgraded sys-fs/xfsprogs to v6.5.0.
Upgraded dev-python/pygobject to v3.46.0.
Enable portmapper registration reporting for lsof. This also fixes an issue where lsof
is missing from SOS reports.
Add compiler mitigations to mitigate memory corruption vulnerabilities.
Sequence named before nss-lookup.target.
Restore systemd-logind restart behavior when dbus restarts.
Upgraded chromeos-base/vm_protos to v0.0.1-r513.
Upgraded dev-util/bsdiff to v4.3.1-r41.
Upgraded dev-util/puffin to v1.0.0-r448.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r566.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2317.
Upgraded chromeos-base/debugd-client to v0.0.1-r2568.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2655.
Upgraded chromeos-base/shill-client to v0.0.1-r4043.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2781.
Upgraded chromeos-base/hiberman-client to v0.0.1-r374.
Upgraded sys-devel/libtool to v2.4.6-r7.
Upgraded chromeos-base/mojo_service_manager to v0.0.1-r265.
Upgraded dev-libs/double-conversion to v3.2.1.
Upgraded net-libs/libtirpc to v1.3.4.
Upgraded sys-libs/zlib to v1.3-r1.
Upgraded net-dns/c-ares to v1.20.1.
Upgraded sys-apps/hwdata to v0.375.
Upgraded net-dns/libidn2 to v2-2.3.4-r1.
Upgraded net-fs/cifs-utils to v7.0-r1, Upgraded sys-libs/talloc to v2.4.1.
Upgraded app-arch/unzip to v6.0_p27-r1.
Upgraded sys-apps/dmidecode to v3.5-r3.
Upgraded dev-libs/nss to v3.94.
Upgraded sys-apps/pv to v1.8.0.
Updated dev-lang/go to v1.21.2. This resolves CVE-2023-39323.
Upgraded net-misc/curl to version v8.4.0. This resolves CVE-2023-38545.
Runtime sysctl changes:
- Added: net.ipv4.tcp_shrink_window: 0
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
October 11, 2023
cos-dev-113-17965-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.55 | v24.0.5 | v1.7.6 | v535.104.05(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Upgraded app-containers/containerd to v1.7.6.
Upgraded cos-gpu-installer to v2.1.9.
Upgraded dev-util/gn to v2121.
Upgraded chromeos-base/google-breakpad to v2023.06.01.191934-r222.
Upgraded chromeos-base/debugd-client to v0.0.1-r2559.
Upgraded chromeos-base/shill-client to v0.0.1-r4030.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r561.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2649.
Fixed CVE-2023-4911 in sys-libs/glibc.
Fixed CVE-2023-38039 in net-misc/curl.
Fixed CVE-2023-42756 in COS kernel.
Fixed CVE-2023-5345 in COS kernel.
Fixed CVE-2023-5197 in the Linux kernel.
October 03, 2023
cos-dev-113-17935-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.55 | v24.0.5 | v1.7.3 | v535.104.05(default),v470.199.02(R470) |
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2787.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r554.
Fixed CVE-2023-42753 in the Linux kernel.
September 26, 2023
cos-dev-113-17927-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.52 | v24.0.5 | v1.7.3 | v535.104.05(default, latest),v470.199.02(R470 for K80 compatibility) |
Fixed CVE-2023-32636, CVE-2023-29499, CVE-2023-32643, CVE-2023-32665, CVE-2023-32611 in glib and glib-utils.
Fixed CVE-2023-40217 in the dev-lang/python package.
Updated dev-lang/go to 1.21.1. This fixes CVE-2023-39318 CVE-2023-39319, CVE-2023-39320, CVE-2023-39321, and CVE-2023-39322.
Fixed CVE-2023-4921 in the Linux Kernel.
September 18, 2023
cos-dev-113-17908-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.52 | v24.0.5 | v1.7.3 | v535.104.05(default),v470.199.02(R470) |
Updated cos-gpu-installer to v2.1.8.
Updated dev-libs/nss to v3.79.4.
Updated dev-embedded/libftdi to v1.5-r5.
Fixed an issue where symlinks could not be moved.
Fixed an issue where IPv6 networking would fail under high CPU load.
Upgraded app-misc/jq to v1.7.
Upgraded sys-apps/coreutils to v9.4.
Upgraded sys-process/procps to v4.0.4.
Upgraded app-misc/ca-certificates to v20230311.3.93.
Fixed an issue with NFS reconnects on GKE.
Fixed CVE-2023-4623 in the linux kernel.
September 11, 2023
cos-dev-113-17877-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.51 | v24.0.5 | v1.7.3 | v535.104.05(default),v470.199.02(R470) |
Updated the Linux kernel to v6.1.51.
Updated latest GPU driver to v535.104.05.
September 07, 2023
cos-dev-113-17872-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.49 | v24.0.5 | v1.7.3 | v535.54.03(default),v470.199.02(R470) |
Updated dev-go/go-tools to v0.11.1_p20230712.
Updated dev-lang/go to v1.21.0.
Updated the Linux kernel to v6.1.49.
The get_metadata_value
script will now retry if it experiences a connection error.
Enabled persistence mode with Nvidia GPU driver installation.
Fixed an issue in ip6tables where the -C
option did not
work correctly.
Upgraded app-misc/jq to v1.7_rc2.
Upgraded sys-apps/less to v643.
Upgraded app-arch/pigz to v2.8.
Upgraded app-editors/vim to v9.0.1777. Upgraded app-editors/vim-core to v9.0.1777.
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Fixed CVE-2023-4016 in sys-process/procps.
Runtime sysctl changes:
- Added: kernel.io_uring_disabled: 0
- Changed: fs.file-max: 812619 -> 812608
- Changed: kernel.threads-max: 63519 -> 63520
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
- Changed: user.max_cgroup_namespaces: 31759 -> 31760
- Changed: user.max_ipc_namespaces: 31759 -> 31760
- Changed: user.max_mnt_namespaces: 31759 -> 31760
- Changed: user.max_net_namespaces: 31759 -> 31760
- Changed: user.max_pid_namespaces: 31759 -> 31760
- Changed: user.max_time_namespaces: 31759 -> 31760
- Changed: user.max_user_namespaces: 31759 -> 31760
- Changed: user.max_uts_namespaces: 31759 -> 31760
August 21, 2023
cos-dev-113-17833-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.43 | v24.0.5 | v1.7.3 | v535.54.03(default),v470.199.02(R470) |
Updated app-containers/docker-cli to 24.0.5.
Updated app-containers/docker to 24.0.5.
Update cos-gpu-installer to v2.1.4. This fixes a permissions issue in the GPU driver install directory with OSS drivers.
Upgraded app-editors/vim and app-editors/vim-core to v9.0.1678.
Upgraded net-libs/gnutls to v3.8.1-r1.
Upgraded app-misc/jq to v1.7_rc1.
Upgraded app-arch/xz-utils to v5.4.4.
Updated dev-go/yaml to v3.0.1. This resolves CVE-2022-28948.
Updated dev-libs/openssl to v3.0.10. This resolves CVE-2023-3817.
Fixed CVE-2023-4194 in the Linux kernel.
August 14, 2023
cos-dev-113-17819-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.43 | v24.0.4 | v1.7.3 | v535.54.03(default),v470.199.02(R470) |
Updated app-emulation/kubernetes to v1.27.4.
Updated app-emulation/cloud-init to v23.2.2.
Updated app-containers/containerd to v1.7.3.
Updated the Linux kernel to v6.1.43.
Upgraded sys-apps/pv to v1.7.24.
August 07, 2023
cos-dev-113-17811-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.42 | v24.0.4 | v1.7.2 | v535.54.03(default),v470.199.02(R470) |
Simplified GPU driver installation by remounting driver installation path as executable from cos-extensions.
Updated GPU drivers to 535.54.03 (R535 LTSB NVIDIA branch).
Updated google-guest-agent to v20230726.00.
Updated app-emulation/cloud-init to v23.2.1.
Updated sys-apps/systemd to v253.7.
Update cos-gpu-installer to v2.1.2. Switched precompiled driver and signature location to COS build artifacts for M109.
Updated the Linux kernel to v6.1.42.
Added support for user.* xattr on tmpfs.
Upgraded net-misc/curl to v8.2.1.
Upgraded sys-apps/file to v5.45-r1.
Upgraded app-editors/vim to v9.0.1627, Upgraded app-editors/vim-core to v9.0.1627.
Upgraded sys-process/procps to v3.3.17-r2.
Upgraded sys-process/lsof to v4.98.0-r1.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r2.
Upgraded sys-apps/pv to v1.7.0.
Upgraded sys-apps/less to v633-r2.
Upgraded net-fs/cifs-utils to v7.0.
Upgraded app-misc/jq to v1.7_pre20230210.
Upgraded app-arch/tar to v1.35.
Upgraded app-admin/sudo to v1.9.14_p3.
Fixed CVE-2022-40896 in pygments.
August 01, 2023
cos-dev-109-17788-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.41 | v24.0.4 | v1.7.2 | v470.199.02(default),v525.125.06 |
Updated app-containers/nvidia-container-toolkit to v1.13.5.
Updated cos-gpu-installer to v2.1.1.
Updated app-containers/docker to 24.0.4.
Updated app-containers/docker-cli to v24.0.4.
Updated toolbox to v20230714.
Updated the Linux kernel to v6.1.40.
Updated cos-gpu-installer and simplified GPU driver installation by remounting driver installation path as executable from cos-extensions.
Enabled support for MGLRU in the Linux kernel.
Enabled vrf, ip_gre, and ip6_gre modules.
July 18, 2023
cos-dev-109-17758-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.38 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Enabled TDX Guest support in the Linux Kernel.
Updated app-emulation/kubernetes to v1.27.3.
Updated oslogin to v20230531.00.
Updated google-osconfig-agent to v20230706.02.
Updated docker-credential-gcr to v2.1.10.
Updated default GPU driver to v470.199.02 and latest GPU driver to v525.125.06. This resolves CVE-2023-25515 and CVE-2023-25516.
Runtime sysctl changes:
- Changed: fs.file-max: 812620 -> 812619
July 13, 2023
cos-dev-109-17749-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.38 | v23.0.3 | v1.7.2 | v470.182.03(default),v525.105.17 |
Updated google-guest-agent to v20230628.00.
Updated the Linux kernel to v6.1.38.
Upgraded localtoast from v1.1.5.1 to v1.1.6.
July 05, 2023
cos-dev-109-17727-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.35 | v23.0.3 | v1.7.2 | v470.182.03(default),v525.105.17 |
Upgraded sys-apps/coreutils to v9.3.
Upgraded sys-apps/less to v633-r1.
Upgraded sys-fs/e2fsprogs to v1.47.0-r2.
June 26, 2023
cos-dev-109-17722-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.35 | v23.0.3 | v1.7.2 | v470.182.03(default),v525.105.17 |
Updated sosreport to v4.5.4.
Updated google-guest-configs to v20230526.00.
Updated toolbox to v20230615.
Upgraded app-misc/ca-certificates to v20230311.3.90.
Upgraded net-misc/curl to v8.1.2.
Upgraded app-misc/mime-types to v2.1.54.
Disabled CONFIG_DEBUG_CREDENTIALS in the kernel due to its performance impact on some container workloads.
Updated open-vm-tools to v12.2.5 to fix CVE-2023-20867.
Updated dev-lang/go to v1.20.5. This fixes CVE-2023-29403, CVE-2023-29404, CVE-2023-29402 and CVE-2023-29405.
June 12, 2023
cos-dev-109-17691-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.33 | v23.0.3 | v1.7.2 | v470.182.03(default),v525.105.17 |
Updated containerd to 1.7.2.
Updated sosreport to v4.5.3.
Updated app-containers/runc to 1.1.7.
Updated app-emulation/kubernetes to 1.27.1.
Rollback pciutils from 3.10.0 back to 3.7.0.
Enabled KVM-based nested virtualization for the x86 architecture.
Updated net-misc/curl to v8.1.0-r1.
Updated sys-apps/diffutils to v3.10.
Updated net-dns/c-ares to v1.19.1.
Updated dev-libs/openssl to v3.0.9. This resolves CVE-2023-2650.
Updated dev-lang/go to 1.20.4. This fixes CVE-2023-24539 CVE-2023-24540, and CVE-2023-29400.
Fixed CVE-2023-24329 in dev-lang/python.
Fixed ncurses upgrade to 6.4p20220423. This resolves CVE-2023-29491.
May 22, 2023
cos-dev-109-17637-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.29 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated the Linux kernel to v6.1.29.
Added noexec, nodev, nosuid to /etc/resolv.conf
bind mount. It fixes EPERM
errors when running a pod in UserNS in COS.
Added rt-tests package.
Upgraded sys-apps/grep to v3.11.
Upgraded sys-apps/ethtool to v6.3.
Upgraded net-misc/wget to v1.21.4
Upgraded sys-libs/libcap to v2.69.
Upgraded sys-apps/coreutils to v9.3-r1.
Updated app-emulation/cloud-init to 23.1.2.
Fixed CVE-2023-1255 in the dev-libs/openssl package.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
Runtime sysctl changes:
- Added: fs.overflowgid: 65534
- Added: fs.overflowuid: 65534
May 15, 2023
cos-dev-109-17622-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.27 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Upgraded sys-apps/pciutils to v3.10.0.
Upgraded app-admin/sudo to v1.9.13_p3-r1.
Upgraded app-arch/xz-utils to v5.4.3.
Upgraded sys-apps/less to v633.
Upgraded sys-apps/acl to v2.3.1-r2.
Upgraded app-misc/ca-certificates to v20230311.3.89.1.
May 09, 2023
cos-dev-109-17611-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.27 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Add MAX_SKB_FRAGS
configuration in the Linux kernel
Added kernel support for nftables.
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
May 01, 2023
cos-dev-109-17602-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.26 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated sys-apps/systemd to v253.3.
Updated iproute2 to v6.2.0.
Updated the Linux kernel to v6.1.26.
Updated docker to v23.0.3.
Increase /dev/stateful wait timeout with protected stateful partition.
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
April 25, 2023
cos-dev-109-17591-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.25 | v23.0.0 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated app-admin/google-osconfig-agent to 20230403.00.
Upgrade app-misc/jq to v1.7_pre20201109-r1
Updated the Linux kernel to v6.1.25.
Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.
Added Restart=always
to chronyd config.
Updated containerd to v1.7.0.
Upgraded sys-fs/lvm2 to v2-2.03.20.
Upgraded net-libs/libnetfilter_conntrack to v1.0.9-r1.
Upgraded sys-apps/coreutils to v9.3.
Upgraded net-firewall/iptables to v1.8.9.
Upgraded sys-fs/e2fsprogs to v2fsprogs-1.47.0-r1.
Updated dev-lang/go to v1.20.3. This resolves CVE-2023-24536, CVE-2023-24537, CVE-2023-24538.
cos-dev-109-17570-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 17, 2023 | COS-6.1.23 | v23.0.0 | v1.7.0-beta.1 | v470.182.03(default),v525.105.17 |
Updated google-guest-agent to v20230330.00.
Enabled the kernel configs CONFIG_AMD_IOMMU
and CONFIG_AMD_IOMMU_V2
.
Upgraded sys-apps/dmidecode to v3.5-r2.
Fixed CVE-2023-25809 in app-containers/runc.
Fixed CVE-2023-0465, CVE-2023-0466 in dev-libs/openssl.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1810387 -> 1809920
- Changed: fs.fanotify.max_user_marks: 67593 -> 67577
- Changed: fs.file-max: 812825 -> 812620
- Changed: fs.inotify.max_user_watches: 63472 -> 63456
- Changed: kernel.threads-max: 63535 -> 63519
- Changed: net.ipv4.tcp_mem: 94116 125488 188232 -> 94092 125456 188184
- Changed: net.ipv4.udp_mem: 188232 250976 376464 -> 188184 250912 376368
- Changed: user.max_cgroup_namespaces: 31767 -> 31759
- Changed: user.max_fanotify_marks: 67593 -> 67577
- Changed: user.max_inotify_watches: 63472 -> 63456
- Changed: user.max_ipc_namespaces: 31767 -> 31759
- Changed: user.max_mnt_namespaces: 31767 -> 31759
- Changed: user.max_net_namespaces: 31767 -> 31759
- Changed: user.max_pid_namespaces: 31767 -> 31759
- Changed: user.max_time_namespaces: 31767 -> 31759
- Changed: user.max_user_namespaces: 31767 -> 31759
- Changed: user.max_uts_namespaces: 31767 -> 31759
cos-dev-109-17561-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 10, 2023 | COS-6.1.23 | v23.0.0 | v1.7.0-beta.1 | v470.182.03(default),v525.105.17 |
Updated the Linux kernel to v6.1.23.
Fixed an issue where pstore is not cleaned at boot time if COS metrics are disabled.
Upgraded sys-libs/libcap to v2.68.
Upgraded app-admin/sudo to v1.9.13_p3.
Upgraded net-misc/wget to v1.21.3-r1.
Upgraded app-arch/xz-utils to v5.4.2.
Upgraded net-misc/curl to v8.0.1.
Upgraded app-misc/ca-certificates to v20230311.3.89.
Upgraded sys-apps/file to v5.44-r3.
Upgraded sys-fs/xfsprogs to v6.2.0.
Upgraded virtual/editor to v0-r5.
Upgraded net-libs/libnfnetlink to v1.0.2.
Upgraded net-misc/rsync to v3.2.7-r2.
Upgraded sys-process/lsof to v4.98.0.
Upgraded sys-libs/libcap-ng to v0.8.3.
Upgraded sys-apps/dmidecode to v3.5-r1.
Upgraded sys-apps/grep to v3.10.
Upgraded sys-libs/timezone-data to v2023c.
Update default driver to 470.182.03. This resolves: CVE
CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185,
CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188,
CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Also update latest driver to 525.105.17. This resolves CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187,
CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190,
CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Updated to pick up CVE-2023-0394 patch for ipv6 raw.
Updated to pick up CVE-2023-0386 and CVE-2023-1281 patches for net-sched in the kernel.
Updated to pick up CVE-2023-0179 patch for netfilter in kernel.
Fixed CVE-2023-0464 in dev-libs/openssl.
Runtime sysctl changes:
- Changed: net.core.bpf_jit_limit: 264241152 -> 528482304
- Changed: vm.mmap_rnd_bits: 32 -> 31
cos-dev-109-17549-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 03, 2023 | COS-6.1.21 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Updated the gvnic driver in the Linux kernel.
Updated the Linux kernel to v6.1.21.
Added support for L4 GPU in cos-gpu-installer and fixed cached driver installation for prebuilt driver modules.
Enabled INET_DIAG_DESTROY kernel configuration.
Fixed CVE-2023-27561 in runc.
cos-dev-109-17536-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 27, 2023 | COS-6.1.20 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Updated the Linux kernel to v6.1.20.
Updated dev-lang/go to v1.20.2. This resolves CVE-2023-24532.
Upgraded net-misc/openssh package to v9.3. This resolves CVE-2023-28531 in net-misc/openssh.
cos-dev-109-17523-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 16, 2023 | COS-6.1.19 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Updated cos-gpu-installer to v2.0.32.
Allowed preloading GPU driver dependencies through cos-extensions for dev-channel images.
Updated google-guest-agent to v20230207.00.
Updated dev-go/go-tools to 070db2996ebe3aa00667288f8e5749e867deeb39.
Upgraded sys-libs/libcap to v2.67.
Upgraded sys-fs/xfsprogs to v6.1.1.
Upgraded sys-fs/e2fsprogs to e2fsprogs-1.47.0.
Upgraded sys-apps/net-tools to v2.10.
Upgraded sys-apps/kexec-tools to v2.0.24.
Upgraded sys-apps/grep to v3.9.
Upgraded sys-apps/gentoo-functions to v0.19.
Upgraded sys-apps/ethtool to v6.2.
Upgraded sys-apps/dmidecode to v3.4.
Upgraded sys-apps/diffutils to v3.9-r1.
Upgraded sys-apps/attr to v2.5.1-r2.
Upgraded sys-apps/acl to v2.3.1-r1.
Upgraded net-nds/rpcbind to v1.2.6.
Upgraded net-misc/curl to v7.88.1-r1. This resolves CVE-2022-43552.
Upgraded net-misc/bridge-utils to v1.7.1-r1.
Upgraded net-libs/libnetfilter_queue to v1.0.5.
Upgraded net-libs/libnetfilter_cttimeout to v1.0.1.
Upgraded net-libs/libnetfilter_cthelper to v1.0.1-r1.
Upgraded net-libs/libmnl to v1.0.5.
Upgraded net-libs/gnutls to v3.8.0.
Upgraded net-fs/autofs to v5.1.8-r1.
Upgraded net-dns/libidn2 to v2-2.3.4.
Upgraded net-dns/c-ares to v1.19.0.
Upgraded net-analyzer/netcat to v110.20180111-r2.
Upgraded dev-libs/userspace-rcu to v0.13.2.
Upgraded dev-libs/re2 to v2-0.2022.12.01.
Upgraded dev-libs/popt to v1.19.
Upgraded dev-libs/libzip to v1.9.2.
Upgraded dev-libs/nettle to v3.8.1.
Upgraded dev-libs/nspr to v4.35-r1.
Upgraded dev-libs/libyaml to v0.2.5.
Upgraded dev-libs/libverto to v0.3.2.
Upgraded dev-libs/libpcre2 to v2-10.42-r1.
Upgraded dev-libs/libpcre to v8.45-r1.
Upgraded dev-libs/libgpg-error to v1.46-r1.
Upgraded dev-libs/libgcrypt to v1.10.1-r3.
Upgraded dev-libs/libevent to v2.1.12-r1.
Upgraded dev-libs/gmp to v6.2.1-r5.
Upgraded dev-libs/expat to v2.5.0.
Upgraded dev-libs/elfutils to v0.189.
Upgraded dev-libs/dbus-glib to v0.112.
Upgraded dev-libs/confuse to v3.3 and fixed CVE-2022-40320.
Upgraded dev-db/sqlite to v3.41.0.
Upgraded app-shells/dash to v0.5.12.
Upgraded app-arch/xz-utils to v5.4.1.
Upgraded app-arch/pigz to v2.7-r1.
Upgraded app-admin/logrotate to v3.21.0.
Updated the Linux kernel to v6.1.19.
Made toolbox compatible with AR and GCR.
Use the Fluent-bit logging agent when the google-logging-use-fluentbit metadata key is true and logging is enabled.
Fixed containers losing access to GPUs with error "Failed to initialize NVML: Unknown error".
Updated dev-go/go-sys to v0.5.0.
Upgraded bind-tools to v9.16.37.
Updated open-iscsi to v2.1.8 to fix CVE-2020-17437.
Updated app-containers/containerd to v1.7.0-beta.1.
Upgraded dev-python/cryptography to v39.0.1. This solves CVE-2023-23931.
Updated dev-libs/openssl to v3.0.8.
Updated dev-lang/go to v1.20.1. Updated dev-go/net to v0.7.0. This resolves CVE-2022-41723 and CVE-2022-41725.
Fixes CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, and CVE-2022-45061 in dev-lang/python.
Updated app-editors/vim,app-editors/vim-core to v9.0.1403. This resolves CVE-2023-0512, CVE-2023-1127, CVE-2023-1175, CVE-2023-1170, CVE-2023-1355 and CVE-2023-1264.
Fixed CVE-2022-48303 in app-arch/tar.
Updated net-misc/openssh to v9.2. This resolves CVE-2023-25136.
Fixed CVE-2022-2928 and CVE-2022-2929 in net-misc/dhcp.
Fixed CVE-2022-46663 in sys-apps/less.
Fixed CVE-2021-4122 in sys-fs/cryptsetup. Upgraded sys-fs/cryptsetup from 2.3.4 to 2.4.3.
Updated net-fs/cifs-utils to v6.15. This fixes CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239.
Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.
Updated binutils-libs to v2.40. This fixes CVE-2022-4285.
Runtime sysctl changes:
- Added: kernel.apparmor_display_secid_mode: 0
- Added: kernel.arch: x86_64
- Added: kernel.split_lock_mitigate: 1
- Added: net.core.skb_defer_max: 64
- Added: net.core.txrehash: 1
- Added: net.ipv4.conf.all.arp_evict_nocarrier: 1
- Added: net.ipv4.conf.default.arp_evict_nocarrier: 1
- Added: net.ipv4.conf.docker0.arp_evict_nocarrier: 1
- Added: net.ipv4.conf.eth0.arp_evict_nocarrier: 1
- Added: net.ipv4.conf.lo.arp_evict_nocarrier: 1
- Added: net.ipv4.neigh.default.interval_probe_time_ms: 5000
- Added: net.ipv4.neigh.docker0.interval_probe_time_ms: 5000
- Added: net.ipv4.neigh.eth0.interval_probe_time_ms: 5000
- Added: net.ipv4.neigh.lo.interval_probe_time_ms: 5000
- Added: net.ipv4.tcp_child_ehash_entries: 0
- Added: net.ipv4.tcp_ehash_entries: 65536
- Added: net.ipv4.tcp_tso_rtt_log: 9
- Added: net.ipv6.conf.all.accept_untracked_na: 0
- Added: net.ipv6.conf.all.ndisc_evict_nocarrier: 1
- Added: net.ipv6.conf.default.accept_untracked_na: 0
- Added: net.ipv6.conf.default.ndisc_evict_nocarrier: 1
- Added: net.ipv6.conf.docker0.accept_untracked_na: 0
- Added: net.ipv6.conf.docker0.ndisc_evict_nocarrier: 1
- Added: net.ipv6.conf.eth0.accept_untracked_na: 0
- Added: net.ipv6.conf.eth0.ndisc_evict_nocarrier: 1
- Added: net.ipv6.conf.lo.accept_untracked_na: 0
- Added: net.ipv6.conf.lo.ndisc_evict_nocarrier: 1
- Added: net.ipv6.neigh.default.interval_probe_time_ms: 5000
- Added: net.ipv6.neigh.docker0.interval_probe_time_ms: 5000
- Added: net.ipv6.neigh.eth0.interval_probe_time_ms: 5000
- Added: net.ipv6.neigh.lo.interval_probe_time_ms: 5000
- Added: vm.hugetlb_optimize_vmemmap: 0
- Changed: fs.epoll.max_user_watches: 1810832 -> 1810387
- Changed: fs.fanotify.max_user_marks: 67610 -> 67593
- Changed: fs.file-max: 813043 -> 812825
- Changed: fs.inotify.max_user_watches: 63488 -> 63472
- Changed: kernel.threads-max: 63551 -> 63535
- Changed: net.ipv4.tcp_challenge_ack_limit: 1000 -> 2147483647
- Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94116 125488 188232
- Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188232 250976 376464
- Changed: net.netfilter.nf_conntrack_events: 1 -> 2
- Changed: user.max_cgroup_namespaces: 31775 -> 31767
- Changed: user.max_fanotify_marks: 67610 -> 67593
- Changed: user.max_inotify_watches: 63488 -> 63472
- Changed: user.max_ipc_namespaces: 31775 -> 31767
- Changed: user.max_mnt_namespaces: 31775 -> 31767
- Changed: user.max_net_namespaces: 31775 -> 31767
- Changed: user.max_pid_namespaces: 31775 -> 31767
- Changed: user.max_time_namespaces: 31775 -> 31767
- Changed: user.max_user_namespaces: 31775 -> 31767
- Changed: user.max_uts_namespaces: 31775 -> 31767
- Deleted: fs.overflowgid: 65534
- Deleted: fs.overflowuid: 65534
- Deleted: net.ipv4.tcp_rx_skb_cache: 0
- Deleted: net.ipv4.tcp_tx_skb_cache: 0
- Deleted: net.netfilter.nf_conntrack_helper: 0
- Deleted: net.netfilter.nf_log.11: NONE
- Deleted: net.netfilter.nf_log.12: NONE
cos-dev-109-17432-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Feb 14, 2023 | COS-5.15.92 | v23.0.0 | v1.6.15 | v470.161.03(default),v525.60.13 |
Removed support for Rust symbol demangling in google-breakpad.
Upgraded docker to v23.0.0.
Updated Nvidia latest drivers from v510.108.03 to v525.60.13 (OSS).
Updated sys-fs/e2fsprogs package to v1.46.6.
Updated the Linux kernel to v5.15.92.
Installed fluent-bit for stackdriver logging in x86 images. See this page for more details.
Retry starting systemd-networkd permanently in case of failure instead of default limit of 5.
Enabled fluent-bit to use customized configuration.
Updated cos-gpu-installer to v2.0.31. This adds support for gsp_tu10x.bin and gsp_ad10x.bin gsp firmware files and removes the container dependency on python2.
Updated dev-libs/openssl to v1.1.1t. This resolves CVE-2022-4450, CVE-2023-0215, CVE-2022-4304 and CVE-2023-0286.
Runtime sysctl changes:
- Added: kernel.oops_limit: 10000
- Added: kernel.warn_limit: 0
- Changed: net.netfilter.nf_conntrack_sctp_timeout_established: 432000 -> 210
- Deleted: net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked: 210
cos-dev-105-17400-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Jan 31, 2023 | COS-5.15.90 | v20.10.12 | v1.6.15 | v470.161.03(default),v510.108.03 |
Updated Python to version 3.8.
Updated cloud-init to v22.4.
Upgraded nfs-utils to v2.6.2.
Updated containerd to v1.6.15.
Updated built-in kubelet/kubectl to v1.25.5.
Upgraded localtoast from 1.1.4.3 to 1.1.5.1.
Updated sosreport to v4.4.
Updated dev-python/pexpect to v4.8.0.
Upgraded pam to v1.5.2.
Upgraded a number of packages:
Updated the Linux kernel to v5.15.90.
Removed the mosys package.
Move standalone kubelet runtime to containerd.
Add cni-plugins by default.
Move containerd default cgroup to systemd.
Fixed CVE-2023-0054 in vim.
Fixed CVE-2022-40897 in dev-python/setuptools.
Fixed CVE-2022-3715 in bash.
Runtime sysctl changes:
- Changed: vm.mmap_rnd_bits: 28 -> 32
cos-dev-105-17353-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Jan 09, 2023 | COS-5.15.86 | v20.10.12 | v1.6.12 | v470.161.03(default),v510.108.03 |
Updated sys-apps/apparmor to v3.1.2.
Updated dev-lang/go to v1.19.4.
Updated the Linux kernel to v5.15.86.
Fixed no CNI info for pod sandbox on restart in app-emulation/containerd.
Updated libseccomp to v2.5.4.
Updated app-emulation/containerd to v1.6.12 which fixes CVE-2022-23471.
Upgraded vim to v9.0.1000. This fixes CVE-2022-4292.
Updated lxml to v4.6.5. This fixes CVE-2021-43818.
cos-dev-105-17328-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Dec 12, 2022 | COS-5.15.81 | v20.10.12 | v1.6.9 | v470.161.03(default),v510.108.03 |
Upgraded openssh package to v9.1_p1.
Updated the Linux kernel to v5.15.81.
Updated Nvidia default drivers to 470.161.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264 and latest to 510.108.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255,CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260,CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264.
Updated dev-go/text to v0.3.8. This fixes CVE-2022-32149.
Updated dev-libs/libxml2 to v2.10.3. This resolves CVE-2022-40304 and CVE-2022-40303.
Fixed CVE-2022-36227 in app-arch/libarchive package.
cos-dev-105-17317-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Dec 05, 2022 | COS-5.15.80 | v20.10.12 | v1.6.9 | v470.141.03(default),v510.47.03 |
Upgraded systemd to v252.1.
Updated app-emulation/cri-tools to v1.25.0.
Updated stackdriver logging agent to v1.9.9.
Updated dev-go/go-tools to v0.1.11.
Upgraded dev-lang/go to v1.19.3.
Updated the Linux kernel to v5.15.80.
Fixed CVE-2022-3821 in sys-apps/systemd.
Fixed CVE-2022-37454 in dev-lang/python.
Updated x11-libs/pixman to v0.42.2. This resolves CVE-2022-44638.
cos-dev-105-17295-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Nov 10, 2022 | COS-5.15.77 | v20.10.12 | v1.6.9 | v470.141.03(default),v510.47.03 |
Updated app-emulation/docker-credential-helpers to v0.7.0.
Set ManageForeignRoutes and ManageForeignRoutingPolicyRules to `no` to avoid systemd deleting foreign routes and foreign routing policy rules during startup.
Updated cos-gpu-installer to v2.0.29. This addresses CVE-2022-3602 in cos-gpu-installer.
Fixed CVE-2022-3543 in the Linux kernel.
cos-dev-105-17287-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Nov 07, 2022 | COS-5.15.77 | v20.10.12 | v1.6.9 | v470.141.03(default),v510.47.03 |
Updated sys-apps/shadow to v4.12.3.
Updated sys-apps/makedumpfile to v1.7.2.
Updated app-emulation/runc to v1.1.4.
Updated grub2 to Fedora-38.
Updated containerd to v1.6.9.
Updated cos-gpu-installer to v2.0.28. The new installer installs NVIDIA GSP firmware if it is available.
Updated lvm2 to v2.03.14.
Updated the Linux kernel to v5.15.77.
Removed Network Time Security support in Chrony.
Removed Python 2 from the image.
Updated sys-boot/shim to v15.6.
Fixed an issue where sudo -i
is not working correctly.
Fixed CVE-2022-40768, CVE-2022-43750 and CVE-2022-3543 in the Linux kernel.
Updated app-editors/vim and app-editors/vim-core to v9.0.0828. This resolves CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352 and CVE-2022-3705.
Fixed CVE-2022-42915 in curl.
Fixed CVE-2021-46848 in libtasn1.
cos-dev-105-17251-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 17, 2022 | COS-5.15.73 | v20.10.12 | v1.6.8 | v470.141.03(default),v510.47.03 |
Updated the Linux kernel to v5.15.73.
Fixed an issue related to IP leakage in containerd.
Updated net-misc/curl package to 7.85.0-r2. This resolves CVE-2022-35252.
Updating app-arch/libarchive to v3.6.1. This resolves CVE-2022-26280.
cos-dev-105-17234-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 03, 2022 | COS-5.15.71 | v20.10.12 | v1.6.8 | v470.141.03(default),v510.47.03 |
Updated the Linux kernel to v5.15.71.
Updated vim to v9.0.0467. This resolves CVE-2022-3153, CVE-2022-3134, CVE-2022-3099, CVE-2022-3037, CVE-2022-3016, CVE-2022-2982, CVE-2022-2980, CVE-2022-2946, CVE-2022-2923, CVE-2022-2889, CVE-2022-2874, CVE-2022-2862, CVE-2022-2849, CVE-2022-2845, CVE-2022-2819, CVE-2022-2817, CVE-2022-2816, CVE-2022-2598, CVE-2022-2581, CVE-2022-2580, and CVE-2022-2571.
Updated vim-core to v9.0.0467. This resolves CVE-2022-3153, CVE-2022-3134, CVE-2022-3099, CVE-2022-3037, CVE-2022-3016, CVE-2022-2982, CVE-2022-2980, CVE-2022-2946, CVE-2022-2923, CVE-2022-2889, CVE-2022-2874, CVE-2022-2862,CVE-2022-2849, CVE-2022-2845, CVE-2022-2819, CVE-2022-2817, CVE-2022-2816, CVE-2022-2598, CVE-2022-2581, CVE-2022-2580, and CVE-2022-2571.
cos-dev-105-17228-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 26, 2022 | COS-5.15.69 | v20.10.12 | v1.6.8 | v470.141.03(default),v510.47.03 |
Updated the Linux kernel to v5.15.69.
cos-dev-105-17222-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 19, 2022 | COS-5.15.68 | v20.10.12 | v1.6.8 | v470.141.03(default),v510.47.03 |
Updated google-guest-agent to v20220614.00.
Updated the Linux kernel to v5.15.68.
Added kernel flag to protect stateful partition with AEAD.
Updated cos-gpu-installer to v2.0.27. This resolves the issue where multiple installers can be started in the same VM.
Updated app-arch/gzip to v1.12. This resolves CVE-2022-1271.
cos-dev-105-17215-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 12, 2022 | COS-5.15.65 | v20.10.12 | v1.6.8 | v470.141.03(default),v510.47.03 |
Upgraded the GPU driver version in the "latest" track to v510.47.03.
Updated the Linux kernel to v5.15.65.
Updated cos-gpu-installer to v2.0.26. This resolves the compatibility issue with K80 GPU devices. When an incompatible driver version (R510+) is chosen in an instance with K80 GPU, the installer will automatically fall back to an available R470 driver version.
Upgraded Google OS Config Agent(aka VMManager) to v20220801.00.
Fixed a scenario of high contention state of the system in case filesystem is almost full and processes is trying to write content.
Fixed memory leak in the seccomp subsystem.
Updated gnutls to v3.7.7 fixing CVE-2022-2509.
Upgraded libtirpc to v1.3.3 fixing CVE-2021-46828.
cos-dev-105-17205-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 06, 2022 | COS-5.15.64 | v20.10.12 | v1.6.8 | v470.141.03(default) |
Fixed kdump on NVME disks.
Updated the Linux kernel to v5.15.64.
Added support for cryptsetup using AEAD.
Updated open-vm-tools package to version 12.1.0 to fix CVE-2022-31676.
Updated gnutls to v3.7.6. This resolves CVE-2021-4209.
cos-dev-105-17196-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 29, 2022 | COS-5.15.62 | v20.10.12 | v1.6.8 | v470.141.03(default) |
Updated the built-in kubectl/kubelet to 1.23.10.
Updated the Linux kernel to v5.15.62.
Fixed issues in cos-gpu-installer where nvidia-peermem.ko was not installed and where driver signatures were included in the cached build tools.
Fixed CVE-2022-1158 in Linux Kernel.
cos-dev-105-17189-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 22, 2022 | COS-5.15.60 | v20.10.12 | v1.6.8 | v470.141.03(default) |
Updated containerd to v1.6.8.
Updated the Linux kernel to v5.15.60.
Opting out of a CIS Benchmark now prevents scripts from adjusting your instance.
Updated net-misc/rsync to v3.2.5 and fixed CVE-2022-29154.
Updated dev-db/sqlite to v3.39.2 to fix CVE-2022-35737.
cos-dev-105-17181-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 15, 2022 | COS-5.15.59 | v20.10.12 | v1.6.6 | v470.141.03(default) |
Updated the Linux kernel to v5.15.59.
Removed stackdriver-correct-container benchmark for cis-level2 compliance.
Enable IOMMU_SUPPORT and IRQ_REMAP kernel configurations.
Updated app-editors/vim and app-editors/vim-core to 9.0.0099. This resolves CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2288,CVE-2022-2289,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1811300 -> 1810832
- Changed: fs.fanotify.max_user_marks: 67627 -> 67610
- Changed: fs.file-max: 813249 -> 813043
- Changed: fs.inotify.max_user_watches: 63503 -> 63488
- Changed: kernel.threads-max: 63567 -> 63551
- Changed: net.ipv4.tcp_mem: 94164 125552 188328 -> 94140 125520 188280
- Changed: net.ipv4.udp_mem: 188328 251105 376656 -> 188280 251041 376560
- Changed: user.max_cgroup_namespaces: 31783 -> 31775
- Changed: user.max_fanotify_marks: 67627 -> 67610
- Changed: user.max_inotify_watches: 63503 -> 63488
- Changed: user.max_ipc_namespaces: 31783 -> 31775
- Changed: user.max_mnt_namespaces: 31783 -> 31775
- Changed: user.max_net_namespaces: 31783 -> 31775
- Changed: user.max_pid_namespaces: 31783 -> 31775
- Changed: user.max_time_namespaces: 31783 -> 31775
- Changed: user.max_user_namespaces: 31783 -> 31775
- Changed: user.max_uts_namespaces: 31783 -> 31775
cos-dev-105-17174-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 08, 2022 | COS-5.15.58 | v20.10.12 | v1.6.6 | v470.141.03(default) |
Updated the Linux kernel to v5.15.58.
Updated default and latest Nvidia drivers to v470.141.03.
cos-dev-105-17169-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 01, 2022 | COS-5.15.57 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Enabled FANOTIFY_ACCESS_PERMISSIONS
configuration in kernel.
Updated sosreport to v4.3.
Backported support for SEV-SNP in the Linux kernel.
Updated the Linux kernel to v5.15.57.
Added a new systemd unit logging-agent.target to group stackdriver logging agents.
Enabled CONFIG_SCHED_CORE in the kernel config.
Updated toolbox to v20220722.
Updated oslogin to v20220721.00
Fixed an issue where the "logs", "crictl", and "kdump" sosreport plugins did not work properly.
cos-dev-101-17154-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Jul 25, 2022 | COS-5.15.56 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated the built-in kubectl/kubelet to v1.23.9.
Updated stackdriver logging agent to v1.9.8.
Updated the Linux kernel to v5.15.56.
Users created via OS Login or via manually managed SSH keys will now have UIDs and GIDs in range [65536, 2^31 - 1).
cos-dev-101-17148-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Jul 18, 2022 | COS-5.15.54 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated the Linux kernel to v5.15.54.
Updated openssl to v1.1.1q. This resolves CVE-2022-2097.
Updated net-misc/curl to v7.84.0. This resolves CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208.
cos-dev-101-17136-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Jul 11, 2022 | COS-5.15.52 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated the Linux kernel to v5.15.52.
Upgraded openssl to 1.1.1p to resolve CVE-2022-2068.
cos-dev-101-17134-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Jul 06, 2022 | COS-5.15.51 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated the built-in kubelet to be compiled from source instead of using official Kubernetes releases.
Updated sys-apps/irqbalance to v1.8.0-r1.
Updated the Linux kernel to v5.15.51.
Moved the toolchain source from gs://chromiumos-sdk to gs://cos-sdk.
Upgrade ice kernel module from v1.3.2 to v1.8.8 due to incompatibility with kernel 5.15.
Add 5.15 vanilla and rt kernel in project-edgeos.
Updated toolbox to v20220630.
Fixed the bug in toolbox where long project name/container image tag can fail to run the toolbox container.
Fixed CVE-2022-29217 in dev-python/pyjwt.
Updated app-editors/vim and app-editors/vim-core to v8.2.5066. This resolves CVE-2022-2126,CVE-2022-2125,CVE-2022-2124,CVE-2022-2129,CVE-2022-1720, CVE-2022-1942,CVE-2022-1886,CVE-2022-1851,CVE-2022-1160,CVE-2022-1154, CVE-2022-1381,CVE-2022-1420,CVE-2022-1733,CVE-2022-1796,CVE-2022-1769, CVE-2022-1735,CVE-2022-1674,CVE-2022-1771,CVE-2022-1620,CVE-2022-1785, CVE-2022-1629,CVE-2022-1616,CVE-2022-1621,CVE-2022-1619,CVE-2022-1927, CVE-2022-1898.
Fixed CVE-2021-22570 in libprotobuf.
Runtime sysctl changes:
- Changed: fs.file-max: 813250 -> 813249
cos-dev-101-17109-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Jun 27, 2022 | COS-5.15.47 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated default toolbox container to v20220614.
Upgraded Google OS Config Agent(aka VMManager) to v20220606.00.
Updated docker-credential-gcr to v2.1.5.
Updated cos-gpu-installer to fetch the COS toolchain from gs://cos-tools instead of gs://chromiumos-sdk.
Updated app-emulation/containerd to v1.6.6. This resolves CVE-2022-31030.
Updated net-misc/netplan to v0.104.
Upgraded sys-fs/e2tools to v0.1.0.
Upgraded sys-fs/xfsprogs to v5.18.0 and sys-fs/e2fsprogs to v1.46.5.
Updated the Linux kernel to v5.15.47.
Updated net-misc/curl to v7.83.1. This resolves CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115.
Runtime sysctl changes:
- Changed: fs.fanotify.max_user_marks: 54813 -> 67627
- Changed: fs.inotify.max_user_watches: 51557 -> 63503
- Changed: user.max_fanotify_marks: 54813 -> 67627
- Changed: user.max_inotify_watches: 51557 -> 63503
cos-dev-101-17079-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Jun 03, 2022 | COS-5.15.44 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated the Linux kernel to v5.15.44.
Enabled kernel config CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS.
Updated google-guest-agent to v20220523.00.
Runtime sysctl changes:
- Changed: kernel.random.poolsize: 4096 -> 256
- Changed: kernel.random.write_wakeup_threshold: 896 -> 256
cos-dev-101-17069-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
May 23, 2022 | COS-5.15.41 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated runc to v1.1.2.
Updated the Linux kernel to v5.15.41.
Added TPU driver v20220117.
Fixed an issue that prevented large cloud-configs (~256KB) from working properly.
Disabled bracketed paste mode by default in readline.
Upgraded openssl to v1.1.1o. This resolves CVE-2022-1292.
Upgraded dev-libs/libxml2 to v2.9.14. This resolves CVE-2022-29824.
Upgraded dev-libs/libxslt to v1.1.35. This resolves CVE-2022-29824.
Upgraded sys-libs/ncurses to v6.3_p20220423. This resolves CVE-2022-29458.
Fixed CVE-2022-28893 in the Linux kernel.
cos-dev-101-17053-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
May 16, 2022 | COS-5.15.38 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated the Linux kernel to v5.15.38.
Backported upstream patch to fix the issue where systemd affects BFQ IO setup.
cos-dev-101-17047-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
May 09, 2022 | COS-5.15.37 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated the Linux kernel to v5.15.37.
Upgraded package sys-boot/shim to version 15.5.
cos-dev-101-17043-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
May 02, 2022 | COS-5.15.36 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated the default toolbox container to v20220429.
Upgraded docker-credential-gcr to v2.1.2.
Updated the Linux kernel to v5.15.36.
Upgraded dump-capture-kernel to 5.15.
cos-dev-101-17033-0-0
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 25, 2022 | COS-5.15.35 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Added pci=clearmsi option in dump-capture-kernel command line.
Updated net-misc/chrony to v4.2.
Upgraded docker-credential-gcr to v2.1.1.
Upgraded COS to Linux kernel v5.15.
Updated app-admin/localtoast(cis_scanner) to v1.1.4.3.
Updated google-guest-configs to v20220211.00.
Updated ChromeOS base to ChromeOS version 14542.0.0.
Made CIS-Scanner show results for passing and non-passing benchmarks.
Added option to GPU driver installation script for populating and resetting toolchain cache.
Built cos-gpu-installer using debian:bookworm.
Increased number of vCPUs support from 256 to 512.
Added cgroup-driver=systemd flag to kubelet.
Upgraded contanerd to v1.6.2. This resolves CVE-2022-24769.
Upgraded open-vm-tools package to v12.0.0_p19345655. This resolves CVE-2022-22943.
Upgraded openssl package to v1.1.1n. This resolves CVE-2022-0778.
Upgraded dev-libs/libxml2 to v2.9.13. This resolves CVE-2022-23308.
Updated app-editors/vim and app-editors/vim-core to v8.2.4586. This resoloves CVE-2022-0714, CVE-2022-0696, CVE-2022-0685, CVE-2022-0729, CVE-2022-0572 and CVE-2022-0629.
Fixed CVE-2021-25217 in net-misc/dhcp.
Fixed CVE-2022-29581 in the Linux kernel.
Runtime sysctl changes:
- Added: fs.fanotify.max_queued_events: 16384
- Added: fs.fanotify.max_user_groups: 128
- Added: fs.fanotify.max_user_marks: 54813
- Added: kernel.max_rcu_stall_to_panic: 0
- Added: kernel.sched_schedstats: 0
- Added: kernel.task_delayacct: 0
- Added: net.core.netdev_unregister_timeout_secs: 10
- Added: net.ipv4.fib_multipath_hash_fields: 7
- Added: net.ipv4.fib_notify_on_flag_change: 0
- Added: net.ipv4.icmp_echo_enable_probe: 0
- Added: net.ipv4.tcp_migrate_req: 0
- Added: net.ipv6.conf.all.ioam6_enabled: 0
- Added: net.ipv6.conf.all.ioam6_id: 65535
- Added: net.ipv6.conf.all.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.all.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.default.ioam6_enabled: 0
- Added: net.ipv6.conf.default.ioam6_id: 65535
- Added: net.ipv6.conf.default.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.default.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.docker0.ioam6_enabled: 0
- Added: net.ipv6.conf.docker0.ioam6_id: 65535
- Added: net.ipv6.conf.docker0.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.docker0.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.eth0.ioam6_enabled: 0
- Added: net.ipv6.conf.eth0.ioam6_id: 65535
- Added: net.ipv6.conf.eth0.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.eth0.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.lo.ioam6_enabled: 0
- Added: net.ipv6.conf.lo.ioam6_id: 65535
- Added: net.ipv6.conf.lo.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.lo.ra_defrtr_metric: 1024
- Added: net.ipv6.fib_multipath_hash_fields: 7
- Added: net.ipv6.fib_notify_on_flag_change: 0
- Added: net.ipv6.ioam6_id: 16777215
- Added: net.ipv6.ioam6_id_wide: 72057594037927935
- Added: net.netfilter.nf_conntrack_tcp_ignore_invalid_rst: 0
- Added: net.netfilter.nf_hooks_lwtunnel: 0
- Added: user.max_fanotify_groups: 128
- Added: user.max_fanotify_marks: 54813
- Added: vm.percpu_pagelist_high_fraction: 0
- Changed: fs.epoll.max_user_watches: 1666560 -> 1811300
- Changed: fs.file-max: 813432 -> 813248
- Changed: fs.inotify.max_user_watches: 8192 -> 51557
- Changed: fs.xfs.speculative_cow_prealloc_lifetime: 1800 -> 300
- Changed: kernel.threads-max: 63574 -> 63567
- Changed: net.ipv4.tcp_mem: 94173 125565 188346 -> 94164 125552 188328
- Changed: net.ipv4.udp_mem: 188346 251131 376692 -> 188328 251105 376656
- Changed: net.netfilter.nf_conntrack_buckets: 65536 -> 262144
- Changed: net.netfilter.nf_conntrack_expect_max: 1024 -> 4096
- Changed: user.max_cgroup_namespaces: 31787 -> 31783
- Changed: user.max_inotify_watches: 8192 -> 51557
- Changed: user.max_ipc_namespaces: 31787 -> 31783
- Changed: user.max_mnt_namespaces: 31787 -> 31783
- Changed: user.max_net_namespaces: 31787 -> 31783
- Changed: user.max_pid_namespaces: 31787 -> 31783
- Changed: user.max_time_namespaces: 31787 -> 31783
- Changed: user.max_user_namespaces: 31787 -> 31783
- Changed: user.max_uts_namespaces: 31787 -> 31783
- Deleted: vm.block_dump: 0
- Deleted: vm.percpu_pagelist_fraction: 0
cos-dev-101-16963-0-0
Date | Kernel | Docker | Containerd | Default GPU Driver |
Mar 16, 2022 | COS-5.10.105 | v20.10.12 | v1.6.1 | v470.82.01 |
Updated the Linux kernel to v5.10.105.
Added get_status
API in device policy manager.
Fixed a warning related to IPv4 parsing error in cloud-init.
Fixed an issue in systemd to consider primary network interface configured only after non-link-local IPv4 address is available.
Updated CIS Scanner to v1.1.4.2.
cos-dev-101-16941-0-0
Date | Kernel | Docker | Containerd | Default GPU Driver |
Mar 07, 2022 | COS-5.10.101 | v20.10.12 | v1.6.1 | v470.82.01 |
cos_extensions
and toolbox
utilities now fetch
container images from multi-region Artifact Registry.
Enabled disk_setup module in cloud-init.
Fixed CVE-2022-0847 in the Linux kernel.
Updated containerd to v1.6.1. This resolves CVE-2022-23648.
cos-dev-101-16928-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Feb 28, 2022 | COS-5.10.101 | v1.23.3 | v20.10.12 | v1.6.0 | v470.82.01 |
Fixed CVE-2021-45346 in dev-db/sqlite.
Updated app-editors/vim and app-editors/vim-core to v8.2.4328. This resolves CVE-2021-4187, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0392, CVE-2022-0368, CVE-2022-0393, CVE-2022-0361, CVE-2022-0359, CVE-2022-0413, CVE-2022-0408, CVE-2022-0407 and CVE-2022-0443.
Fixed segmentation fault in ebtables.
Updated stackdriver logging default config to support multiple time formats which fixed bug of dropped logs in some conditions.
Updated toolbox script to use nspawn share system environment variable.
Updated containerd to v1.6.0.
Updated cri-tools to v1.23.0.
Updated the Linux kernel to v5.10.101.
Added CLI to change cgroup versions.
Added CIS Scanner (app-admin/localtoast) v1.1.4.1.
Renamed cos-alphabet-compliance to cis-compliance. cis-compliance will only install scripts needed to make the VM Level 2 CIS compliant.
Added the support to export logs of the cis-level1, cis-level2 and cis-compliance-scanner systemd services via stackdriver logging.
Enabled CONFIG_BFQ_GROUP_IOSCHED kernel configuration.
Added command "cos-extensions list -- --gpu-installer" to show the default cos-gpu-installer.
Set NVMe IO timeout to 4294967295.
Fixed an issue in the Linux kernel where I/Os would sometimes fail on SEV-enabled machines due to a full swiotlb buffer.
Added xemu kernel module.
Added support for NFSv4 Kerberos authentication.
cos-dev-97-16882-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Feb 07, 2022 | COS-5.10.96 | v1.23.3 | v20.10.12 | v1.5.9 | v470.82.01 |
Updated app-admin/sosreport to v4.2.
Updated default gpu driver version to 470.82.01.
Added a workaround for configuring NTP sources through DHCP.
Upgraded runc to v1.1.0.
Updated the built-in kubectl/kubelet to 1.23.3.
Updated oslogin to v20220113.00.
Updated docker-cli to v20.10.12.
Updated docker to v20.10.12.
Updated the Linux kernel to v5.10.96.
Fixed an issue related to shim exiting during system shutdown.
Enabled XDP support.
Added dev-libs/userspace-rcu package.
Upgraded sys-fs/e2fsprogs to v1.46.4.
Upgraded sys-libs/e2fsprogs-libs to v1.46.4.
Upgraded sys-fs/xfsprogs to v5.14.2.
Auto-updates will now only occur within a single milestone. Upgrading your VMs to a new COS milestone will now require you to recreate your VMs.
Added SEV live migration support to the Linux kernel.
Fixed a bug that created excessive warning logs on missing attrs.tag from container logs.
Enabled IBLOCK and FILEIO iSCSI backing stores in the Linux kernel.
cos-dev-97-16853-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jan 31, 2022 | COS-5.10.93 | v1.22.4 | v20.10.6 | v1.5.9 | v450.119.04 |
Updated Linux Audit (sys-process/audit) to v3.0.6.
Updated sys-apps/shadow to v4.11.1.
Upgraded Google OS Config Agent(aka VMManager) to v20220107.00.
Updated the Linux kernel to v5.10.93.
Updated cos-gpu-installer-v2 to v2.0.17 in cos-extensions. Refined error message for installing latest driver. Preinstalled dependencies are now detected separately.
Changed default file permissions used by stackdriver logging agent to not be world readable.
Updated containerd to v1.5.9. This resolves CVE-2021-43816.
cos-dev-97-16843-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jan 19, 2022 | COS-5.10.92 | v1.22.4 | v20.10.6 | v1.5.8 | v450.119.04 |
Updated UEFI shim to v15.4.
Updated the makedumpfile package to v1.7.0.
Updated the stackdriver logging agent to v1.9.4.
Updated the default toolbox container to v20211027.
Upgraded app-admin/google-guest-agent to v20220104.00.
Updated the Linux kernel to v5.10.92.
Fixed an issue where IPv6 address allocation sometimes fails in systemd.
Update vim and vim-core to v8.2.3950. This resolves CVE-2021-4193, CVE-2021-4192, CVE-2021-4173, CVE-2021-4166, and CVE-2021-4136.
Fixed a privilege escalation vulnerability in fs_context in the Linux kernel. This resolves CVE-2022-0185.
Runtime sysctl changes:
- Changed: net.ipv6.conf.all.forwarding: 1 -> 0
- Changed: net.ipv6.conf.default.forwarding: 1 -> 0
- Changed: net.ipv6.conf.docker0.forwarding: 1 -> 0
- Changed: net.ipv6.conf.eth0.forwarding: 1 -> 0
- Changed: net.ipv6.conf.lo.forwarding: 1 -> 0
cos-dev-97-16832-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jan 11, 2022 | COS-5.10.90 | v1.22.4 | v20.10.6 | v1.5.8 | v450.119.04 |
Upgraded app-emulation/runc to v1.0.3. This resolves CVE-2021-43784.
Fixed CVE-2021-41190 in app-emulation/docker.
Updated vim and vim-core to v8.2.3741. This resolves CVE-2021-3973, CVE-2021-3968, CVE-2021-4069, CVE-2021-4019, CVE-2021-3984 and CVE-2021-3974.
Upgraded dev-libs/nspr to v3.42. This resolves CVE-2021-43527.
Upgraded dev-libs/nss to v3.73. This resolves CVE-2021-43527.
Upgraded app-crypt/nss to v3.73. This resolves CVE-2021-43527.
Fixed CVE-2021-4155 in the Linux kernel.
Disabled VDSO on ARM by default.
Added support for consistent device naming for NVMe disks.
Fixed access to private toolbox images hosted on GCR.
Fixed resolv.conf in toolbox.
Added Google Guest Configs.
Added lsof package.
Updated cloud-init to v21.4.
Updated netplan to v0.103.
Updated net-misc/prips to v1.2.0.
Updated google-guest-agent to v20211011.00.
Updated systemd to v249.6.
Updated the Linux kernel to v5.10.90.
Updated docker-credential-gcr to v2.1.0.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1667850 -> 1666560
- Changed: fs.file-max: 814061 -> 813432
- Changed: kernel.bootloader_type: 114 -> 6
- Changed: kernel.bootloader_version: 2 -> 38
- Changed: kernel.core_pattern: |/sbin/crash_reporter --user=%P:%s:%u:%g:%f -> |/bin/false
- Changed: kernel.core_pipe_limit: 4 -> 0
- Changed: kernel.threads-max: 63623 -> 63574
- Changed: net.ipv4.conf.all.log_martians: 0 -> 1
- Changed: net.ipv4.conf.default.log_martians: 0 -> 1
- Changed: net.ipv4.conf.docker0.log_martians: 0 -> 1
- Changed: net.ipv4.conf.eth0.log_martians: 0 -> 1
- Changed: net.ipv4.tcp_mem: 94245 125663 188490 -> 94173 125565 188346
- Changed: net.ipv4.udp_mem: 188493 251327 376986 -> 188346 251131 376692
- Changed: user.max_cgroup_namespaces: 31811 -> 31787
- Changed: user.max_ipc_namespaces: 31811 -> 31787
- Changed: user.max_mnt_namespaces: 31811 -> 31787
- Changed: user.max_net_namespaces: 31811 -> 31787
- Changed: user.max_pid_namespaces: 31811 -> 31787
- Changed: user.max_time_namespaces: 31811 -> 31787
- Changed: user.max_user_namespaces: 31811 -> 31787
- Changed: user.max_uts_namespaces: 31811 -> 31787
cos-dev-97-16778-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Dec 01, 2021 | COS-5.10.81 | v1.22.4 | v20.10.6 | v1.5.8 | v450.119.04 |
Upgraded the built-in Kubelet to v1.22.4.
Updated ChromeOS base to ChromeOS version 14283.0.0.
Updated the Linux kernel to v5.10.81.
Enabled cgroup v2.
Enabled ipv4 and ipv6 in sshd.
Updated containerd to v1.5.8. This resolves CVE-2021-41190 in containerd.
Fixed CVE-2021-35942 and CVE-2021-38604 in glibc.
Updated openssl to 1.1.1l. This resolves CVE-2021-3711 and CVE-2021-3712.
Fixed CVE-2020-12403 in nss.
Fixed CVE-2021-41617 in openssh.
Fixed CVE-2020-14387 in rsync.
Upgraded dev-libs/libgcrypt to v1.9.4. This resolves CVE-2021-40528.
Updated vim and vim-core to v8.2.3582. This resolves CVE-2021-3928, CVE-2021-3927, CVE-2021-3872, CVE-2021-3903, and CVE-2021-3875.
cos-dev-97-16748-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Nov 08, 2021 | COS-5.10.77 | v1.21.3 | v20.10.6 | v1.5.7 | v450.119.04 |
Updated the Linux kernel to v5.10.77.
Enabled virtual console.
Enabled cos-extensions to fetch artifacts with geo-redundancy when installing GPU driver.
Upgraded openssl to v1.1.1l. This fixes CVE-2021-3711.
Upgraded app-arch/libarchive to v3.5.2. This fixes CVE-2021-36976.
Runtime sysctl changes:
- Added: dev.cdrom.autoclose: 1
- Added: dev.cdrom.autoeject: 0
- Added: dev.cdrom.check_media: 0
- Added: dev.cdrom.debug: 0
- Added: dev.cdrom.lock: 1
- Changed: fs.epoll.max_user_watches: 1667911 -> 1667891
- Changed: fs.file-max: 814101 -> 814087
- Changed: net.ipv4.tcp_mem: 94251 125668 188502 -> 94248 125667 188496
- Changed: net.ipv4.udp_mem: 188502 251336 377004 -> 188499 251335 376998
cos-dev-97-16723-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Oct 18, 2021 | COS-5.10.72 | v1.21.3 | v20.10.6 | v1.5.7 | v450.119.04 |
Updated the Linux kernel to v5.10.72.
Upgraded net-dns/c-ares to v1.17.2.
Add LZ4 compression support in kernel.
Upgraded net-misc/curl to v7.79.1. This resolves CVE-2021-22945.
Fixed CVE-2021-39537 in sys-libs/ncurses.
cos-dev-97-16714-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Oct 11, 2021 | COS-5.10.71 | v1.21.3 | v20.10.6 | v1.5.7 | v450.119.04 |
Updated the Linux kernel to v5.10.71.
Enable ipip and fou kernel modules.
Added crictl commands to sosreport.
Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.
Updated containerd to 1.5.7. This resolves CVE-2021-41103.
Updated vim to version 8.2.3428. This resolves CVE-2021-3796, CVE-2021-3778, and CVE-2021-3770.
cos-dev-97-16699-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Oct 04, 2021 | COS-5.10.69 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Updated the Linux kernel to v5.10.69.
cos-dev-97-16695-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Sep 27, 2021 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Updated node-problem-detector to v0.8.10.
Updated the Linux kernel to v5.10.68.
Made XFRM statistics available at /proc/net/xfrm_stat.
Created kernel config file under /boot directory.
Fixed CVE-2020-12403 in dev-libs/nss.
Updated glib, glib-utils and gdbus-codegen to v2.68.3. This resolves CVE-2021-28153.
cos-dev-97-16687-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Sep 20, 2021 | COS-5.10.65 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Updated the Linux kernel to v5.10.65.
Updated app-emulation/containerd to v1.5.4. This resolves CVE-2021-32760.
cos-dev-97-16678-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Sep 13, 2021 | COS-5.10.62 | v1.21.3 | v20.10.6 | v1.5.3 | v450.119.04 |
Updated the Linux kernel to v5.10.62.
cos-dev-97-16669-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Sep 07, 2021 | COS-5.10.61 | v1.21.3 | v20.10.6 | v1.5.3 | v450.119.04 |
Upgraded sys-libs/ncurses to v6.2. This resolves CVE-2019-17594 and CVE-2019-17595.
Upgraded net-misc/wget to v1.21.1. This resolves CVE-2021-31879.
Upgraded net-misc/curl to v7.78.0. This resolves CVE-2021-22924 and CVE-2021-22926.
Enabled configuring NTP server using cloud-init.
Updated the Linux kernel to v5.10.61.
Updated nanopb to v0.4.5 in KTD.
cos-dev-93-16594-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Aug 02, 2021 | COS-5.10.53 | v1.21.3 | v20.10.6 | v1.5.3 | v450.119.04 |
Updated the built-in kubectl/kubelet to v1.21.3.
Updated containerd to v1.5.3.
Updated sosreport to v4.1.
Updated chronyd to v4.1.
Updated containerd to v1.5.3.
Updated docker-credential-gcr to v2.0.5.
Updated docker-cli to v20.10.6.
Updated ChromeOS base to ChromeOS version 14056.0.0.
Updated the Linux kernel to v5.10.53.
Upgraded Linux Audit (sys-process/audit) to v3.0.2.
Upgraded openssl package to v1.1.1k to resolve CVEs CVE-2021-3449 and CVE-2021-3450.
Upgraded xfsprogs to version v5.10.
Upgraded dev-util/gdbus-codegen to version 2.66.7 on x86.
Upgraded dev-libs/glib and dev-util/glib-utils to v2.66.7.
Removed toolbox's dependency on docker command.
Added sys-block/open-iscsi package.
Renamed 99-virtio.network to 99-default.network to include gve driver support.
Enabled IPV6 configuration by default. This does not disable IPV4 configuration. In addition, fixed an issue where enabling both IPv6 and IPv4 configuration on IPv4-exclusive networks resulted in slow boot times.
Fixed CVE-2021-33910 in sys-apps/systemd.
cos-dev-93-16546-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jul 12, 2021 | COS-5.10.48 | v1.20.5 | v20.10.6 | v1.4.4 | v450.119.04 |
Updated the stackdriver logging agent to v1.8.9.
Updated runc to v1.0.0.
Upgraded cos-gpu-installer-v2 to v2.0.6 in cos-extensions. Users can now specify --version=latest when installing GPU drivers.
Updated app-emulation/docker-proxy to v0.8.0_p20210525.
Updated the Linux kernel to v5.10.48.
Enabled CONFIG_MEMORY_FAILURE and CONFIG_X86_MCE in the Linux kernel.
Upgraded libgcrypt to v1.9.3. This fixes CVE-2021-33560.
Added support for ext4 journal checkpointing in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1668341 -> 1667911
- Changed: fs.file-max: 814308 -> 814100
- Changed: kernel.threads-max: 63641 -> 63625
- Changed: net.ipv4.tcp_mem: 94275 125700 188550 -> 94251 125668 188502
- Changed: net.ipv4.udp_mem: 188550 251401 377100 -> 188502 251336 377004
- Changed: user.max_cgroup_namespaces: 31820 -> 31812
- Changed: user.max_ipc_namespaces: 31820 -> 31812
- Changed: user.max_mnt_namespaces: 31820 -> 31812
- Changed: user.max_net_namespaces: 31820 -> 31812
- Changed: user.max_pid_namespaces: 31820 -> 31812
- Changed: user.max_time_namespaces: 31820 -> 31812
- Changed: user.max_user_namespaces: 31820 -> 31812
- Changed: user.max_uts_namespaces: 31820 -> 31812
cos-dev-93-16511-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jun 28, 2021 | COS-5.10.44 | v1.20.5 | v20.10.6 | v1.4.4 | v450.119.04 |
Updated app-emulation/docker-credential-helpers to v0.6.4.
cos-dev-93-16509-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jun 21, 2021 | COS-5.10.44 | v1.20.5 | v20.10.6 | v1.4.4 | v450.119.04 |
Updated the Linux kernel to v5.10.44.
Set kernel config flag to enable dump capture kernel for ARM64.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1668321 -> 1668341
- Changed: fs.file-max: 814309 -> 814308
cos-dev-93-16482-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jun 09, 2021 | COS-5.10.42 | v1.20.5 | v20.10.6 | v1.4.4 | v450.119.04 |
Updated runc to v1.0.0_rc95. This resolves CVE-2021-30465.
Upgraded Google OS Config Agent (VMManager) to version 20210607.00.
Upgraded cloud-init to v21.2.
Upgraded the Linux kernel to v5.10.42.
Stackdriver logs now record Docker container names by default.
As a result of the kernel upgrade, the following sysctl changes occurred:
- Added: kernel.hung_task_all_cpu_backtrace: 0
- Added: kernel.oops_all_cpu_backtrace: 0
- Added: kernel.sched_deadline_period_max_us: 4194304
- Added: kernel.sched_deadline_period_min_us: 100
- Added: net.ipv4.ip_autobind_reuse: 0
- Added: net.ipv4.nexthop_compat_mode: 1
- Added: net.ipv4.tcp_comp_sack_slack_ns: 100000
- Added: net.ipv4.tcp_no_ssthresh_metrics_save: 1
- Added: net.ipv4.tcp_reflect_tos: 0
- Added: net.ipv6.conf.all.rpl_seg_enabled: 0
- Added: net.ipv6.conf.default.rpl_seg_enabled: 0
- Added: net.ipv6.conf.docker0.rpl_seg_enabled: 0
- Added: net.ipv6.conf.eth0.rpl_seg_enabled: 0
- Added: net.ipv6.conf.lo.rpl_seg_enabled: 0
- Added: user.max_time_namespaces: 31820
- Added: vm.compaction_proactiveness: 20
- Added: vm.page_lock_unfairness: 5
- Changed: fs.epoll.max_user_watches: 1668751 -> 1668321
- Changed: fs.file-max: 814576 -> 814309
- Changed: kernel.cap_last_cap: 37 -> 40
- Changed: kernel.threads-max: 63658 -> 63641
- Changed: kernel.usermodehelper.bset: 4294967295 63 -> 4294967295 511
- Changed: kernel.usermodehelper.inheritable: 4294967295 63 -> 4294967295 511
- Changed: net.core.bpf_jit_kallsyms: 0 -> 1
- Changed: net.ipv4.tcp_mem: 94299 125733 188598 -> 94275 125700 188550
- Changed: net.ipv4.udp_mem: 188598 251466 377196 -> 188550 251401 377100
- Changed: user.max_cgroup_namespaces: 31829 -> 31820
- Changed: user.max_ipc_namespaces: 31829 -> 31820
- Changed: user.max_mnt_namespaces: 31829 -> 31820
- Changed: user.max_net_namespaces: 31829 -> 31820
- Changed: user.max_pid_namespaces: 31829 -> 31820
- Changed: user.max_user_namespaces: 31829 -> 31820
- Changed: user.max_uts_namespaces: 31829 -> 31820
- Deleted: kernel.random.read_wakeup_threshold: 64
cos-dev-93-16442-0-0
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jun 01, 2021 | COS-5.4.120 | v1.20.5 | v20.10.6 | v1.4.4 | v450.119.04 |
Fixed CPU usage for workloads with heavy page cache usage.
Fixed 32 x truesize under-estimation for tiny skbs in the Linux kernel.
Fixed CVE-2021-3537 in libxml2.
Automatically mount OEM partition if it is sealed.
Upgraded the default GPU drver version to 450.119.04.
Upgraded Google OS Config Agent to v20210506.00.
Updated docker to v20.10.6.
Updated the Linux kernel to v5.4.120.
Updated makedumpfile package to v1.6.9.
cos-dev-93-16379-0-0
Date | Kernel | Kubernetes | Docker | Containerd |
May 03, 2021 | COS-5.4.114 | v1.20.5 | v20.10.3 | v1.4.4 |
Updated the Linux kernel to v5.4.114.
Updated sshd.service to not drop active ssh sessions when sshd is restarted.
Updated google-guest-agent to v20210408.00.
Fixed CVE-2020-24977 in libxml2.
cos-dev-93-16351-0-0
Date | Kernel | Kubernetes | Docker | Containerd |
Apr 22, 2021 | COS-5.4.113 | v1.20.5 | v20.10.3 | v1.4.4 |
Updated the Linux kernel to v5.4.113.
Upgraded dev-vcs/git to version 2.31.0. This resolves CVE-2021-21300.
Fixed an out-of-bounds write issue in the Linux kernel.
cos-dev-93-16340-0-0
Date | Kernel | Kubernetes | Docker | Containerd |
Apr 19, 2021 | COS-5.4.112 | v1.20.5 | v20.10.3 | v1.4.4 |
Updated the Linux kernel to v5.4.112.
Updated kubernetes to v1.20.5.
Upgrade tar to 1.34.
Enable ip6table_nat as module.
cos-dev-93-16331-0-0
Date | Kernel | Kubernetes | Docker | Containerd |
Apr 12, 2021 | COS-5.4.110 | v1.20.2 | v20.10.3 | v1.4.4 |
Updated the Linux kernel to v5.4.110.
Upgraded dev-db/sqlite to version 3.34.1. This resolves CVE-2021-20227.
Upgraded Google OS Config Agent to version 20210331.00.
Updated containerd to version 1.4.4.
Configured google-guest-agent to use usermod instead of gpasswd to add users to groups. This fixes an issue where users created through cloud-init sometimes were not added to the appropriate groups.
Enabled CONFIG_IP6_NF_MANGLE to allow ip6table_mangle kernel module.
cos-dev-93-16303-0-0
Date | Kernel | Kubernetes | Docker |
Apr 05, 2021 | COS-5.4.108 | v1.20.2 | v20.10.3 |
Updated openssl to 1.1.1k to resolve CVE-2021-3449 and CVE-2021-3450.
Enabled CONFIG_TLS and CONFIG_TLS_DEVICE in the kernel to support kTLS.
cos-dev-93-16295-0-0
Date | Kernel | Kubernetes | Docker |
Mar 29, 2021 | COS-5.4.108 | v1.20.2 | v20.10.3 |
Upgraded OpenSSH to v8.5_p1. This resolved CVE-2021-28041.
Updated docker-credential-gcr to v2.0.4.
Updated the Linux kernel to v5.4.108.
Fixed an issue in google-guest-agent where the GID of a user's home directory referred to a different user after a reboot.
Enabled CONFIG_TLS in the kernel to support OpenSSL3.0.
cos-dev-93-16259-0-0
Date | Kernel | Kubernetes | Docker |
Mar 22, 2021 | COS-5.4.104 | v1.20.2 | v20.10.3 |
Updated cos-gpu-installer to v2.0.5 in cos-extensions.
Upgrade e2fsprogs to version 1.46.2
Updated the Linux kernel to upstream/v5.4.104.
cos-dev-93-16240-0-0
Date | Kernel | Kubernetes | Docker |
Mar 15, 2021 | COS-5.4.102 | v1.20.2 | v20.10.3 |
Updated the Linux kernel to v5.4.102.
cos-dev-93-16234-0-0
Date | Kernel | Kubernetes | Docker |
Mar 08, 2021 | COS-5.4.101 | v1.20.2 | v20.10.3 |
Revert "Stackdriver logs now record Docker container names by default" due to an incompatibility with Kubernetes.
Upgraded sys-auth/pambase to version 20201103.
Upgraded sys-libs/pam to version 1.5.1.
Upgraded sys-auth/passwdqc to version 1.4.0.
Updated the Linux kernel to upstream/v5.4.101.
Updated Docker to 20.10.3.
Updated chronyd to run as the chrony user instead of the root user.
Updated openssl to version 1.1.1j. This resolves CVE-2021-23840 and CVE-2021-23841.
cos-dev-93-16207-0-0
Date | Kernel | Kubernetes | Docker |
Mar 01, 2021 | COS-5.4.100 | v1.20.2 | v20.10.2 |
Upgraded libgcrypt to v1.9.1. This addresses CVE-2021-3345.
Upgraded dev-python/jinja to v2.11.3. This addresses CVE-2020-28493.
Updated glib to v2.66.7. This addresses CVE-2021-27218 and CVE-2021-27219.
Updated the Linux kernel to v5.4.100.
Updated cos-gpu-installer to v2.0.4 in cos-extensions.
Fixed warning in docker when homedir not present.
Added support for multiple architectures in toolbox.
cos-dev-93-16173-0-0
Date | Kernel | Kubernetes | Docker |
Feb 22, 2021 | COS-5.4.98 | v1.20.2 | v20.10.2 |
Fixed a kernel crash due to fast commit changes.
Updated the Linux kernel to upstream/v5.4.98.
cos-dev-93-16136-0-0
Date | Kernel | Kubernetes | Docker |
Feb 08, 2021 | COS-5.4.95 | v1.20.2 | v20.10.2 |
Remove read/write/execute permissions of group and other user accounts for systemd timer files.
Upgraded e2fsprogs to version 1.46.0.
Upgraded sys-libs/e2fsprogs-libs-1.46.0.
Downgraded Google OS Config Agent to v20201229.01.
Updated the Linux kernel to v5.4.95.
Added package net-fs/cifs-utils v6.11.