Release Notes: Milestone 73

Current Status

Image Family cos-73-lts
Deprecated After Jun 19, 2020
Kernel 4.14.119+
Kubernetes v1.13.3
Docker v18.09.3



Date: Jun 17, 2019
  • Updated kernel to version v4.14.124.
  • Backported affinity change-set for napi-tx.


    Date: May 28, 2019
    • Upgraded curl to v7.64.1 to fix CVE-2018-16890.
    • Upgraded containerd to version 1.2.6.
    • Set OOM score to -999 for docker.service and containerd.service to enhance the reliability of core system daemons.
    • Add restart policy in containerd.service, and corrected docker.service's dependency on containerd.service to allow containerd to recover from crashes.
    • Backport affinity changes to support napi-tx in COS.
    • Cherry-picked upstream patch in kernel to fix a bug in lockd introduced by commit 01b79d20008d "lockd: Show pid of lockd for remote locks" in Linux kernel v4.14.105.
    • Rotated keys used by UEFI Secure Boot for signing and verifying the UEFI boot path.


    Date: May 16, 2019
    • Merged Linux Stable Kernel 'v4.14.119' for resolving Microarchitectural Data Sampling (MDS) vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091).
    • Mitigated a mount hang issue in the Linux kernel.


    Date: Apr 19, 2019
    • Set LimitNOFILE to 1048576 in containerd.service to fix an issue where the file descriptor limit was not being properly applied to containerd.


    Date: Apr 01, 2019
    • Included perf tool in the image.
    • Fixed a bug that dockerd may start containerd even if containerd.service exists.
    • Fixed an issue where Docker did not preserve the UIDs/GIDs of the init process on exec.

    cos-73-11647-112-0 (vs Milestone 69)

    Date: Mar 25, 2019

    New features

    • Added support for collecting kernel memory crash dumps.
    • Added support for RAID and LVM.
    • Added support for IPv6.
    • Added support for iscsi and multipath in the kernel.
    • Added support for kernel module signing.
    • Enabled auto updates on Shielded VMs that have never booted in secure boot mode. Auto update is still disabled on Shielded VMs that have previously booted in secure boot mode.
    • Disabled the CONFIG_DEVMEM configuration option in the kernel to restrict privileged access to system memory.
    • Added behavior for logging more debugging information to the serial console during boot.

    Bug fixes

    • Fixed an issue observed in Kubernetes liveness probes.
    • Configured docker.service to always restart Docker after 10 seconds.
    • Fixed an issue where a race condition between Docker and containerd resulted in a Docker live restore failure.
    • Increased fs.inotify.max_user_instances to 1024.
    • Configured containerd to run as a standalone systemd service.

    Package updates

    • Upgraded the built-in kubelet to v1.13.3.
    • Upgraded containerd to v1.2.5.
    • Upgraded openssl to 1.0.2q.
    • Upgraded Docker to 18.09.3.
    • Installed the pigz package for faster Docker image downloads.
    • Installed the keyutils package.
    • Installed the sosreport package.
    Оцените, насколько информация на этой странице была вам полезна:

    Оставить отзыв о...

    Текущей странице
    Container-Optimized OS