|Deprecated After||Jan 11, 2021|
cos-77-12371-1109-0Date: Jan 11, 2021
- Fixed CVE-2020-29660 in the Linux kernel.
- Fixed CVE-2020-29661 in the Linux kernel.
cos-77-12371-1105-0Date: Dec 02, 2020
- Fixed CVE-2020-15257 in containerd.
cos-77-12371-1096-0Date: Oct 26, 2020
- Fixed CVE-2020-14356.
cos-77-12371-1088-0Date: Oct 12, 2020
- Added PPP loadable modules back, which were removed in cos-77-12371-1072-0.
- Moved Docker's "registry-mirrors" configuration to the dockerd command line to address Kubernetes cluster provisioning errors.
cos-77-12371-1086-0Date: Oct 08, 2020
- Moved the configuration of Docker's "registry-mirrors" option from the dockerd command line to /etc/docker/daemon.json. This should allow users to configure a custom registry mirror, which can be useful when responding to recent Docker Hub free tier changes.
- Fixed CVE-2020-15157 in containerd.
cos-77-12371-1079-0Date: Sep 05, 2020
- Fixed Linux kernel vulnerability CVE-2020-14386 by fixing an integer overflow issue in tpacket_rcv.
cos-77-12371-1073-0Date: Aug 21, 2020
- Enabled utmp in systemd to allow creation of utmp files.
cos-77-12371-1072-0Date: Aug 10, 2020
- Disabled CONFIG_PPP to mitigate Linux Kernel CVE-2020-14416.
- Fixed CVE-2020-15705 in grub.
cos-77-12371-1064-0Date: July 30, 2020
- Removed the metrics daemon to address an issue where it would periodically cause CPU usage spikes in some cases.
cos-77-12371-326-0Date: July 13, 2020
- Added rsync back into the image, which was removed in cos-dev-77-12293-0-0.
- Mount /var/lib/containerd with exec option.
- Moved Kernel source to cos.googlesource.com.
- Fixed CVE-2019-9169.
cos-77-12371-296-0Date: June 16, 2020
- Updated toolbox base container image to include security patches.
cos-77-12371-274-0Date: May 26, 2020
- Fixed a few OS Login CVEs: CVE-2020-8903, CVE-2020-8907, CVE-2020-8933.
cos-77-12371-273-0Date: May 21, 2020
- Fixed a Stackdriver Monitoring agent bug where not all mounted disk partitions has their usage reported.
cos-77-12371-251-0Date: Apr 29, 2020
- Fixed a kernel bug where eBPF programs can cause softlockups.
cos-77-12371-233-0Date: Apr 29, 2020
- Disabled `accept_ra` on all interfaces by default.
cos-77-12371-227-0Date: Apr 05, 2020
- Upgraded the Linux kernel to v4.19.112.
- Backported systemd patch ba0d56f55 to address an issue that resulted in leaked mount units.
cos-77-12371-208-0Date: Mar 17, 2020
- Enabled NETFILTER_XT_MATCH_SOCKET.
- Fixed a bug where DHCP is not started after link flaps.
- Removed size limit on /etc/ to fix cluster creation failure because of large number of addons.
- Upgraded the Linux kernel to v4.19.109.
cos-77-12371-183-0Date: Feb 21, 2020
- Upgraded the Linux kernel to v4.19.104.
- Fixed TCP empty skb at the tail of the write queue bug in kernel.
cos-77-12371-175-0Date: Feb 12, 2020
- Enabled some QoS and Fair Queuing options in the Linux kernel.
- Upgraded the Linux kernel to v4.19.102.
- Upgraded runc to 1.0.0-rc10. This resolves CVE-2019-19921.
cos-77-12371-141-0Date: Jan 07, 2020
- Backported fix for Linux kernel CVE-2019-19072.
- Fixed CFS quota throttling issue.
- Upgraded the Linux kernel to v4.19.91.
cos-77-12371-114-0Date: Oct 31, 2019
- Increased sysctl net.ipv4.tcp_limit_output_bytes to 1048576.
- Fixed the problem of spawning 8 runc state process for every exec on containerd. This was leading to high cpu utilization.
- Fixed the unnecessary creation of two separate test slices (resulting in 4 systemd log messages total + runtime overhead) for every runc execution.
- Fixed an issue in runc that resulted in unnecessary CPU consumption. Upgraded the Linux kernel to v4.19.80.
- Fixed a performance regression in completely fair scheduler (CFS).
cos-77-12371-89-0Date: Oct 9, 2019
- Upgraded the Linux kernel to 4.19.76.
- Backported a kernel patch to ensure the cfs cgroup quota/period ratio always stays the same. This addresses a Kubernetes issue where the pod cgroup could be changed into an inconsistent state.
- Backported a kernel patch to fix performance regression in wbt scale_up/scale_down.
cos-77-12371-76-0 (vs Milestone 73)Date: Sep 27, 2019
- Enabled Shielded VM by default. Secure boot is not enabled by default.
- Enabled cgroup v2 hybrid mode in systemd.
- Added support for the virtio balloon driver.
- Added the node-problem-detector package.
- Added the conntrack-tools package.
- Added the xfsprogs package.
- Upgraded systemd to version 239.
- Upgraded the Linux kernel to version 4.19.
- Upgraded Docker to version 19.03.
- Upgraded Kubelet to version 1.15.
- Upgraded the compute-image-packages to version 20190304.
- Upgraded openssl to version 1.0.2r.
- Upgraded openssh to version 7.9p1.
- Changed kernel compiler from gcc to clang.