Release Notes: Milestone 89

Current Status

Image Family cos-89-lts
Deprecated After Mar 31, 2023
Kernel COS-5.4.104
Kubernetes v1.20.2
Docker v20.10.3

Changelog

cos-89-16108-403-15 (vs Milestone 85)

Date: Apr 07, 2021

New features

  • Added support for experimental EXT4 fast commit.
  • Added support for CIFS.
  • Added support for detecting dockerhung, corruptdockeroverlays, docker start-up failures and hung-tasks in node-problem-detector.
  • Added support for geneve virtual interfaces.
  • Added futex support for gVisor.
  • Added cri-tools package.
  • Added cifs-utils package.
  • Made node-problem-detector the default monitoring agent.
  • Denied login to users that do not have 2-step verification setup when oslogin and oslogin-2fa are enabled.
  • Included no_ssh.sh script in /usr/share/google/no_ssh.sh for disabling SSH via guest policy.
  • Added compile time dependencies to cos-package-info.json.
  • Removed read/write/execute permissions of group and other user accounts for systemd timer files.

Driver and package updates

  • Upgraded Docker to v20.10.3.
  • Upgraded Docker-cli to v20.10.3.
  • Upgraded the built-in kubectl/kubelet to v1.20.2.
  • Upgraded google-guest-agent to v20201102.00.
  • Upgraded libcrypt to libcrypt-1.
  • Upgraded e2fsprogs to v1.46.2.
  • Upgraded e2fsprogs-libs to v1.46.2.
  • Upgraded dev-python/jinja to v2.11.3.
  • Upgraded cloud-init to v20.1.
  • Upgraded stackdriver logging agent to v1.8.4.
  • Upgraded sosreport to v4.0.
  • Upgraded default GPU driver version to 450.80.02.
  • Updated Google OS Config Agent to v20210331.00.
  • Updated openssl to v1.1.1j.
  • Updated glib and glib-util to v2.66.7.
  • Updated runc to v1.0.0_rc92.
  • Updated docker-proxy to v0.8.0_p20201215.
  • Updated OpenSSH to v8.3_p1.
  • Updated oslogin to v20201216.00.
  • Updated shadow to v4.8.1.
  • Updated apparmor to v2.13.5.
  • Updated iptables to v1.8.5.
  • Updated audit to v2.8.5.
  • Updated node-problem-detector to v0.8.6.
  • Updated toolbox to v20201104-00.
  • Updated tini to v0.19.0.
  • Updated systemd to systemd-stable v239.
  • Updated docker-credential-gcr to v2.0.4.

CVE Fixes

  • Fixed CVE-2019-5815 in libxslt.
  • Fixed CVE-2019-19956 in libxml2.
  • Fixed CVE-2021-3347 in the Linux Kernel.
  • Fixed CVE-2021-23840 and CVE-2021-23841 in openssl.
  • Fixed CVE-2021-27218 and CVE-2021-27219 in glib and glib-util.

Bug fixes

  • Fixed warning in docker when homedir is not present.

Deprecated

  • Deprecated stackdriver monitoring.