cos-97-16919-29-40
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jun 03, 2022 | COS-5.10.107 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Fixed the toolbox creation issue when service account is not available.
Fixed a bug in KTD LSM xattr handling.
cos-97-16919-29-36
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 25, 2022 | COS-5.10.107 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Fixed CVE-2022-1729 in the Linux Kernel.
cos-97-16919-29-34
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 23, 2022 | COS-5.10.107 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Fixed an issue that prevented large cloud-configs (~256KB) from working properly.
Upgraded openssl to v1.1.1o. This resolves CVE-2022-1292.
Upgraded dev-libs/libxml2 to v2.9.14. This resolves CVE-2022-29824.
Upgraded dev-libs/libxslt to v1.1.35. This resolves CVE-2022-29824.
Upgraded sys-libs/ncurses to v6.3_p20220423. This resolves CVE-2022-29458.
Fixed CVE-2022-1786, CVE-2022-28893 and CVE-2022-0494 in the Linux kernel.
cos-97-16919-29-21
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 25, 2022 | COS-5.10.107 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Made /var/lib/chrony owned by chrony user.
Fixed CVE-2022-29581 and CVE-2022-29582 in the Linux kernel.
cos-97-16919-29-16
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 18, 2022 | COS-5.10.107 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Make CIS-Scanner show results for passing benchmarks.
cos-97-16919-29-9
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 11, 2022 | COS-5.10.107 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated containerd to v1.6.2. This resolves CVE-2022-24769.
Upgraded dev-libs/libxml2 to v2.9.13-r1. This resolves CVE-2022-23308.
cos-97-16919-29-5
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 05, 2022 | COS-5.10.107 | v20.10.12 | v1.6.1 | v470.82.01(default) |
Increased number of vCPUs support from 256 to 512.
Fixed the issue where kubelet fails on startup by adding cgroup-driver=systemd flag to kubelet.
cos-97-16919-29-2
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 29, 2022 | COS-5.10.107 | v20.10.12 | v1.6.1 | v470.82.01(default) |
Updated app-admin/localtoast(cis_scanner) to v1.1.4.3.
Updated the Linux kernel to v5.10.107.
Added an option to cos-extensions for populating and resetting a cache of GPU driver dependencies.
Updated app-editors/vim and app-editors/vim-core to v8.2.4586. This resolves CVE-2022-0714, CVE-2022-0696, CVE-2022-0685, CVE-2022-0729, CVE-2022-0572 and CVE-2022-0629.
cos-beta-97-16919-0-22
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 25, 2022 | COS-5.10.101 | v20.10.12 | v1.6.1 | v470.82.01(default) |
Fixed CVE-2022-27666 in the Linux Kernel.
Upgraded openssl package to v1.1.1n to fix CVE-2022-0778.
cos-beta-97-16919-0-18
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 21, 2022 | COS-5.10.101 | v20.10.12 | v1.6.1 | v470.82.01(default) |
Updated google-guest-configs to v20220211.00.
Updated CIS Scanner to v1.1.4.3.
Fixed a warning related to IPv4 parsing error in cloud-init.
Fixed CVE-2021-22570 in libprotobuf.
cos-beta-97-16919-0-14
| Date | Kernel | Docker | Containerd | Default GPU Driver |
| Mar 16, 2022 | COS-5.10.101 | v20.10.12 | v1.6.1 | v470.82.01 |
Added get_status API in device policy manager.
Updated CIS Scanner to v1.1.4.2.
Fixed an issue in systemd to consider primary network interface configured only after non-link-local IPv4 address is available.
cos-beta-97-16919-0-8
| Date | Kernel | Docker | Containerd | Default GPU Driver |
| Mar 07, 2022 | COS-5.10.101 | v20.10.12 | v1.6.1 | v470.82.01 |
Enabled disk_setup module in cloud-init.
Fixed CVE-2022-0847 in the Linux kernel.
Updated containerd to v1.6.1. This resolves CVE-2022-23648.
cos-beta-97-16919-0-3 (vs Milestone 93)
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Feb 28, 2022 | COS-5.10.101 | v1.23.3 | v20.10.12 | v1.6.0 | v470.82.01 |
Enabled cgroup v2 and provided command-line interface to change cgroup versions.
Added CIS scanner (app-admin/localtoast) v1.1.4.1.
Renamed cos-alphabet-compliance to cis-compliance. cis-compliance will only install scripts needed to make the VM Level 2 CIS compliant.
Added the support to export logs of the cis-level1, cis-level2 and cis-compliance-scanner systemd services via stackdriver logging.
Added command "cos-extensions list -- --gpu-installer" to show the default cos-gpu-installer.
Enabled CONFIG_BFQ_GROUP_IOSCHED kernel configuration.
Set NVMe IO timeout to 4294967295
Fixed an issue in the Linux Kernel where I/Os would sometimes fail on SEV-enabled machines due to a full swiotlb buffer.
Fixed an issue related to shim exiting during system shutdown.
Enabled XDP support in the Linux Kernel.
Add LZ4 compression support in kernel.
Enable ipip and fou kernel modules.
Made XFRM statistics available at /proc/net/xfrm_stat.
Added SEV live migration support to the Linux kernel.
Added dev-libs/userspace-rcu package.
Auto-updates will now only occur within a single milestone. Upgrading your VMs to a new COS milestone will now require you to recreate your VMs.
Added Google Guest Configs package.
Added lsof package.
Enabled virtual console.
Enabled configuring NTP server using cloud-init.
Added support for NFSv4 Kerberos authentication.
Enabled IBLOCK and FILEIO iSCSI backing stores in the Linux kernel.
Disabled VDSO on ARM by default.
Enabled ipv4 and ipv6 in sshd.
Updated containerd to v1.6.0.
Updated the Linux kernel to v5.10.101.
Upgraded sys-fs/e2fsprogs to v1.46.4.
Upgraded sys-libs/e2fsprogs-libs to v1.46.4.
Upgraded sys-fs/xfsprogs to v5.14.2.
Updated app-admin/sosreport to v4.2.
Upgraded runc to v1.1.0.
Updated the built-in kubectl/kubelet to v1.23.3.
Updated oslogin to v20220113.00.
Updated docker-cli to v20.10.12.
Updated docker to v20.10.12.
Updated Linux Audit (sys-process/audit) to v3.0.6.
Updated sys-apps/shadow to v4.11.1.
Upgraded Google OS Config Agent(aka VMManager) to v20220107.00.
Updated UEFI shim to v15.4.
Updated the makedumpfile package to v1.7.0.
Updated the stackdriver logging agent to v1.9.4.
Updated the default toolbox container to v20211027.
Upgraded app-admin/google-guest-agent to v20220104.00.
Updated cloud-init to v21.4.
Updated systemd to v249.6.
Updated docker-credential-gcr to v2.1.0.
Updated ChromeOS base to ChromeOS version 14283.0.0.
Upgraded net-dns/c-ares to v1.17.2.
Updated node-problem-detector to v0.8.10.
Updated nanopb to v0.4.5 in KTD.
Runtime sysctl changes:
- Changed: net.ipv6.conf.all.forwarding: 1 -> 0
- Changed: net.ipv6.conf.default.forwarding: 1 -> 0
- Changed: net.ipv6.conf.docker0.forwarding: 1 -> 0
- Changed: net.ipv6.conf.eth0.forwarding: 1 -> 0
- Changed: net.ipv6.conf.lo.forwarding: 1 -> 0
- Changed: kernel.bootloader_type: 114 -> 6
- Changed: kernel.bootloader_version: 2 -> 38
- Changed: kernel.core_pattern: |/sbin/crash_reporter --user=%P:%s:%u:%g:%f -> |/bin/false
- Changed: kernel.core_pipe_limit: 4 -> 0
- Changed: kernel.threads-max: 63623 -> 63574
- Changed: net.ipv4.conf.all.log_martians: 0 -> 1
- Changed: net.ipv4.conf.default.log_martians: 0 -> 1
- Changed: net.ipv4.conf.docker0.log_martians: 0 -> 1
- Changed: net.ipv4.conf.eth0.log_martians: 0 -> 1
- Changed: user.max_cgroup_namespaces: 31811 -> 31787
- Changed: user.max_ipc_namespaces: 31811 -> 31787
- Changed: user.max_mnt_namespaces: 31811 -> 31787
- Changed: user.max_net_namespaces: 31811 -> 31787
- Changed: user.max_pid_namespaces: 31811 -> 31787
- Changed: user.max_time_namespaces: 31811 -> 31787
- Changed: user.max_user_namespaces: 31811 -> 31787
- Changed: user.max_uts_namespaces: 31811 -> 31787
- Added: dev.cdrom.autoclose: 1
- Added: dev.cdrom.autoeject: 0
- Added: dev.cdrom.check_media: 0
- Added: dev.cdrom.debug: 0
- Added: dev.cdrom.lock: 1
- Changed: fs.epoll.max_user_watches: 1667911 -> 1667891
- Changed: fs.file-max: 814101 -> 814087
- Changed: net.ipv4.tcp_mem: 94251 125668 188502 -> 94248 125667 188496
- Changed: net.ipv4.udp_mem: 188502 251336 377004 -> 188499 251335 376998
Fixed segmentation fault in ebtables.
Modified stackdriver logging default config to support multiple time formats which fixed bug of dropped logs in some conditions.
Updated toolbox script to use nspawn share system env var.
update cri-tools to v1.23.0.
Fixed a bug that created excessive warning logs on missing attrs.tag from container logs.
Updated cos-gpu-installer-v2 to v2.0.17 in cos-extensions.
Changed default file permissions used by stackdriver logging agent to not be world readable.
Fixed CVE-2021-35942 and CVE-2021-38604 in glibc.