November 14, 2023 [GDCH 1.11.1]
Google Distributed Cloud air-gapped 1.11.1 is now available.
See the product overview to learn about the features of Google Distributed Cloud air-gapped.
The following container image security vulnerabilities are fixed:
Updated Canonical Ubuntu OS image version to 20231023 to apply the latest security patches and important updates. To take advantage of the bug and security vulnerability fixes, you must upgrade all nodes with each release. The following security vulnerabilities are fixed:
- CVE-2020-21047
- CVE-2020-22219
- CVE-2021-4001
- CVE-2022-3234
- CVE-2022-3256
- CVE-2022-3324
- CVE-2022-3352
- CVE-2022-3520
- CVE-2022-3591
- CVE-2022-3705
- CVE-2022-4292
- CVE-2022-4293
- CVE-2023-1206
- CVE-2023-1916
- CVE-2023-3212
- CVE-2023-3341
- CVE-2023-3863
- CVE-2023-4128
- CVE-2023-4156
- CVE-2023-4194
- CVE-2023-4504
- CVE-2023-4622
- CVE-2023-4623
- CVE-2023-4692
- CVE-2023-4693
- CVE-2023-4863
- CVE-2023-4881
- CVE-2023-4921
- CVE-2023-5217
- CVE-2023-20588
- CVE-2023-32360
- CVE-2023-34319
- CVE-2023-37920
- CVE-2023-38546
- CVE-2023-40283
- CVE-2023-42752
- CVE-2023-42753
- CVE-2023-42755
- CVE-2023-42756
- CVE-2023-42785
- CVE-2023-42786
- CVE-2023-42787
- CVE-2023-44488
Updated the gcr.io/distroless/base
base image to digest sha256:a17ac8990b4395aab186b9538ca04715d2a7408dfd2b6473ff7b16d098d0cb09
to apply the latest security patches and important updates.
Cluster:
- Updated the Go SDK version to 1.20.10.
The following security vulnerabilities are fixed:
Add-on Manager:
- The Google Distributed Cloud Virtual for Bare Metal version is updated to 1.16.2 to apply the latest security patches and important updates.
See Google Distributed Cloud Virtual for Bare Metal 1.16.2 release notes for details.
Authentication and authorization:
- The issue when infrastructure operator project roles are not deployed to system projects is fixed.
Cluster:
- The issue with system cluster health issue is fixed.
Firewall:
- The issue when platform administrators cannot find firewall logs in the monitoring dashboard is fixed.
- The issue with pulling images from the Harbor registry is fixed.
- The issue with the master key rotation failure is fixed.
- The issue when the TLS certificate is not installed is fixed.
- The role-based access control (RBAC) issue with the instance firewall policy reconciler is fixed.
Infrastructure as Code:
- The issue with Infrastructure as Code Manager HTTP call is fixed.
Monitoring:
- The issue with high CPU usage for
cortex
andcortex-tenant
is fixed.
Platform security:
- The issue with trust distribution when CSR is signed in a root admin cluster is fixed.
Node and operating system:
- The issue with customizing the message of the day banner also known as system use notification is fixed. See instructions for updating caption and message text and creating a
SubcomponentOverride
CR in Infrastructure as Code when performing an upgrade. - The issue with an org admin cluster node upgrade failing at preflight simulating execution is fixed.
- The issue with NodeUpgrade BIOS upgrade verification after power cycle is fixed.
User interface:
- The issue with displaying an entry point to testing pages is fixed.
Authentication and authorization:
- Unable to assign the predefined role
user-cluster-node-viewer
to a user.
Firewall:
- The firewall gdcloud commands for
mgmt-setup
andinstall
might fail.
- Org creation does not progress.
File and block storage:
- The system cluster might fail to install NetApp Trident.
Monitoring:
- Alerts in organization system clusters don't reach the ticketing system.
Node and operating system:
bm-system-machine-init
job fails for an org admin node.
Networking:
/opt/cni/bin/loopback
is corrupted.
Vertex AI:
- The Vertex AI monitoring dashboards don't display system metrics.
VM Backup and Restore:
- Role-based access control (RBAC) and schema settings in the VM manager is stopping users from starting VM backup and restore processes.