Kubernetes version 1.23 change log

This version is no longer supported. Update your cluster to a supported version as soon as possible.

Overview

Unless otherwise noted in the change logs, the IBM Cloud Kubernetes Service provider version enables Kubernetes APIs and features that are at beta. Kubernetes alpha features, which are subject to change, are disabled.

For more information about major, minor, and patch versions and preparation actions between minor versions, see Kubernetes versions.

Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect IBM Cloud Kubernetes Service. You can filter the results to view only Kubernetes Cluster security bulletins that are relevant to IBM Cloud Kubernetes Service. Change log entries that address other security vulnerabilities but don't also refer to an IBM security bulletin are for vulnerabilities that are not known to affect IBM Cloud Kubernetes Service in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.

Some change logs are for worker node fix packs, and apply only to worker nodes. You must apply these patches to ensure security compliance for your worker nodes. These worker node fix packs can be at a higher version than the master because some build fix packs are specific to worker nodes. Other change logs are for master fix packs, and apply only to the cluster master. Master fix packs might not be automatically applied. You can choose to apply them manually. For more information about patch types, see Update types.

Version 1.23 change log

Review the version 1.23 change log.

Change log for master fix pack 1.23.17_1576, released 27 April 2023

The following table shows the changes that are in the master fix pack 1.23.17_1576. Master patch updates are applied automatically.

Changes since version 1.23.17_1569
Component	Previous	Current	Description
Cluster health image	v1.3.17	v1.3.19	Updated `Go` to version `1.19.8` and updated dependencies.
Gateway-enabled cluster controller	2024	2106	Support Ubuntu 20 and update image to resolve CVEs.
GPU device plug-in	a873e90	fc4cf22	Updated `Go` to version `1.19.7`.
GPU installer	a873e90	28d80a0	Updated `Go` to version `1.19.8`.
IBM Calico extension	1366-amd64	1390-amd64	Eliminate IP syscall.
IBM Cloud Controller Manager	v1.23.17-5	v1.23.17-10	Updated `Go` dependencies.
IBM Cloud File Storage for Classic plug-in and monitor	429	431	Updated `Go` to version `1.19.8` and updated dependencies. Update UBI base image.
Key Management Service provider	v2.6.4	v2.6.5	Updated `Go` to version `1.19.7` and updated dependencies.
Konnectivity agent and server	v0.1.1_569_iks-amd64	v0.1.2_591_iks-amd64	See the Konnectivity release notes. Updated configuration to set `keepalive-time` to `40s`.
Kubernetes Metrics Server configuration	N/A	N/A	Updated to use TLS version 1.3 ciphers.
Load balancer and load balancer monitor for IBM Cloud Provider	2420	2486	Updated `Go` to version `1.19.7` and updated dependencies.
Portieris admission controller	v0.13.3	v0.13.4	See the Portieris admission controller release notes.

Change log for worker node fix pack 1.23.17_1576, released 24 April 2023

The following table shows the changes that are in the worker node fix pack 1.23.17_1576. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.17_1574
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-208-generic	4.15.0-209-generic	Worker node package updates for CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207, CVE-2022-3903, CVE-2023-1281, CVE-2023-1326, CVE-2023-26545, CVE-2023-28450, CVE-2023-28484, CVE-2023-28486, CVE-2023-28487, CVE-2023-29469.
Ubuntu 20.04 packages	N/A	N/A	Worker node package updates for CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207, CVE-2022-3108, CVE-2022-3903, CVE-2023-1281, CVE-2023-1326, CVE-2023-26545, CVE-2023-28484, CVE-2023-28486, CVE-2023-28487, CVE-2023-29469.
Kubernetes	1.23.16	1.23.17	See change logs.
Containerd	N/A	N/A	N/A
Haproxy	N/A	N/A	N/A

Change log for worker node fix pack 1.23.17_1574, released 11 April 2023

The following table shows the changes that are in the worker node fix pack 1.23.17_1574. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.17_1572
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-206	4.15.0-208	Worker node kernel & package updates for CVE-2021-3669, CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-41218, CVE-2023-0045, CVE-2023-0266, CVE-2023-23559.
Ubuntu 20.04 packages	N/A	N/A	Worker node package updates for CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980. Updated `sysctl` setting for `fs.inotify.max_user_instances` from default `128` to `1024`.
Kubernetes	N/A	N/A	N/A
Haproxy	8398d1	8895ad	CVE-2023-0361.
Containerd	1.6.19	1.6.20	For more information, see the change log.

Change log for worker node fix pack 1.23.17_1572, released 29 March 2023

The following table shows the changes that are in the worker node fix pack 1.23.17_1572. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.17_1570
Component	Previous	Current	Description
Ubuntu 20.04 packages	5.4.0-144	5.4.0-139	Downgrading kernel to address Upstream canonical bug.

Change log for master fix pack 1.23.17_1569, released 28 March 2023

The following table shows the changes that are in the master fix pack 1.23.17_1569. Master patch updates are applied automatically.

Changes since version 1.23.16_1567
Component	Previous	Current	Description
Cluster health image	v1.3.16	v1.3.17	Updated `Go` to version `1.19.7` and updated dependencies.
etcd	v3.4.23	v3.4.24	See the etcd release notes.
GPU device plug-in and installer	79a2232	a873e90	Updated `Go` to version `1.19.6`.
IBM Calico extension	1308-amd64	1366-amd64	Updated to resolve CVE-2023-23916.
IBM Cloud Controller Manager	v1.23.16-11	v1.23.17-5	Updated to support the `Kubernetes 1.23.17` release.
IBM Cloud File Storage for Classic plug-in and monitor	427	429	Updated universal base image (UBI) to resolve CVEs. Updated `Go` to version `1.19.6` and updated dependencies.
Key Management Service provider	v2.6.3	v2.6.4	Updated `Go` to version `1.19.7` and updated dependencies.
Kubernetes	v1.23.16	v1.23.17	See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider	2383	2420	Updated the image to resolve CVEs.

Change log for worker node fix pack 1.23.17_1570, released 27 March 2023

The following table shows the changes that are in the worker node fix pack 1.23.17_1570. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.16_1568
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Worker node package updates for CVE-2021-36222, CVE-2021-37750, CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175, CVE-2023-24329, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538.
Ubuntu 20.04 packages	N/A	N/A	Worker node package updates for CVE-2021-36222, CVE-2021-37750, CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-24329, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538.
Kubernetes	1.23.16	1.23.17	For more information, see the change log.
Containerd	N/A	N/A	N/A
Haproxy	af5031	8398d1	CVE-2023-23916.

Change log for worker node fix pack 1.23.16_1568, released 13 March 2023

The following table shows the changes that are in the worker node fix pack 1.23.16_1568. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.16_1563
Component	Previous	Current	Description
Ubuntu 20.04 packages	5.4.0-139	5.4.0-144	Worker node kernel & package updates for CVE-2022-29154, CVE-2022-3545, CVE-2022-3821, CVE-2022-40898, CVE-2022-41218, CVE-2022-4139, CVE-2022-4415, CVE-2022-47520, CVE-2022-48303, CVE-2023-0266, CVE-2023-0361, CVE-2023-0461, CVE-2023-0767, CVE-2023-23916.
Ubuntu 18.04 packages	4.15.0-204	4.15.0-206	Worker node kernel & package updates for CVE-2022-29154, CVE-2022-3545, CVE-2022-3628, CVE-2022-37454, CVE-2022-3821, CVE-2022-40898, CVE-2022-48303, CVE-2023-0461, CVE-2023-0767, CVE-2023-22490, CVE-2023-23916.
Kubernetes	N/A	N/A	N/A
Containerd	1.6.18	1.6.19	For more information, see the change log.

Change log for master fix pack 1.23.16_1567, released 2 March 2023

The following table shows the changes that are in the master fix pack 1.23.16_1567. Master patch updates are applied automatically.

Changes since version 1.23.16_1560
Component	Previous	Current	Description
Cluster health image	v1.3.15	v1.3.16	Updated `Go` dependencies and to `Go` version `1.19.6`. Updated universal base image (UBI) to resolve CVEs.
etcd	v3.4.22	v3.4.23	See the etcd release notes.
Gateway-enabled cluster controller	1902	1987	Updated `armada-utils` to version `v1.9.35`
IBM Calico extension	1280-amd64	1308-amd64	Updated universal base image (UBI) to resolve CVE-2022-47629.
IBM Cloud Controller Manager	v1.23.16-3	v1.23.16-11	Updated `Go` dependencies. Updated `k8s.io/utils` digest to `a5ecb01`. Updated `vpcctl binary` to `3785`.
IBM Cloud File Storage for Classic plug-in and monitor	425	427	Updated universal base image (UBI) to resolve CVEs.
Key Management Service provider	v2.5.13	v2.6.3	Updated `Go` dependencies and to `Go` version `1.19.6`.
Konnectivity agent and server	v0.0.34_491_iks	v0.1.1_569_iks-amd64	Updated to Konnectivity version v0.1.0.
Kubernetes NodeLocal DNS cache	1.22.11	1.22.18-amd64	See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and Load balancer monitor for IBM Cloud Provider	2325	2383	Updated to `armada-utils` version `1.9.35`.
Portieris admission controller	v0.12.6	v0.13.3	See the Portieris admission controller release notes.

Change log for worker node fix pack 1.23.16_1563, released 27 February 2023

The following table shows the changes that are in the worker node fix pack 1.23.16_1563. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.16_1562
Component	Previous	Current	Description
containerd	v1.6.17	v1.6.18	See the 1.6.18 change log and the security bulletin for CVE-2023-25153 and CVE-2023-25173.
Ubuntu 18.04 packages	N/A	N/A	Worker node package updates for CVE-2023-22490, CVE-2023-23946, CVE-2023-25725.
Ubuntu 20.04 packages	N/A	N/A	Worker node package updates for CVE-2023-22490, CVE-2023-23946, CVE-2023-25725.
Kubernetes	N/A	N/A	N/A
HAProxy	d38f89	af5031	CVE-2022-40897, CVE-2022-4415, CVE-2020-10735, CVE-2021-28861, CVE-2022-45061.
Default Worker Pool	Ubuntu 18	Ubuntu 20	For IBM Cloud Kubernetes Service, default `worker-pool` is created with Ubuntu 20 Operating system

Change log for worker node fix pack 1.23.16_1562, released 13 February 2023

The following table shows the changes that are in the worker node fix pack 1.23.16_1562. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.16_1561
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-202	4.15.0-204	Worker node kernel & package updates for CVE-2022-28321, CVE-2022-3437, CVE-2022-4304, CVE-2022-4450, CVE-2022-45142, CVE-2022-47016, CVE-2023-0215, CVE-2023-0286.
Ubuntu 20.04 packages	5.4.0-137	5.4.0-139	Worker node kernel & package updates for CVE-2022-28321, CVE-2022-3437, CVE-2022-4304, CVE-2022-4450, CVE-2022-45142, CVE-2022-47016, CVE-2023-0215, CVE-2023-0286.
Kubernetes	N/A	N/A	N/A
HAProxy	8d6ea6	08c969	CVE-2022-47629.

Change log for master fix pack 1.23.16_1560, released 30 January 2023

The following table shows the changes that are in the master fix pack 1.23.16_1560. Master patch updates are applied automatically.

Changes since version 1.23.15_1555
Component	Previous	Current	Description
Cluster health image	v1.3.14	v1.3.15	Updated `Go` dependencies and to `Go` version `1.19.4`.
GPU device plug-in and installer	03fd318	79a2232	Updated `Go` to version `1.19.4`.
IBM Calico extension	1257	1280	Publish s390x image.
IBM Cloud Controller Manager	v1.23.14-2	v1.23.16-3	Updated to support the `Kubernetes 1.23.16` release. Updated `Go` dependencies.
IBM Cloud File Storage for Classic plug-in and monitor	421	425	Fixes for CVE-2022-40303 and CVE-2022-40304.
Key Management Service provider	v2.5.12	v2.5.13	Updated `Go` dependencies and to `Go` version `1.19.4`.
Konnectivity agent and server	v0.0.33_418_iks	v0.0.34_491_iks	See the Konnectivity release notes.
Kubernetes	v1.23.15	v1.23.16	See the Kubernetes release notes.

Change log for worker node fix pack 1.23.16_1561, released 30 January 2023

The following table shows the changes that are in the worker node fix pack 1.23.16_1561. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.15_1558
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Worker node kernel & package updates for CVE-2018-20217, CVE-2022-23521, CVE-2022-28321, CVE-2022-40897, CVE-2022-40898, CVE-2022-41903, CVE-2022-42898, CVE-2023-22809.
Ubuntu 20.04 packages	N/A	N/A	Worker node kernel & package updates for CVE-2021-33503, CVE-2022-23521, CVE-2022-28321, CVE-2022-3094, CVE-2022-40897, CVE-2022-40898, CVE-2022-41903, CVE-2022-42898, CVE-2023-0056, CVE-2023-22809.
Kubernetes	1.23.15	1.23.16	For more information, see the change log.
HAPROXY	508bf6	8d6ea6	CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2022-40303, CVE-2022-40304, CVE-2022-3821, CVE-2022-35737, CVE-2022-43680, CVE-2021-46848.

Change log for worker node fix pack 1.23.15_1558, released 16 January 2023

The following table shows the changes that are in the worker node fix pack 1.23.15_1558. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.15_1557
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-200	4.15.0-202	Worker node kernel & package updates for CVE-2021-44758, CVE-2022-0392, CVE-2022-2663, CVE-2022-3061, CVE-2022-3437, CVE-2022-3643, CVE-2022-42896, CVE-2022-42898, CVE-2022-43552, CVE-2022-43945, CVE-2022-44640, CVE-2022-45934, CVE-2022-47629.
Ubuntu 20.04 packages	5.4.0-135	5.4.0-137	Worker node kernel & package updates for CVE-2021-44758, CVE-2022-0392, CVE-2022-0417, CVE-2022-2663, CVE-2022-3061, CVE-2022-3437, CVE-2022-3643, CVE-2022-42896, CVE-2022-42898, CVE-2022-43552, CVE-2022-43945, CVE-2022-44640, CVE-2022-45934, CVE-2022-47629.
Kubernetes	N/A	N/A	N/A

Change log for worker node fix pack 1.23.15_1557, released 02 January 2023

The following table shows the changes that are in the worker node fix pack 1.23.15_1557. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.15_1556
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	N/A
Ubuntu 20.04 packages	N/A	N/A	N/A
Kubernetes	N/A	N/A	N/A

Change log for worker node fix pack 1.23.15_1556, released 19 December 2022

The following table shows the changes that are in the worker node fix pack 1.23.15_1556. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.14_1554
Component	Previous	Current	Description
Containerd	1.6.10	1.6.12	See the 1.6.12 change log, the 1.6.11 change log, and the security bulletin for CVE-2022-23471.
Ubuntu 18.04 packages	4.15.0-197	4.15.0-200	Worker node kernel & package updates for CVE-2022-2309, CVE-2022-38533, CVE-2022-40303, CVE-2022-40304, CVE-2022-41916, CVE-2022-45061.
Ubuntu 20.04 packages	5.4.0-132	5.4.0-135	Worker node kernel & package updates for CVE-2022-2309, CVE-2022-38533, CVE-2022-40303, CVE-2022-40304, CVE-2022-41916.
Kubernetes	1.23.14	1.23.15	For more information, see the change log.

Change log for master fix pack 1.23.15_1555, released 14 December 2022

The following table shows the changes that are in the master fix pack 1.23.15_1555. Master patch updates are applied automatically.

Changes since version 1.23.14_1552
Component	Previous	Current	Description
Cluster health image	v1.3.13	v1.3.14	Updated `Go` dependencies. Exclude ingress status from cluster status aggregation.
etcd	v3.4.21	v3.4.22	See the etcd release notes.
GPU device plug-in and installer	cce0cfa	03fd318	Update GPU images with `Go` version `1.19.2` to resolve vulnerabilities
IBM Calico extension	1213	1257	Updated universal base image (UBI) to resolve: CVE-2022-1304, CVE-2016-3709, CVE-2022-42898.
IBM Cloud Controller Manager	v1.23.13-5	v1.23.14-2	Updated to support the `Kubernetes 1.23.14` release.
IBM Cloud File Storage for Classic plug-in and monitor	420	421	Updated universal base image (UBI) to resolve CVE-2022-42898. Updated `Go` to version `1.18.8`
Key Management Service provider	v2.5.11	v2.5.12	Updated `Go` dependencies.
Kubernetes	v1.23.14	v1.23.15	See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider	2110	2325	Update `Go` to version `1.19.1` and update dependencies.

Change log for worker node fix pack 1.23.14_1554, released 05 December 2022

The following table shows the changes that are in the worker node fix pack 1.23.14_1554. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.14_1553
Component	Previous	Current	Description
Containerd	1.6.8	1.6.10	See the 1.6.10 change log and the 1.6.9 change log.
Ubuntu 18.04 packages	N/A	N/A	Worker node package updates for CVE-2013-4235, CVE-2022-3239, CVE-2022-3524, CVE-2022-3564, CVE-2022-3565, CVE-2022-3566, CVE-2022-3567, CVE-2022-3594, CVE-2022-3621, CVE-2022-42703.
Kubernetes	N/A	N/A	N/A
HAPROXY	c619f4	508bf6	CVE-2016-3709, CVE-2022-42898, CVE-2022-1304.
CUDA	fd4353	0ab756	CVE-2022-42898.

Change log for worker node fix pack 1.23.14_1553, released 21 November 2022

The following table shows the changes that are in the worker node fix pack 1.23.14_1553. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.13_1551
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-194	4.15.0-197	Worker node kernel & package updates for CVE-2018-16860, CVE-2019-12098, CVE-2020-16156, CVE-2021-3671, CVE-2021-43618, CVE-2022-2978, CVE-2022-3028, CVE-2022-3116, CVE-2022-32221, CVE-2022-3515, CVE-2022-35737, CVE-2022-39253, CVE-2022-39260, CVE-2022-40284, CVE-2022-40674, CVE-2022-40768, CVE-2022-41974, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012.
Kubernetes	1.23.13	1.23.14	For more information, see the change log.
CUDA	576234	cce0cf	CVE-2022-3515, CVE-2022-2509, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527.

Change log for master fix pack 1.23.14_1552, released 16 November 2022

The following table shows the changes that are in the master fix pack 1.23.14_1552. Master patch updates are applied automatically.

Changes since version 1.23.13_1550
Component	Previous	Current	Description
Calico	v3.23.3	v3.23.5	See the Calico release notes.
Cluster health image	v1.3.12	v1.3.13	Updated Go dependencies, `golangci-lint`, `gosec`, and to `Go` version 1.19.3. Updated base image version to 116.
etcd	v3.4.18	v3.4.21	See the etcd release notes.
Gateway-enabled cluster controller	1823	1902	`Go` module updates.
GPU device plug-in and installer	373bb9f	cce0cfa	Updated the GPU driver 470 minor version
IBM Calico extension	1096	1213	Updated image to fix the following CVEs: CVE-2020-35525, CVE-2020-35527, CVE-2022-3515, CVE-2022-37434, CVE-2022-2509, CVE-2022-32149.
IBM Cloud Controller Manager	v1.23.13-1	v1.23.13-5	Key rotation and updated `Go` dependencies.
IBM Cloud File Storage for Classic plug-in and monitor	416	420	Updated universal base image (UBI) to version `8.7-923` to resolve CVEs.
Key Management Service provider	v2.5.10	v2.5.11	Updated `Go` dependencies and to `Go` version `1.19.3`.
Kubernetes	v1.23.13	v1.23.14	CVE-2022-3294 and CVE-2022-3162. For more information, see IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities CVE-2022-3294 and CVE-2022-3162. See the Kubernetes release notes.

Change log for worker node fix pack 1.23.13_1551, released 07 November 2022

The following table shows the changes that are in the worker node fix pack 1.23.13_1551. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.12_1549
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Worker node package updates for CVE-2022-32221, CVE-2022-40284, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012.
Kubernetes	1.23.12	1.23.13	For more information, see the change log.
HAPROXY	b034b2	3a1392	CVE-2022-37434, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527, CVE-2022-3515, CVE-2022-2509.
CUDA	3ea43b	576234	CVE-2022-3515, CVE-2022-2509, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527.

Change log for master fix pack 1.23.13_1550, released 27 October 2022

The following table shows the changes that are in the master fix pack 1.23.13_1550. Master patch updates are applied automatically.

Changes since version 1.23.12_1546
Component	Previous	Current	Description
Cluster health image	v1.3.11	v1.3.12	Updated `Go` dependencies, golangci-lint, and to `Go` version 1.19.2. Updated base image version to 109. Excluded ingress status from cluster status calculation.
IBM Cloud Controller Manager	v1.23.11-1	v1.23.13-1	Updated to support the `Kubernetes 1.23.13` release.
IBM Cloud RBAC Operator	dc1725a	778ef2b	Updated to `Go` version `1.18.6`.
Key Management Service provider	v2.5.9	v2.5.10	Updated `Go` dependencies and to `Go` version `1.19.2`.
Kubernetes	v1.23.12	v1.23.13	See the Kubernetes release notes.
Konnectivity agent and server	v0.0.32_363_iks	v0.0.33_418_iks	Updated Konnectivity to version v0.0.33 and added s390x functionality. See the Konnectivity release notes.

Change log for worker node fix pack 1.23.12_1549, released 25 October 2022

The following table shows the changes that are in the worker node fix pack 1.23.12_1549. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.12_1548
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-193	4.15.0-194	Worker node kernel & package updates for CVE-2018-16860, CVE-2019-12098, CVE-2020-16156, CVE-2021-3671, CVE-2021-43618, CVE-2022-3116, CVE-2022-3515, CVE-2022-39253, CVE-2022-39260.
Kubernetes	N/A	N/A	N/A

Change log for worker node fix pack 1.23.12_1548, released 10 October 2022

The following table shows the changes that are in the worker node fix pack 1.23.12_1548. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.12_1547
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	N/A
Kubernetes	N/A	N/A	N/A

Change log for master fix pack 1.23.12_1546, released 26 September 2022

The following table shows the changes that are in the master fix pack 1.23.12_1546. Master patch updates are applied automatically.

Changes since version 1.23.101544
Component	Previous	Current	Description
Cluster health image	v1.3.10	v1.3.11	Updated `Go` dependencies and to `Go` version `1.18.6`.
CoreDNS	1.8.6	1.9.3	See the CoreDNS release notes.
GPU device plug-in and installer	c58c299	373bb9f	Updated to `Go` version `1.19.1`.
IBM Calico extension	1006	1096	Updated image for CVE-2022-2526.
IBM Cloud Controller Manager	v1.23.9-3	v1.23.11-1	Updated `Go` dependencies and to use `Go` version `1.17.13`. Updated to support the Kubernetes `1.23.11` release.
IBM Cloud File Storage for Classic plug-in and monitor	414	416	Updated to `Go` version `1.18.6`. Updated universal base image (UBI) to version `8.6-941` to resolve CVEs.
Key Management Service Provider	v2.5.8	v2.5.9	Updated `Go` dependencies and to `Go` version `1.18.6`.
Kubernetes	v1.23.10	v1.23.12	This update resolves CVE-2022-3172. For more information, see the IBM security bulletin. See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache	1.22.6	1.22.11	See the Kubernetes NodeLocal DNS cache release notes.

Change log for worker node fix pack 1.23.12_1547, released 26 September 2022

The following table shows the changes that are in the worker node fix pack 1.23.12_1547. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.10_1545
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-192	4.15.0-193	Worker node kernel & package updates for CVE-2020-35525, CVE-2021-33655, CVE-2021-33656, CVE-2022-0943, CVE-2022-1154, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-2526, CVE-2022-2795, CVE-2022-35252, CVE-2022-36946, CVE-2022-38177, CVE-2022-38178.
Kubernetes	1.23.10	1.23.12	For more information, see the change log.

Change log for worker node fix pack 1.23.10_1545, released 12 September 2022

The following table shows the changes that are in the worker node fix pack 1.23.10_1545. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.10_1543
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-191	4.15.0-192	Worker node kernel & package updates for CVE-2021-33656, CVE-2022-35252.
Kubernetes	N/A	N/A	N/A

Change log for master fix pack 1.23.10_1544, released 1 September 2022

The following table shows the changes that are in the master fix pack 1.23.10_1544. Master patch updates are applied automatically.

Changes since version 1.23.9_1539
Component	Previous	Current	Description
Cluster health image	v1.3.9	v1.3.10	Updated `Go` dependencies and to `Go` version `1.18.5`.
CoreDNS	1.8.7	1.8.6	See the CoreDNS release notes.
Gateway-enabled cluster controller	1792	1823	Updated to `Go` version `1.17.13`.
GPU device plug-in and installer	d8f1be0	c58c299	Enable DRM module and update `Go` to version `1.18.5`.
IBM Calico extension	997	1006	Updated to `Go` version `1.17.13`.
IBM Cloud Controller Manager	v1.23.8-7	v1.23.9-3	Updated `vpcctl` binary to version `3367`. Updated to support the Kubernetes `1.23.10` release.
IBM Cloud File Storage for Classic plug-in and monitor	412	414	Updated to `Go` version `1.18.5`. Updated universal base image (UBI) to version `8.6-902` to resolve CVEs.
IBM Cloud RBAC Operator	0a187a4	dc1725a	Updated `Go` dependencies and to `Go` version `1.18.3`.
Key Management Service provider	v2.5.7	v2.5.8	Updated `Go` dependencies.
Konnectivity agent and server	v0.0.30_331_iks	v0.0.32_363_iks	Updated to `Go` version `1.17.13` and to `Konnectivity` version `v0.0.32`.
Kubernetes	v1.23.9	v1.23.10	See the Kubernetes release notes.
Kubernetes Dashboard metrics scraper	v1.0.7	v1.0.8	See the Kubernetes Dashboard metrics scraper release notes.
Kubernetes NodeLocal DNS cache	1.21.4	1.22.6	See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and load balancer monitor for IBM Cloud Provider	2058	2110	Updated `Go` dependencies and to `Go` version `1.17.13`.
Portieris admission controller	v0.12.5	v0.12.6	See the Portieris admission controller release notes.

Change log for worker node fix pack 1.23.10_1543, released 29 August 2022

The following table shows the changes that are in the worker node fix pack 1.23.10_1543. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.9_1541
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Worker node kernel & package updates for CVE-2019-5815, CVE-2021-30560, CVE-2022-31676, CVE-2022-37434.
Kubernetes	1.23.9	1.23.10	For more information, see the change log.
HAPROXY	6514a2	c1634f	CVE-2022-32206, CVE-2022-32208

Change log for worker node fix pack 1.23.9_1541, released 16 August 2022

The following table shows the changes that are in the worker node fix pack 1.23.9_1541. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.9_1540
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-189	4.15.0-191	Worker node kernel & package updates for CVE-2016-3709, CVE-2021-4209, CVE-2022-1652, CVE-2022-1679, CVE-2022-1734, CVE-2022-2509, CVE-2022-2586, CVE-2022-2588, CVE-2022-34918.
Kubernetes	N/A	N/A	N/A
containerd	1.6.6	1.6.8	For more information, see the change log.

Change log for worker node fix pack 1.23.9_1540, released 01 August 2022

The following table shows the changes that are in the worker node fix pack 1.23.9_1540. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.8_1537
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Worker node kernel & package updates for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406, CVE-2022-29217, CVE-2022-31782.
Kubernetes	1.23.8	1.23.9	For more information, see the change log.

Change log for master fix pack 1.23.9_1539, released 26 July 2022

The following table shows the changes that are in the master fix pack 1.23.9_1539. Master patch updates are applied automatically.

Changes since version 1.23.8_1534
Component	Previous	Current	Description
Calico	v3.21.5	v3.23.3	See the Calico release notes. Updated the Calico custom resource definitions to include `preserveUnknownFields: false`.
Cluster health image	v1.3.8	v1.3.9	Updated `Go` dependencies and to use `Go` version `1.18.4`. Fixed minor typographical error in the add-on `daemonset not available` health status.
Gateway-enabled cluster controller	1680	1792	Updated to use `Go` version `1.17.11`. Updated image for CVE-2022-2097 and CVE-2022-29458.
GPU device plug-in and installer	2b0b6d1	d8f1be0	Updated `Go` dependencies and to use `Go` version `1.18.3`.
IBM Calico extension	980	997	Updated to use `Go` version `1.17.11`. Updated universal base image (UBI) to version `8.6-854` to resolve CVEs.
IBM Cloud Controller Manager	v1.23.7-7	v1.23.8-7	Updated `Go` dependencies and to use `Go` version `1.17.11`. Updated to support the Kubernetes `1.23.8` release.
IBM Cloud File Storage for Classic plug-in and monitor	410	412	Updated to use `Go` version `1.18.3`. Updated universal base image (UBI) to version `8.6-854` to resolve CVEs. Improved Kubernetes resource watch configuration.
IBM Cloud RBAC Operator	8c96932	0a187a4	Updated universal base image (UBI) to resolve CVEs.
Key Management Service provider	v2.5.6	v2.5.7	Updated `Go` dependencies and to use `Go` version `1.18.4`.
Kubernetes	v1.23.8	v1.23.9	See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider	1998	2058	Updated image for CVE-2022-2097.
Portieris admission controller	v0.12.4	v0.12.5	See the Portieris admission controller release notes.

Change log for worker node fix pack 1.23.8_1537, released 18 July 2022

The following table shows the changes that are in the worker node fix pack 1.23.8_1537. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.8_1535
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-188	4.15.0-189	Worker node kernel & package updates for CVE-2015-20107, CVE-2022-2097, CVE-2022-22747, CVE-2022-24765, CVE-2022-29187, CVE-2022-34480, CVE-2022-34903.
Kubernetes	N/A	N/A	N/A

Change log for worker node fix pack 1.23.8_1535, released 05 July 2022

The following table shows the changes that are in the worker node fix pack 1.23.8_1535. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.8_1534
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-187	4.15.0-188	Worker node kernel & package updates for CVE-2022-1292, CVE-2022-2068, CVE-2022-2084, CVE-2022-28388, CVE-2022-32206, CVE-2022-32208.
Kubernetes	N/A	N/A	N/A

Change log for master fix pack 1.23.8_1534, released 22 June 2022

The following table shows the changes that are in the master fix pack 1.23.8_1534. Master patch updates are applied automatically.

Changes since version 1.23.7_1531
Component	Previous	Current	Description
Cluster health image	v1.3.7	v1.3.8	Updated `Go` to version `1.17.11` and also updated the dependencies.
GPU device plug-in and installer	382ada9	2b0b6d1	Updated universal base image (UBI) to version `8.6-751`. Updated `Go` to version `1.17.10`.
IBM Cloud Controller Manager	v1.23.7-4	v1.23.7-7	Update module `github.com/IBM/vpc-go-sdk` to `v0.20.0`. Update module `github.com/stretchr/testify` to `v1.7.2`.
Key Management Service provider	v2.5.5	v2.5.6	Updated `Go` to version `1.17.11` and also updated the dependencies.
Kubernetes	v1.23.7	v1.23.8	See the Kubernetes release notes.
Kubernetes add-on resizer	1.8.14	1.8.15	See the Kubernetes add-on resizer release notes.

Change log for worker node fix pack 1.23.8_1534, released 20 June 2022

The following table shows the changes that are in the worker node fix pack 1.23.8_1534. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.7_1532
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-180	4.15.0-187	Worker node kernel & package updates for CVE-2021-46790, CVE-2022-1304, CVE-2022-1419, CVE-2022-1966, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21499, CVE-2022-28390, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789.
HAProxy	468c09	04f862	CVE-2022-1271.
containerd	v1.6.4	v1.6.6	See the change log, the security bulletin for CVE-2022-31030, and the security bulletin for CVE-2022-29162.
Kubernetes	1.23.7	1.23.8	For more information, see the change log.

Change log for worker node fix pack 1.23.7_1532, released 7 June 2022

The following table shows the changes that are in the worker node fix pack 1.23.7_1532. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.6_1530
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-177	4.15.0-180	Worker node kernel & package updates for CVE-2019-13050, CVE-2022-1664 , CVE-2022-29581

Change log for master fix pack 1.23.7_1531, released 3 June 2022

The following table shows the changes that are in the master fix pack 1.23.7_1531. Master patch updates are applied automatically.

Changes since version 1.23.6_1527
Component	Previous	Current	Description
Cluster health image	v1.3.6	v1.3.7	Updated Go to version 1.17.10 and also updated the dependencies. Update registry base image version to `104`
GPU device plug-in and installer	9485e14	382ada9	Updated `Go` to version `1.17.9`
IBM Calico extension	954	980	Updated to use `Go` version `1.17.10`. Updated minimal UBI to version `8.5`.
IBM Cloud Controller Manager	v1.23.5-9	v1.23.7-4	Updated to support the Kubernetes `1.23.7` release and `Go` version `1.17.10`
IBM Cloud File Storage for Classic plug-in and monitor	408	410	Updated universal base image (UBI) to version `8.6-751` to resolve CVEs.
IBM Cloud RBAC Operator	8c8c82b	8c96932	Updated `Go` to version `1.18.1`
Key Management Service provider	v2.5.4	v2.5.5	Updated `Go` to version `1.17.10` and updated the golang dependencies.
Kubernetes	v1.23.6	v1.23.7	See the Kubernetes release notes.
Kubernetes Dashboard	v2.4.0	v2.4.0	The default Kubernetes Dashboard settings found in the `kubernetes-dashboard-settings` config map in the `kube-system` namespace have been updated to set `resourceAutoRefreshTimeInterval` to `60`. This default change is only applied to new clusters. The previous default value was `5`. If your cluster has Kubernetes Dashboard performance problems, see the steps for changing the auto refresh time interval.
Load balancer and load balancer monitor for IBM Cloud Provider	1916	1998	Updated `Go` to version `1.17.10` and updated dependencies.

Change log for worker node fix pack 1.23.6_1530, released 23 May 2022

The following table shows the changes that are in the worker node fix pack 1.23.6_1530. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.6_1529
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-176	4.15.0-177	Worker node kernel & package updates for CVE-2019-20838, CVE-2020-14155, CVE-2020-25648, CVE-2020-35512, CVE-2021-26401, CVE-2022-0001, CVE-2022-0934, CVE-2022-26490, CVE-2022-27223, CVE-2022-27781, CVE-2022-27782, CVE-2022-28657, CVE-2022-29155, CVE-2022-29824, CVE-2017-9525, CVE-2022-28654, CVE-2022-28656, CVE-2022-28655, CVE-2022-28652, CVE-2022-1242, CVE-2022-28658, CVE-2021-3899.
HA proxy	36b0307	468c09	CVE-2021-3634.

Change log for worker node fix pack 1.23.6_1529, released 09 May 2022

The following table shows the changes that are in the worker node fix pack 1.23.6_1529. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.6_1528
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Worker node package updates for CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087, CVE-2022-1292, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-29799, CVE-2022-29800.
Kubernetes	N/A	N/A	N/A
HAProxy	f53b22	36b030	CVE-2022-1271, CVE-2022-1154, CVE-2018-25032.

Change log for master fix pack 1.23.6_1527, released 26 April 2022

The following table shows the changes that are in the master fix pack 1.23.6_1527. Master patch updates are applied automatically.

Changes since version 1.23.5_1525
Component	Previous	Current	Description
Calico	v3.21.4	v3.21.5	See the Calico release notes.
Cluster health image	v1.3.5	v1.3.6	Updated `Go` to version `1.17.9` and also updated the dependencies. Update `registry base image` version to `103`.
Gateway-enabled cluster controller	1669	1680	Updated metadata for a rotated key.
GPU device plug-in and installer	13677d2	9485e14	Updated Drivers to `470.103.01`. Updated metadata for a rotated key.
IBM Calico extension	950	954	Updated to latest UBI-minimal image to resolve CVE-2021-3999, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2021-23177, and CVE-2021-31566.
IBM Cloud Controller Manager	v1.23.5-3	v1.23.5-9	Updated `vpcctl` to the `3003` binary image. Update module `github.com/IBM/vpc-go-sdk` to `v0.19.0`
IBM Cloud RBAC Operator	6c43ef1	8c8c82b	Updated `Go` to version `1.17.8`
IBM Cloud File Storage for Classic plug-in and monitor	407	408	Fixed CVE-2022-0778.
Key Management Service provider	v2.5.3	v2.5.4	Moved to a different base image, version `102`, to reduce CVE footprint. Resolved CVE-2022-0778.
Kubernetes API server	v1.23.5	v1.23.6	See the Kubernetes release notes.
Load balancer and Load balancer monitor for IBM Cloud Provider	1899	1916	Updated the image to resolve CVEs.
Portieris admission controller	v0.12.3	v0.12.4	See the Portieris admission controller release notes.

Change log for worker node fix pack 1.23.6_1528, released 25 April 2022

Changes since version 1.23.5_1526
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-175-generic	4.15.0-176-generic	Kernel and package updates for CVE-2018-16301, CVE-2019-18276, CVE-2020-8037, CVE-2021-31870, CVE-2021-31871, CVE-2021-31872, CVE-2021-31873, CVE-2021-43975, CVE-2022-1271, CVE-2022-24765.
Kubernetes	v1.23.5	v1.23.6	For more information, see the change log.

Change log for worker node fix pack 1.23.5_1526, released 11 April 2022

The following table shows the changes that are in the worker node fix pack 1.23.5_1526. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.23.5_1524
Component	Previous	Current	Description
Containerd	v1.6.1	v1.6.2	See the change log and the security bulletin.
Ubuntu 18.04 packages	4.15.0-173-generic	4.15.0-175-generic	Kernel and package updates for CVE-2018-25032 CVE-2021-3426 CVE-2021-4189 CVE-2022-0391 CVE-2022-21712 CVE-2022-21716 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-27666.

Change log for master fix pack 1.23.5_1525, released 6 April 2022

Changes since version 1.23.5_1523
Component	Previous	Current	Description
Load balancer and load balancer monitor for IBM Cloud Provider	1865	1899	Revert setting gratuitous ARP on LBv1.

Change log for master fix pack 1.23.5_1523, released 30 March 2022

Changes since version 1.23.4_1520
Component	Previous	Current	Description
Cluster health image	v1.3.3	v1.3.5	Updated image to fix CVEs CVE-2021-3999, CVE-2022-23218, CVE-2022-23219. Updated golang dependencies.
Gateway-enabled cluster controller	1653	1669	Updated to use `Go` version `1.17.8`.
GPU device plug-in and installer	d7daae6	13677d2	Updated GPU images to resolve CVEs.
IBM Calico extension	929	950	Updated to use `Go` version `1.17.8`. Updated universal base image (UBI) to resolve CVEs.
IBM Cloud Controller Manager	v1.23.4-4	v1.23.5-3	Updated to support the `Kubernetes 1.23.5` release and to use `Go` version `1.17.8`.
IBM Cloud File Storage for Classic plug-in and monitor	405	407	Updated `Go` to version `1.16.14`. Updated `UBI` image to version `8.5-240`.
IBM Cloud RBAC Operator	0fc9949	6c43ef1	Upgraded `Go` packages to resolve vulnerabilities
Key Management Service provider	v2.5.2	v2.5.3	Updated to use `Go` version `1.17.8`. Updated golang dependencies. Fixed CVE CVE-2022-24407
Konnectivity agent	v0.0.27_a6b5248a_323_iks	v0.0.30_331_iks	See the Konnectivity release notes. Updated to use `Go` version `1.17.8`.
Konnectivity server	v0.0.27_a6b5248a_323_iks	v0.0.30_331_iks	See the Konnectivity release notes. Updated to use `Go` version `1.17.8`.
Kubernetes	v1.23.4	v1.23.5	See the Kubernetes release notes.
Load balancer and Load balancer monitor for IBM Cloud Provider	1747	1865	Updated the image to resolve CVEs. Updated to use `Go` version `1.17.8`. Set gratuitous ARP at the correct time on LBv1.
Portieris admission controller	v0.12.2	v0.12.3	See the Portieris admission controller release notes

Change log for worker node fix pack 1.23.5_1524, released 28 March 2022

Changes since version 1.23.4_1522
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-171-generic	4.15.0-173-generic	Kernel and package updates for CVE-2021-20193, CVE-2021-25220, CVE-2021-3506, CVE-2022-0435, CVE-2022-0492, CVE-2022-0778, CVE-2022-0847, CVE-2022-23308.
HA proxy	15198f	b40c07	CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-3999, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2021-23177, CVE-2021-31566.
Kubernetes	1.23.4	1.23.5	For more information, see the change logs.

Change log for worker node fix pack 1.23.4_1522, released 14 March 2022

Changes since version 1.23.4_1521
Component	Previous	Current	Description
Containerd	v1.6.0	v1.6.1	See the change log and the security bulletin.
Ubuntu 18.04 packages	4.15.0-169-generic	4.15.0-171-generic	Kernel and package updates for CVE-2016-10228, CVE-2019-25013, CVE-2020-27618, CVE-2020-29562, CVE-2020-6096, CVE-2021-3326, CVE-2021-35942, CVE-2021-3999, CVE-2022-0001, CVE-2022-23218, CVE-2022-23219, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315.

Change log for master fix pack 1.23.4_1520, released 3 March 2022

Changes since version 1.23.3_1518
Component	Previous	Current	Description
Cluster health image	v1.3.0	v1.3.3	Updated `golang.org/x/crypto` to `v0.0.0-20220214200702-86341886e292`. Adds fix for CVE-2021-43565. Adds Golang dependency updates.
Gateway-enabled cluster controller	1586	1653	Updated to use `Go` version `1.17.7` and updated `Go` modules to fix CVEs.
GPU device plug-in and installer	4a174aa	d7daae6	Updated GPU images to resolve CVEs.
IBM Calico extension	923	929	Updated universal base image (UBI) to the `8.5-230` version to resolve CVEs. Updated to use `Go` version `1.16.13`.
IBM Cloud Controller Manager	v1.23.3-4	v1.23.4-4	Updated to support the Kubernetes `1.23.4` release and to use `Go` version `1.17.7`.
IBM Cloud File Storage for Classic plug-in and monitor	404	405	Adds fix for CVE-2021-3538 and adds dependency updates.
Key Management Service provider	v2.4.0	v2.5.2	Updated `golang.org/x/crypto` to `v0.0.0-20220214200702-86341886e292`. Adds fix for CVE-2021-43565. Adds Golang dependency updates.
Konnectivity agent	v0.0.27_309_iks	v0.0.27_a6b5248a_323_iks	See the Konnectivity release notes. Updated universal base image (UBI) to the `8.5-230` version to resolve CVEs. Updated to use `Go` version `1.17.5`.
Konnectivity server	v0.0.27_309_iks	v0.0.27_a6b5248a_323_iks	See the Konnectivity release notes. Updated universal base image (UBI) to the `8.5-230` version to resolve CVEs. Updated to use `Go` version `1.17.5`.
Kubernetes	v1.23.3	v1.23.4	See the Kubernetes release notes.

Change log for worker node fix pack 1.23.4_1521, released 28 February 2022

Changes since version 1.23.3_1519
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-167-generic	4.15.0-169-generic	Kernel and package updates for CVE-2021-4083, CVE-2021-4155, CVE-2021-45960, CVE-2021-46143, CVE-2022-0330, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-22942, CVE-2022-23852, CVE-2022-23990, CVE-2022-24407, CVE-2022-25235, CVE-2022-25236.
Kubernetes	v1.23.3	v1.23.4	For more information, see the change logs.
HA proxy	f6a2b3	15198fb	Contains fixes for CVE-2022-24407.

Change log for worker node fix pack 1.23.3_1519, released 14 February 2022

Changes since version 1.23.2_1517
Component	Previous	Current	Description
Kubernetes	N/A	1.23.3	For more information, see the change log.
HA proxy	d38fa1	f6a2b3	CVE-2021-3521 CVE-2021-4122.

Change log for master fix pack 1.23.3_1518 and worker node fix pack 1.23.2_1517, released 9 February 2022

Changes since version 1.22.6_1537 (master) and 1.22.6_1538 (worker node)
Component	Previous	Current	Description
Calico	v3.20.3	v3.21.4	For more information, see the Calico release notes.
Cluster health image	v1.2.21	v1.3.0	Added new health check for cluster autoscaler add-on.
CoreDNS	1.8.6	1.8.7	See the CoreDNS release notes.
GPU device plug-in and installer	eefc4ae	4a174aa	Updated image for CVE-2020-26160 and CVE-2021-3538.
IBM Cloud Controller Manager	v1.22.6-1	v1.23.3-4	Updated to support the Kubernetes `1.23.3` release and to use `Go` version `1.17.6`. Classic load balancers have been updated to improve availability during updates. In addition, creating a mixed protocol load balancer is not supported.
Kubernetes (master)	v1.22.6	v1.23.3	See the Kubernetes release notes.
Kubernetes (worker node)	v1.22.6	v1.23.2	See the Kubernetes release notes.
Kubernetes configuration	N/A	N/A	Updated the feature gate configuration.
Kubernetes CSI snapshotter CRDs	v4.0.0	v4.2.1	See the Kubernetes container storage interface (CSI) snapshotter release notes.
Kubernetes Dashboard	v2.3.1	v2.4.0	See the Kubernetes Dashboard release notes.
Kubernetes Metrics Server	v0.5.2	v0.6.0	See the Kubernetes Metrics Server release notes.
Kubernetes NodeLocal DNS cache	1.21.3	1.21.4	See the Kubernetes NodeLocal DNS cache release notes.
Operator Lifecycle Manager	0.16.1-IKS-15	None	Operator Lifecycle Manager is no longer installed nor managed by IBM. Existing installs are unchanged and no longer managed after an upgrade.
Operator Lifecycle Manager Catalog	v1.15.3	None	Operator Lifecycle Manager is no longer installed nor managed by IBM. Existing installs are unchanged and no longer managed after an upgrade.
Pause container image	3.5	3.6	See the pause container image release notes.