IBM Cloud Docs
Kubernetes version 1.24 change log

Kubernetes version 1.24 change log

This version is no longer supported. Update your cluster to a supported version as soon as possible.

Overview

In clusters that run version 1.23 or earlier, the IBM Cloud provider version enables Kubernetes APIs and features that are at beta. In version 1.24 and later, most new beta features are disabled by default. Kubernetes alpha features, which are subject to change, are disabled in all versions. For more information, see the Default service settings for Kubernetes components and the feature gates for each version.

For more information about major, minor, and patch versions and preparation actions between minor versions, see Kubernetes versions.

Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect IBM Cloud Kubernetes Service. You can filter the results to view only Kubernetes Cluster security bulletins that are relevant to IBM Cloud Kubernetes Service. Change log entries that address other security vulnerabilities but don't also refer to an IBM security bulletin are for vulnerabilities that are not known to affect IBM Cloud Kubernetes Service in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.

Some change logs are for worker node fix packs, and apply only to worker nodes. You must apply these patches to ensure security compliance for your worker nodes. These worker node fix packs can be at a higher version than the master because some build fix packs are specific to worker nodes. Other change logs are for master fix packs, and apply only to the cluster master. Master fix packs might not be automatically applied. You can choose to apply them manually. For more information about patch types, see Update types.

Version 1.24 change log

Review the version 1.24 change log.

Change log for worker node fix pack 1.24.17_1592, released 04 December 2023

The following table shows the changes that are in the worker node fix pack 1.24.17_1592. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.17_1591
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-166-generic 5.4.0-167-generic Worker node kernel & package updates for CVE-2023-31085, CVE-2023-40217, CVE-2023-44487, CVE-2023-45871, CVE-2023-47038, CVE-2023-5981.
Kubernetes 1.24.17 1.24.17 N/A

Change log for worker node fix pack 1.24.17_1591, released 29 November 2023

The following table shows the changes that are in the worker node fix pack 1.24.17_1591. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.17_1590
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-166-generic 5.4.0-166-generic Worker node package updates for CVE-2023-36054, CVE-2023-4016, CVE-2023-43804, CVE-2023-45803.
Kubernetes 1.24.17 1.24.17 N/A
Containerd N/A N/A N/A

Change log for worker node fix pack 1.24.17_1590, released 08 November 2023

The following table shows the changes that are in the worker node fix pack 1.24.17_1590. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.17_1589
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-165-generic 5.4.0-166-generic Worker node kernel & package updates for CVE-2023-0597, CVE-2023-31083, CVE-2023-34058, CVE-2023-34059, CVE-2023-34319, CVE-2023-3446, CVE-2023-3772, CVE-2023-3817, CVE-2023-4132, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4733, CVE-2023-4735, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781, CVE-2023-4881, CVE-2023-4921, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Containerd N/A N/A N/A

Change log for worker node fix pack 1.24.17_1589, released 23 October 2023

The following table shows the changes that are in the worker node fix pack 1.24.17_1589. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.17_1588
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-164-generic 5.4.0-165-generic Worker node kernel & package updates for CVE-2022-3234, CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3520, CVE-2022-3591, CVE-2022-3705, CVE-2022-4292, CVE-2022-4293, CVE-2023-34319, CVE-2023-38546, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921.
Kubernetes N/A N/A N/A
Containerd N/A N/A N/A

Change log for worker node fix pack 1.24.17_1588, released 9 October 2023

The following table shows the changes that are in the worker node fix pack 1.24.17_1588. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.17_1587
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-163-generic 5.4.0-164-generic Worker node kernel & package updates for CVE-2021-4001, CVE-2023-1206, CVE-2023-20588, CVE-2023-3212, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128, CVE-2023-4194, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787.
Kubernetes N/A N/A N/A
Containerd N/A N/A N/A

Change log for worker node fix pack 1.24.17_1587, released 27 September 2023

The following table shows the changes that are in the worker node fix pack 1.24.17_1587. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.16_1583
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-162-generic 5.4.0-163-generic Package updates for CVE-2023-3341, CVE-2023-4156, CVE-2023-4128, CVE-2023-20588, CVE-2023-20900, CVE-2023-40283.
RHEL 8 Packages 4.18.0-477.21.1.el8_8 4.18.0-477.27.1.el8_8 Worker node kernel & package updates for CVE-2023-2002, CVE-2023-3090, CVE-2023-3390, CVE-2023-3776, CVE-2023-4004, CVE-2023-20593, CVE-2023-29491, CVE-2023-30630, CVE-2023-35001, CVE-2023-35788.

Change log for master fix pack 1.24.17_1586, released 20 September 2023

The following table shows the changes that are in the master fix pack 1.24.17_1586. Master patch updates are applied automatically.

Changes since version 1.24.16_1581
Component Previous Current Description
IBM Cloud Block Storage driver and plug-in v2.4.5 v2.4.10 Updated Go dependencies. Updated to newer UBI base image.
IBM Cloud Controller Manager v1.24.16-5 v1.24.17-2 Updated to support the Kubernetes 1.24.17 release. Updated Go to version 1.20.7 and updated Go dependencies.
IBM Cloud File Storage for Classic plug-in and monitor 434 435 Updated Go to version 1.20.6 and updated dependencies. Updated to newer UBI base image.
Kubernetes v1.24.16 v1.24.17 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2631 2681 Updated Go to version 1.19.12 and updated Go dependencies.

Change log for worker node fix pack 1.24.16_1583, released 12 September 2023

The following table shows the changes that are in the worker node fix pack 1.24.16_1583. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.16_1582
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-156-generic 5.4.0-162-generic Worker node kernel & package updates for CVE-2020-21047, CVE-2021-33294, CVE-2022-40982, CVE-2023-20593CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776.
Containerd 1.7.4 1.7.5 N/A

Change log for master fix pack 1.24.16_1581, released 30 August 2023

The following table shows the changes that are in the master fix pack 1.24.16_1581. Master patch updates are applied automatically.

Changes since version 1.24.16_1578
Component Previous Current Description
Cluster health image v1.3.23 v1.3.24 Updated Go to version 1.19.12 and updated dependencies. Updated base image version to 378.
Gateway-enabled cluster controller 2322 2366 Update Go dependencies to fix CVE-2023-3978.
GPU device plug-in and installer 495931a 8e87e60 Updated Go to version 1.19.11
IBM Cloud Controller Manager v1.24.16-1 v1.24.16-5 Updated Go dependencies to resolve a CVE. Updates to Travis build.
IBM Cloud File Storage for Classic plug-in and monitor 433 434 Updated Go to version 1.20.6 and updated dependencies. Updated to newer UBI base image.
Key Management Service provider v2.7.2 v2.7.3 Updated Go dependencies.
Portieris admission controller v0.13.5 v0.13.6 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.24.16_1582, released 28th August 2023

The following table shows the changes that are in the worker node fix pack 1.24.16_1582. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.16_1580
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-155-generic 5.4.0-156-generic Worker node kernel & package updates for CVE-2022-2598, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2023-40225.

Change log for worker node fix pack 1.24.16_1580, released 15th August 2023

The following table shows the changes that are in the worker node fix pack 1.24.16_1580. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.16_1579
Component Previous Current Description
Ubuntu 20.04 packages N/A N/A Package updates for CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2289, CVE-2022-27672, CVE-2022-4269, CVE-2023-1611, CVE-2023-2124, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001.
Kubernetes N/A N/A N/A
Containerd N/A N/A N/A

Change log for worker node fix pack 1.24.16_1579, released 1 August 2023

The following table shows the changes that are in the worker node fix pack 1.24.16_1579. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.15_1576
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-212-generic 4.15.0-214-generic Worker node kernel & package updates for CVE-2020-13987, CVE-2020-13988, CVE-2020-17437, CVE-2022-1184, CVE-2022-3303, CVE-2023-1611, CVE-2023-1670, CVE-2023-1859, CVE-2023-1990, CVE-2023-20867, CVE-2023-2124, CVE-2023-2828, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3268, CVE-2023-3390, CVE-2023-35001.
Ubuntu 20.04 packages 5.4.0-153-generic 5.4.0-155-generic Worker node kernel & package updates for CVE-2020-13987, CVE-2020-13988, CVE-2020-17437, CVE-2023-20867, CVE-2023-28321, CVE-2023-28322, CVE-2023-3090, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001, CVE-2023-38408.
Kubernetes 1.24.15 1.24.16 For more information, see the change logs.
Containerd 1.6.21 1.6.22 For more information, see the change logs.

Change log for master fix pack 1.24.16_1578, released 27 July 2023

The following table shows the changes that are in the master fix pack 1.24.16_1578. Master patch updates are applied automatically.

Changes since version 1.24.15_1573
Component Previous Current Description
Cluster health image v1.3.21 v1.3.23 Updated Go to version 1.19.11 and updated Go dependencies. Updated UBI base image.
GPU device plug-in and installer 202b284 495931a Updated Go to version 1.20.6.
IBM Cloud Controller Manager v1.24.15-1 v1.24.16-1 Updated to support the Kubernetes 1.24.16 release. Updated Go dependencies and to Go version 1.20.6.
Key Management Service provider v2.6.7 v2.7.2 Updated Go to version 1.19.11 and updated Go dependencies. Updated UBI base image.
Konnectivity agent and server v0.1.2_591_iks v0.1.3_5_iks See the Konnectivity release notes.
Kubernetes NodeLocal DNS cache 1.22.21 1.22.23 See the Kubernetes NodeLocal DNS cache release notes.
Kubernetes v1.24.15 v1.24.16 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2584 2631 Updated Go to version 1.19.10 and updated Go dependencies. Updated Alpine base image.

Change log for worker node fix pack 1.24.15_1576, released 17 July 2023

The following table shows the changes that are in the worker node fix pack 1.24.15_1576. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.15_1574
Component Previous Current Description
Kubernetes N/A N/A N/A
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2023-24626, CVE-2023-2953.
Ubuntu 20.04 packages N/A N/A N/A

Change log for worker node fix pack 1.24.15_1574, released 03 July 2023

The following table shows the changes that are in the worker node fix pack 1.24.15_1574. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.14_1572
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2023-2603,CVE-2023-3138
Ubuntu 20.04 packages 5.4.0-150-generic 5.4.0-153-generic Worker node kernel & package updates for CVE-2023-0461,CVE-2023-1380, CVE-2023-1670,CVE-2023-1859,CVE-2023-2612, CVE-2023-2828,CVE-2023-30456,CVE-2023-3138, CVE-2023-31436,CVE-2023-32233,CVE-2023-3297.
Kubernetes 1.24.14 1.24.15 See the Kubernetes release notes.

Change log for master fix pack 1.24.15_1573, released 27 June 2023

The following table shows the changes that are in the master fix pack 1.24.15_1573. Master patch updates are applied automatically.

Changes since version 1.24.14_1568
Component Previous Current Description
Calico v3.24.5 v3.24.6 See the Calico release notes.
Cluster health image v1.3.20 v1.3.21 Updated Go dependencies and to Go version 1.19.10.
etcd v3.5.8 v3.5.9 See the etcd release notes.
Gateway-enabled cluster controller 2106 2322 Updated image to resolve CVE-2023-2650.
GPU device plug-in and installer 28d80a0 202b284 Updated to Go version 1.19.9
IBM Cloud Controller Manager v1.24.13-6 v1.24.15-1 Updated to support the Kubernetes 1.24.15 release. Updated Go dependencies and to Go version 1.19.10. Updated calicoctl and vpcctl.
IBM Cloud File Storage for Classic plug-in and monitor 431 433 Updated Go to version 1.20.4. Updated UBI base image.
Key Management Service provider v2.6.6 v2.6.7 Updated Go dependencies and to Go version 1.19.10.
Kubernetes v1.24.14 v1.24.15 CVE-2023-2728. For more information, see IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2023-2728). See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2486 2584 Updated Go dependencies and to Go version 1.19.9. Updated base image.

Change log for worker node fix pack 1.24.14_1572, released 19 June 2023

The following table shows the changes that are in the worker node fix pack 1.24.14_1572. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.14_1571
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2020-11080,CVE-2023-24329, CVE-2023-2603,CVE-2023-2609,CVE-2023-2610, CVE-2023-32681
Ubuntu 20.04 packages 5.4.0-149-generic 5.4.0-150-generic Worker node kernel & package updates for CVE-2020-11080,CVE-2021-45078, CVE-2023-1380,CVE-2023-1667,CVE-2023-1670, CVE-2023-1859,CVE-2023-2283,CVE-2023-24329, CVE-2023-24593,CVE-2023-2602,CVE-2023-2603, CVE-2023-2609,CVE-2023-2610,CVE-2023-2612, CVE-2023-30456,CVE-2023-3138,CVE-2023-31436, CVE-2023-31484,CVE-2023-32233,CVE-2023-32643, CVE-2023-32681.
Kubernetes N/A N/A N/A

Change log for worker node fix pack 1.24.14_1571, released 5 June 2023

The following table shows the changes that are in the worker node fix pack 1.24.14_1571. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.14_1570
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-211-generic 4.15.0-212-generic Worker node kernel & package updates for CVE-2019-17595, CVE-2021-39537, CVE-2022-29458, CVE-2022-4304, CVE-2023-1380, CVE-2023-25584, CVE-2023-25585, CVE-2023-25588, CVE-2023-2650, CVE-2023-29491, CVE-2023-30456, CVE-2023-31436, CVE-2023-31484, CVE-2023-32233.
Ubuntu 20.04 packages 5.4.0-148-generic 5.4.0-149-generic Worker node kernel & package updates for CVE-2021-39537, CVE-2022-29458, CVE-2023-1075, CVE-2023-1118, CVE-2023-1380, CVE-2023-25584, CVE-2023-25585, CVE-2023-25588, CVE-2023-2612, CVE-2023-2650, CVE-2023-29491, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233.
Kubernetes N/A N/A N/A

Change log for master fix pack 1.24.14_1568, released 23 May 2023

The following table shows the changes that are in the master fix pack 1.24.14_1568. Master patch updates are applied automatically.

Changes since version 1.24.13_1566
Component Previous Current Description
Cluster health image v1.3.19 v1.3.20 Updated Go to version 1.19.9 and updated dependencies. Updated the base image. Resolved add-on health bugs.
etcd v3.5.7 v3.5.8 See the etcd release notes.
GPU device plug-in fc4cf22 28d80a0 Updated Go to version 1.19.8
IBM Cloud Controller Manager v1.24.13-1 v1.24.13-6 Updated support of the Kubernetes 1.24.13 release. Updated Go dependencies. Key rotation.
IBM Cloud RBAC Operator 778ef2b 4e2f346 Make armada-rbac-sync FIPS compliant
Key Management Service provider v2.6.5 v2.6.6 Updated Go to version 1.19.9 and updated dependencies.
Kubernetes v1.24.13 v1.24.14 See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache 1.22.18 1.22.21 See the [Kubernetes NodeLocal DNS cache release notes](https://github.com/kubernetes/dns/releases/tag/1.22.21
Portieris admission controller v0.13.4 v0.13.5 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.24.14_1570, released 23 May 2023

The following table shows the changes that are in the worker node fix pack 1.24.14_1570. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.13_1567
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-210-generic 4.15.0-211-generic Worker node kernel & package updates for CVE-2021-3979, CVE-2023-1118.
Ubuntu 20.04 packages 5.4.0-139-generic 5.4.0-148-generic Worker node kernel & package updates for CVE-2023-2004.
Kubernetes 1.24.13 1.24.14 CVE-2023-2431. For more information, see IBM Cloud Kubernetes Service is affected by a kubelet security vulnerability (CVE-2023-2431). For more information, see the change logs.
Containerd 1.6.20 1.6.21 For more information, see the change logs.
Haproxy N\A N\A N\A

Change log for worker node fix pack 1.24.13_1567, released 9 May 2023

The following table shows the changes that are in the worker node fix pack 1.24.13_1567. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.13_1566
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-209-generic 4.15.0-210-generic Worker node kernel & package updates for CVE-2023-1786, CVE-2023-0464, CVE-2023-0466, CVE-2023-1829, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Ubuntu 20.04 packages n/a n/a Worker node kernel & package updates for CVE-2023-1786, CVE-2023-0464, CVE-2023-0466, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Kubernetes N/A N/A N/A

Change log for master fix pack 1.24.13_1566, released 27 April 2023

The following table shows the changes that are in the master fix pack 1.24.13_1566. Master patch updates are applied automatically.

Changes since version 1.24.12_1559
Component Previous Current Description
Cluster health image v1.3.17 v1.3.19 Updated Go to version 1.19.8 and updated dependencies.
Gateway-enabled cluster controller 2024 2106 Support Ubuntu 20 and update image to resolve CVEs.
GPU device plug-in a873e90 fc4cf22 Updated Go to version 1.19.7.
GPU installer a873e90 28d80a0 Updated Go to version 1.19.8.
IBM Calico extension 1366-amd64 1390-amd64 Eliminate IP syscall.
IBM Cloud Block Storage driver and plug-in v2.4.0 v2.4.5 Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.19.8 and updated dependencies.
IBM Cloud Controller Manager v1.24.12-1 v1.24.13-1 Updated to support the Kubernetes 1.24.13 release. Updated Go dependencies and to Go version 1.19.8.
IBM Cloud File Storage for Classic plug-in and monitor 429 431 Updated Go to version 1.19.8 and updated dependencies. Update UBI base image.
Key Management Service provider v2.6.4 v2.6.5 Updated Go to version 1.19.7 and updated dependencies.
Konnectivity agent and server v0.1.1_569_iks-amd64 v0.1.2_591_iks-amd64 See the Konnectivity release notes. Updated configuration to set keepalive-time to 40s.
Kubernetes v1.24.12 v1.24.13 See the Kubernetes release notes.
Kubernetes Metrics Server configuration N/A N/A Updated to use TLS version 1.3 ciphers.
Load balancer and load balancer monitor for IBM Cloud Provider 2420 2486 Updated Go to version 1.19.7 and updated dependencies.
Portieris admission controller v0.13.3 v0.13.4 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.24.13_1566, released 24 April 2023

The following table shows the changes that are in the worker node fix pack 1.24.13_1566. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.12_1564
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-208-generic 4.15.0-209-generic Worker node package updates for  CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207, CVE-2022-3903, CVE-2023-1281, CVE-2023-1326, CVE-2023-26545, CVE-2023-28450, CVE-2023-28484, CVE-2023-28486, CVE-2023-28487, CVE-2023-29469.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207, CVE-2022-3108, CVE-2022-3903, CVE-2023-1281, CVE-2023-1326, CVE-2023-26545, CVE-2023-28484, CVE-2023-28486, CVE-2023-28487, CVE-2023-29469.
Kubernetes 1.24.12 1.24.13 See change logs.
Containerd N/A N/A N/A
Haproxy N/A N/A N/A

Change log for worker node fix pack 1.24.12_1564, released 11 April 2023

The following table shows the changes that are in the worker node fix pack 1.24.12_1564. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.12_1562
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-206 4.15.0-208 Worker node kernel & package updates for CVE-2021-3669, CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-41218, CVE-2023-0045, CVE-2023-0266, CVE-2023-23559.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980. Updated sysctl setting for fs.inotify.max_user_instances from default 128 to 1024.
Kubernetes N/A N/A N/A
Haproxy 8398d1 8895ad CVE-2023-0361.
Containerd 1.6.19 1.6.21 For more information, see the change log and security bulletin for CVE-2023-28642 and CVE-2023-27561.

Change log for worker node fix pack 1.24.12_1562, released 29 March 2023

The following table shows the changes that are in the worker node fix pack 1.24.12_1562. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.12_1560
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-144 5.4.0-139 Downgrading kernel to address Upstream canonical bug.

Change log for master fix pack 1.24.12_1559, released 28 March 2023

The following table shows the changes that are in the master fix pack 1.24.12_1559. Master patch updates are applied automatically.

Changes since version 1.24.10_1557
Component Previous Current Description
Calico configuration N/A N/A Calico configuration now sets container network sysctl tuning for net.ipv4.tcp_keepalive_intvl to 15, net.ipv4.tcp_keepalive_probes to 6 and net.ipv4.tcp_keepalive_time to 40.
Cluster health image v1.3.16 v1.3.17 Updated Go to version 1.19.7 and updated dependencies.
GPU device plug-in and installer 79a2232 a873e90 Updated Go to version 1.19.6.
IBM Calico extension 1308-amd64 1366-amd64 Updated to resolve CVE-2023-23916.
IBM Cloud Block Storage driver and plug-in v2.3.7 v2.4.0 Removed ExpandInUsePersistentVolumes feature gate.
IBM Cloud Controller Manager v1.24.10-10 v1.24.12-1 Updated to support the Kubernetes 1.24.12 release.
IBM Cloud File Storage for Classic plug-in and monitor 427 429 Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.19.6 and updated dependencies.
Key Management Service provider v2.6.3 v2.6.4 Updated Go to version 1.19.7 and updated dependencies.
Kubernetes v1.24.10 v1.24.12 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2383 2420 Updated the image to resolve CVEs.

Change log for worker node fix pack 1.24.12_1560, released 27 March 2023

The following table shows the changes that are in the worker node fix pack 1.24.12_1560. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.10_1558
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2021-36222, CVE-2021-37750, CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175, CVE-2023-24329, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2021-36222, CVE-2021-37750, CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-24329, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538.
Kubernetes 1.24.10 1.24.12 For more information, see the change log.
Containerd N/A N/A N/A
Haproxy af5031 8398d1 CVE-2023-23916.

Change log for worker node fix pack 1.24.10_1558, released 13 March 2023

The following table shows the changes that are in the worker node fix pack 1.24.10_1558. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.10_1554
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-139 5.4.0-144 Worker node kernel & package updates for CVE-2022-29154, CVE-2022-3545, CVE-2022-3821, CVE-2022-40898, CVE-2022-41218, CVE-2022-4139, CVE-2022-4415, CVE-2022-47520, CVE-2022-48303, CVE-2023-0266, CVE-2023-0361, CVE-2023-0461, CVE-2023-0767, CVE-2023-23916.
Ubuntu 18.04 packages 4.15.0-204 4.15.0-206 Worker node kernel & package updates for CVE-2022-29154, CVE-2022-3545, CVE-2022-3628, CVE-2022-37454, CVE-2022-3821, CVE-2022-40898, CVE-2022-48303, CVE-2023-0461, CVE-2023-0767, CVE-2023-22490, CVE-2023-23916.
Kubernetes N/A N/A N/A
Containerd 1.6.18 1.6.19 For more information, see the change log.

Change log for master fix pack 1.24.10_1557, released 2 March 2023

The following table shows the changes that are in the master fix pack 1.24.10_1557. Master patch updates are applied automatically.

Changes since version 1.24.10_1551
Component Previous Current Description
Cluster health image v1.3.15 v1.3.16 Updated Go dependencies and to Go version 1.19.6. Updated universal base image (UBI) to resolve CVEs.
etcd v3.5.6 v3.5.7 See the etcd release notes.
Gateway-enabled cluster controller 1902 1987 Updated armada-utils to version v1.9.35
IBM Calico extension 1280-amd64 1308-amd64 Updated universal base image (UBI) to resolve CVE-2022-47629.
IBM Cloud Block Storage driver and plug-in v2.3.6 v2.3.7 Updated universal base image (UBI) to resolve CVEs.
IBM Cloud Controller Manager v1.24.10-2 v1.24.10-10 Updated Go dependencies. Updated k8s.io/utils digest to a5ecb01. Updated vpcctl to v0.10.0.
IBM Cloud File Storage for Classic plug-in and monitor 425 427 Updated universal base image (UBI) to resolve CVEs.
Key Management Service provider v2.5.13 v2.6.3 Updated Go dependencies and to Go version 1.19.6.
Konnectivity agent and server v0.0.34_491_iks v0.1.1_569_iks-amd64 Updated to Konnectivity version v0.1.0.
Kubernetes NodeLocal DNS cache 1.22.11 1.22.18-amd64 See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and Load balancer monitor for IBM Cloud Provider 2325 2383 Updated to armada-utils version 1.9.35.
Portieris admission controller v0.12.6 v0.13.3 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.24.10_1554, released 27 February 2023

The following table shows the changes that are in the worker node fix pack 1.24.10_1554. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.10_1553
Component Previous Current Description
containerd v1.6.17 v1.6.18 See the 1.6.18 change log and the security bulletin for CVE-2023-25153 and CVE-2023-25173.
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2023-22490, CVE-2023-23946, CVE-2023-25725.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2023-22490, CVE-2023-23946, CVE-2023-25725.
Kubernetes N/A N/A N/A
HAProxy d38f89 af5031 CVE-2022-40897, CVE-2022-4415, CVE-2020-10735, CVE-2021-28861, CVE-2022-45061.
Default Worker Pool Ubuntu 18 Ubuntu 20 For IBM Cloud Kubernetes Service, default worker-pool is created with Ubuntu 20 Operating system

Change log for worker node fix pack 1.24.10_1553, released 13 February 2023

The following table shows the changes that are in the worker node fix pack 1.24.10_1553. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.10_1552
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-202 4.15.0-204 Worker node kernel & package updates for CVE-2022-28321, CVE-2022-3437, CVE-2022-4304, CVE-2022-4450, CVE-2022-45142, CVE-2022-47016, CVE-2023-0215, CVE-2023-0286.
Ubuntu 20.04 packages 5.4.0-137 5.4.0-139 Worker node kernel & package updates for CVE-2022-28321, CVE-2022-3437, CVE-2022-4304, CVE-2022-4450, CVE-2022-45142, CVE-2022-47016, CVE-2023-0215, CVE-2023-0286.
Kubernetes N/A N/A N/A
HAProxy 8d6ea6 08c969 CVE-2022-47629.

Change log for master fix pack 1.24.10_1551, released 30 January 2023

The following table shows the changes that are in the master fix pack 1.24.10_1551. Master patch updates are applied automatically.

Changes since version 1.24.9_1547
Component Previous Current Description
Cluster health image v1.3.14 v1.3.15 Updated Go dependencies and to Go version 1.19.4.
GPU device plug-in and installer 03fd318 79a2232 Updated Go to version 1.19.4.
IBM Calico extension 1257 1280 Publish s390x image.
IBM Cloud Block Storage driver and plug-in v2.3.4 v2.3.6 Updated UBI images to 8.7-1031
IBM Cloud Controller Manager v1.24.8-3 v1.24.10-2 Updated to support the Kubernetes 1.24.10 release. Updated Go dependencies and to Go version 1.19.5.
IBM Cloud File Storage for Classic plug-in and monitor 421 425 Fixes for CVE-2022-40303 and CVE-2022-40304.
Key Management Service provider v2.5.12 v2.5.13 Updated Go dependencies and to Go version 1.19.4. Changed to focal distribution.
Konnectivity agent and server v0.0.33_418_iks v0.0.34_491_iks See the Konnectivity release notes.
Kubernetes v1.24.9 v1.24.10 See the Kubernetes release notes.

Change log for worker node fix pack 1.24.10_1552, released 30 January 2023

The following table shows the changes that are in the worker node fix pack 1.24.10_1552. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.9_1550
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node kernel & package updates for CVE-2018-20217, CVE-2022-23521, CVE-2022-28321, CVE-2022-40897, CVE-2022-40898, CVE-2022-41903, CVE-2022-42898, CVE-2023-22809.
Ubuntu 20.04 packages N/A N/A Worker node kernel & package updates for CVE-2021-33503, CVE-2022-23521, CVE-2022-28321, CVE-2022-3094, CVE-2022-40897, CVE-2022-40898, CVE-2022-41903, CVE-2022-42898, CVE-2023-0056, CVE-2023-22809.
Kubernetes 1.24.9 1.24.10 For more information, see the change log.
HAProxy 508bf6 8d6ea6 CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2022-40303, CVE-2022-40304, CVE-2022-3821, CVE-2022-35737, CVE-2022-43680, CVE-2021-46848.

Change log for worker node fix pack 1.24.9_1550, released 16 January 2023

The following table shows the changes that are in the worker node fix pack 1.24.9_1550. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.9_1549
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-200 4.15.0-202 Worker node kernel & package updates for CVE-2021-44758, CVE-2022-0392, CVE-2022-2663, CVE-2022-3061, CVE-2022-3437, CVE-2022-3643, CVE-2022-42896, CVE-2022-42898, CVE-2022-43552, CVE-2022-43945, CVE-2022-44640, CVE-2022-45934, CVE-2022-47629.
Ubuntu 20.04 packages 5.4.0-135 5.4.0-137 Worker node kernel & package updates for CVE-2021-44758, CVE-2022-0392, CVE-2022-0417, CVE-2022-2663, CVE-2022-3061, CVE-2022-3437, CVE-2022-3643, CVE-2022-42896, CVE-2022-42898, CVE-2022-43552, CVE-2022-43945, CVE-2022-44640, CVE-2022-45934, CVE-2022-47629.
Kubernetes N/A N/A N/A

Change log for worker node fix pack 1.24.9_1549, released 02 January 2023

The following table shows the changes that are in the worker node fix pack 1.24.9_1549. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.9_1548
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A N/A
Ubuntu 20.04 packages N/A N/A N/A
Kubernetes N/A N/A N/A

Change log for worker node fix pack 1.24.9_1548, released 19 December 2022

The following table shows the changes that are in the worker node fix pack 1.24.9_1548. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.8_1546
Component Previous Current Description
Containerd 1.6.10 1.6.12 See the 1.6.12 change log, the 1.6.11 change log, and the security bulletin for CVE-2022-23471.
Ubuntu 18.04 packages 4.15.0-197 4.15.0-200 Worker node kernel & package updates for CVE-2022-2309, CVE-2022-38533, CVE-2022-40303, CVE-2022-40304, CVE-2022-41916, CVE-2022-45061.
Ubuntu 20.04 packages 5.4.0-132 5.4.0-135 Worker node kernel & package updates for CVE-2022-2309, CVE-2022-38533, CVE-2022-40303, CVE-2022-40304, CVE-2022-41916.
Kubernetes 1.24.8 1.24.9 For more information, see the change log.

Change log for master fix pack 1.24.9_1547, released 14 December 2022

The following table shows the changes that are in the master fix pack 1.24.9_1547. Master patch updates are applied automatically.

Changes since version 1.24.8_1544
Component Previous Current Description
Cluster health image v1.3.13 v1.3.14 Updated Go dependencies. Exclude ingress status from cluster status aggregation.
etcd v3.5.5 v3.5.6 See the etcd release notes.
GPU device plug-in and installer cce0cfa 03fd318 Update GPU images with Go version 1.19.2 to resolve vulnerabilities
IBM Calico extension 1213 1257 Updated universal base image (UBI) to resolve: CVE-2022-1304, CVE-2016-3709, CVE-2022-42898.
IBM Cloud Block Storage driver and plug-in v2.3.3 v2.3.4 Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.18.6
IBM Cloud Controller Manager v1.24.7-10 v1.24.8-3 Updated to support the Kubernetes 1.24.8 release. Enable mixed protocol for LoadBalancer Service.
IBM Cloud File Storage for Classic plug-in and monitor 420 421 Updated universal base image (UBI) to resolve CVE-2022-42898. Updated Go to version 1.18.8
Key Management Service provider v2.5.11 v2.5.12 Updated Go dependencies.
Kubernetes v1.24.8 v1.24.9 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2110 2325 Update Go to version 1.19.1 and update dependencies.

Change log for worker node fix pack 1.24.8_1546, released 05 December 2022

The following table shows the changes that are in the worker node fix pack 1.24.8_1546. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.8_1545
Component Previous Current Description
Containerd 1.6.8 1.6.10 See the 1.6.10 change log and the 1.6.9 change log.
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2013-4235, CVE-2022-3239, CVE-2022-3524, CVE-2022-3564, CVE-2022-3565, CVE-2022-3566, CVE-2022-3567, CVE-2022-3594, CVE-2022-3621, CVE-2022-42703.
Kubernetes N/A N/A N/A
HAProxy c619f4 508bf6 CVE-2016-3709, CVE-2022-42898, CVE-2022-1304.
CUDA fd4353 0ab756 CVE-2022-42898.

Change log for worker node fix pack 1.24.8_1545, released 21 November 2022

The following table shows the changes that are in the worker node fix pack 1.24.8_1545. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.7_1543
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-194 4.15.0-197 Worker node kernel & package updates for CVE-2018-16860, CVE-2019-12098, CVE-2020-16156, CVE-2021-3671, CVE-2021-43618, CVE-2022-2978, CVE-2022-3028, CVE-2022-3116, CVE-2022-32221, CVE-2022-3515, CVE-2022-35737, CVE-2022-39253, CVE-2022-39260, CVE-2022-40284, CVE-2022-40674, CVE-2022-40768, CVE-2022-41974, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012.
Kubernetes 1.24.7 1.24.8 For more information, see the change log.
CUDA 576234 cce0cf CVE-2022-3515, CVE-2022-2509, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527.

Change log for master fix pack 1.24.8_1544, released 16 November 2022

The following table shows the changes that are in the master fix pack 1.24.8_1544. Master patch updates are applied automatically.

Changes since version 1.24.7_1542
Component Previous Current Description
Calico v3.23.3 v3.24.5 See the Calico release notes.
Cluster health image v1.3.12 v1.3.13 Updated Go dependencies, golangci-lint, gosec, and to Go version 1.19.3. Updated base image version to 116.
etcd v3.5.4 v3.5.5 See the etcd release notes.
Gateway-enabled cluster controller 1823 1902 Go module updates.
GPU device plug-in and installer 373bb9f cce0cfa Updated the GPU driver 470 minor version
IBM Calico extension 1096 1213 Updated image to fix the following CVEs: CVE-2020-35525, CVE-2020-35527, CVE-2022-3515, CVE-2022-37434, CVE-2022-2509, CVE-2022-32149.
IBM Cloud Block Storage driver and plug-in v2.3.1 v2.3.3 Updated universal base image (UBI) to version 8.7-923 to resolve CVEs.
IBM Cloud Controller Manager v1.24.7-1 v1.24.7-10 Key rotation and updated Go dependencies.
IBM Cloud File Storage for Classic plug-in and monitor 416 420 Updated universal base image (UBI) to version 8.7-923 to resolve CVEs.
Key Management Service provider v2.5.10 v2.5.11 Updated Go dependencies and to Go version 1.19.3.
Kubernetes v1.24.7 v1.24.8 CVE-2022-3294 and CVE-2022-3162. For more information, see IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities CVE-2022-3294 and CVE-2022-3162. See the Kubernetes release notes.

Change log for worker node fix pack 1.24.7_1543, released 07 November 2022

The following table shows the changes that are in the worker node fix pack 1.24.7_1543. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.6_1541
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2022-32221, CVE-2022-40284, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012.
Kubernetes 1.24.6 1.24.7 For more information, see the change log.
HAProxy b034b2 3a1392 CVE-2022-37434, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527, CVE-2022-3515, CVE-2022-2509.
CUDA 3ea43b 576234 CVE-2022-3515, CVE-2022-2509, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527.

Change log for master fix pack 1.24.7_1542, released 27 October 2022

The following table shows the changes that are in the master fix pack 1.24.7_1542. Master patch updates are applied automatically.

Changes since version 1.24.6_1538
Component Previous Current Description
Cluster health image v1.3.11 v1.3.12 Updated Go dependencies, golangci-lint, and to Go version 1.19.2. Updated base image version to 109. Excluded ingress status from cluster status calculation.
IBM Cloud Controller Manager v1.24.5-1 v1.24.7-1 Updated to support the Kubernetes 1.24.7 release.
IBM Cloud RBAC Operator dc1725a 778ef2b Updated to Go version 1.18.6.
Key Management Service provider v2.5.9 v2.5.10 Updated Go dependencies and to Go version 1.19.2.
Kubernetes v1.24.6 v1.24.7 See the Kubernetes release notes.
Konnectivity agent and server v0.0.32_363_iks v0.0.33_418_iks Updated Konnectivity to version v0.0.33 and added s390x functionality. See the Konnectivity release notes.

Change log for worker node fix pack 1.24.6_1541, released 25 October 2022

The following table shows the changes that are in the worker node fix pack 1.24.6_1541. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.6_1540
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-193 4.15.0-194 Worker node kernel & package updates for CVE-2018-16860, CVE-2019-12098, CVE-2020-16156, CVE-2021-3671, CVE-2021-43618, CVE-2022-3116, CVE-2022-3515, CVE-2022-39253, CVE-2022-39260.
Kubernetes N/A N/A N/A

Change log for worker node fix pack 1.24.6_1540, released 10 October 2022

The following table shows the changes that are in the worker node fix pack 1.24.6_1540. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.6_1539
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A N/A
Kubernetes N/A N/A N/A

Change log for master fix pack 1.24.6_1538, released 26 September 2022

The following table shows the changes that are in the master fix pack 1.24.6_1538. Master patch updates are applied automatically.

Changes since version 1.24.41536
Component Previous Current Description
Cluster health image v1.3.10 v1.3.11 Updated Go dependencies and to Go version 1.18.6.
GPU device plug-in and installer c58c299 373bb9f Updated to Go version 1.19.1.
IBM Calico extension 1006 1096 Updated image for CVE-2022-2526.
IBM Cloud Block Storage driver and plug-in v2.2.9 v2.3.1 Updated to Go version 1.18.6. Updated universal base image (UBI) to version 8.6-941 to resolve CVEs.
IBM Cloud Controller Manager v1.24.4-1 v1.24.5-1 Updated Go dependencies and to use Go version 1.18.6. Updated to support the Kubernetes 1.24.5 release.
IBM Cloud File Storage for Classic plug-in and monitor 414 416 Updated to Go version 1.18.6. Updated universal base image (UBI) to version 8.6-941 to resolve CVEs.
Key Management Service Provider v2.5.8 v2.5.9 Updated Go dependencies and to Go version 1.18.6.
Kubernetes v1.24.4 v1.24.6 This update resolves CVE-2022-3172. For more information, see the IBM security bulletin. See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache 1.22.6 1.22.11 See the Kubernetes NodeLocal DNS cache release notes.

Change log for worker node fix pack 1.24.6_1539, released 26 September 2022

The following table shows the changes that are in the worker node fix pack 1.24.6_1539. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.4_1537
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-192 4.15.0-193 Worker node kernel & package updates for CVE-2020-35525, CVE-2021-33655, CVE-2021-33656, CVE-2022-0943, CVE-2022-1154, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-2526, CVE-2022-2795, CVE-2022-35252, CVE-2022-36946, CVE-2022-38177, CVE-2022-38178.
Kubernetes 1.24.4 1.24.6 For more information, see the change log.

Change log for worker node fix pack 1.24.4_1537, released 12 September 2022

The following table shows the changes that are in the worker node fix pack 1.24.4_1537. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.4_1535
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-191 4.15.0-192 Worker node kernel & package updates for CVE-2021-33656, CVE-2022-35252.
Kubernetes N/A N/A N/A

Change log for master fix pack 1.24.4_1536, released 1 September 2022

The following table shows the changes that are in the master fix pack 1.24.4_1536. Master patch updates are applied automatically.

Changes since version 1.24.3_1531
Component Previous Current Description
Cluster health image v1.3.9 v1.3.10 Updated Go dependencies and to Go version 1.18.5.
Gateway-enabled cluster controller 1792 1823 Updated to Go version 1.17.13.
GPU device plug-in and installer d8f1be0 c58c299 Enable DRM module and update Go to version 1.18.5.
IBM Calico extension 997 1006 Updated to Go version 1.17.13.
IBM Cloud Block Storage driver and plug-in v2.2.8 v2.2.9 Updated to Go version 1.18.5.
IBM Cloud Controller Manager v1.24.2-8 v1.24.4-1 Updated vpcctl binary to version 3367. Updated to support the Kubernetes 1.24.4 release.
IBM Cloud File Storage for Classic plug-in and monitor 412 414 Updated to Go version 1.18.5. Updated universal base image (UBI) to version 8.6-902 to resolve CVEs.
IBM Cloud RBAC Operator 0a187a4 dc1725a Updated Go dependencies and to Go version 1.18.3.
Key Management Service provider v2.5.7 v2.5.8 Updated Go dependencies.
Konnectivity agent and server v0.0.30_331_iks v0.0.32_363_iks Updated to Go version 1.17.13 and to Konnectivity version v0.0.32.
Kubernetes v1.24.3 v1.24.4 See the Kubernetes release notes.
Kubernetes Dashboard v2.5.0 v2.6.1 See the Kubernetes Dashboard release notes.
Kubernetes Dashboard metrics scraper v1.0.7 v1.0.8 See the Kubernetes Dashboard metrics scraper release notes.
Kubernetes NodeLocal DNS cache 1.22.5 1.22.6 See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2058 2110 Updated Go dependencies and to Go version 1.17.13.
Portieris admission controller v0.12.5 v0.12.6 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.24.4_1535, released 29 August 2022

The following table shows the changes that are in the worker node fix pack 1.24.4_1535. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.3_1533
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node kernel & package updates for CVE-2019-5815, CVE-2021-30560, CVE-2022-31676, CVE-2022-37434.
Kubernetes 1.24.3 1.24.4 For more information, see the change log.
HAProxy 6514a2 c1634f CVE-2022-32206, CVE-2022-32208

Change log for worker node fix pack 1.24.3_1533, released 16 August 2022

The following table shows the changes that are in the worker node fix pack 1.24.3_1533. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.3_1532
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-189 4.15.0-191 Worker node kernel & package updates for CVE-2016-3709, CVE-2021-4209, CVE-2022-1652, CVE-2022-1679, CVE-2022-1734, CVE-2022-2509, CVE-2022-2586, CVE-2022-2588, CVE-2022-34918.
Kubernetes N/A N/A N/A
containerd 1.6.6 1.6.8 For more information, see the change log.

Change log for worker node fix pack 1.24.3_1532, released 01 August 2022

The following table shows the changes that are in the worker node fix pack 1.24.3_1532. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.2_1529
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node kernel & package updates for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406, CVE-2022-29217, CVE-2022-31782.
Kubernetes 1.24.2 1.24.3 For more information, see the change log.

Change log for master fix pack 1.24.3_1531, released 26 July 2022

The following table shows the changes that are in the master fix pack 1.24.3_1531. Master patch updates are applied automatically.

Changes since version 1.24.2_1526
Component Previous Current Description
Calico v3.23.1 v3.23.3 See the Calico release notes. Updated the Calico custom resource definitions to include preserveUnknownFields: false.
Cluster health image v1.3.8 v1.3.9 Updated Go dependencies and to use Go version 1.18.4. Fixed minor typographical error in the add-on daemonset not available health status.
Gateway-enabled cluster controller 1680 1792 Updated to use Go version 1.17.11. Updated image for CVE-2022-2097 and CVE-2022-29458.
GPU device plug-in and installer 2b0b6d1 d8f1be0 Updated Go dependencies and to use Go version 1.18.3.
IBM Calico extension 980 997 Updated to use Go version 1.17.11. Updated universal base image (UBI) to version 8.6-854 to resolve CVEs.
IBM Cloud Block Storage driver and plug-in v2.2.6 v2.2.8 Updated to use Go version 1.18.3. Updated universal base image (UBI) to version 8.6-854 to resolve CVEs.
IBM Cloud Controller Manager v1.24.1-7 v1.24.2-8 Updated Go dependencies and to use Go version 1.18.3. Updated to support the Kubernetes 1.24.2 release. Disabling load balancer NodePort allocation is now prevented for VPC load balancers.
IBM Cloud File Storage for Classic plug-in and monitor 410 412 Updated to use Go version 1.18.3. Updated universal base image (UBI) to version 8.6-854 to resolve CVEs. Improved Kubernetes resource watch configuration.
IBM Cloud RBAC Operator 8c96932 0a187a4 Updated universal base image (UBI) to resolve CVEs.
Key Management Service provider v2.5.6 v2.5.7 Updated Go dependencies and to use Go version 1.18.4.
Kubernetes v1.24.2 v1.24.3 See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache 1.22.2 1.22.5 See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 1998 2058 Updated image for CVE-2022-2097.
Portieris admission controller v0.12.4 v0.12.5 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.24.2_1529, released 18 July 2022

The following table shows the changes that are in the worker node fix pack 1.24.2_1529. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.2_1527
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-188 4.15.0-189 Worker node kernel & package updates for CVE-2015-20107, CVE-2022-2097, CVE-2022-22747, CVE-2022-24765, CVE-2022-29187, CVE-2022-34480, CVE-2022-34903.
Kubernetes N/A N/A N/A

Change log for worker node fix pack 1.24.2_1527, released 05 July 2022

The following table shows the changes that are in the worker node fix pack 1.24.2_1527. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.2_1526
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-187 4.15.0-188 Worker node kernel & package updates for CVE-2022-1292, CVE-2022-2068, CVE-2022-2084, CVE-2022-28388, CVE-2022-32206, CVE-2022-32208.
Kubernetes N/A N/A N/A

Change log for master fix pack 1.24.2_1526, released 22 June 2022

The following table shows the changes that are in the master fix pack 1.24.2_1526. Master patch updates are applied automatically.

Changes since version 1.24.1_1523
Component Previous Current Description
IBM Cloud Block Storage driver and plug-in v2.2.4 v2.2.6 Bug fixes for the driver installation. Block plugin base images were updated to ubi: 8.6-751.1655117800 for CVE-2022-1271
Kubernetes v1.24.1 v1.24.2 See the Kubernetes release notes.
Kubernetes add-on resizer 1.8.14 1.8.15 See the Kubernetes add-on resizer release notes.

Change log for worker node fix pack 1.24.2_1526, released 20 June 2022

The following table shows the changes that are in the worker node fix pack 1.24.2_1526. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.24.1_1522
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-180 4.15.0-187 Worker node kernel & package updates for CVE-2021-46790, CVE-2022-1304, CVE-2022-1419, CVE-2022-1966, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21499, CVE-2022-28390, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789.
HAProxy 468c09 04f862 CVE-2022-1271.
containerd v1.6.4 v1.6.6 See the change log, the security bulletin for CVE-2022-31030, and the security bulletin for CVE-2022-29162.
Kubernetes 1.24.1 1.24.2 For more information, see the change log.

Change log for master fix pack 1.24.1_1523 and worker node fix pack 1.24.1_1522, released 9 June 2022

Changes since version 1.23.7_1531 (master) and 1.23.7_1532 (worker node)
Component Previous Current Description
Calico v3.21.5 v3.23.1 See the Calico release notes. The default BGP configuration found in the default BGP Configuration resource has been updated to set nodeMeshMaxRestartTime to 30m. This default change is only applied if the cluster does not have a custom BGP configuration. The previous default value was 120s.
CoreDNS 1.8.7 1.9.2 See the CoreDNS release notes.
etcd v3.4.18 v3.5.4 See the etcd release notes.
GPU device plug-in and installer 382ada9 2b0b6d1 Updated image for CVE-2018-25032, CVE-2021-3634, CVE-2021-3737 and CVE-2021-4189.
IBM Cloud® Block Storage for Classic driver and plug-in None v2.2.5 The IBM Cloud® Block Storage for Classic driver and plug-in component is now installed on clusters running classic infrastructure.
IBM Cloud Controller Manager v1.23.7-4 v1.24.1-4 Updated to support the Kubernetes 1.24.1 release and Go version 1.18.2. Disabling load balancer NodePort allocation is not supported for VPC load balancers.
Kubernetes v1.23.7 v1.24.1 See the Kubernetes release notes.
Kubernetes configuration N/A N/A Updated the feature gate configuration.
Kubernetes CSI snapshotter CRDs v4.2.1 v5.0.1 See the Kubernetes container storage interface (CSI) snapshotter release notes.
Kubernetes Dashboard v2.4.0 v2.5.0 See the Kubernetes Dashboard release notes.
Kubernetes DNS autoscaler 1.8.4 1.8.5 See the Kubernetes DNS autoscaler release notes.
Kubernetes Metrics Server v0.6.0 v0.6.0 Updated to run with a highly available configuration. For more information on this configuration, see the Kubernetes Metrics Server release notes.
Kubernetes NodeLocal DNS cache 1.21.4 1.22.2 See the Kubernetes NodeLocal DNS cache release notes.
Pause container image 3.6 3.7 See the pause container image release notes.