1.32 version change log
View information of version changes for major, minor, and patch updates that are available for your IBM Cloud® Kubernetes Service clusters that run this version. Changes include updates to Kubernetes and IBM Cloud Provider components.
Overview
In Kubernetes, most new beta features are disabled by default. Alpha features, which are subject to change, are disabled in all versions. For more information, see the Default service settings for Kubernetes components and the feature gates for each version.
For more information about major, minor, and patch versions and preparation actions between minor versions, see Kubernetes versions.
Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect IBM Cloud Kubernetes Service. You can filter the results to view only Kubernetes Cluster security bulletins that are relevant to IBM Cloud Kubernetes Service. Change log entries that address other security vulnerabilities but don't also refer to an IBM security bulletin are for vulnerabilities that are not known to affect IBM Cloud Kubernetes Service in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.
Some change logs are for worker node fix packs, and apply only to worker nodes. You must apply these patches to ensure security compliance for your worker nodes. These worker node fix packs can be at a higher version than the master because some build fix packs are specific to worker nodes. Other change logs are for master fix packs, and apply only to the cluster master. Master fix packs might not be automatically applied. You can choose to apply them manually. For more information about patch types, see Update types.
Version 1.32
Worker node fix pack 1.32.3_1535, released 08 April 2025
The following table shows the components included in the worker node fix pack 1.32.3_1535. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
| Component | Version | Description |
|---|---|---|
| UBUNTU_24_04 | 6.8.0-55-generic | Resolves the following CVEs: CVE-2024-25260, CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, CVE-2025-1377, CVE-2025-24014, CVE-2025-30258, and CVE-2025-31115. |
| Kubernetes | 1.32.3 | For more information, see the change logs. |
| containerd | 1.7.27 | For more information, see the change logs. |
| HAProxy | 997a4ab1e89a5c8ccf3a6823785d7ab5e34b0c83 | N/A |
| GPU Device Plug-in and Installer | c9d9c47b1404651b3a3c022f288a6d90bb5a44b2 | N/A |
Master fix pack 1.32.3_1533, released 26 March 2025
The following table shows the changes that are in the master fix pack 1.32.3_1533. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.6.4 | v1.6.7 | New version contains updates and security fixes. |
| etcd | v3.5.17 | v3.5.18 | See the etcd release notes. |
| IBM Cloud Controller Manager | v1.32.1-2 | v1.32.3-1 | New version contains updates and security fixes. |
| Key Management Service provider | v2.10.10 | v2.10.11 | New version contains updates and security fixes. |
| Kubernetes | v1.32.1 | v1.32.3 | See the Kubernetes release notes. |
| Kubernetes NodeLocal DNS cache | 1.24.0 | 1.25.0 | See the Kubernetes NodeLocal DNS cache release notes. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 3178 | 3232 | New version contains updates and security fixes. |
| Portieris admission controller | v0.13.23 | v0.13.25 | See the Portieris admission controller release notes. |
Worker node fix pack 1.32.3_1534, released 24 March 2025
The following table shows the components included in the worker node fix pack 1.32.3_1534. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
| Component | Version | Description |
|---|---|---|
| UBUNTU_24_04 | 6.8.0-55-generic | Resolves the following CVEs: CVE-2024-55549, CVE-2025-24855, and CVE-2025-27516. |
| Kubernetes | 1.32.3 | For more information, see the change logs. |
| containerd | 1.7.27 | For more information, see the change logs. |
| HAProxy | 997a4ab1e89a5c8ccf3a6823785d7ab5e34b0c83 | Resolves the following CVEs: CVE-2024-56171, CVE-2025-24528, and CVE-2025-24928. |
| GPU Device Plug-in and Installer | c9d9c47b1404651b3a3c022f288a6d90bb5a44b2 | Resolves the following CVEs: CVE-2024-56171, CVE-2025-24928, and CVE-2025-24528. |
Worker node fix pack 1.32.1_1532, released 11 March 2025
The following table shows the components included in the worker node fix pack 1.32.1_1532. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
| Component | Version | Description |
|---|---|---|
| UBUNTU_24_04 | 6.8.0-52-generic | N/A |
| Kubernetes | 1.32.1 | For more information, see the change logs. |
| containerd | 1.7.26 | For more information, see the change logs. |
| HAProxy | 1d72cc8c7d02da6ba0340191fa8d9a86550e5090 | N/A |
| GPU Device Plug-in and Installer | 57c31795f069cb17cd235792f3ac21ac0e086360 | Resolves the following CVEs: CVE-2024-1488, CVE-2020-11023, CVE-2024-8508, and CVE-2022-49043. |
Worker node fix pack 1.32.1_1531, released 24 February 2025
The following table shows the components included in the worker node fix pack 1.32.1_1531. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
| Component | Version | Description |
|---|---|---|
| UBUNTU_24_04 | 6.8.0-52-generic | Resolves the following CVEs: CVE-2024-12133, CVE-2024-12243, CVE-2024-13176, CVE-2024-9143, CVE-2025-0938, CVE-2025-26465, and CVE-2025-26466. |
| Kubernetes | 1.32.1 | For more information, see the change logs. |
| containerd | 1.7.25 | For more information, see the change logs. |
| HAProxy | 1d72cc8c7d02da6ba0340191fa8d9a86550e5090 | Resolves the following CVEs: CVE-2020-11023, and CVE-2022-49043. |
| GPU Device Plug-in and Installer | e41a0d57a0f7696dfa3698c6af3bcc8765e76cfd | Resolves the following CVEs: CVE-2024-8508, CVE-2022-49043, CVE-2024-1488, and CVE-2020-11023. |
Master fix pack 1.32.1_1530, released 19 February 2025
The following table shows the changes that are in the master fix pack 1.32.1_1530. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| IBM Cloud Controller Manager | v1.32.1-1 | v1.32.1-2 | New version contains updates and security fixes. |
| IBM Cloud File Storage for Classic for Classic plug-in and monitor | 447 | 449 | New version contains updates and security fixes. |
| Key Management Service provider | v2.10.9 | v2.10.10 | New version contains updates and security fixes. |
Worker node fix pack 1.32.1_1529, released 11 February 2025
The following table shows the components included in the worker node fix pack 1.32.1_1529. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
| Component | Version | Description |
|---|---|---|
| UBUNTU_24_04 | 6.8.0-52-generic | Resolves the following CVEs: CVE-2022-49043, CVE-2024-11187, CVE-2024-12705, CVE-2024-34459, CVE-2024-3596, CVE-2024-53103, CVE-2024-53141, CVE-2024-53164, CVE-2024-56201, CVE-2024-56201, CVE-2024-56326, CVE-2024-56326, and CVE-2025-0395. |
| Kubernetes | 1.32.1 | For more information, see the change logs. |
| containerd | 1.7.25 | For more information, see the change logs. |
| HAProxy | 03d1ee01e9241d0e5ec93b9eb8986feb2771a01a | Resolves the following CVEs: CVE-2019-12900. |
| GPU Device Plug-in and Installer | 639e505cf0c0f21d6a0a09d157ac7be7f16a77c8 | Resolves the following CVEs: CVE-2024-1488, and CVE-2024-8508. |
Worker node fix pack 1.32.1_1528, released 29 January 2025
The following table shows the components included in the worker node fix pack 1.32.1_1528. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
| Component | Version | Description |
|---|---|---|
| UBUNTU_20_04 | 5.4.0-204-generic | Resolves the following CVEs: CVE-2024-11168, and CVE-2025-22134. |
| UBUNTU_24_04 | 6.8.0-51-generic | Resolves the following CVEs: CVE-2024-12254, CVE-2024-50349, CVE-2024-52006, and CVE-2025-22134. |
| Kubernetes | 1.32.1 | For more information, see the change logs. |
| containerd | 1.7.25 | For more information, see the change logs. |
| HAProxy | 14daa781a66ca5ed5754656ce53c3cca4af580b5 | N/A |
| GPU Device Plug-in and Installer | 6563a84c30f22dd511f6e2d80227040a12c3af9a | Resolves the following CVEs: CVE-2019-12900. |
Master fix pack 1.32.1_1527 and worker node fix pack 1.32.0_1524, released 29 January 2025
| Component | Previous | Current | Description |
|---|---|---|---|
| Calico | v3.28.2 | v3.29.1 | See the Calico release notes. |
| CoreDNS | v1.11.4 | v1.12.0 | See the CoreDNS release notes. In addition, the default CoreDNS configuration now has an updated caching configuration. |
| IBM Cloud Controller Manager | v1.31.4-3 | v1.32.1-1 | New version contains updates and security fixes. |
| Konnectivity agent configuration | N/A | N/A | Konnectivity agent is now configured with a readiness probe to make it easier to identify possible cluster networking problems. |
| Kubernetes (master) | v1.31.5 | v1.32.1 | See the Kubernetes release notes. |
| Kubernetes (worker node) | v1.31.3 | v1.32.0 | See the Kubernetes release notes. |
| Kubernetes configuration | N/A | N/A | See Default service settings for Kubernetes components. |
| Kubernetes DNS autoscaler | v1.8.9 | v1.9.0 | See the Kubernetes DNS autoscaler release notes. |
| Kubernetes NodeLocal DNS cache | 1.23.1 | 1.24.0 | See the Kubernetes NodeLocal DNS cache release notes. |
| Tigera Operator | v1.34.5 | v1.36.3 | See the Tigera Operator release notes. |