CoreOS Container Linux Release Notes

Release Channels

Stable

1520.6.0

The Stable channel should be used by production clusters. Versions of CoreOS Container Linux are battle-tested within the Beta and Alpha channels before being promoted.

  • kernel:
  • rkt:
  • docker:
  • 4.13.5
  • 1.28.1
  • 1.12.6

Beta

1548.2.0

The Beta channel consists of promoted Alpha releases. Mix a few beta machines into your production clusters to catch any bugs specific to your hardware or configuration.

  • kernel:
  • rkt:
  • docker:
  • 4.13.5
  • 1.28.1
  • 1.12.6

Alpha

1562.1.0

The Alpha channel closely tracks current development work and is released frequently. The newest versions of the Linux kernel, systemd, and other components will be available for testing.

  • kernel:
  • rkt:
  • docker:
  • 4.13.5
  • 1.29.0
  • 17.09.0

CoreOS Container Linux releases progress through each channel from Alpha → Beta → Stable. You can think of each release on a lower channel as a release-candidate for the next channel. Once a release is considered bug-free, it is promoted to the next channel.

If you're deploying a new machine, it is recommended to deploy a version attached to a channel instead of the highest version number available. Documentation for supported platforms will already be up to date with this information. Machines will continue to track the channel they were originally booted with for subsequent updates unless configured otherwise.

Tagged Releases

Tagged releases are builds of CoreOS Container Linux that pass automated testing. This information is automatically gathered from GitHub.

CoreOS Container Linux version numbers are determined by the number of days since the CoreOS epoch, July 1, 2013, at the time the release is built for the Alpha channel.

The Alpha channel closely tracks master and is released frequently. The newest versions of system libraries and utilities will be available for testing. The current version is Container Linux 1562.1.0.

Alpha release feed (json)
1562.1.0
Release Date: October 12, 2017
kernel: 4.13.5
rkt: 1.29.0
docker: 17.09.0
etcd: 3.2.7
systemd: 234
Ignition: 0.19.0

Security fixes:

1562.0.0
Release Date: October 11, 2017
kernel: 4.13.5
rkt: 1.29.0
docker: 17.09.0
etcd: 3.2.7
systemd: 234
Ignition: 0.19.0

Bug fixes:

  • Fix journal messages reporting duplicate /var/log/lastlog lines
  • Fix journal messages reporting iscsidev.sh failures

Changes:

  • Remove SSH socket-activation rate limiting

Updates:

1548.0.0
Release Date: September 27, 2017
kernel: 4.13.3
rkt: 1.28.1
docker: 17.06.2
etcd: 3.2.7
systemd: 234
Ignition: 0.19.0

Security fixes:

  • Fix denial of service via incorrect iSCSI length validation (CVE-2017-14489)

Bug fixes:

  • Populate /dev/disk/azure (#2098)
  • Fix rkt overlay mount race (rkt#3805)
  • Fix Docker overlay mount race (#2127)
  • Fix layer-store corruption in Docker 1.12 (#1808)

Changes:

  • Temporarily support a flag file to switch Docker versions
  • Teach cgpt about the coreos-root-raid UUID
  • Allow running etcd2 on arm64 without special environment variables
  • At least 2 GiB of memory is recommended for reliably booting the ISO or via PXE

Updates:

1535.2.0
Release Date: September 21, 2017
kernel: 4.13.3
rkt: 1.28.1
docker: 17.06.2
etcd: 3.1.10
systemd: 234
Ignition: 0.18.0

Bug fixes:

  • Fix "stale file handle" errors in Docker containers (#2152)

Updates:

1535.1.0
Release Date: September 15, 2017
kernel: 4.13.2
rkt: 1.28.1
docker: 17.06.2
etcd: 3.1.10
systemd: 234
Ignition: 0.18.0

Bug fixes:

  • Fix cross-compiling Docker for arm64
  • Remove errant newline in torcx store filenames

Updates:

1535.0.0
Release Date: September 14, 2017
kernel: 4.13.1
rkt: 1.28.1
docker: 17.06.2
etcd: 3.1.10
systemd: 234
Ignition: 0.18.0

Security fixes:

Breaking changes:

Changes:

Updates:

1520.1.0
Release Date: September 6, 2017
kernel: 4.13.0
rkt: 1.28.1
docker: 17.06.1
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Fix use of previous subkey for signing release images in 1520.0.0

Changes:

  • Support additional MegaRAID controllers (#2131)

Updates:

1520.0.0
Release Date: August 30, 2017
kernel: 4.13-rc7
rkt: 1.28.1
docker: 17.06.1
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Security fixes:

Bug fixes:

  • Fix ASAN support (#2105)
  • Fix failure when calling coreos-install with a /dev/disk link

Changes:

  • Add ipvsadm (#1979)
  • Update etcdctl to the etcd3 version (#1717)
  • Improve locksmith status in the MOTD (#1968)
  • Add preliminary support for root on RAID
  • Include terminfo in the initramfs to fix pager warnings
  • Update to a new subkey for signing release images

Updates:

1506.0.0
Release Date: August 16, 2017
kernel: 4.12.7
rkt: 1.28.1
docker: 17.05.0
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Changes:

  • Add tcpdump (#1992)
  • Restart containerd when it crashes (#2096)

Updates:

1492.4.0
Release Date: August 14, 2017
kernel: 4.12.6
rkt: 1.28.1
docker: 17.05.0
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Security fixes:

  • Fix git arbitrary code execution when cloning untrusted repositories (CVE-2017-1000117)

Updates:

1492.3.0
Release Date: August 10, 2017
kernel: 4.12.5
rkt: 1.28.1
docker: 17.05.0
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Security fixes:

  • Fix Linux heap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)
  • Fix Linux exploitable memory corruption due to UDP fragmentation offload (CVE-2017-1000112)

Bug fixes:

  • Fix enabling docker with Ignition (#2079)

Updates:

1492.1.0
Release Date: August 2, 2017
kernel: 4.12.4
rkt: 1.28.1
docker: 17.05.0
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Fix running rkt with stage1-coreos from a systemd unit
  • Fix emerge-gitclone in developer images with Python 3

Updates:

1492.0.0
Release Date: August 2, 2017
kernel: 4.12.4
rkt: 1.28.0
docker: 17.05.0
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Security fixes:

Bug fixes:

  • Fix fsck logging harmless error messages (#1257)
  • Fix timeouts when formatting large disks (#2026)
  • Fix bonding driver problems with non-zero updelay (#2065)
  • Fix virtio network performance (#2076)
  • Fix formatting swap partitions with Ignition

Changes:

  • Add nftables (#1421)
  • Enable Hybla congestion control algorithm (#2045)
  • Enable tracking memory changes (#2048)
  • Add KVM support to the QEMU script for arm64 hosts

Updates:

1478.0.0
Release Date: July 19, 2017
kernel: 4.12.2
rkt: 1.27.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.17.1

Bug fixes:

  • Fix passing large MTU packets over VXLAN on Azure

Updates:

1465.0.0
Release Date: July 6, 2017
kernel: 4.12.0
rkt: 1.27.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.17.1

Security fixes:

Bug fixes:

  • Fix process hang when accessing /proc/sys/fs/binfmt_misc (#1630)
  • Fix ext4 journal abort caused by container OOM (#1811)
  • Fix error deleting firewall rules with recent iptables versions (#2022)
  • Fix overriding coreos-metadata provider when fetching SSH keys (#2014)

Changes:

  • Support coreos-install from local image
  • Allow overriding coreos-install verification key
  • Fail EC2 instance status checks after Ignition failure (#1890)
  • Avoid automatically creating bond0 network device upon bonding driver load

Updates:

1451.2.0
Release Date: June 23, 2017
kernel: 4.11.6
rkt: 1.26.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.16.0

Security fixes:

Changes:

  • Moved docker to torcx package (details)
  • Added vagrant-virtualbox image with Ignition support
  • Added Ignition support to virtualbox image
  • Switched AWS images to gp2 volumes (details)
  • Added dosfstools
  • Allowed kubelet to load ebtables kernel modules
  • Enabled asynchronous DNS in curl
  • Enabled lsof -M and -Z

Updates:

1437.0.0
Release Date: June 8, 2017
kernel: 4.11.3
rkt: 1.26.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Bug fixes:

  • Fix accidental removal of cryptsetup from the initrd (#1962)

Changes:

  • Include lz4 support in journald (#1988)
  • Enable kubelet-wrapper on arm64
  • Enable flannel-wrapper on arm64

Updates:

1430.0.0
Release Date: May 31, 2017
kernel: 4.11.2
rkt: 1.26.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Bug fixes:

  • Properly provision SSH from EC2 key pair if Ignition config is provided (#1981)

1423.0.0
Release Date: May 25, 2017
kernel: 4.11.2
rkt: 1.26.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Bug fixes:

  • Fixed handling of duplicate volumes in rkt fly (#1892)
  • Fixed coreos-install defaulting to nonexistent versions when the update channel is overridden
  • Fixed the flannel container not mounting /etc/ssl/certs from the host

Changes:

  • Added the experimental torcx generator

Updates:

1409.0.0
Release Date: May 11, 2017
kernel: 4.11.0
rkt: 1.25.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Bug fixes:

  • Fix VMware OVA template enabling DHCP on all interfaces by default (#1802)
  • Increase timeout when fetching flanneld image (#1833)
  • Fix docker run --init (#1912)
  • Restart dockerd if it crashes

Changes:

  • Remove etcd v0
  • Change default Docker graph driver from overlay to overlay2
  • Enable SELinux isolation by default for Docker containers on btrfs
  • Experimental Active Directory support
  • Enable virtio SCSI multiqueue support on GCE
  • Enable etcd-wrapper on arm64
  • Disallow access to /dev/mem regions that are bound to a kernel driver (CONFIG_IO_STRICT_DEVMEM)

Updates:

1395.0.0
Release Date: April 27, 2017
kernel: 4.10.12
rkt: 1.25.0
docker: 17.04.0
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.14.0

Bug Fixes:

  • Fixed containerd crashes (#1909)
  • Fixed sporadic network failures with docker network create (#1936)
  • Fixed toolbox as a login shell over SSH as documented (#899)

Changes:

  • The nvme-cli package has been added
  • The coretest command has been removed from the image
  • The coreos-metadata provider can be overridden (#1917)

Updates:

1381.0.0
Release Date: April 13, 2017
kernel: 4.10.9
rkt: 1.25.0
docker: 17.04.0
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.14.0

Bug fixes:

  • Fixed kubelet-wrapper leaving behind orphaned pods (#1831)
  • Fixed coreos-install clobbering OEM bootloader configuration with Ignition

Changes:

  • Enabled NVMe over RDMA
  • AMIs are now tagged (#111)
  • AMIs now have ENA enabled (#1853)
  • Projects only in the initramfs are now included in package lists
  • A JSON file is now produced listing all installed projects' licenses

Updates:

1367.5.0
Release Date: March 31, 2017
kernel: 4.10.4
rkt: 1.25.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Bug fixes:

  • Fixed cases where locksmithd could block login (#1774)
  • Toolbox can now download images through a proxy again (#1869)

Changes:

  • The update group is now written to /usr instead of /etc
  • Ignition now detects the first boot via a file in the ESP
  • Ignition will now continue to run on every boot until it succeeds
  • Systems at an emergency shell will reboot after waiting for input for five minutes and roll back if updated
  • Toolbox is now using the latest Fedora image by default again
  • All official OEM image configuration has all been migrated from cloudinit to Ignition
  • Packet systems now have arm64 builds

Updates:

1353.1.0
Release Date: March 17, 2017
kernel: 4.10.1
rkt: 1.25.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Bug Fixes:

  • Fixed cloud-config files not being used in some install types (#1872)

1353.0.0
Release Date: March 16, 2017
kernel: 4.10.1
rkt: 1.25.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 233

Bug Fixes:

  • Enabled building the ipvlan kernel module again (#1843)
  • Corrected flannel configuration failures on service retries (#1847)
  • Increased containerd start timeout to upstream default of two minutes (#1854)
  • Created a default /etc/ssl/openssl.cnf when missing
  • Created required SSSD paths when missing (#1813)
  • Created required NSCD paths when missing and added its service unit
  • Added myhostname to NSS as a last resort (#1764)
  • The toolbox command is no longer unexpectedly killed (#1216)

Changes:

  • SSSD now logs to the journal by default instead of files in /var/log
  • SSSD support for the sudo command is now enabled (#1856)
  • The arping and traceroute commands are now available on the host (#1572)

Updates:

1339.0.0
Release Date: March 2, 2017
kernel: 4.10.1
rkt: 1.25.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fix root directory permissions on tmpfs-based roots (#1812)
  • Don't hide --bind=/tmp/* mounts in nspawn containers

Changes:

  • Add rxvt-unicode-256color to terminfo database
  • Updated the eclass, profiles, scripts, and licenses packages in the SDK

Updates:

1325.1.0
Release Date: February 23, 2017
kernel: 4.9.9
rkt: 1.23.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1325.0.0
Release Date: February 16, 2017
kernel: 4.9.9
rkt: 1.23.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fixed AWS PV boot kernel panics (#1690)
  • Fixed VMware kernel panics (#1695)
  • Fixed useradd defaults in chroots (#1787)
  • Cleaned broken symlinks in /etc (#1807)

Updates:

1313.0.0
Release Date: February 3, 2017
kernel: 4.8.17
rkt: 1.23.0
docker: 1.13.0
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

  • Reactivated verity

Only the v1312.0.0 alpha release is affected by this issue. Users of the v1312.0.0 alpha release should reprovision their systems to re-enable the disk image consistency checks provided by verity.

1312.0.0
Release Date: February 2, 2017
kernel: 4.8.17
rkt: 1.23.0
docker: 1.13.0
etcd: 0.4.9, 2.3.7
systemd: 231

Known Issues:

  • Verity was not properly enabled in this build; use v1313.0.0 instead

Bug Fixes:

  • Work around SELinux issues with user namespaces in Docker (#1728)

Changes:

  • Added the vmware_raw disk format (#359)
  • Increased kernel's supported CPU count to 512 (#1771)
  • Verity enabled on arm64

Updates:

1298.1.0
Release Date: January 22, 2017
kernel: 4.8.17
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • File systems are no longer labelled for /usr partitions (#1628)
  • Programs installed only in the initramfs are now included in package and license listings
  • Fixed NFS file paths for arm64 (#1763)
  • The busctl monitor command functions properly again (#1736)

Changes:

  • Added support for Cisco VIC FC NIC (#1759)
  • The toolbox script no longer relies on Docker (#1704)
  • The coreos-install script now supports arm64

Updates:

1284.2.0
Release Date: January 11, 2017
kernel: 4.8.15
rkt: 1.21.0
docker: 1.12.5
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1284.1.0
Release Date: January 8, 2017
kernel: 4.8.15
rkt: 1.21.0
docker: 1.12.5
etcd: 0.4.9, 2.3.7
systemd: 231

Bugs Fixed:

  • Properly quote value for DISTRIB_ID in /etc/lsb-release (#1751)
  • Fix Azure Linux Agent's detection of the host distribution

1284.0.0
Release Date: January 5, 2017
kernel: 4.8.15
rkt: 1.21.0
docker: 1.12.5
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

Bug Fixes:

  • Disable SELinux permissions checks in systemd (#1682)
  • Fix pthread-related segfault in systemd (#1694)
  • Fix netfilter regression in Linux (#1743)

Changes:

  • Guest tools have been disabled in the Vagrant image when using Parallels
  • Enable support for Realtek USB, Amazon Elastic, and QLogic network adapters
  • Enable support for BBR (Bottleneck Bandwidth and RTT) TCP congestion control
  • Enable support for MPLS tunnels
  • Remove redundant paths /bin and /sbin from $PATH
  • Pin toolbox to Fedora 24 to work around #1216
  • Add etcd client and server to /etc/services

Removals:

  • Remove early-docker (early-docker.service, early-docker.socket, and early-docker.target)

Updates:

1262.0.0
Release Date: December 15, 2016
kernel: 4.9.0
rkt: 1.21.0
docker: 1.12.4
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Rename 50-docker-veth.network to fix nspawn bridge networking (#404)
  • Fix various cases where Docker commands hang (#1117, #1654, #1681)
  • Fix dependency cycle in multipath service (#1581)
  • Fix kernel panic on certain AWS machine types (#1690)
  • Fix race between networkd and Docker (#1638)

Changes:

  • Enable ACPI for ARM64
  • Add Unmanaged option to networkd network config
  • Enable XFS quota support
  • Enable USB ACM support

Updates:

1248.1.0
Release Date: December 7, 2016
kernel: 4.8.11
rkt: 1.20.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1248.0.0
Release Date: December 1, 2016
kernel: 4.8.11
rkt: 1.20.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fix polkit translation faults on ARM64
  • Enable SELinux support for runc (#1664)
  • Properly declare dependencies between flanneld.service and flannel-docker-opts.service
  • Allow etcd-wrapper to use custom data directory (#1685)

Changes:

  • Automatically resize XFS root partitions to fill disk
  • Add support for Ignition in coreos_production_qemu.sh
  • Published VHDs now have the correct blob size in the footer

Updates:

  • Linux 4.8.11
  • rkt 1.20.0
  • Ignition 0.12.0
  • ntp 4.2.8p9
  • unzip 6.0p20 (ARM64)
  • rpcbind 0.2.3 (ARM64)

1235.0.0
Release Date: November 17, 2016
kernel: 4.8.6
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Correctly apply VLAN configurations to bridges (#1642)
  • Properly pass flannel-related options to Docker (#1659)

Changes:

  • Enable support for seccomp in Docker
  • Automatically resize XFS root partitions to fill disk
  • Add support for streaming file-descriptors to systemd
  • Add support for ASIX network adapters

Updates:

  • coreos-metadata 0.6.2
  • bash 4.3_p46-r2

1221.0.0
Release Date: November 3, 2016
kernel: 4.8.6
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

Bug Fixes:

  • Fix Docker-related networking issue (#254)
  • Fix race condition in coreos-metadata on Azure (#1582)
  • Fix file mode on sssd.service (#1604)

Changes:

  • Introduce Vagrant Parallels images

Updates:

1214.0.0
Release Date: October 27, 2016
kernel: 4.8.4
rkt: 1.17.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

  • Update nss-usrfiles with glibc 2.23 (CVE-2014-8121 and CVE-2015-5277)
  • Update OpenSSL to 1.0.2j (CVE-2016-8610)
    • Note: SSLv2 methods have been disabled, changing the libssl ABI

Bug Fixes:

  • Fix password-length requirement and password logins for SSSD-managed accounts in PAM configuration
  • Add support for C.UTF-8 locale (#112)
  • Correctly set GPT flags on update-engine restart (#1625)

Changes:

  • New installations will have dm-verity enabled by default for the /usr mount.
  • Enable support for more Mellanox cards (CONFIG_MLX5_CORE_EN and CONFIG_MLX5_CORE_EN_DCB)
  • Enable support for more MegaRAID cards (CONFIG_MEGARAID_NEWGEN)
  • Enable support for kprobe and bpf (CONFIG_BPF_SYSCALL, CONFIG_KPROBES, CONFIG_OPTPROBES, CONFIG_KPROBES_ON_FTRACE, CONFIG_KRETPROBES, CONFIG_KPROBE_EVENT, and CONFIG_BPF_EVENTS)
  • The support scripts and utilities for GCE images have been moved from the OEM partition into a container image, executed by rkt
  • The kubelet-wrapper script has been updated, changing a few variable names
    • KUBELET_VERSION has been deprecated in favor of KUBELET_IMAGE_TAG
    • KUBELET_ACI has been deprecated in favor of KUBELET_IMAGE_URL
    • RKT_OPTS has been deprecated in favor of RKT_RUN_ARGS
  • The etcd-wrapper script has been updated along with the addition of etcd-member.service
  • A flannel-wrapper script has been introduced and flanneld.service updated to use it
  • The DigitalOcean images are now provisioned via Ignition instead of coreos-cloudinit
  • Docker's containerd has been split out into a separate containerd.service

Updates:

1192.2.0
Release Date: October 20, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

  • Fix privilege escalation vulnerability in Linux kernel - CVE-2016-5195 (Dirty COW)
  • Fix denial of service in systemd - CVE-2016-7795

1192.1.0
Release Date: October 13, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Disabled dm-verity support by default, unblocking Xen-based environments (#1600)

1192.0.0
Release Date: October 6, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fix nspawn mount propagation (#1578)

Changes:

  • New installations will have dm-verity enabled by default for the /usr mount.
  • When running via QEMU, Ignition will now correctly use the QEMU config provider.

Updates:

  • Update Engine 0.4.0

1185.0.0
Release Date: September 28, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Make GRUB more robust to odd disk configurations (#1238)
  • Mount /etc/hosts into flannel container (#1565)
  • Fix deadlock triggered by coreos-cloudinit configuring locksmith (#1588)

1180.0.0
Release Date: September 26, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fix intermittent network issues in Docker containers. (#1554)
  • Fix last login message in SSH sessions (#1557)
  • Fix systemd user session startup (#1498)
  • Support overriding the initrd's default DHCP network configuration with ip= kernel command line options (#981)
  • EC2: Fix system console for HVM instances (coreos-overlay#2189)

Updates:

  • coreos-cloudinit 1.12.0
  • flannel 0.6.2
  • Ignition 0.11.1
  • Most Go applications are now built with 1.7.1

1164.1.0
Release Date: September 10, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Updates:

1164.0.0
Release Date: September 8, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Security Updates:

Bug Fixes:

  • Don't deny logins due to user's shell (#1523)
  • Fix off-by-one error in cgpt resize (#1527)
  • Disable the systemd-resolved stub resolver (#1545)

Updates:

1153.0.0
Release Date: August 29, 2016
kernel: 4.7.1
rkt: 1.13.0
docker: 1.12.1
etcd: 0.4.9, 2.3.2
systemd: 231

Bug Fixes:

  • Properly expand toolbox mount variable (#1540)

Updates:

1151.0.0
Release Date: August 25, 2016
kernel: 4.7.1
rkt: 1.13.0
docker: 1.12.1
etcd: 0.4.9, 2.3.2
systemd: 231

Bug Fixes:

  • Properly report errors from cgpt repair operations
  • Fix deadlock in file_remove_privs() on overlayfs
  • Build rkt without TEXTREL section (#1525)
  • Reintroduce sdnotify-proxy (#1528)
  • Fix disk corruption issues in GRUB by doing stricter GPT header validation
    • GRUB will now abort the boot if the gptprio command fails

Changes:

  • Use the default Docker cgroup driver instead of the systemd driver
  • Add /dev/disk/by-id links for GCE ephemeral disks (#1465)
  • Add SSH helper support in SSSD (#1470)
  • Enable IMA, DNS resolution for Ceph, POSIX ACLs for Ceph, and EXT4 encryption in the kernel
  • Include qemu_fw_cfg LKM in the initramfs
  • Expose mount options for toolbox in the TOOLBOX_BIND environment variable

Updates:

1122.0.0
Release Date: July 27, 2016
kernel: 4.7.0
rkt: 1.11.0
docker: 1.11.2
etcd: 0.4.9, 2.3.2
systemd: 229

Security:

  • It is no longer necessary to be a member of the wheel group in order to be able to run the su command.
    • If this behaviour is desired, copy the /lib/pam.d/su file to /etc/pam.d/su and edit it to add auth required pam_wheel.so use_uid directly under auth sufficient pam_rootok.so.
  • Enable ioctl() and getattr() on pipefs permissions

Bug Fixes:

  • Add missing line wrap in etcd-wrapper
  • Use the MAC address as the DHCP client ID if the machine is diskless (#1432)
  • If coreos.autologin is used, don't check password when entering the emergency shell (#1433)
  • Decode Azure userdata for cloud-init properly (#1463)
  • Fix colors in PS1 prompt (#1464)
  • Allow NSS lookups to succeed if SSSD isn't running (#1466)
  • Prune shells that are not installed from /etc/shells (#1474)

Changes:

  • Add support for the following in the kernel
    • 3ware 7xxx/8xxx series hardware raid
    • National Semiconductor DP8381x series PCI Ethernet
    • via-rhine network support

Updates:

1109.1.0
Release Date: July 15, 2016
kernel: 4.6.4
rkt: 1.10.1
docker: 1.11.2
etcd: 0.4.9, 2.3.2
systemd: 229

Security Updates:

Bug Fixes:

  • When installing, zero the end of the disk to ensure ZFS data is cleared (#1398)
  • Fix a few issues related to moving flannel into a rkt container (#1436 #1445 #1439)
  • Ensure transient systemd units are started properly (#1430)
  • Use a stable DHCP client identifier when PXE booting (#1432)
  • Properly escape systemd specifiers (#1459)

Changes:

  • Enabled TCM support in the kernel
  • Enabled support for JMicron PATA drives in the kernel
  • Enabled kerberos support in SSSD and sshd

Additions:

  • etcd-wrapper
    • This wrapper script will allow arbitrary versions of etcd to be fetched and run within a rkt container.
  • libgpg-error 1.19

Updates:

1097.0.0
Release Date: July 2, 2016
kernel: 4.6.3
rkt: 1.9.1
docker: 1.11.2
etcd: 0.4.9, 2.3.2
systemd: 229

Bug Fixes:

  • Include work-around for empty SSH host keys (#106)
  • Include kernel modules and firmware in initramfs (#1263)
  • Fix parsing of the user database which caused systemd-sysusers to crash (#1394)
  • Fix handling of certain unicode characters in bash (#1411)
  • Fix sudoers options for created users on Azure

Changes:

  • Kubernetes kubelet has been removed from the image
  • flanneld has been moved from early-docker to a rkt container
  • Enable TCM_IBLOCK and TCM_USER2 in Linux
  • Set group for /dev/kvm

Additions:

  • quota 4.02 (including rpc.rquotad) added to the image

Updates:

1081.2.0
Release Date: June 27, 2016
kernel: 4.6.3
rkt: 1.8.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Updates:

1081.1.0
Release Date: June 17, 2016
kernel: 4.6.0
rkt: 1.8.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Bug Fixes:

  • Fix errors in Docker related to setting cpu-shares (#1289)
  • Fix failure when relabelling layers in Docker (#1301)
  • Fix issue causing coreos-metadata to crash (#1306)

Updates:

Changes:

  • Remove file, portage, python, and a number of other packages that were mistakenly added to the image in 1045.0.0
  • Populate /etc/hosts with an entry for localhost when the file is absent
  • Grant more SELinux permissions on chr_files in container context
  • Build Docker with support for the journald logging driver

1068.0.0
Release Date: June 7, 2016
kernel: 4.6.0
rkt: 1.7.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Updates:

Changes:

  • Fix using containers interactively with SELinux coreos-overlay#1986
  • ARM64: experimental support for updates and Cavium ThunderX

1053.2.0
Release Date: May 20, 2016
kernel: 4.6.0
rkt: 1.6.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Security Fixes:

  • Fall back to pam_deny in authentication (Security Brief)
  • Remove login shell for operator user
  • Stop disabling SHA512 password hashes in PAM
    • This restores the previous pre-PAM behavior of allowing SHA512 password hashes

Changes:

  • The image signing key has been updated again, revoking the sub-key that signed 1045.0.0 and 1047.0.0 and adding a new sub-key for this and future releases.
  • Add rkt-admin group which has access to /etc/rkt
  • GCE images are now provisioned by Ignition instead of coreos-cloudinit

Updates:

1047.0.0
Release Date: May 14, 2016
kernel: 4.5.3
rkt: 1.5.1
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Changes:

  • Change systemd's default per-unit task limit from 512 back to unlimited, restoring the behavior of previous releases. A custom limit may be specified via TasksMax individual units or DefaultTasksMax in /etc/systemd/system.conf. #1281
  • Fix path to stage1-fly.aci in the kubelet-wrapper script. #1282
  • Fix PAM library error in rkt's stage1-coreos.aci. #1283

1045.0.0
Release Date: May 12, 2016
kernel: 4.5.3
rkt: 1.5.1
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Updates:

Changes:

  • Image downloads are now signed with a new sub-key. https://coreos.com/security/image-signing-key/
  • Permit execmem in SELinux policy. #1258
  • Add sssd and realmd for integrating with centralized account/auth services. Experimental.
  • coreos-install now downloads images over HTTPS

1032.0.0
Release Date: April 28, 2016
kernel: 4.5.2
rkt: 1.2.1
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Security Updates:

Fixes:

  • Whitelisted devices with SCSI_IDENT property (#1236)
  • Fixed docker cpu share setting (#1246)

Changes:

  • PAM enabled for sshd
  • Removed the newly-imposed TaskMax limit for Docker

1029.0.0
Release Date: April 26, 2016
kernel: 4.5.2
rkt: 1.2.1
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Updates:

Changes:

  • Partially enable PAM, sshd does not use it by default yet, sudo and console access do.
  • Enable SELinux option (-Z) for coreutils. #1059
  • Include iSCSI and multipath tools #634
  • Enabled pids/hugetlb cgroup controllers.
  • Enabled pl2302 usb serial driver.
  • Fix OS detection when using the kublet-wrapper script.
  • Fix intermittent problems while detecting Exoscale and CloudStack metadata services. coreos-overlay#1893

1010.1.0
Release Date: April 7, 2016
kernel: 4.5.0
rkt: 1.2.1
docker: 1.10.3
etcd: 0.4.9, 2.3.1
systemd: 225

Fixes:

  • Fix high-CPU-load issue with systemd-udevd on Hyper-V (#1036)
  • Repair GPT headers before attempting to randomize the disk GUID (#1091)
  • Fix vxlan networking issues on Azure when under high load (#1156)
  • Cease forwarding the journal to the console (#1162)
  • Fix binary resolution error in systemd-nspawn (#1196)
  • Fix systemd-networkd assertion failure when stopping (#1197)

Changes:

  • DSA support has been removed from OpenSSH
  • Enabled DHCPv6
  • Added prefixes to grub TPM events to indicate their provenance
  • tpm_hostpolicy tool generates a TPM policy file based on host characteristics
  • Known good TPM PCR values for CoreOS are now shipped alongside the OS

Updates:

1000.0.0
Release Date: March 28, 2016
kernel: 4.4.6
rkt: 1.2.1
docker: 1.10.3
etcd: 0.4.9, 2.2.5
systemd: 225

Fixes:

  • updated grub to rectify a bug in systems with TPM firmware but a disabled TPM. Support for netboot via grub was improved, and the mechanism used to measure system state into the TPM was modified.

Updates:

  • rkt 1.2.1
  • Docker 1.10.3
  • Ignition 0.3.3
    • Fixes boot failures on EC2 when no config is supplied.
  • coreos-cloudinit 1.9.3
  • util-linux-2.27-1

Changes:

  • tpmown utility added - run to enable and take ownership of a system TPM. This may trigger a system reboot if required for the firmware to change the TPM state.

991.0.0
Release Date: March 18, 2016
kernel: 4.4.6
rkt: 1.1.0
docker: 1.10.2
etcd: 0.4.9, 2.2.5
systemd: 225

Security Updates:

  • Git 2.7.3 (CVE-2016-2324, CVE-2016-2315)

Fixes:

  • systemd-journald:
    • Journal offlining is now performed asynchronously and ftruncates coalesced, helps fix:
      • https://github.com/coreos/bugs/issues/334
      • https://github.com/coreos/bugs/issues/990
    • Archived/rotated journals are now explicitly made durable when closing, reducing likelihood unclean shutdown corrupting recently rotated journals.
  • systemd sd-event: fixed priority queue comparison function, fixes:
    • http://lists.freedesktop.org/archives/systemd-devel/2015-September/034356.html

Updates:

Changes:

  • fleet now runs as the fleet user instead of root.

983.0.0
Release Date: March 11, 2016
kernel: 4.4.4
rkt: 1.0.0
docker: 1.10.2
etcd: 0.4.9, 2.2.5
systemd: 225

Changes:

  • The VMWare OVA image now defines variables that can be used to configure networking, provide a cloud config, and more. The required functionality is provided by cloudinit 1.9.0 and later.
  • Enabled ENCLOSURE_SERVICES, SCSI_ENCLOSURE, GCM, and FIB options in the kernel. #1152 #1150 #1096
  • Include headers required for building external modules in /lib/modules/$(uname -r)/build. #1082

Updates:

  • The Go compiler has been updated to 1.5.3
  • Linux 4.4.4

976.0.0
Release Date: March 4, 2016
kernel: 4.4.3
rkt: 1.0.0
docker: 1.10.2
etcd: 0.4.9, 2.2.5
systemd: 225

Security Updates:

  • OpenSSL 1.0.2g, for CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800 (DROWN)

Fixes:

  • Modify systemd's ConditionNeedsUpdate so that it will pass whenever /usr is changed, not only when it is newer. This will properly trigger user and group creation. (#1137)

Updates:

Changes:

  • Patch Kubelet v1.1.2 with updated go-dockerclient libarary for docker v1.10.x support
  • Enabled EC ciphersuites in OpenSSL

970.1.0
Release Date: February 26, 2016
kernel: 4.4.1
rkt: 1.0.0
docker: 1.10.1
etcd: 0.4.9, 2.2.5
systemd: 225

Fixes:

  • Revert fix for networkd links unlinking (#1140)
  • Override Docker's native cgroup driver to use systemd (#1132)
    • This exec option is provided in the DOCKER_CGROUPS environment variable within docker.service. This can be overridden or removed via a systemd unit drop-in.

Changes:

962.0.0
Release Date: February 18, 2016
kernel: 4.4.1
rkt: 1.0.0
docker: 1.10.1
etcd: 0.4.9, 2.2.5
systemd: 225

Changes:

  • Added a new script for launching the kublet under rkt, the bundled /usr/bin/kublet is still available but deprecated. New documentation is still in progress.

Updates:

960.0.0
Release Date: February 17, 2016
kernel: 4.4.1
rkt: 1.0.0
docker: 1.10.0
etcd: 0.4.9, 2.2.5
systemd: 225

Fixes:

  • glibc patched for CVE-2014-8121, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779, and CVE-2015-7547 coreos-overlay#1172

Additions:

  • New image type openstack_mini which is identical to openstack but with a smaller root filesystem to offer a little more flexibility in how the disk image is used.

955.0.0
Release Date: February 11, 2016
kernel: 4.4.1
rkt: 1.0.0
docker: 1.10.0
etcd: 0.4.9, 2.2.5
systemd: 225

Fixes:

  • Update to polkit 0.113 again, due to a packaging bug it was mistakenly downgraded to 0.112 in CoreOS 942.0.0.
  • Fix install location of rkt's stage1 ACIs so the --stage1-from-dir option works correctly rkt #2160

Updates:

949.0.0
Release Date: February 8, 2016
kernel: 4.4.0
rkt: 1.0.0
docker: 1.10.0
etcd: 0.4.9, 2.2.5
systemd: 225

Fixes:

  • Add an [Install] section to flanneld's systemd unit. #1102
  • Add support for Ignition in coreos-install.

Updates:

942.0.0
Release Date: February 1, 2016
kernel: 4.4.0
rkt: 0.16.0
docker: 1.9.1
etcd: 0.4.9, 2.2.4
systemd: 225

Fixes:

  • Update to OpenSSL 1.0.2f for CVE-2016-0701 and CVE-2015-3197 and updates CVE-2015-4000 (logjam)

Changes:

  • Disabled LLMNR in systemd-networkd. To re-enable it, you must override the configuration snippet:

    mkdir -p /etc/systemd/resolved.conf.d
    ln -s /dev/null /etc/systemd/resolved.conf.d/10-disable-llmnr.conf
    
  • Allow override flannel docker image via an environment variable #1079

Updates:

935.0.0
Release Date: January 22, 2016
kernel: 4.4.0
rkt: 0.15.0
docker: 1.9.1
etcd: 0.4.9, 2.2.4
systemd: 225

Fixes:

Changes:

  • Minimum password length has been increased to eight

933.0.0
Release Date: January 20, 2016
kernel: 4.4.0
rkt: 0.15.0
docker: 1.9.1
etcd: 0.4.9, 2.2.4
systemd: 225

Fixes:

Changes:

  • Enable BINFMT_MISC support in the kernel

928.0.0
Release Date: January 15, 2016
kernel: 4.4.0
rkt: 0.15.0
docker: 1.9.1
etcd: 0.4.9, 2.2.4
systemd: 225

Fixes:

926.0.0
Release Date: January 14, 2016
kernel: 4.4.0
rkt: 0.15.0
docker: 1.9.1
etcd: 0.4.9, 2.2.4
systemd: 225

Security Fixes:

  • GRUB: Fix for reading username and password (CVE-2015-8370)

Updates:

Changes:

  • Match ETCD_SSL_DIR between host system and flannel container

921.0.0
Release Date: January 11, 2016
kernel: 4.3.3
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Updates:

Fixes:

  • Two out of three of the fixes for using SELinux with Docker #1015
  • Keep a copy of System.map under lib/modules coreos-overlay#1698

899.1.0
Release Date: December 18, 2015
kernel: 4.3.3
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.2
systemd: 225

Bug Fixes:

  • Increase systemd-journal-remote per-connection memory limits #927
  • Stop using invalid name in disk resize script when using CCISS driver #1037

Changes:

  • btrfs-progs 4.2.2
  • glibc 2.21
  • Linux 4.3.3
    • Enabled kernel FSCACHE for CEPH, CIFS, NFS and 9P network filesystems

891.0.0
Release Date: December 10, 2015
kernel: 4.3.0
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.2
systemd: 225

Security Fixes:

Bugs Fixed:

  • Remove etcd2 service timeout limit (https://github.com/coreos/bugs/issues/936)
  • Fixed regression which prevented machinectl login from functioning (https://github.com/coreos/bugs/issues/1002)
  • Fixed shutdown behavior so that it cleanly terminates SSH connections (https://github.com/coreos/bugs/issues/1009)
  • Fixed issue which caused systemd-nspawn to crash in certain situations (https://github.com/coreos/bugs/issues/1010)
  • Included missing bnx2x firmware (https://github.com/coreos/bugs/issues/1016)
  • Enable SCSI_AIC79XX in the kernel (https://github.com/coreos/bugs/issues/1026)
  • Fixed inability to schedule kubernetes pods (https://github.com/kubernetes/kubernetes/issues/16961)

Changes:

  • rkt 0.13.0
  • flannel 0.5.5
  • Populate /lib/modules/$(uname -r)/build
    • Kernel modules can now be built out-of-tree using the standard command: make -C /lib/modules/$(uname -r)/build M=$PWD

884.0.0
Release Date: December 2, 2015
kernel: 4.3.0
rkt: 11.0
docker: 1.9.1
etcd: 0.4.9, 2.2.2
systemd: 225

Bug Fixes:

  • tcsd config file permissions corrected #1003

Changes:

  • OpenSSH 7.1p1 with ssh-dss keys re-enabled
    • ssh-dss compatibility will be removed March 1, 2016, as per the announcement
  • enable CONFIG_SATA_SVW in kernel
  • kubelet v1.1.2

877.1.0
Release Date: November 27, 2015
kernel: 4.3.0
rkt: 11.0
docker: 1.9.1
etcd: 0.4.9, 2.2.2
systemd: 225

Changes:

870.3.0
Release Date: November 24, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.1
systemd: 225

Bug Fixes:

  • fixed empty string argument to docker when underlying filesystem is btrfs [#997]

Updates:

870.2.0
Release Date: November 20, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.1
systemd: 225

Bug Fixes:

  • update-ssh-keys now correctly handles ssh keys that lack a trailing newline #676
  • enabled USB_HIDRAW and USB_HIDDEV kernel drivers #953, #975
  • use correct pid when processing core dumps in namespaces #172
  • backported kernel patch to fix bridge fdb causing infinite loops with bond interfaces #980

Changes:

  • selinux support in docker
  • go programs built with go1.4.3
  • failed unit count is no longer maintained by a 1-minute motdgen.timer unit, and instead is queried on login

Kernel Changes:

  • dm-cache support
  • enabled PPP, DRBD, NBD, AOE kernel drivers.
  • compile kernel with CC_STACKPROTECTOR_STRONG instead of CC_STACKPROTECTOR_REGULAR.
  • enable xattr support in squashfs, fixing ping as unprivileged user on pxe and iso images.
  • enable extra credential and selinux checks (DEBUG_CREDENTIALS).
  • enabled RANDOMIZE_BASE.
  • disabled HIBERNATE/KEXEC_JUMP.

Program Updates:

Library updates:

835.4.0
Release Date: November 9, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Fixes:

  • Fix support for running ignition on PXE systems. #955
  • Roll back to Go 1.4 to fix issues with Docker. #956

Updates:

766.5.0
Release Date: November 5, 2015
kernel: 4.1.7
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.2
systemd: 222

Bug Fixes:

  • Minimize high-order allocations in OverlayFS (https://github.com/coreos/bugs/issues/489)
  • Fixed issue causing journald to consume large amounts of CPU (https://github.com/coreos/bugs/issues/322)
  • Removed locksmith's dependency on update-engine (https://github.com/coreos/bugs/issues/944)

845.0.0
Release Date: October 25, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.1
systemd: 225

Bug Fixes:

  • Minimize high-order allocations in OverlayFS (https://github.com/coreos/bugs/issues/489)
  • Fixed issue causing journald to consume large amounts of CPU (https://github.com/coreos/bugs/issues/322)
  • Fixed issue preventing PXE images from booting (https://github.com/coreos/bugs/issues/933)
  • Removed locksmith's dependency on update-engine (https://github.com/coreos/bugs/issues/944)
  • Enabled epoll for libmicrohttpd and systemd-journal-remote (https://github.com/coreos/bugs/issues/919)

Changes:

  • /usr/share/oem/oem-release has been replaced with the coreos.oem.id kernel parameter
    • After updating to this release, coreos-metadata will no longer work on machines provisioned before this release. coreos.oem.id will need to be set to the value of OEM_ID, found in /usr/share/oem/oem-release. This can be done by adding set oem_id="<OEM_ID>" to /usr/share/oem/grub.cfg.

Program Updates:

Library updates:

835.1.0
Release Date: October 16, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Changes:

835.0.0
Release Date: October 15, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Bug Fixes:

  • Fix SELinux temp files in initrd (https://github.com/coreos/bugs/issues/447)
  • Ensure coreos.autologin is obeyed even if filesystem root is read-only

Changes:

833.0.0
Release Date: October 12, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Security Fixes:

  • Docker 1.8.3 (CVE-2014-8178, CVE-2014-8179)

Changes:

  • etcd2 now notifies systemd when it is ready on startup, ensuring dependent services do not make requests before etcd can answer them. etcd #3613
  • PCRE support in grep and other tools is now enabled. #906
  • early-docker.service now respects $DOCKER_OPTS from the environment like docker.service does. coreos-overlay #1570

Updates:

829.0.0
Release Date: October 9, 2015
kernel: 4.2.2
rkt: 0.8.1
docker: 1.8.2
etcd: 0.4.9, 2.2.0
systemd: 225

Fixes:

  • Root filesystem initialization was broken for some system since 808.0.0. #905 #477

Changes:

  • All Go applications are now built with 1.5.1

Updates:

815.0.0
Release Date: September 24, 2015
kernel: 4.2.0
rkt: 0.8.1
docker: 1.8.2
etcd: 0.4.9, 2.2.0
systemd: 225

Bug Fixes:

  • Revert Docker logging driver back to JSON (https://github.com/coreos/bugs/issues/483)
  • Remove timeouts for Ignition when running on EC2
    • EC2 can take at least 66 seconds to offer a DHCP lease

Changes:

  • etcd 2.2.0
  • kubelet 1.0.6
  • coreos-cloudinit 1.6.1
  • Add support for XFS to docker.service
  • Reset all interfaces on Packet.net during boot (v.s. just enp1s0f0 and enp1s0f1)
  • Allow environment file path to be overridden in flanneld.service

808.0.0
Release Date: September 17, 2015
kernel: 4.2.0
rkt: 0.8.1
docker: 1.8.2
etcd: 0.4.9, 2.1.2
systemd: 225

Changes:

Bug Fixes:

  • Preserve LESSCHARSET when using sudo (https://github.com/coreos/baselayout/pull/33)
  • Include the "rkt" group (https://github.com/coreos/baselayout/pull/34)

801.0.0
Release Date: September 10, 2015
kernel: 4.1.6
rkt: 0.7.0
docker: 1.8.1
etcd: 0.4.9, 2.1.2
systemd: 222

Additions:

  • Support for Interoute

Updates:

  • Docker 1.8.1
  • coreos-cloudinit 1.6.0
    • Additionally enabled the VMware-Backdoor datasource in VMware images
  • Ignition 0.1.6
    • Enables support for Amazon EC2
  • OpenSSH 6.9-p1

794.0.0
Release Date: September 3, 2015
kernel: 4.1.6
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.2
systemd: 222

Bug fixes:

  • Fix possible race condition with Ignition by detecting first boot in GRUB instead of in the initrd.

Updates:

789.0.0
Release Date: August 29, 2015
kernel: 4.1.6
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.2
systemd: 222

Updates:

  • Ignition 0.1.5, fixes intermittent boot failures of new instances on EC2. Only AMIs for 779.0.0 and 788.0.0 were affected.

788.0.0
Release Date: August 28, 2015
kernel: 4.1.6
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.2
systemd: 222

Bug fixes:

  • Ensure SELinux configuration under /etc is initialized correctly. Fixes issues caused by SELinux being enabled but uninitialized in systems that upgraded to 779.0.0. #447
  • Remove the selinuxenabled command to work around issue with Ansible. #449
  • Fix loading of some firmware files. #450
  • Fix potential crash with UDP multicast.

Updates:

779.0.0
Release Date: August 20, 2015
kernel: 4.1.5
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.1
systemd: 222

Changes:

  • wa-linux-agent 2.0.14
  • Support for SELinux is now included. A simple SELinux policy for container isolation is included, and rkt will default to running each container in an independent SELinux context. This policy is currently being run in permissive mode, and any violations will log a warning rather than being blocked. You can enable policy enforcement by editing /etc/selinux/config and changing "SELINUX=permissive" to "SELINUX=enforcing" and rebooting, or change enforcement state temporarily by running "setenforce 1".

774.0.0
Release Date: August 14, 2015
kernel: 4.1.5
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.1
systemd: 222

Fixes:

  • Correct expansion of KUBELET_OPTS in kubelet.service

Changes:

773.1.0
Release Date: August 13, 2015
kernel: 4.1.5
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.1
systemd: 222

Fixes:

  • Update Rackspace OnMetal images to avoid network races (https://github.com/coreos/bugs/issues/427)

Changes:

  • Ignition 0.1.3
  • Linux 4.1.5
  • Make Azure product_uuid readable to all users
  • coreos-cloudinit 1.5.1
  • Support user-defined logrotate configs in /etc/logrotate.d

Additions:

  • kubelet 1.0.1
  • socat 1.7.3

766.0.0
Release Date: August 6, 2015
kernel: 4.1.4
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.1
systemd: 222

Fixes:

  • Fix issue which prevented Docker from running after rkt has run (https://github.com/coreos/bugs/issues/420)

Changes:

  • Linux 4.1.4
  • Re-add [Install] section to etcd2 and fleet service units
  • The audit subsystem has been enabled in the kernel and auditctl added to the image. Most audit events are ignored by default. The audit rules may be modified in /etc/audit/rules.d. Note that auditd is not included, journald is responsible for logging events instead although it is a best effort mechanism. Unlike with auditd based systems the kernel will not panic if journald fails to record an event for some reason.

Additions:

  • bind-tools 9.10.2_p2 (includes dig, nslookup, host)
  • whois 5.1.5 (includes whois, mkpasswd)
  • strace 4.9

758.1.0
Release Date: July 30, 2015
kernel: 4.0.9
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.1
systemd: 222

Security Fixes:

Fixes:

  • Enable the rkt metadata service (https://github.com/coreos/bugs/issues/419)

Changes:

752.1.0
Release Date: July 23, 2015
kernel: 4.0.9
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.1
systemd: 222

Fixes:

  • Fixed grace period on rkt garbage collection timer unit (https://github.com/coreos/coreos-overlay/issues/1377)
  • Fixed Docker restart failure (https://github.com/coreos/init/issues/169)
  • Revert the osType back to "other26xLinux64Guest" in VMware images

Changes:

Additions:

  • /usr/share/oem/oem-release
  • Ignition 0.1.2

745.1.0
Release Date: July 16, 2015
kernel: 4.0.7
rkt: 0.5.5
docker: 1.7.1
etcd: 0.4.9, 2.0.13
systemd: 222

Fixes:

  • Fix kernel compilation issue that caused Go 1.3.x Go 1.3.x to segfault when calling functions in the vDSO library. Issue only effected alpha 738.1.0.
  • Do not completely ignore the router provided via DHCP if more than one is listed. For now only the first one is used.
  • Fix journal-gatewayd which has been broken since systemd 220.

Changes:

Additions:

738.1.0
Release Date: July 9, 2015
kernel: 4.0.7
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.13
systemd: 222

Security Fixes:

Updates:

  • systemd 222
  • sqlite 3.8.10.2
  • libxml2 2.9.2

735.0.0
Release Date: July 7, 2015
kernel: 4.0.7
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.13
systemd: 220

Additions/Changes:

  • Add logrotate 3.8.9 for properly rotating /var/log/btmp and /var/log/wtmp
  • Enable audit and SELinux subsystems in the kernel, requires passing selinux=1 to the kernel to enable but this is of limited use, no SELinux user space tools or policies are included yet.
  • Enable driver for Solarflare NICs.
  • Add Secure Boot lockdown patch set to the kernel. Not yet supported by our boot process though.
  • Enable NAT-based networking in systemd-nspawn. This doesn't yet work out of the box, networkd configuration files need to be updated so docker's configuration doesn't conflict with nspawn's.
  • Fix a networkd bug that impacted some bond interfaces.
  • Enable ixgbevf network devices for Amazon EC2 HVM instances that support it. Amazon brands this as Enhanced Networking. As part of this change we disabled the Predictable Network Interface Names scheme on EC2 to ensure network interfaces remain named eth0, eth1, etc. regardless of whether the ixgbevf or Xen driver is in use. This may impact users who enabled this feature themselves on previous versions which would have named the device ens3 instead of eth0.

Updates:

  • Linux 4.0.7
  • etcd 2.0.13
  • flannel 0.5.0
  • gnupg 2.0.26
  • elfutils 0.161
  • libassuan 2.1.1
  • libksba 1.3.3
  • protobuf 2.5.0
  • btrfs-progs 3.17.3
  • lsof 4.87

723.1.0
Release Date: June 26, 2015
kernel: 4.0.5
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.12
systemd: 220

  • Revert to Docker 1.6.2
    • Docker 1.7.0 introduced a regression that prevents flannel from running

723.0.0
Release Date: June 25, 2015
kernel: 4.0.5
rkt: 0.5.5
docker: 1.7.0
etcd: 0.4.9, 2.0.12
systemd: 220

  • Docker 1.7.0
  • lshw 2.16b
  • gnutls 3.3.15

717.0.0
Release Date: June 18, 2015
kernel: 4.0.5
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.12
systemd: 220

  • Fix booting CoreOS on Vagrant (https://github.com/coreos/bugs/issues/382)
  • OpenSSL 1.0.1o
  • Fix mounting /sysroot on bare metal
  • Update CA certificates to NSS 3.19.1
  • Add jq 1.4
  • fleet 0.10.2
  • etcd 2.0.12
  • Updated a number of system libs and utilities
    • pciutils 3.2.0
    • pth 2.0.7
    • less 458
    • mdadm 3.3.1
    • parted 3.2
    • gzip 1.6
    • libpcap 1.6.2
    • libevent 2.0.22
    • libmicrohttpd 0.9.39
    • dbus-glib 0.102
    • libpcre 8.36
    • popt 1.16
    • readline 6.2_p5

709.0.0
Release Date: June 11, 2015
kernel: 4.0.5
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.11
systemd: 220

  • Linux 4.0.5
  • systemd 220
  • rkt 0.5.5
  • Added a garbage collection service (rkt-gc.service) on a periodic timer
  • Include rng-tools (not enabled by default)
  • wa-linux-agent 2.0.13

695.0.0
Release Date: May 28, 2015
kernel: 4.0.3
rkt: 0.5.4
docker: 1.6.2
etcd: 0.4.9, 2.0.11
systemd: 219

  • etcd 2.0.11
  • Correct the default timezone to UTC
  • bash 4.2 p53
  • dbus 1.8.16
  • git 2.3.6
  • patch 2.7.3
  • sed 4.2.1
  • rsync 3.1.1
  • zip 3.0
  • unzip 6.0
  • which 2.20
  • file 5.22
  • curl 7.42.1

681.0.0
Release Date: May 14, 2015
kernel: 4.0.3
rkt: 0.5.4
docker: 1.6.2
etcd: 0.4.9, 2.0.10
systemd: 219

  • Docker 1.6.2
  • Linux 4.0.3
  • coreos-cloudinit 1.4.1
  • Use systemd-timesyncd instead of ntpd for time synchronization
  • By default, systemd-timesyncd will prefer time servers provided by DHCP and fall back to coreos.pool.ntp.org
  • Mount root volume read/write via kernel cmdline instead of in the initramfs
  • Blacklist xen_fbfront on ec2 images
  • Fixes 30s pause during boot (https://github.com/coreos/bugs/issues/208)
  • Enable 3w_sas and 3w_9xxx kernel modules
  • openssl 1.0.1m
  • dhcpcd 6.6.7
  • Updated timezone data to 2015b

675.0.0
Release Date: May 7, 2015
kernel: 4.0.1
rkt: 0.5.4
docker: 1.6.1_rc2
etcd: 0.4.9, 2.0.10
systemd: 219

  • Docker 1.6.1-rc2
  • [CVE-2015-3629] Symlink traversal on container respawn allows local privilege escalation
  • [CVE-2015-3627] Insecure opening of file-descriptor 1 leading to privilege escalation
  • [CVE-2015-3630] Read/write proc paths allow host modification & information disclosure
  • [CVE-2015-3631] Volume mounts allow LSM profile escalation
  • Enable dell RBU and DCDBAS kernel modules
  • SDK: upgrade portage to 2.2.18

668.2.0
Release Date: April 30, 2015
kernel: 4.0.1
rkt: 0.5.4
docker: 1.6.0
etcd: 0.4.9, 2.0.10
systemd: 219

  • Docker 1.6.0
  • Fix ETCD_ELECTION_TIMEOUT option for OEMs
  • Machines will need to be reprovisioned to pick up this change.
  • Flannel 0.4.0
  • Introduce actool 0.5.1
  • rkt 0.5.4
  • Enable systemd-importd
  • Fleet 0.10.1
  • Linux 4.0.1
  • Enable SCSI_MVSAS LKM
  • etcd 2.0.10
  • Build Go binaries with golang 1.4.2

660.0.0
Release Date: April 23, 2015
kernel: 4.0
rkt: 0.5.3
docker: 1.5.0
etcd: 0.4.9, 2.0.8
systemd: 219

  • Linux 4.0
  • Demote XEN framebuffer to module (https://github.com/coreos/coreos-overlay/pull/1206)
  • Fixes 30s pause during boot (https://github.com/coreos/bugs/issues/208)
  • util-linux 2.25.2
  • dracut 041
  • open-vm-tools 9.10.0
  • vim 7.4
  • Bind /run into toolbox (https://github.com/coreos/toolbox/pull/14)

653.0.0
Release Date: April 16, 2015
kernel: 3.19.3
rkt: 0.5.3
docker: 1.5.0
etcd: 0.4.9, 2.0.8
systemd: 219

647.0.0
Release Date: April 9, 2015
kernel: 3.19.3
rkt: 0.5.3
docker: 1.5.0
etcd: 0.4.9
systemd: 219

  • systemd 219
  • Expose Docker socket to GCE agent (https://github.com/coreos/coreos-overlay/pull/1180)

640.0.0
Release Date: April 2, 2015
kernel: 3.19.3
rkt: 0.5.3
docker: 1.5.0
etcd: 0.4.9
systemd: 218

633.1.0
Release Date: March 26, 2015
kernel: 3.19
rkt: 0.4.1
docker: 1.5.0
etcd: 0.4.8
systemd: 218

  • etcd 0.4.8
  • OpenSSL 1.0.1l
  • nspawn: Map seccomp filters to capabilities
  • networkd: Fix network-wait-online hanging
  • systemd: Fix handling of malformed line continuation
  • Azure: Add "earlyprintk" kernel parameter

626.0.0
Release Date: March 19, 2015
kernel: 3.19
rkt: 0.4.1
docker: 1.5.0
etcd: 0.4.7
systemd: 218

  • rkt 0.4.1
  • util-linux 2.26.1
  • Disable threaded execution for ntp (https://github.com/coreos/bugs/issues/304)
  • Add UseNTP DHCP option in network units (https://github.com/coreos/coreos-overlay/pull/1142)
  • Allow systemd-timesyncd to run in VMs (https://github.com/coreos/coreos-overlay/pull/1142)
  • wa-linux-agent 2.0.12
  • Lower LimitNOFILE for flannel (https://github.com/coreos/coreos-overlay/pull/1128)
  • openSSH 6.7_p1

618.0.0
Release Date: March 11, 2015
kernel: 3.19
rkt: 0.3.2
docker: 1.5.0
etcd: 0.4.7
systemd: 218

  • Experimental: Add Rocket 0.3.2. Note: Rocket and the App Container Spec are still under heavy development. Command line flags and on-disk image store change between releases.

612.1.0
Release Date: March 5, 2015
kernel: 3.19
docker: 1.5.0
etcd: 0.4.7
systemd: 218

  • Revert to systemd 218 (https://github.com/coreos/bugs/issues/297)
  • Set LimitNOFILE for etcd.service

612.0.0
Release Date: March 5, 2015
kernel: 3.19
docker: 1.5.0
etcd: 0.4.7
systemd: 219

  • systemd 219
  • Add volume for SSL certs to flannel
  • Prevent networkd from attempting to configure flannel interfaces
  • TI-RPC 0.2.5
  • Include TI-RPC configs in all images
  • Linux 3.19
  • Enable RAM-disk LKM

607.0.0
Release Date: February 28, 2015
kernel: 3.18.6
docker: 1.5.0
etcd: 0.4.7
systemd: 218

604.0.0
Release Date: February 26, 2015
kernel: 3.18.6
docker: 1.5.0
etcd: 0.4.7
systemd: 218

  • Remove domain name from /etc/issue
  • coreos-cloudinit v1.3.3
  • iproute2 3.19
  • Enable lzma and gcrypt on systemd
  • glibc 2.19

598.0.0
Release Date: February 19, 2015
kernel: 3.18.6
docker: 1.5.0
etcd: 0.4.7
systemd: 218

  • locksmith 0.2.3
  • coreos-cloudinit 1.3.2
  • Properly load iptables LKM before starting flannel
  • Fixed sshd issue on Azure
  • Previously attempted in 591
  • Experimental support for CloudSigma

593.0.0
Release Date: February 14, 2015
kernel: 3.18.6
docker: 1.5.0
etcd: 0.4.7
systemd: 218

  • Reverted to coreos-cloudinit 1.2.1

592.0.0
Release Date: February 14, 2015
kernel: 3.18.6
docker: 1.5.0
etcd: 0.4.7
systemd: 218

591.0.0
Release Date: February 12, 2015
kernel: 3.18.6
docker: 1.5.0
etcd: 0.4.7
systemd: 218

  • Linux 3.18.6
  • Docker 1.5
  • Changed mount propagation from "shared" to "slave"
  • Fixed sshd issue on Azure
  • etcd 0.4.7
  • coreutils 8.23
  • coreos-cloudinit 1.3.0
  • flannel 0.3.0
  • Format the root ext4 filesystem with the maximum number of inodes, required for many docker workloads when using the new overlay backend.

584.0.0
Release Date: February 5, 2015
kernel: 3.18.4
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Allow systemd-nspawn to load modules
  • Fix DefaultDependancies issue with Docker containers (shutdown.target will now wait on Docker containers)
  • Allow DefaultDependancies to be set on transient units
  • Fix Docker to set DefaultDependancies on its containers
  • Allow user-defined DOCKER_OPTS in addition to running flannel (https://github.com/coreos/bugs/issues/244)
  • Enabled kernel support for SMB2
  • Linux 3.18.4

575.0.0
Release Date: January 28, 2015
kernel: 3.18.2
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Patched glibc to address CVE-2015-0235
  • Reverted to SYSLINUX 4.07 for ISO boot loader.

571.0.0
Release Date: January 23, 2015
kernel: 3.18.2
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Drop default --insecure-registry=0.0.0.0/0 flag from docker service. If you access registries without HTTPS you must set --insecure-registry= yourself.
  • coreos-cloudinit 1.2.1
  • Add ebtables command line tool.
  • Fix coreos-install with new ext4 based images.
  • Accept DHCP provided domain names that end in a dot. Broken since 534.1.0

561.0.0
Release Date: January 14, 2015
kernel: 3.18.2
docker: 1.4.1
etcd: 0.4.6
systemd: 218

557.0.0
Release Date: January 9, 2015
kernel: 3.18.1
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • openssl 1.0.1k
  • Fix the -b base URL option in coreos-install
  • Added support for customizing the login MOTD.
  • SDK only: disable ccache to avoid a few different build errors it has been causing.

554.0.0
Release Date: January 6, 2015
kernel: 3.18.1
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Fix early-docker.service, broken since 547.0.0. Required by flannel.

550.0.0
Release Date: January 2, 2015
kernel: 3.18.1
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Roll back to Go 1.3.

549.0.0
Release Date: January 1, 2015
kernel: 3.18.1
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Fix symlinks for commands halt poweroff reboot runlevel shutdown telinit (broken in 547.0.0)
  • Go updated to 1.4

547.0.0
Release Date: December 31, 2014
kernel: 3.18.1
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Linux 3.18.1
  • Docker 1.4.1
  • coreos-cloudinit 1.1.0
  • btrfs-progs 3.17.1
  • Re-enable including DHCP provided domain name in resolv.conf (missing since v534.1.0)
  • Fix file permissions on systemd journal. (broken since v534.1.0)

540.0.0
Release Date: December 23, 2014
kernel: 3.17.7
docker: 1.3.3
etcd: 0.4.6
systemd: 218

  • systemd 218
  • ntp 4.2.8
  • flannel 0.2.0
  • Include CoreOS version in MOTD
  • Fix vmtoolsd in VMware images, ld.so.cache was still being generated incorrectly after the first boot.

The Beta channel consists of promoted Alpha releases. The current version is Container Linux 1548.2.0.

Beta release feed (json)
1548.2.0
Release Date: October 12, 2017
kernel: 4.13.5
rkt: 1.28.1
docker: 1.12.6
etcd: 3.2.7
systemd: 234
Ignition: 0.19.0

Security fixes:

1548.1.0
Release Date: October 11, 2017
kernel: 4.13.5
rkt: 1.28.1
docker: 1.12.6
etcd: 3.2.7
systemd: 234
Ignition: 0.19.0

Bug fixes:

  • Fix Docker overlay mount race (#2173)

Changes:

  • Remove SSH socket-activation rate limiting
  • Revert Docker to 1.12 for the beta channel (#1930)

Updates:

1520.4.0
Release Date: September 21, 2017
kernel: 4.13.3
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Fix "stale file handle" errors in Docker containers (#2152)

Updates:

1520.3.0
Release Date: September 15, 2017
kernel: 4.13.2
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Remove errant newline in torcx store filenames

Updates:

1520.2.0
Release Date: September 14, 2017
kernel: 4.13.1
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Security fixes:

Changes:

Updates:

1492.6.0
Release Date: September 6, 2017
kernel: 4.12.10
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Fix ASAN support (#2105)

Changes:

  • Update to a new subkey for signing release images

Updates:

1492.5.0
Release Date: August 16, 2017
kernel: 4.12.7
rkt: 1.28.1
docker: 1.12.6
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Changes:

  • Revert Docker to 1.12 for the beta channel (#1930)

Updates:

1465.5.0
Release Date: August 14, 2017
kernel: 4.12.6
rkt: 1.27.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.17.2

Security fixes:

  • Fix git arbitrary code execution when cloning untrusted repositories (CVE-2017-1000117)

Updates:

1465.4.0
Release Date: August 10, 2017
kernel: 4.12.5
rkt: 1.27.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.17.2

Security fixes:

  • Fix Linux heap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)
  • Fix Linux exploitable memory corruption due to UDP fragmentation offload (CVE-2017-1000112)

Bug fixes:

  • Fix enabling docker with Ignition (#2079)

Updates:

1465.3.0
Release Date: August 2, 2017
kernel: 4.12.4
rkt: 1.27.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.17.2

Security fixes:

Bug fixes:

  • Fix bonding driver problems with non-zero updelay (#2065)
  • Fix virtio network performance (#2076)

Updates:

1465.2.0
Release Date: July 19, 2017
kernel: 4.12.2
rkt: 1.27.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.17.1

Bug fixes:

  • Fix passing large MTU packets over VXLAN on Azure

Changes:

  • Reverted Docker to 1.12 for the beta channel (#1930)

Updates:

1437.3.0
Release Date: June 30, 2017
kernel: 4.11.8
rkt: 1.26.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

  • Fixed systemd-resolved out-of-bounds write with crafted TCP payload (CVE-2017-9445)

Bug fixes:

  • Fixed process hang when accessing /proc/sys/fs/binfmt_misc (#1630)
  • Fixed ext4 journal abort caused by container OOM (#1811)
  • Fixed error deleting firewall rules with recent iptables versions (#2022)

Updates:

1437.2.0
Release Date: June 22, 2017
kernel: 4.11.6
rkt: 1.26.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Bug fixes:

  • Fix kernel oops in 1437.1.0 with mmap(..., MAP_FIXED, ...)

1437.1.0
Release Date: June 20, 2017
kernel: 4.11.6
rkt: 1.26.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Changes:

  • Reverted Docker to 1.12 for the beta channel (#1930)

Updates:

1409.1.0
Release Date: May 23, 2017
kernel: 4.11.2
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Changes:

  • Reverted Docker to 1.12 for the beta channel (#1930)

Updates:

1381.1.0
Release Date: April 26, 2017
kernel: 4.10.12
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.14.0

Bug Fixes:

  • Fixed containerd crashes (#1909)

Changes:

  • The coreos-metadata provider can be overridden (#1917)
  • Reverted Docker to 1.12 for the beta channel (#1930)

Updates:

1353.4.0
Release Date: April 1, 2017
kernel: 4.10.4
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Security fixes:

1353.2.0
Release Date: March 29, 2017
kernel: 4.10.4
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Changes:

  • The update group is now written to /usr instead of /etc
  • Reverted Docker to 1.12 for the beta channel

Updates:

1325.2.0
Release Date: March 1, 2017
kernel: 4.9.9
rkt: 1.23.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231
Ignition: 0.12.1

Changes:

  • Docker has been reverted to 1.12.6 to avoid breaking firewall changes

1298.4.0
Release Date: February 23, 2017
kernel: 4.8.17
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231
Ignition: 0.12.1

Security Fixes:

Bug Fixes:

  • Primary kernel console is no longer incorrectly routed to ttyS0

Changes:

  • Images are now generated in the vmware_raw format

1298.3.0
Release Date: February 2, 2017
kernel: 4.8.17
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Work around SELinux issues with user namespaces in Docker (#1728)
  • Programs installed only in the initramfs are now included in package and license listings

Updates:

1248.4.0
Release Date: January 11, 2017
kernel: 4.8.11
rkt: 1.20.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1248.3.0
Release Date: January 8, 2017
kernel: 4.8.11
rkt: 1.20.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Bugs Fixed:

  • Properly quote value for DISTRIB_ID in /etc/lsb-release (#1751)
  • Fix Azure Linux Agent's detection of the host distribution

1248.2.0
Release Date: January 4, 2017
kernel: 4.8.11
rkt: 1.20.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1235.2.0
Release Date: December 7, 2016
kernel: 4.8.6
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1235.1.0
Release Date: November 30, 2016
kernel: 4.8.6
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Enable SELinux support for runc (#1664)

Updates:

1192.2.0
Release Date: October 20, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

  • Fix privilege escalation vulnerability in Linux kernel - CVE-2016-5195 (Dirty COW)
  • Fix denial of service in systemd - CVE-2016-7795

1185.2.0
Release Date: October 20, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.11.2
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

  • Fix privilege escalation vulnerability in Linux kernel - CVE-2016-5195 (Dirty COW)
  • Fix denial of service in systemd - CVE-2016-7795

1185.1.0
Release Date: October 5, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.11.2
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fix occasional networking lock-ups with Docker (#254)
  • Fix spurious networking failures when spawning Docker containers (#1554) (#1574) (#1585)
  • Allow older Docker clients to communicate with the Docker daemon (#1569)

Updates:

  • Update Engine 0.3.2
  • Docker 1.11.2

1153.4.0
Release Date: September 10, 2016
kernel: 4.7.1
rkt: 1.13.0
docker: 1.11.2
etcd: 0.4.9, 2.3.2
systemd: 231

Updates:

1153.3.0
Release Date: September 8, 2016
kernel: 4.7.1
rkt: 1.13.0
docker: 1.11.2
etcd: 0.4.9, 2.3.2
systemd: 231

Bug Fixes:

  • Fix Docker stats API for Kubernetes (#1526)
  • Fix off-by-one error in cgpt resize (#1527)
  • Disable the systemd-resolved stub resolver (#1545)

Updates:

1122.1.0
Release Date: August 15, 2016
kernel: 4.7.0
rkt: 1.11.0
docker: 1.11.2
etcd: 0.4.9, 2.3.2
systemd: 229

Security Updates:

1081.5.0
Release Date: July 18, 2016
kernel: 4.6.3
rkt: 1.8.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Bug Fixes:

  • Properly escape systemd specifiers (#1459)

1081.3.0
Release Date: July 13, 2016
kernel: 4.6.3
rkt: 1.8.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Security Updates:

Bug Fixes:

  • Fix parsing of the user database which caused systemd-sysusers to crash (#1394)
  • Fix handling of certain unicode characters in bash (#1411)
  • Fix issue when starting transient services (#1430)
  • Include work-around for empty SSH host keys (#106)

Changes:

  • Removed Kubernetes kubelet
  • Set group for /dev/kvm

Updates:

1068.3.0
Release Date: June 27, 2016
kernel: 4.6.3
rkt: 1.7.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Updates:

1068.2.0
Release Date: June 17, 2016
kernel: 4.6.0
rkt: 1.7.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Changes:

  • Remove file, portage, python, and a number of other packages that were mistakenly added to the image in 1045.0.0

1068.0.0
Release Date: June 7, 2016
kernel: 4.6.0
rkt: 1.7.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Updates:

Changes:

  • Fix using containers interactively with SELinux coreos-overlay#1986
  • ARM64: experimental support for updates and Cavium ThunderX

1010.4.0
Release Date: May 25, 2016
kernel: 4.5.0
rkt: 1.2.1
docker: 1.10.3
etcd: 0.4.9, 2.3.1
systemd: 225

Fixes:

  • Permit execmem in SELinux policy (#1258)
  • Fix support scripts for GCE (#1164, #1273)
  • Allow setattr on devpts PTYs and grant PipeFS access

Changes:

  • Update coreos-install
    • Download images over HTTPS
    • Correct race condition which caused incorrect versions to be downloaded
    • Use new image signing key

1010.1.0
Release Date: April 7, 2016
kernel: 4.5.0
rkt: 1.2.1
docker: 1.10.3
etcd: 0.4.9, 2.3.1
systemd: 225

Fixes:

  • Fix high-CPU-load issue with systemd-udevd on Hyper-V (#1036)
  • Repair GPT headers before attempting to randomize the disk GUID (#1091)
  • Fix vxlan networking issues on Azure when under high load (#1156)
  • Cease forwarding the journal to the console (#1162)
  • Fix binary resolution error in systemd-nspawn (#1196)
  • Fix systemd-networkd assertion failure when stopping (#1197)

Changes:

  • DSA support has been removed from OpenSSH
  • Enabled DHCPv6
  • Added prefixes to grub TPM events to indicate their provenance
  • tpm_hostpolicy tool generates a TPM policy file based on host characteristics
  • Known good TPM PCR values for CoreOS are now shipped alongside the OS

Updates:

991.2.0
Release Date: March 26, 2016
kernel: 4.4.6
rkt: 1.1.0
docker: 1.9.1
etcd: 0.4.9, 2.2.5
systemd: 225

Updates:

  • Ignition 0.3.3
    • Fixes boot failures on EC2 when no config is supplied.

991.1.0
Release Date: March 23, 2016
kernel: 4.4.6
rkt: 1.1.0
docker: 1.9.1
etcd: 0.4.9, 2.2.5
systemd: 225

Changes:

  • Reverted to Docker 1.9.1
    • This release is intended for the Beta channel. If an instance was booted from the Alpha channel and then moved to the Beta channel, it will downgrade Docker when it updates to this release which will potentially cause problems with images on disk.

899.11.0
Release Date: March 17, 2016
kernel: 4.3.6
rkt: 1.0.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Security Updates:

  • Git 2.7.3 (CVE-2016-2324, CVE-2016-2315)

899.10.0
Release Date: March 9, 2016
kernel: 4.3.6
rkt: 1.0.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Security Updates:

  • OpenSSL 1.0.2g, for CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800 (DROWN)

Updates:

Changes:

  • Enabled EC ciphersuites in OpenSSL

899.9.0
Release Date: February 29, 2016
kernel: 4.3.6
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Fixes:

  • Revert fix for networkd links unlinking (#1140)

899.8.0
Release Date: February 24, 2016
kernel: 4.3.6
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Fixes:

  • Linux 4.3.6 - fixes #1087
  • Selinux policy updates to allow systemctl to work in enforcing mode (#1788)
  • Backported a systemd-networkd fix to clean up stale link files - fixes #1081

899.7.0
Release Date: February 18, 2016
kernel: 4.3.3
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Fixes:

  • glibc patched for CVE-2014-8121, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779 and CVE-2015-7547 coreos-overlay#1178

899.6.0
Release Date: February 1, 2016
kernel: 4.3.3
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Fixes:

  • Update to OpenSSL 1.0.2f for CVE-2016-0701 and CVE-2015-3197 and updates CVE-2015-4000 (logjam)

899.5.0
Release Date: January 22, 2016
kernel: 4.3.3
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Fixes:

899.4.0
Release Date: January 20, 2016
kernel: 4.3.3
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Fixes:

899.3.0
Release Date: January 15, 2016
kernel: 4.3.3
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Fixes:

899.2.0
Release Date: January 14, 2016
kernel: 4.3.3
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Updates:

Fixes:

899.1.0
Release Date: December 18, 2015
kernel: 4.3.3
rkt: 13.0
docker: 1.9.1
etcd: 0.4.9, 2.2.2
systemd: 225

Bug Fixes:

  • Increase systemd-journal-remote per-connection memory limits #927
  • Stop using invalid name in disk resize script when using CCISS driver #1037

Changes:

  • btrfs-progs 4.2.2
  • glibc 2.21
  • Linux 4.3.3
    • Enabled kernel FSCACHE for CEPH, CIFS, NFS and 9P network filesystems

877.1.0
Release Date: November 27, 2015
kernel: 4.3.0
rkt: 11.0
docker: 1.9.1
etcd: 0.4.9, 2.2.2
systemd: 225

Changes:

835.5.0
Release Date: November 17, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Updates:

835.4.0
Release Date: November 9, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Fixes:

  • Fix support for running ignition on PXE systems. #955
  • Roll back to Go 1.4 to fix issues with Docker. #956

Updates:

835.2.0
Release Date: October 28, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Bug Fixes:

  • Minimize high-order allocations in OverlayFS (https://github.com/coreos/bugs/issues/489)
  • Fixed issue causing journald to consume large amounts of CPU (https://github.com/coreos/bugs/issues/322)
  • Fixed issue preventing PXE images from booting (https://github.com/coreos/bugs/issues/933)
  • Removed locksmith's dependency on update-engine (https://github.com/coreos/bugs/issues/944)

Changes:

  • /usr/share/oem/oem-release has been replaced with the coreos.oem.id kernel parameter
    • After updating to this release, coreos-metadata will no longer work on machines provisioned from 835.1.0. coreos.oem.id will need to be set to the value of OEM_ID, found in /usr/share/oem/oem-release. This can be done by adding set oem_id="<OEM_ID>" to /usr/share/oem/grub.cfg.

Program Updates:

  • Ignition 0.2.2
  • locksmith 0.3.3
  • coreos-metadata 0.2.2

835.1.0
Release Date: October 16, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Changes:

766.4.0
Release Date: September 16, 2015
kernel: 4.1.7
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.2
systemd: 222

Changes:

Bug Fixes:

  • Correct systemd's handling of machine state on daemon-reload (https://github.com/coreos/bugs/issues/454)
  • Fix docker0 bridge failures (https://github.com/coreos/bugs/issues/471)

766.3.0
Release Date: September 2, 2015
kernel: 4.1.6
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.2
systemd: 222

Updates:

  • Linux 4.1.6
  • etcd 2.1.2
  • coreos-install includes a new image signing GPG key which will be used starting next week.
  • Ignition has been removed from the 766 release branch, for now it is only available in alpha releases.

766.1.0
Release Date: August 20, 2015
kernel: 4.1.4
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.1
systemd: 222

Changes:

723.3.0
Release Date: July 9, 2015
kernel: 4.0.5
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.12
systemd: 220

Security Fixes:

723.1.0
Release Date: June 26, 2015
kernel: 4.0.5
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.12
systemd: 220

  • Revert to Docker 1.6.2
    • Docker 1.7.0 introduced a regression that prevents flannel from running

717.1.0
Release Date: June 24, 2015
kernel: 4.0.5
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.10
systemd: 220

695.2.0
Release Date: June 15, 2015
kernel: 4.0.5
rkt: 0.5.4
docker: 1.6.2
etcd: 0.4.9, 2.0.10
systemd: 219

695.0.0
Release Date: May 28, 2015
kernel: 4.0.3
rkt: 0.5.4
docker: 1.6.2
etcd: 0.4.9, 2.0.11
systemd: 219

  • etcd 2.0.11
  • Correct the default timezone to UTC
  • bash 4.2 p53
  • dbus 1.8.16
  • git 2.3.6
  • patch 2.7.3
  • sed 4.2.1
  • rsync 3.1.1
  • zip 3.0
  • unzip 6.0
  • which 2.20
  • file 5.22
  • curl 7.42.1

681.0.0
Release Date: May 14, 2015
kernel: 4.0.3
rkt: 0.5.4
docker: 1.6.2
etcd: 0.4.9, 2.0.10
systemd: 219

  • Docker 1.6.2
  • Linux 4.0.3
  • coreos-cloudinit 1.4.1
  • Use systemd-timesyncd instead of ntpd for time synchronization
  • By default, systemd-timesyncd will prefer time servers provided by DHCP and fall back to coreos.pool.ntp.org
  • Mount root volume read/write via kernel cmdline instead of in the initramfs
  • Blacklist xen_fbfront on ec2 images
  • Fixes 30s pause during boot (https://github.com/coreos/bugs/issues/208)
  • Enable 3w_sas and 3w_9xxx kernel modules
  • openssl 1.0.1m
  • dhcpcd 6.6.7
  • Updated timezone data to 2015b

668.3.0
Release Date: May 13, 2015
kernel: 4.0.1
rkt: 0.5.4
docker: 1.5.0
etcd: 0.4.9, 2.0.10
systemd: 219

647.0.0
Release Date: April 9, 2015
kernel: 3.19.3
rkt: 0.5.3
docker: 1.5.0
etcd: 0.4.9
systemd: 219

  • systemd 219
  • Expose Docker socket to GCE agent (https://github.com/coreos/coreos-overlay/pull/1180)

633.1.0
Release Date: March 26, 2015
kernel: 3.19
rkt: 0.4.1
docker: 1.5.0
etcd: 0.4.8
systemd: 218

  • etcd 0.4.8
  • OpenSSL 1.0.1l
  • nspawn: Map seccomp filters to capabilities
  • networkd: Fix network-wait-online hanging
  • systemd: Fix handling of malformed line continuation
  • Azure: Add "earlyprintk" kernel parameter

612.1.0
Release Date: March 5, 2015
kernel: 3.19
docker: 1.5.0
etcd: 0.4.7
systemd: 218

  • Revert to systemd 218 (https://github.com/coreos/bugs/issues/297)
  • Set LimitNOFILE for etcd.service

607.0.0
Release Date: February 28, 2015
kernel: 3.18.6
docker: 1.5.0
etcd: 0.4.7
systemd: 218

584.0.0
Release Date: February 5, 2015
kernel: 3.18.4
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Allow systemd-nspawn to load modules
  • Fix DefaultDependancies issue with Docker containers (shutdown.target will now wait on Docker containers)
  • Allow DefaultDependancies to be set on transient units
  • Fix Docker to set DefaultDependancies on its containers
  • Allow user-defined DOCKER_OPTS in addition to running flannel (https://github.com/coreos/bugs/issues/244)
  • Enabled kernel support for SMB2
  • Linux 3.18.4

557.2.0
Release Date: February 4, 2015
kernel: 3.18.1
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Allow user-defined DOCKER_OPTS in addition to running flannel (https://github.com/coreos/bugs/issues/244)

557.1.0
Release Date: January 28, 2015
kernel: 3.18.1
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Patched glibc to address CVE-2015-0235
  • Accept DHCP provided domain names that end in a dot. Broken since 534.1.0

522.5.0
Release Date: January 12, 2015
kernel: 3.17.8
docker: 1.3.3
etcd: 0.4.6
systemd: 215

557.0.0
Release Date: January 9, 2015
kernel: 3.18.1
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • openssl 1.0.1k
  • Fix the -b base URL option in coreos-install
  • Added support for customizing the login MOTD.
  • SDK only: disable ccache to avoid a few different build errors it has been causing.

522.4.0
Release Date: January 6, 2015
kernel: 3.17.7
docker: 1.3.3
etcd: 0.4.6
systemd: 215

522.3.0
Release Date: December 24, 2014
kernel: 3.17.7
docker: 1.3.3
etcd: 0.4.6
systemd: 215

  • ntp 4.2.8
  • Add --insecure-registry=0.0.0.0/0 to docker by default, previously was only committed to the 494.x.x branch by mistake. See https://coreos.com/blog/docker-1-3-2-stable-channel/ for details.

The Stable channel should be used by production clusters. Versions of Container Linux are battle-tested within the Beta and Alpha channels before being promoted. The current version is Container Linux 1520.6.0.

Stable release feed (json)
1520.6.0
Release Date: October 12, 2017
kernel: 4.13.5
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Security fixes:

1520.5.0
Release Date: October 11, 2017
kernel: 4.13.5
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Fix rkt overlay mount race (rkt#3805)
  • Fix Docker overlay mount race (#2173)

Changes:

  • Remove SSH socket-activation rate limiting
  • Temporarily support a flag file to switch Docker versions
  • At least 2 GiB of memory is recommended for reliably booting the ISO or via PXE

Updates:

1465.8.0
Release Date: September 21, 2017
kernel: 4.12.14
rkt: 1.27.0
docker: 1.12.6
etcd: 3.1.8
systemd: 233
Ignition: 0.17.2

Security fixes:

Updates:

1465.7.0
Release Date: September 6, 2017
kernel: 4.12.10
rkt: 1.27.0
docker: 1.12.6
etcd: 3.1.8
systemd: 233
Ignition: 0.17.2

Bug fixes:

  • Fix ASAN support (#2105)

Changes:

  • Update to a new subkey for signing release images

Updates:

1465.6.0
Release Date: August 16, 2017
kernel: 4.12.7
rkt: 1.27.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.17.2

Updates:

1409.9.0
Release Date: August 14, 2017
kernel: 4.11.12
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

  • Fix git arbitrary code execution when cloning untrusted repositories (CVE-2017-1000117)

Updates:

1409.8.0
Release Date: August 10, 2017
kernel: 4.11.12
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

  • Fix Linux heap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)
  • Fix Linux exploitable memory corruption due to UDP fragmentation offload (CVE-2017-1000112)

Updates:

1409.7.0
Release Date: July 19, 2017
kernel: 4.11.11
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Bug fixes:

  • Fix passing large MTU packets over VXLAN on Azure

Updates:

1409.6.0
Release Date: July 6, 2017
kernel: 4.11.9
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

  • Fixed systemd-resolved out-of-bounds write with crafted TCP payload (CVE-2017-9445)

Bug fixes:

  • Fixed process hang when accessing /proc/sys/fs/binfmt_misc (#1630)
  • Fixed ext4 journal abort caused by container OOM (#1811)
  • Fixed error deleting firewall rules with recent iptables versions (#2022)

Updates:

1409.5.0
Release Date: June 23, 2017
kernel: 4.11.6
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Bug fixes:

  • Fixed handling of duplicate volumes in rkt fly (#2016)
  • Fixed kernel oops in 1409.2.0 with mmap(..., MAP_FIXED, ...)

1409.2.0
Release Date: June 20, 2017
kernel: 4.11.6
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Updates:

1353.8.0
Release Date: May 31, 2017
kernel: 4.9.24
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Security fixes:

Bug fixes:

  • Fixed kubelet-wrapper leaving behind orphaned pods (#1831)

1353.7.0
Release Date: April 26, 2017
kernel: 4.9.24
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Bug Fixes:

  • Fixed sporadic network failures with docker network create (#1936)

1353.6.0
Release Date: April 25, 2017
kernel: 4.9.24
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Bug Fixes:

  • Fixed kubelet-wrapper failures with /var/log mounted (#1892)
  • Fixed containerd crashes (#1909)

Changes:

  • The coreos-metadata provider can be overridden (#1917)

Updates:

1298.7.0
Release Date: March 31, 2017
kernel: 4.9.16
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231
Ignition: 0.12.1

Security fixes:

Bug fixes:

  • Fixed a bug where systemd would spam 'Time has been changed' messages (#1868)

Updates:

1298.6.0
Release Date: March 15, 2017
kernel: 4.9.9
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231
Ignition: 0.12.1

Bug Fixes:

  • Enabled building the ipvlan kernel module again (#1843)
  • Corrected flannel configuration failures on service retries (#1847)

1298.5.0
Release Date: February 28, 2017
kernel: 4.9.9
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231
Ignition: 0.12.1

Bug Fixes:

  • Fix useradd defaults in chroots (#1787)

Upgrades:

1235.12.0
Release Date: February 23, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

Changes:

  • Images are now generated in the vmware_raw format

Since 1235.8.0, RunC was built from an incorrect cached source archive which did not include the security patches.

1235.9.0
Release Date: February 2, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fixed sporadic network failures in Docker containers (#1785)

1235.8.0
Release Date: January 31, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fixed some incorrect SELinux denials (#1739, #1757)
  • Restored binary packages for the developer container (#1762)
  • Work around SELinux issues with user namespaces in Docker (#1728)

Updates:

1235.6.0
Release Date: January 11, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

Bug Fixes:

  • Fix distribution name reporting on Azure (#1755)

1235.5.0
Release Date: January 8, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Bugs Fixed:

  • Fix netdev refcount leak which resulted in Docker hanging (#965)
  • Properly quote value for DISTRIB_ID in /etc/lsb-release (#1751)
  • Fix Azure Linux Agent's detection of the host distribution

1235.4.0
Release Date: January 4, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

Changes:

  • Add support for ASIX network adapters
  • Published VHDs now have the correct blob size in the footer

Updates:

  • Linux 4.7.3 (reverted from 4.8.6)

1185.5.0
Release Date: December 7, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.11.2
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1185.3.0
Release Date: November 1, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.11.2
etcd: 0.4.9, 2.3.7
systemd: 231

Changes:

  • Removed etcd-wrapper
    • The Stable channel has never contained a version which included this wrapper script and service. If an instance was booted from the Beta or Alpha channels and then moved to the Stable channel, it will lose the etcd-wrapper when it updates to this release.

1122.3.0
Release Date: October 20, 2016
kernel: 4.7.0
rkt: 1.8.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Security Fixes:

  • Fix privilege escalation vulnerability in Linux kernel - CVE-2016-5195 (Dirty COW)
  • Fix denial of service in systemd - CVE-2016-7795

1122.2.0
Release Date: September 6, 2016
kernel: 4.7.0
rkt: 1.8.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Bug Fixes:

  • Correct nameserver option parsing in networkd (#1456)
  • Fix erroneous warning about install sections in service units (#1512)
  • Fix timer execution calculation in systemd (#1516)
  • Improve journald's resilience to ENOSPC errors (#1522)
  • Build rkt without TEXTREL section (#1525)
  • Reintroduce sdnotify-proxy (#1528)

Changes:

  • Removed etcd-wrapper
    • The Stable channel has never contained a version which included this wrapper script and service. If an instance was booted from the Beta or Alpha channels and then moved to the Stable channel, it will lose the etcd-wrapper when it updates to this release.

Updates:

  • rkt 1.8.0 (removed on ARM64)
    • The Stable channel has never contained a version which included rkt for ARM64. If an ARM64 instance was booted from the Beta or Alpha channels and then moved to the Stable channel, it will lose rkt when it updates to this release.
  • Docker 1.10.3

1068.10.0
Release Date: August 23, 2016
kernel: 4.6.3
rkt: 1.7.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Bug Fixes:

  • Fix timer assertion in systemd (#1308)
  • Correct nameserver option parsing in networkd (#1456)
  • Fix timer execution calculation in systemd (#1516)
  • Improve journald's resilience to ENOSPC errors (#1522)

1068.9.0
Release Date: August 9, 2016
kernel: 4.6.3
rkt: 1.7.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Security Updates:

1068.8.0
Release Date: July 18, 2016
kernel: 4.6.3
rkt: 1.7.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Security Updates:

Bug Fixes:

  • Properly escape systemd specifiers (#1459)

1068.6.0
Release Date: July 12, 2016
kernel: 4.6.3
rkt: 1.7.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Bug Fixes:

  • Fix parsing of the user database which caused systemd-sysusers to crash (#1394)
  • Fix handling of certain unicode characters in bash (#1411)
  • Fix issue when starting transient services (#1430)
  • Include work-around for empty SSH host keys (#106)

Changes:

  • Removed Kubernetes kubelet
    • The Stable channel has never contained a version which included the kubelet. If an instance was booted from the Beta or Alpha channels and then moved to the Stable channel, it will lose the kubelet when it updates to this release.
  • Set group for /dev/kvm

Updates:

1010.6.0
Release Date: June 28, 2016
kernel: 4.5.7
rkt: 1.2.1
docker: 1.10.3
etcd: 0.4.9, 2.3.1
systemd: 225

Updates:

1010.5.0
Release Date: May 27, 2016
kernel: 4.5.0
rkt: 1.2.1
docker: 1.10.3
etcd: 0.4.9, 2.3.1
systemd: 225

Changes:

  • Removed Kubernetes kubelet
    • The Stable channel has never contained a version which included the kubelet. If an instance was booted from the Beta or Alpha channels and then moved to the Stable channel, it will lose the kubelet when it updates to this release.

899.15.0
Release Date: April 5, 2016
kernel: 4.3.6
rkt: 1.0.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Fixes:

  • fleet 0.11.7 (#1186)
  • Fix systemd-networkd assertion failure when stopping (#1197)

899.13.0
Release Date: March 23, 2016
kernel: 4.3.6
rkt: 1.0.0
docker: 1.9.1
etcd: 0.4.9, 2.2.3
systemd: 225

Changes:

  • Removed Kubernetes kubelet
    • The Stable channel has never contained a version which included the kubelet. If an instance was booted from the Beta or Alpha channels and then moved to the Stable channel, it will lose the kubelet when it updates to this release.

835.13.0
Release Date: February 18, 2016
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Fixes:

  • glibc patched for CVE-2015-1781, CVE-2014-8121, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779 and CVE-2015-7547 coreos-overlay#1180

835.12.0
Release Date: February 1, 2016
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Fixes:

  • Update to OpenSSL 1.0.2f for CVE-2016-0701 and CVE-2015-3197 and updates CVE-2015-4000 (logjam)

835.11.0
Release Date: January 22, 2016
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Fixes:

835.10.0
Release Date: January 20, 2016
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Fixes:

835.9.0
Release Date: December 8, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Security Fixes:

Bug Fixes:

  • Fixed regression which prevented machinectl login from functioning (https://github.com/coreos/bugs/issues/1002)
  • Fixed shutdown behavior so that it cleanly terminates SSH connections (https://github.com/coreos/bugs/issues/1009)
  • Fixed issue which caused systemd-nspawn to crash in certain situations (https://github.com/coreos/bugs/issues/1010)

835.8.0
Release Date: December 1, 2015
kernel: 4.2.2
rkt: 0.9.0
docker: 1.8.3
etcd: 0.4.9, 2.2.0
systemd: 225

Changes:

  • Removed Kubernetes kubelet
    • The Stable channel has never contained a version which included the kubelet. If an instance was booted from the Beta or Alpha channels and then moved to the Stable channel, it will lose the kubelet when it updates to this release.
  • coreos-metadata 0.3.0

766.5.0
Release Date: November 5, 2015
kernel: 4.1.7
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.2
systemd: 222

Bug Fixes:

  • Minimize high-order allocations in OverlayFS (https://github.com/coreos/bugs/issues/489)
  • Fixed issue causing journald to consume large amounts of CPU (https://github.com/coreos/bugs/issues/322)
  • Removed locksmith's dependency on update-engine (https://github.com/coreos/bugs/issues/944)

766.4.0
Release Date: September 16, 2015
kernel: 4.1.7
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.2
systemd: 222

Changes:

Bug Fixes:

  • Correct systemd's handling of machine state on daemon-reload (https://github.com/coreos/bugs/issues/454)
  • Fix docker0 bridge failures (https://github.com/coreos/bugs/issues/471)

766.3.0
Release Date: September 2, 2015
kernel: 4.1.6
rkt: 0.7.0
docker: 1.7.1
etcd: 0.4.9, 2.1.2
systemd: 222

Updates:

  • Linux 4.1.6
  • etcd 2.1.2
  • coreos-install includes a new image signing GPG key which will be used starting next week.
  • Ignition has been removed from the 766 release branch, for now it is only available in alpha releases.

717.3.0
Release Date: July 10, 2015
kernel: 4.0.5
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.10
systemd: 220

Security Fixes:

723.3.0
Release Date: July 9, 2015
kernel: 4.0.5
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.12
systemd: 220

Security Fixes:

717.1.0
Release Date: June 24, 2015
kernel: 4.0.5
rkt: 0.5.5
docker: 1.6.2
etcd: 0.4.9, 2.0.10
systemd: 220

681.2.0
Release Date: June 18, 2015
kernel: 4.0.5
rkt: 0.5.4
docker: 1.6.2
etcd: 0.4.9, 2.0.10
systemd: 219

681.1.0
Release Date: June 17, 2015
kernel: 4.0.5
rkt: 0.5.4
docker: 1.6.2
etcd: 0.4.9, 2.0.10
systemd: 219

647.2.0
Release Date: May 26, 2015
kernel: 4.0.1
rkt: 0.5.3
docker: 1.5.0
etcd: 0.4.9
systemd: 219

  • Linux 4.0.1
  • Enable SCSI_MVSAS

681.0.0
Release Date: May 14, 2015
kernel: 4.0.3
rkt: 0.5.4
docker: 1.6.2
etcd: 0.4.9, 2.0.10
systemd: 219

  • Docker 1.6.2
  • Linux 4.0.3
  • coreos-cloudinit 1.4.1
  • Use systemd-timesyncd instead of ntpd for time synchronization
  • By default, systemd-timesyncd will prefer time servers provided by DHCP and fall back to coreos.pool.ntp.org
  • Mount root volume read/write via kernel cmdline instead of in the initramfs
  • Blacklist xen_fbfront on ec2 images
  • Fixes 30s pause during boot (https://github.com/coreos/bugs/issues/208)
  • Enable 3w_sas and 3w_9xxx kernel modules
  • openssl 1.0.1m
  • dhcpcd 6.6.7
  • Updated timezone data to 2015b

647.0.0
Release Date: April 9, 2015
kernel: 3.19.3
rkt: 0.5.3
docker: 1.5.0
etcd: 0.4.9
systemd: 219

  • systemd 219
  • Expose Docker socket to GCE agent (https://github.com/coreos/coreos-overlay/pull/1180)

633.1.0
Release Date: March 26, 2015
kernel: 3.19
rkt: 0.4.1
docker: 1.5.0
etcd: 0.4.8
systemd: 218

  • etcd 0.4.8
  • OpenSSL 1.0.1l
  • nspawn: Map seccomp filters to capabilities
  • networkd: Fix network-wait-online hanging
  • systemd: Fix handling of malformed line continuation
  • Azure: Add "earlyprintk" kernel parameter

607.0.0
Release Date: February 28, 2015
kernel: 3.18.6
docker: 1.5.0
etcd: 0.4.7
systemd: 218

557.2.0
Release Date: February 4, 2015
kernel: 3.18.1
docker: 1.4.1
etcd: 0.4.6
systemd: 218

  • Allow user-defined DOCKER_OPTS in addition to running flannel (https://github.com/coreos/bugs/issues/244)

522.6.0
Release Date: January 28, 2015
kernel: 3.17.8
docker: 1.3.3
etcd: 0.4.6
systemd: 215

522.5.0
Release Date: January 12, 2015
kernel: 3.17.8
docker: 1.3.3
etcd: 0.4.6
systemd: 215

522.4.0
Release Date: January 6, 2015
kernel: 3.17.7
docker: 1.3.3
etcd: 0.4.6
systemd: 215

This is a list of all of the releases (Alpha, Beta and Stable) combined in chronological order.

All releases feed (json)
1562.1.0
Release Date: October 12, 2017
kernel: 4.13.5
rkt: 1.29.0
docker: 17.09.0
etcd: 3.2.7
systemd: 234
Ignition: 0.19.0

Security fixes:

1548.2.0
Release Date: October 12, 2017
kernel: 4.13.5
rkt: 1.28.1
docker: 1.12.6
etcd: 3.2.7
systemd: 234
Ignition: 0.19.0

Security fixes:

1520.6.0
Release Date: October 12, 2017
kernel: 4.13.5
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Security fixes:

1562.0.0
Release Date: October 11, 2017
kernel: 4.13.5
rkt: 1.29.0
docker: 17.09.0
etcd: 3.2.7
systemd: 234
Ignition: 0.19.0

Bug fixes:

  • Fix journal messages reporting duplicate /var/log/lastlog lines
  • Fix journal messages reporting iscsidev.sh failures

Changes:

  • Remove SSH socket-activation rate limiting

Updates:

1548.1.0
Release Date: October 11, 2017
kernel: 4.13.5
rkt: 1.28.1
docker: 1.12.6
etcd: 3.2.7
systemd: 234
Ignition: 0.19.0

Bug fixes:

  • Fix Docker overlay mount race (#2173)

Changes:

  • Remove SSH socket-activation rate limiting
  • Revert Docker to 1.12 for the beta channel (#1930)

Updates:

1520.5.0
Release Date: October 11, 2017
kernel: 4.13.5
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Fix rkt overlay mount race (rkt#3805)
  • Fix Docker overlay mount race (#2173)

Changes:

  • Remove SSH socket-activation rate limiting
  • Temporarily support a flag file to switch Docker versions
  • At least 2 GiB of memory is recommended for reliably booting the ISO or via PXE

Updates:

1548.0.0
Release Date: September 27, 2017
kernel: 4.13.3
rkt: 1.28.1
docker: 17.06.2
etcd: 3.2.7
systemd: 234
Ignition: 0.19.0

Security fixes:

  • Fix denial of service via incorrect iSCSI length validation (CVE-2017-14489)

Bug fixes:

  • Populate /dev/disk/azure (#2098)
  • Fix rkt overlay mount race (rkt#3805)
  • Fix Docker overlay mount race (#2127)
  • Fix layer-store corruption in Docker 1.12 (#1808)

Changes:

  • Temporarily support a flag file to switch Docker versions
  • Teach cgpt about the coreos-root-raid UUID
  • Allow running etcd2 on arm64 without special environment variables
  • At least 2 GiB of memory is recommended for reliably booting the ISO or via PXE

Updates:

1535.2.0
Release Date: September 21, 2017
kernel: 4.13.3
rkt: 1.28.1
docker: 17.06.2
etcd: 3.1.10
systemd: 234
Ignition: 0.18.0

Bug fixes:

  • Fix "stale file handle" errors in Docker containers (#2152)

Updates:

1520.4.0
Release Date: September 21, 2017
kernel: 4.13.3
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Fix "stale file handle" errors in Docker containers (#2152)

Updates:

1465.8.0
Release Date: September 21, 2017
kernel: 4.12.14
rkt: 1.27.0
docker: 1.12.6
etcd: 3.1.8
systemd: 233
Ignition: 0.17.2

Security fixes:

Updates:

1535.1.0
Release Date: September 15, 2017
kernel: 4.13.2
rkt: 1.28.1
docker: 17.06.2
etcd: 3.1.10
systemd: 234
Ignition: 0.18.0

Bug fixes:

  • Fix cross-compiling Docker for arm64
  • Remove errant newline in torcx store filenames

Updates:

1520.3.0
Release Date: September 15, 2017
kernel: 4.13.2
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Remove errant newline in torcx store filenames

Updates:

1535.0.0
Release Date: September 14, 2017
kernel: 4.13.1
rkt: 1.28.1
docker: 17.06.2
etcd: 3.1.10
systemd: 234
Ignition: 0.18.0

Security fixes:

Breaking changes:

Changes:

Updates:

1520.2.0
Release Date: September 14, 2017
kernel: 4.13.1
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Security fixes:

Changes:

Updates:

1520.1.0
Release Date: September 6, 2017
kernel: 4.13.0
rkt: 1.28.1
docker: 17.06.1
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Fix use of previous subkey for signing release images in 1520.0.0

Changes:

  • Support additional MegaRAID controllers (#2131)

Updates:

1492.6.0
Release Date: September 6, 2017
kernel: 4.12.10
rkt: 1.28.1
docker: 1.12.6
etcd: 3.1.10
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Fix ASAN support (#2105)

Changes:

  • Update to a new subkey for signing release images

Updates:

1465.7.0
Release Date: September 6, 2017
kernel: 4.12.10
rkt: 1.27.0
docker: 1.12.6
etcd: 3.1.8
systemd: 233
Ignition: 0.17.2

Bug fixes:

  • Fix ASAN support (#2105)

Changes:

  • Update to a new subkey for signing release images

Updates:

1520.0.0
Release Date: August 30, 2017
kernel: 4.13-rc7
rkt: 1.28.1
docker: 17.06.1
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Security fixes:

Bug fixes:

  • Fix ASAN support (#2105)
  • Fix failure when calling coreos-install with a /dev/disk link

Changes:

  • Add ipvsadm (#1979)
  • Update etcdctl to the etcd3 version (#1717)
  • Improve locksmith status in the MOTD (#1968)
  • Add preliminary support for root on RAID
  • Include terminfo in the initramfs to fix pager warnings
  • Update to a new subkey for signing release images

Updates:

1506.0.0
Release Date: August 16, 2017
kernel: 4.12.7
rkt: 1.28.1
docker: 17.05.0
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Changes:

  • Add tcpdump (#1992)
  • Restart containerd when it crashes (#2096)

Updates:

1492.5.0
Release Date: August 16, 2017
kernel: 4.12.7
rkt: 1.28.1
docker: 1.12.6
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Changes:

  • Revert Docker to 1.12 for the beta channel (#1930)

Updates:

1465.6.0
Release Date: August 16, 2017
kernel: 4.12.7
rkt: 1.27.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.17.2

Updates:

1492.4.0
Release Date: August 14, 2017
kernel: 4.12.6
rkt: 1.28.1
docker: 17.05.0
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Security fixes:

  • Fix git arbitrary code execution when cloning untrusted repositories (CVE-2017-1000117)

Updates:

1465.5.0
Release Date: August 14, 2017
kernel: 4.12.6
rkt: 1.27.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.17.2

Security fixes:

  • Fix git arbitrary code execution when cloning untrusted repositories (CVE-2017-1000117)

Updates:

1409.9.0
Release Date: August 14, 2017
kernel: 4.11.12
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

  • Fix git arbitrary code execution when cloning untrusted repositories (CVE-2017-1000117)

Updates:

1492.3.0
Release Date: August 10, 2017
kernel: 4.12.5
rkt: 1.28.1
docker: 17.05.0
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Security fixes:

  • Fix Linux heap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)
  • Fix Linux exploitable memory corruption due to UDP fragmentation offload (CVE-2017-1000112)

Bug fixes:

  • Fix enabling docker with Ignition (#2079)

Updates:

1465.4.0
Release Date: August 10, 2017
kernel: 4.12.5
rkt: 1.27.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.17.2

Security fixes:

  • Fix Linux heap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)
  • Fix Linux exploitable memory corruption due to UDP fragmentation offload (CVE-2017-1000112)

Bug fixes:

  • Fix enabling docker with Ignition (#2079)

Updates:

1409.8.0
Release Date: August 10, 2017
kernel: 4.11.12
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

  • Fix Linux heap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)
  • Fix Linux exploitable memory corruption due to UDP fragmentation offload (CVE-2017-1000112)

Updates:

1492.1.0
Release Date: August 2, 2017
kernel: 4.12.4
rkt: 1.28.1
docker: 17.05.0
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Bug fixes:

  • Fix running rkt with stage1-coreos from a systemd unit
  • Fix emerge-gitclone in developer images with Python 3

Updates:

1492.0.0
Release Date: August 2, 2017
kernel: 4.12.4
rkt: 1.28.0
docker: 17.05.0
etcd: 2.3.7
systemd: 234
Ignition: 0.17.2

Security fixes:

Bug fixes:

  • Fix fsck logging harmless error messages (#1257)
  • Fix timeouts when formatting large disks (#2026)
  • Fix bonding driver problems with non-zero updelay (#2065)
  • Fix virtio network performance (#2076)
  • Fix formatting swap partitions with Ignition

Changes:

  • Add nftables (#1421)
  • Enable Hybla congestion control algorithm (#2045)
  • Enable tracking memory changes (#2048)
  • Add KVM support to the QEMU script for arm64 hosts

Updates:

1465.3.0
Release Date: August 2, 2017
kernel: 4.12.4
rkt: 1.27.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.17.2

Security fixes:

Bug fixes:

  • Fix bonding driver problems with non-zero updelay (#2065)
  • Fix virtio network performance (#2076)

Updates:

1465.2.0
Release Date: July 19, 2017
kernel: 4.12.2
rkt: 1.27.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.17.1

Bug fixes:

  • Fix passing large MTU packets over VXLAN on Azure

Changes:

  • Reverted Docker to 1.12 for the beta channel (#1930)

Updates:

1478.0.0
Release Date: July 19, 2017
kernel: 4.12.2
rkt: 1.27.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.17.1

Bug fixes:

  • Fix passing large MTU packets over VXLAN on Azure

Updates:

1409.7.0
Release Date: July 19, 2017
kernel: 4.11.11
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Bug fixes:

  • Fix passing large MTU packets over VXLAN on Azure

Updates:

1465.0.0
Release Date: July 6, 2017
kernel: 4.12.0
rkt: 1.27.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.17.1

Security fixes:

Bug fixes:

  • Fix process hang when accessing /proc/sys/fs/binfmt_misc (#1630)
  • Fix ext4 journal abort caused by container OOM (#1811)
  • Fix error deleting firewall rules with recent iptables versions (#2022)
  • Fix overriding coreos-metadata provider when fetching SSH keys (#2014)

Changes:

  • Support coreos-install from local image
  • Allow overriding coreos-install verification key
  • Fail EC2 instance status checks after Ignition failure (#1890)
  • Avoid automatically creating bond0 network device upon bonding driver load

Updates:

1409.6.0
Release Date: July 6, 2017
kernel: 4.11.9
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

  • Fixed systemd-resolved out-of-bounds write with crafted TCP payload (CVE-2017-9445)

Bug fixes:

  • Fixed process hang when accessing /proc/sys/fs/binfmt_misc (#1630)
  • Fixed ext4 journal abort caused by container OOM (#1811)
  • Fixed error deleting firewall rules with recent iptables versions (#2022)

Updates:

1437.3.0
Release Date: June 30, 2017
kernel: 4.11.8
rkt: 1.26.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

  • Fixed systemd-resolved out-of-bounds write with crafted TCP payload (CVE-2017-9445)

Bug fixes:

  • Fixed process hang when accessing /proc/sys/fs/binfmt_misc (#1630)
  • Fixed ext4 journal abort caused by container OOM (#1811)
  • Fixed error deleting firewall rules with recent iptables versions (#2022)

Updates:

1451.2.0
Release Date: June 23, 2017
kernel: 4.11.6
rkt: 1.26.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.16.0

Security fixes:

Changes:

  • Moved docker to torcx package (details)
  • Added vagrant-virtualbox image with Ignition support
  • Added Ignition support to virtualbox image
  • Switched AWS images to gp2 volumes (details)
  • Added dosfstools
  • Allowed kubelet to load ebtables kernel modules
  • Enabled asynchronous DNS in curl
  • Enabled lsof -M and -Z

Updates:

1409.5.0
Release Date: June 23, 2017
kernel: 4.11.6
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Bug fixes:

  • Fixed handling of duplicate volumes in rkt fly (#2016)
  • Fixed kernel oops in 1409.2.0 with mmap(..., MAP_FIXED, ...)

1437.2.0
Release Date: June 22, 2017
kernel: 4.11.6
rkt: 1.26.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Bug fixes:

  • Fix kernel oops in 1437.1.0 with mmap(..., MAP_FIXED, ...)

1437.1.0
Release Date: June 20, 2017
kernel: 4.11.6
rkt: 1.26.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Changes:

  • Reverted Docker to 1.12 for the beta channel (#1930)

Updates:

1409.2.0
Release Date: June 20, 2017
kernel: 4.11.6
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Updates:

1437.0.0
Release Date: June 8, 2017
kernel: 4.11.3
rkt: 1.26.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Bug fixes:

  • Fix accidental removal of cryptsetup from the initrd (#1962)

Changes:

  • Include lz4 support in journald (#1988)
  • Enable kubelet-wrapper on arm64
  • Enable flannel-wrapper on arm64

Updates:

1430.0.0
Release Date: May 31, 2017
kernel: 4.11.2
rkt: 1.26.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Bug fixes:

  • Properly provision SSH from EC2 key pair if Ignition config is provided (#1981)

1353.8.0
Release Date: May 31, 2017
kernel: 4.9.24
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Security fixes:

Bug fixes:

  • Fixed kubelet-wrapper leaving behind orphaned pods (#1831)

1423.0.0
Release Date: May 25, 2017
kernel: 4.11.2
rkt: 1.26.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Bug fixes:

  • Fixed handling of duplicate volumes in rkt fly (#1892)
  • Fixed coreos-install defaulting to nonexistent versions when the update channel is overridden
  • Fixed the flannel container not mounting /etc/ssl/certs from the host

Changes:

  • Added the experimental torcx generator

Updates:

1409.1.0
Release Date: May 23, 2017
kernel: 4.11.2
rkt: 1.25.0
docker: 1.12.6
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Changes:

  • Reverted Docker to 1.12 for the beta channel (#1930)

Updates:

1409.0.0
Release Date: May 11, 2017
kernel: 4.11.0
rkt: 1.25.0
docker: 17.05.0
etcd: 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Bug fixes:

  • Fix VMware OVA template enabling DHCP on all interfaces by default (#1802)
  • Increase timeout when fetching flanneld image (#1833)
  • Fix docker run --init (#1912)
  • Restart dockerd if it crashes

Changes:

  • Remove etcd v0
  • Change default Docker graph driver from overlay to overlay2
  • Enable SELinux isolation by default for Docker containers on btrfs
  • Experimental Active Directory support
  • Enable virtio SCSI multiqueue support on GCE
  • Enable etcd-wrapper on arm64
  • Disallow access to /dev/mem regions that are bound to a kernel driver (CONFIG_IO_STRICT_DEVMEM)

Updates:

1395.0.0
Release Date: April 27, 2017
kernel: 4.10.12
rkt: 1.25.0
docker: 17.04.0
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.14.0

Bug Fixes:

  • Fixed containerd crashes (#1909)
  • Fixed sporadic network failures with docker network create (#1936)
  • Fixed toolbox as a login shell over SSH as documented (#899)

Changes:

  • The nvme-cli package has been added
  • The coretest command has been removed from the image
  • The coreos-metadata provider can be overridden (#1917)

Updates:

1353.7.0
Release Date: April 26, 2017
kernel: 4.9.24
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Bug Fixes:

  • Fixed sporadic network failures with docker network create (#1936)

1381.1.0
Release Date: April 26, 2017
kernel: 4.10.12
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.14.0

Bug Fixes:

  • Fixed containerd crashes (#1909)

Changes:

  • The coreos-metadata provider can be overridden (#1917)
  • Reverted Docker to 1.12 for the beta channel (#1930)

Updates:

1353.6.0
Release Date: April 25, 2017
kernel: 4.9.24
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Bug Fixes:

  • Fixed kubelet-wrapper failures with /var/log mounted (#1892)
  • Fixed containerd crashes (#1909)

Changes:

  • The coreos-metadata provider can be overridden (#1917)

Updates:

1381.0.0
Release Date: April 13, 2017
kernel: 4.10.9
rkt: 1.25.0
docker: 17.04.0
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.14.0

Bug fixes:

  • Fixed kubelet-wrapper leaving behind orphaned pods (#1831)
  • Fixed coreos-install clobbering OEM bootloader configuration with Ignition

Changes:

  • Enabled NVMe over RDMA
  • AMIs are now tagged (#111)
  • AMIs now have ENA enabled (#1853)
  • Projects only in the initramfs are now included in package lists
  • A JSON file is now produced listing all installed projects' licenses

Updates:

1353.4.0
Release Date: April 1, 2017
kernel: 4.10.4
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Security fixes:

1367.5.0
Release Date: March 31, 2017
kernel: 4.10.4
rkt: 1.25.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.14.0

Security fixes:

Bug fixes:

  • Fixed cases where locksmithd could block login (#1774)
  • Toolbox can now download images through a proxy again (#1869)

Changes:

  • The update group is now written to /usr instead of /etc
  • Ignition now detects the first boot via a file in the ESP
  • Ignition will now continue to run on every boot until it succeeds
  • Systems at an emergency shell will reboot after waiting for input for five minutes and roll back if updated
  • Toolbox is now using the latest Fedora image by default again
  • All official OEM image configuration has all been migrated from cloudinit to Ignition
  • Packet systems now have arm64 builds

Updates:

1298.7.0
Release Date: March 31, 2017
kernel: 4.9.16
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231
Ignition: 0.12.1

Security fixes:

Bug fixes:

  • Fixed a bug where systemd would spam 'Time has been changed' messages (#1868)

Updates:

1353.2.0
Release Date: March 29, 2017
kernel: 4.10.4
rkt: 1.25.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Changes:

  • The update group is now written to /usr instead of /etc
  • Reverted Docker to 1.12 for the beta channel

Updates:

1353.1.0
Release Date: March 17, 2017
kernel: 4.10.1
rkt: 1.25.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 233
Ignition: 0.13.0

Bug Fixes:

  • Fixed cloud-config files not being used in some install types (#1872)

1353.0.0
Release Date: March 16, 2017
kernel: 4.10.1
rkt: 1.25.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 233

Bug Fixes:

  • Enabled building the ipvlan kernel module again (#1843)
  • Corrected flannel configuration failures on service retries (#1847)
  • Increased containerd start timeout to upstream default of two minutes (#1854)
  • Created a default /etc/ssl/openssl.cnf when missing
  • Created required SSSD paths when missing (#1813)
  • Created required NSCD paths when missing and added its service unit
  • Added myhostname to NSS as a last resort (#1764)
  • The toolbox command is no longer unexpectedly killed (#1216)

Changes:

  • SSSD now logs to the journal by default instead of files in /var/log
  • SSSD support for the sudo command is now enabled (#1856)
  • The arping and traceroute commands are now available on the host (#1572)

Updates:

1298.6.0
Release Date: March 15, 2017
kernel: 4.9.9
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231
Ignition: 0.12.1

Bug Fixes:

  • Enabled building the ipvlan kernel module again (#1843)
  • Corrected flannel configuration failures on service retries (#1847)

1339.0.0
Release Date: March 2, 2017
kernel: 4.10.1
rkt: 1.25.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fix root directory permissions on tmpfs-based roots (#1812)
  • Don't hide --bind=/tmp/* mounts in nspawn containers

Changes:

  • Add rxvt-unicode-256color to terminfo database
  • Updated the eclass, profiles, scripts, and licenses packages in the SDK

Updates:

1325.2.0
Release Date: March 1, 2017
kernel: 4.9.9
rkt: 1.23.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231
Ignition: 0.12.1

Changes:

  • Docker has been reverted to 1.12.6 to avoid breaking firewall changes

1298.5.0
Release Date: February 28, 2017
kernel: 4.9.9
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231
Ignition: 0.12.1

Bug Fixes:

  • Fix useradd defaults in chroots (#1787)

Upgrades:

1235.12.0
Release Date: February 23, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

Changes:

  • Images are now generated in the vmware_raw format

Since 1235.8.0, RunC was built from an incorrect cached source archive which did not include the security patches.

1298.4.0
Release Date: February 23, 2017
kernel: 4.8.17
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231
Ignition: 0.12.1

Security Fixes:

Bug Fixes:

  • Primary kernel console is no longer incorrectly routed to ttyS0

Changes:

  • Images are now generated in the vmware_raw format

1325.1.0
Release Date: February 23, 2017
kernel: 4.9.9
rkt: 1.23.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1325.0.0
Release Date: February 16, 2017
kernel: 4.9.9
rkt: 1.23.0
docker: 1.13.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fixed AWS PV boot kernel panics (#1690)
  • Fixed VMware kernel panics (#1695)
  • Fixed useradd defaults in chroots (#1787)
  • Cleaned broken symlinks in /etc (#1807)

Updates:

1313.0.0
Release Date: February 3, 2017
kernel: 4.8.17
rkt: 1.23.0
docker: 1.13.0
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

  • Reactivated verity

Only the v1312.0.0 alpha release is affected by this issue. Users of the v1312.0.0 alpha release should reprovision their systems to re-enable the disk image consistency checks provided by verity.

1312.0.0
Release Date: February 2, 2017
kernel: 4.8.17
rkt: 1.23.0
docker: 1.13.0
etcd: 0.4.9, 2.3.7
systemd: 231

Known Issues:

  • Verity was not properly enabled in this build; use v1313.0.0 instead

Bug Fixes:

  • Work around SELinux issues with user namespaces in Docker (#1728)

Changes:

  • Added the vmware_raw disk format (#359)
  • Increased kernel's supported CPU count to 512 (#1771)
  • Verity enabled on arm64

Updates:

1298.3.0
Release Date: February 2, 2017
kernel: 4.8.17
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Work around SELinux issues with user namespaces in Docker (#1728)
  • Programs installed only in the initramfs are now included in package and license listings

Updates:

1235.9.0
Release Date: February 2, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fixed sporadic network failures in Docker containers (#1785)

1235.8.0
Release Date: January 31, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fixed some incorrect SELinux denials (#1739, #1757)
  • Restored binary packages for the developer container (#1762)
  • Work around SELinux issues with user namespaces in Docker (#1728)

Updates:

1298.1.0
Release Date: January 22, 2017
kernel: 4.8.17
rkt: 1.21.0
docker: 1.12.6
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • File systems are no longer labelled for /usr partitions (#1628)
  • Programs installed only in the initramfs are now included in package and license listings
  • Fixed NFS file paths for arm64 (#1763)
  • The busctl monitor command functions properly again (#1736)

Changes:

  • Added support for Cisco VIC FC NIC (#1759)
  • The toolbox script no longer relies on Docker (#1704)
  • The coreos-install script now supports arm64

Updates:

1235.6.0
Release Date: January 11, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

Bug Fixes:

  • Fix distribution name reporting on Azure (#1755)

1284.2.0
Release Date: January 11, 2017
kernel: 4.8.15
rkt: 1.21.0
docker: 1.12.5
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1248.4.0
Release Date: January 11, 2017
kernel: 4.8.11
rkt: 1.20.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1284.1.0
Release Date: January 8, 2017
kernel: 4.8.15
rkt: 1.21.0
docker: 1.12.5
etcd: 0.4.9, 2.3.7
systemd: 231

Bugs Fixed:

  • Properly quote value for DISTRIB_ID in /etc/lsb-release (#1751)
  • Fix Azure Linux Agent's detection of the host distribution

1248.3.0
Release Date: January 8, 2017
kernel: 4.8.11
rkt: 1.20.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Bugs Fixed:

  • Properly quote value for DISTRIB_ID in /etc/lsb-release (#1751)
  • Fix Azure Linux Agent's detection of the host distribution

1235.5.0
Release Date: January 8, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Bugs Fixed:

  • Fix netdev refcount leak which resulted in Docker hanging (#965)
  • Properly quote value for DISTRIB_ID in /etc/lsb-release (#1751)
  • Fix Azure Linux Agent's detection of the host distribution

1284.0.0
Release Date: January 5, 2017
kernel: 4.8.15
rkt: 1.21.0
docker: 1.12.5
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

Bug Fixes:

  • Disable SELinux permissions checks in systemd (#1682)
  • Fix pthread-related segfault in systemd (#1694)
  • Fix netfilter regression in Linux (#1743)

Changes:

  • Guest tools have been disabled in the Vagrant image when using Parallels
  • Enable support for Realtek USB, Amazon Elastic, and QLogic network adapters
  • Enable support for BBR (Bottleneck Bandwidth and RTT) TCP congestion control
  • Enable support for MPLS tunnels
  • Remove redundant paths /bin and /sbin from $PATH
  • Pin toolbox to Fedora 24 to work around #1216
  • Add etcd client and server to /etc/services

Removals:

  • Remove early-docker (early-docker.service, early-docker.socket, and early-docker.target)

Updates:

1248.2.0
Release Date: January 4, 2017
kernel: 4.8.11
rkt: 1.20.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1235.4.0
Release Date: January 4, 2017
kernel: 4.7.3
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

Changes:

  • Add support for ASIX network adapters
  • Published VHDs now have the correct blob size in the footer

Updates:

  • Linux 4.7.3 (reverted from 4.8.6)

1262.0.0
Release Date: December 15, 2016
kernel: 4.9.0
rkt: 1.21.0
docker: 1.12.4
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Rename 50-docker-veth.network to fix nspawn bridge networking (#404)
  • Fix various cases where Docker commands hang (#1117, #1654, #1681)
  • Fix dependency cycle in multipath service (#1581)
  • Fix kernel panic on certain AWS machine types (#1690)
  • Fix race between networkd and Docker (#1638)

Changes:

  • Enable ACPI for ARM64
  • Add Unmanaged option to networkd network config
  • Enable XFS quota support
  • Enable USB ACM support

Updates:

1235.2.0
Release Date: December 7, 2016
kernel: 4.8.6
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1248.1.0
Release Date: December 7, 2016
kernel: 4.8.11
rkt: 1.20.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1185.5.0
Release Date: December 7, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.11.2
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

1248.0.0
Release Date: December 1, 2016
kernel: 4.8.11
rkt: 1.20.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fix polkit translation faults on ARM64
  • Enable SELinux support for runc (#1664)
  • Properly declare dependencies between flanneld.service and flannel-docker-opts.service
  • Allow etcd-wrapper to use custom data directory (#1685)

Changes:

  • Automatically resize XFS root partitions to fill disk
  • Add support for Ignition in coreos_production_qemu.sh
  • Published VHDs now have the correct blob size in the footer

Updates:

  • Linux 4.8.11
  • rkt 1.20.0
  • Ignition 0.12.0
  • ntp 4.2.8p9
  • unzip 6.0p20 (ARM64)
  • rpcbind 0.2.3 (ARM64)

1235.1.0
Release Date: November 30, 2016
kernel: 4.8.6
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Enable SELinux support for runc (#1664)

Updates:

1235.0.0
Release Date: November 17, 2016
kernel: 4.8.6
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Correctly apply VLAN configurations to bridges (#1642)
  • Properly pass flannel-related options to Docker (#1659)

Changes:

  • Enable support for seccomp in Docker
  • Automatically resize XFS root partitions to fill disk
  • Add support for streaming file-descriptors to systemd
  • Add support for ASIX network adapters

Updates:

  • coreos-metadata 0.6.2
  • bash 4.3_p46-r2

1221.0.0
Release Date: November 3, 2016
kernel: 4.8.6
rkt: 1.18.0
docker: 1.12.3
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

Bug Fixes:

  • Fix Docker-related networking issue (#254)
  • Fix race condition in coreos-metadata on Azure (#1582)
  • Fix file mode on sssd.service (#1604)

Changes:

  • Introduce Vagrant Parallels images

Updates:

1185.3.0
Release Date: November 1, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.11.2
etcd: 0.4.9, 2.3.7
systemd: 231

Changes:

  • Removed etcd-wrapper
    • The Stable channel has never contained a version which included this wrapper script and service. If an instance was booted from the Beta or Alpha channels and then moved to the Stable channel, it will lose the etcd-wrapper when it updates to this release.

1214.0.0
Release Date: October 27, 2016
kernel: 4.8.4
rkt: 1.17.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

  • Update nss-usrfiles with glibc 2.23 (CVE-2014-8121 and CVE-2015-5277)
  • Update OpenSSL to 1.0.2j (CVE-2016-8610)
    • Note: SSLv2 methods have been disabled, changing the libssl ABI

Bug Fixes:

  • Fix password-length requirement and password logins for SSSD-managed accounts in PAM configuration
  • Add support for C.UTF-8 locale (#112)
  • Correctly set GPT flags on update-engine restart (#1625)

Changes:

  • New installations will have dm-verity enabled by default for the /usr mount.
  • Enable support for more Mellanox cards (CONFIG_MLX5_CORE_EN and CONFIG_MLX5_CORE_EN_DCB)
  • Enable support for more MegaRAID cards (CONFIG_MEGARAID_NEWGEN)
  • Enable support for kprobe and bpf (CONFIG_BPF_SYSCALL, CONFIG_KPROBES, CONFIG_OPTPROBES, CONFIG_KPROBES_ON_FTRACE, CONFIG_KRETPROBES, CONFIG_KPROBE_EVENT, and CONFIG_BPF_EVENTS)
  • The support scripts and utilities for GCE images have been moved from the OEM partition into a container image, executed by rkt
  • The kubelet-wrapper script has been updated, changing a few variable names
    • KUBELET_VERSION has been deprecated in favor of KUBELET_IMAGE_TAG
    • KUBELET_ACI has been deprecated in favor of KUBELET_IMAGE_URL
    • RKT_OPTS has been deprecated in favor of RKT_RUN_ARGS
  • The etcd-wrapper script has been updated along with the addition of etcd-member.service
  • A flannel-wrapper script has been introduced and flanneld.service updated to use it
  • The DigitalOcean images are now provisioned via Ignition instead of coreos-cloudinit
  • Docker's containerd has been split out into a separate containerd.service

Updates:

1192.2.0
Release Date: October 20, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

  • Fix privilege escalation vulnerability in Linux kernel - CVE-2016-5195 (Dirty COW)
  • Fix denial of service in systemd - CVE-2016-7795

1192.2.0
Release Date: October 20, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

  • Fix privilege escalation vulnerability in Linux kernel - CVE-2016-5195 (Dirty COW)
  • Fix denial of service in systemd - CVE-2016-7795

1185.2.0
Release Date: October 20, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.11.2
etcd: 0.4.9, 2.3.7
systemd: 231

Security Fixes:

  • Fix privilege escalation vulnerability in Linux kernel - CVE-2016-5195 (Dirty COW)
  • Fix denial of service in systemd - CVE-2016-7795

1122.3.0
Release Date: October 20, 2016
kernel: 4.7.0
rkt: 1.8.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Security Fixes:

  • Fix privilege escalation vulnerability in Linux kernel - CVE-2016-5195 (Dirty COW)
  • Fix denial of service in systemd - CVE-2016-7795

1192.1.0
Release Date: October 13, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Disabled dm-verity support by default, unblocking Xen-based environments (#1600)

1192.0.0
Release Date: October 6, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fix nspawn mount propagation (#1578)

Changes:

  • New installations will have dm-verity enabled by default for the /usr mount.
  • When running via QEMU, Ignition will now correctly use the QEMU config provider.

Updates:

  • Update Engine 0.4.0

1185.1.0
Release Date: October 5, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.11.2
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fix occasional networking lock-ups with Docker (#254)
  • Fix spurious networking failures when spawning Docker containers (#1554) (#1574) (#1585)
  • Allow older Docker clients to communicate with the Docker daemon (#1569)

Updates:

  • Update Engine 0.3.2
  • Docker 1.11.2

1185.0.0
Release Date: September 28, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Make GRUB more robust to odd disk configurations (#1238)
  • Mount /etc/hosts into flannel container (#1565)
  • Fix deadlock triggered by coreos-cloudinit configuring locksmith (#1588)

1180.0.0
Release Date: September 26, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Bug Fixes:

  • Fix intermittent network issues in Docker containers. (#1554)
  • Fix last login message in SSH sessions (#1557)
  • Fix systemd user session startup (#1498)
  • Support overriding the initrd's default DHCP network configuration with ip= kernel command line options (#981)
  • EC2: Fix system console for HVM instances (coreos-overlay#2189)

Updates:

  • coreos-cloudinit 1.12.0
  • flannel 0.6.2
  • Ignition 0.11.1
  • Most Go applications are now built with 1.7.1

1164.1.0
Release Date: September 10, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Updates:

1153.4.0
Release Date: September 10, 2016
kernel: 4.7.1
rkt: 1.13.0
docker: 1.11.2
etcd: 0.4.9, 2.3.2
systemd: 231

Updates:

1164.0.0
Release Date: September 8, 2016
kernel: 4.7.3
rkt: 1.14.0
docker: 1.12.1
etcd: 0.4.9, 2.3.7
systemd: 231

Security Updates:

Bug Fixes:

  • Don't deny logins due to user's shell (#1523)
  • Fix off-by-one error in cgpt resize (#1527)
  • Disable the systemd-resolved stub resolver (#1545)

Updates:

1153.3.0
Release Date: September 8, 2016
kernel: 4.7.1
rkt: 1.13.0
docker: 1.11.2
etcd: 0.4.9, 2.3.2
systemd: 231

Bug Fixes:

  • Fix Docker stats API for Kubernetes (#1526)
  • Fix off-by-one error in cgpt resize (#1527)
  • Disable the systemd-resolved stub resolver (#1545)

Updates:

1122.2.0
Release Date: September 6, 2016
kernel: 4.7.0
rkt: 1.8.0
docker: 1.10.3
etcd: 0.4.9, 2.3.2
systemd: 229

Bug Fixes: