IBM Cloud Docs
Kubernetes version 1.25 change log

Kubernetes version 1.25 change log

View information about version changes for major, minor, and patch updates that are available for your IBM Cloud® Kubernetes Service clusters that run version 1.25. Changes include updates to Kubernetes and IBM Cloud Provider components.

Kubernetes version 1.25 is no longer supported. Update your cluster to at least version 1.26 as soon as possible.

Overview

In clusters that run version 1.23 or earlier, the IBM Cloud provider version enables Kubernetes APIs and features that are at beta. In version 1.24 and later, most new beta features are disabled by default. Kubernetes alpha features, which are subject to change, are disabled in all versions. For more information, see the Default service settings for Kubernetes components and the feature gates for each version.

For more information about major, minor, and patch versions and preparation actions between minor versions, see Kubernetes versions.

Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect IBM Cloud Kubernetes Service. You can filter the results to view only Kubernetes Cluster security bulletins that are relevant to IBM Cloud Kubernetes Service. Change log entries that address other security vulnerabilities but don't also refer to an IBM security bulletin are for vulnerabilities that are not known to affect IBM Cloud Kubernetes Service in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.

Some change logs are for worker node fix packs, and apply only to worker nodes. You must apply these patches to ensure security compliance for your worker nodes. These worker node fix packs can be at a higher version than the master because some build fix packs are specific to worker nodes. Other change logs are for master fix packs, and apply only to the cluster master. Master fix packs might not be automatically applied. You can choose to apply them manually. For more information about patch types, see Update types.

Version 1.25 change log

Review the version 1.25 change log.

Change log for worker node fix pack 1.25.16_1573, released 16 January 2024

The following table shows the changes that are in the worker node fix pack 1.25.16_1573. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.16_1572
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-169-generic 5.4.0-169-generic Worker node package updates for CVE-2021-41617, CVE-2022-39348, CVE-2023-46137, CVE-2023-51385, CVE-2023-7104.
Kubernetes 1.25.16 1.25.16 N/A
Containerd 1.6.26 1.6.27 For more information, see the change logs.
Haproxy 3060b0 e105dc CVE-2023-39615, CVE-2023-5981, CVE-2022-48560, CVE-2022-48564.

Change log for worker node fix pack 1.25.16_1572, released 02 January 2024

The following table shows the changes that are in the worker node fix pack 1.25.16_1572. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.16_1571
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-169-generic 5.4.0-169-generic Worker node package updates for CVE-2023-48795.
Kubernetes 1.25.16 1.25.16 N/A
Containerd 1.6.26 1.6.26 N/A

Change log for worker node fix pack 1.25.16_1571, released 18 December 2023

The following table shows the changes that are in the worker node fix pack 1.25.16_1571. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.16_1570
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-167-generic 5.4.0-169-generic Worker node kernel & package updates for CVE-2020-19726, CVE-2021-46174, CVE-2022-1725, CVE-2022-1771, CVE-2022-1897, CVE-2022-2000, CVE-2022-35205, CVE-2023-23931, CVE-2023-31085, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39804, CVE-2023-42754, CVE-2023-45539, CVE-2023-45871, CVE-2023-46218, CVE-2023-46246, CVE-2023-4806, CVE-2023-4813, CVE-2023-48231, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-5178, CVE-2023-5717.
Kubernetes N/A N/A N/A
Containerd 1.6.25 1.6.26 For more information, see the change logs.

Change log for master fix pack 1.25.16_1569, released 06 December 2023

The following table shows the changes that are in the master fix pack 1.25.16_1569. Master patch updates are applied automatically.

Changes since version 1.25.15_1567
Component Previous Current Description
GPU device plug-in and installer 99267c4 0e3950c New version contains updates and security fixes.
IBM Cloud Block Storage driver and plug-in v2.4.12 v2.4.14 New version contains updates and security fixes.
IBM Cloud File Storage for Classic plug-in and monitor 438 439 New version contains updates and security fixes.
Konnectivity agent and server v0.1.5_39_iks v0.1.5_47_iks See the Konnectivity release notes.
Kubernetes v1.25.15 v1.25.16 Review the community Kubernetes release notes. Resolves CVE-2023-39325 and CVE-2023-44487. For more information, see Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487).
Kubernetes NodeLocal DNS cache 1.22.24 1.22.27 See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and Load balancer monitor for IBM Cloud Provider 2731 2767 New version contains updates and security fixes.

Change log for worker node fix pack 1.25.16_1570, released 04 December 2023

The following table shows the changes that are in the worker node fix pack 1.25.16_1570. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.15_1568
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-166-generic 5.4.0-167-generic Worker node kernel & package updates for CVE-2023-31085, CVE-2023-40217, CVE-2023-44487, CVE-2023-45871, CVE-2023-47038, CVE-2023-5981.
Kubernetes 1.25.15 1.25.16 Review the community Kubernetes release notes.

Change log for worker node fix pack 1.25.15_1568, released 29 November 2023

The following table shows the changes that are in the worker node fix pack 1.25.15_1568. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.14_1566
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-166-generic 5.4.0-166-generic Worker node package updates for CVE-2023-36054, CVE-2023-4016, CVE-2023-43804, CVE-2023-45803.
Kubernetes 1.25.14 1.25.15 For more information, see the change logs.
Containerd N/A N/A N/A

Change log for master fix pack 1.25.15_1567, released 15 November 2023

The following table shows the changes that are in the master fix pack 1.25.15_1567. Master patch updates are applied automatically.

Changes since version 1.25.14_1564
Component Previous Current Description
Cluster health image v1.4.4 v1.4.5 New version contains updates and security fixes.
etcd v3.5.9 v3.5.10 See the etcd release notes.
Gateway-enabled cluster controller 2366 2415 New version contains updates and security fixes.
GPU device plug-in and installer 4319682 99267c4 New version contains updates and security fixes.
IBM Cloud File Storage for Classic plug-in and monitor 435 438 New version contains updates and security fixes.
IBM Cloud RBAC Operator f0d3265 e544e35 New version contains updates and security fixes.
Key Management Service provider v2.8.4 v2.8.5 New version contains updates and security fixes.
Konnectivity agent and server v0.1.3_5_iks v0.1.5_39_iks See the Konnectivity release notes.
Kubernetes v1.25.14 v1.25.15 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2681 2731 New version contains updates and security fixes.
Portieris admission controller v0.13.8 v0.13.10 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.25.14_1566, released 08 November 2023

The following table shows the changes that are in the worker node fix pack 1.25.14_1566. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.14_1565
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-165-generic 5.4.0-166-generic Worker node kernel & package updates for CVE-2023-0597, CVE-2023-31083, CVE-2023-34058, CVE-2023-34059, CVE-2023-34319, CVE-2023-3446, CVE-2023-3772, CVE-2023-3817, CVE-2023-4132, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4733, CVE-2023-4735, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781, CVE-2023-4881, CVE-2023-4921, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Containerd N/A N/A N/A

Change log for master fix pack 1.25.14_1564, released 25 October 2023

The following table shows the changes that are in the master fix pack 1.25.14_1564. Master patch updates are applied automatically.

Changes since version 1.25.13_1561
Component Previous Current Description
Cluster health image v1.4.2 v1.4.4 New version contains updates and security fixes.
IBM Calico extension 1390 1487 New version contains security fixes.
IBM Cloud Block Storage driver and plug-in v2.4.10 v2.4.12 New version contains updates and security fixes.
IBM Cloud Controller Manager v1.25.13-3 v1.25.14-6 New version contains updates and security fixes.
IBM Cloud RBAC Operator 4e2f346 f0d3265 New version contains updates and security fixes.
Key Management Service provider v2.8.2 v2.8.4 New version contains updates and security fixes.
Kubernetes v1.25.13 v1.25.14 See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache 1.22.23 1.22.24 See the Kubernetes NodeLocal DNS cache release notes.
Portieris admission controller v0.13.6 v0.13.8 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.25.14_1565, released 23 October 2023

The following table shows the changes that are in the worker node fix pack 1.25.14_1565. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.13_1563
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-164-generic 5.4.0-165-generic Worker node kernel & package updates for CVE-2022-3234, CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3520, CVE-2022-3591, CVE-2022-3705, CVE-2022-4292, CVE-2022-4293, CVE-2023-34319, CVE-2023-38546, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921.
Kubernetes 1.25.13 1.25.14 For more information, see the change logs.
Containerd N/A N/A N/A

Change log for worker node fix pack 1.25.13_1563, released 9 October 2023

The following table shows the changes that are in the worker node fix pack 1.25.13_1563. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.13_1562
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-163-generic 5.4.0-164-generic Worker node kernel & package updates for CVE-2021-4001, CVE-2023-1206, CVE-2023-20588, CVE-2023-3212, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128, CVE-2023-4194, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787.
Kubernetes N/A N/A N/A
Containerd N/A N/A N/A

Change log for worker node fix pack 1.25.12_1562, released 27 September 2023

The following table shows the changes that are in the worker node fix pack 1.25.12_1562. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.12_1558
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-162-generic 5.4.0-163-generic Package updates for CVE-2023-3341, CVE-2023-4156, CVE-2023-4128, CVE-2023-20588, CVE-2023-20900, CVE-2023-40283.
RHEL 8 Packages 4.18.0-477.21.1.el8_8 4.18.0-477.27.1.el8_8 Worker node kernel & package updates for CVE-2023-2002, CVE-2023-3090, CVE-2023-3390, CVE-2023-3776, CVE-2023-4004, CVE-2023-20593, CVE-2023-29491, CVE-2023-30630, CVE-2023-35001, CVE-2023-35788.

Change log for master fix pack 1.25.13_1561, released 20 September 2023

The following table shows the changes that are in the master fix pack 1.25.13_1561. Master patch updates are applied automatically.

Changes since version 1.25.12_1556
Component Previous Current Description
Calico v3.25.1-amd64 v3.25.2-amd64 See the Calico release notes.
Cluster health image v1.3.24 v1.4.2 Updated Go to version 1.20.8 and updated dependencies. Updated to new base image.
IBM Cloud Block Storage driver and plug-in v2.4.5 v2.4.10 Updated Go dependencies. Updated to newer UBI base image.
IBM Cloud Controller Manager v1.25.12-4 v1.25.13-3 Updated to support the Kubernetes 1.25.13 release. Updated Go to version 1.20.7 and updated Go dependencies.
IBM Cloud File Storage for Classic plug-in and monitor 434 435 Updated Go to version 1.20.6 and updated dependencies. Updated to newer UBI base image.
Key Management Service provider v2.7.3 v2.8.2 Updated Go dependencies. Changed to new base image.
Kubernetes v1.25.12 v1.25.13 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2631 2681 Updated Go to version 1.19.12 and updated Go dependencies.

Change log for worker node fix pack 1.25.12_1558, released 12 September 2023

The following table shows the changes that are in the worker node fix pack 1.25.12_1558. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.12_1557
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-156-generic 5.4.0-162-generic Worker node kernel & package updates for CVE-2020-21047, CVE-2021-33294, CVE-2022-40982, CVE-2023-20593CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776.
Containerd 1.7.4 1.7.5 N/A

Change log for master fix pack 1.25.12_1556, released 30 August 2023

The following table shows the changes that are in the master fix pack 1.25.12_1556. Master patch updates are applied automatically.

Changes since version 1.25.12_1553
Component Previous Current Description
Cluster health image v1.3.23 v1.3.24 Updated Go to version 1.19.12 and updated dependencies. Updated base image version to 378.
Gateway-enabled cluster controller 2322 2366 Update Go dependencies to fix CVE-2023-3978.
GPU device plug-in and installer 495931a 8e87e60 Updated Go to version 1.19.11
IBM Cloud Controller Manager v1.25.12-1 v1.25.12-4 Updated Go dependencies to resolve a CVE.
IBM Cloud File Storage for Classic plug-in and monitor 433 434 Updated Go to version 1.20.6 and updated dependencies. Updated to newer UBI base image.
Key Management Service provider v2.7.2 v2.7.3 Updated Go dependencies.
Portieris admission controller v0.13.5 v0.13.6 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.25.12_1557, released 28th August 2023

The following table shows the changes that are in the worker node fix pack 1.25.12_1557. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.12_1555
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-155-generic 5.4.0-156-generic Worker node kernel & package updates for CVE-2022-2598, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2023-40225.

Change log for worker node fix pack 1.25.12_1555, released 15th August 2023

The following table shows the changes that are in the worker node fix pack 1.25.12_1555. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.12_1554
Component Previous Current Description
Ubuntu 20.04 packages N/A N/A Package updates for CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2289, CVE-2022-27672, CVE-2022-4269, CVE-2023-1611, CVE-2023-2124, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001.
Kubernetes N/A N/A N/A
Containerd N/A N/A N/A

Change log for worker node fix pack 1.25.12_1554, released 1 August 2023

The following table shows the changes that are in the worker node fix pack 1.25.12_1554. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.11_1552
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-212-generic 4.15.0-214-generic Worker node kernel & package updates for CVE-2020-13987, CVE-2020-13988, CVE-2020-17437, CVE-2022-1184, CVE-2022-3303, CVE-2023-1611, CVE-2023-1670, CVE-2023-1859, CVE-2023-1990, CVE-2023-20867, CVE-2023-2124, CVE-2023-2828, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3268, CVE-2023-3390, CVE-2023-35001.
Ubuntu 20.04 packages 5.4.0-153-generic 5.4.0-155-generic Worker node kernel & package updates for CVE-2020-13987, CVE-2020-13988, CVE-2020-17437, CVE-2023-20867, CVE-2023-28321, CVE-2023-28322, CVE-2023-3090, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001, CVE-2023-38408.
Kubernetes 1.25.11 1.25.12 For more information, see the change logs.
Containerd 1.6.21 1.6.22 For more information, see the change logs.

Change log for master fix pack 1.25.12_1553, released 27 July 2023

The following table shows the changes that are in the master fix pack 1.25.12_1553. Master patch updates are applied automatically.

Changes since version 1.25.11_1549
Component Previous Current Description
Cluster health image v1.3.21 v1.3.23 Updated Go to version 1.19.11 and updated Go dependencies. Updated UBI base image.
GPU device plug-in and installer 202b284 495931a Updated Go to version 1.20.6.
IBM Cloud Controller Manager v1.25.11-1 v1.25.12-1 Updated to support the Kubernetes 1.25.12 release. Updated Go dependencies and to Go version 1.20.6.
Key Management Service provider v2.6.7 v2.7.2 Updated Go to version 1.19.11 and updated Go dependencies. Updated UBI base image.
Konnectivity agent and server v0.1.2_591_iks v0.1.3_5_iks See the Konnectivity release notes.
Kubernetes NodeLocal DNS cache 1.22.21 1.22.23 See the Kubernetes NodeLocal DNS cache release notes.
Kubernetes v1.25.11 v1.25.12 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2584 2631 Updated Go to version 1.19.10 and updated Go dependencies. Updated Alpine base image.

Change log for worker node fix pack 1.25.11_1552, released 17 July 2023

The following table shows the changes that are in the worker node fix pack 1.25.11_1552. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.11_1550
Component Previous Current Description
Kubernetes N/A N/A N/A
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2023-24626, CVE-2023-2953.
Ubuntu 20.04 packages N/A N/A N/A

Change log for worker node fix pack 1.25.11_1550, released 03 July 2023

The following table shows the changes that are in the worker node fix pack 1.25.11_1550. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.10_1548
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2023-2603,CVE-2023-3138
Ubuntu 20.04 packages 5.4.0-150-generic 5.4.0-153-generic Worker node kernel & package updates for CVE-2023-0461,CVE-2023-1380,CVE-2023-1670,CVE-2023-1859,CVE-2023-2612,CVE-2023-2828,CVE-2023-30456,CVE-2023-3138,CVE-2023-31436,CVE-2023-32233,CVE-2023-3297.
Kubernetes 1.25.10 1.25.11 See the Kubernetes release notes.

Change log for master fix pack 1.25.11_1549, released 27 June 2023

The following table shows the changes that are in the master fix pack 1.25.11_1549. Master patch updates are applied automatically.

Changes since version 1.25.10_1545
Component Previous Current Description
Calico v3.24.5 v3.25.1 See the Calico release notes.
Cluster health image v1.3.20 v1.3.21 Updated Go dependencies and to Go version 1.19.10.
etcd v3.5.8 v3.5.9 See the etcd release notes.
Gateway-enabled cluster controller 2106 2322 Updated image to resolve CVE-2023-2650.
GPU device plug-in and installer 28d80a0 202b284 Updated to Go version 1.19.9
IBM Cloud Controller Manager v1.25.9-7 v1.25.11-1 Updated to support the Kubernetes 1.25.11 release. Updated Go dependencies and to Go version 1.19.10. Updated calicoctl and vpcctl.
IBM Cloud File Storage for Classic plug-in and monitor 431 433 Updated Go to version 1.20.4. Updated UBI base image.
Key Management Service provider v2.6.6 v2.6.7 Updated Go dependencies and to Go version 1.19.10.
Kubernetes v1.25.10 v1.25.11 CVE-2023-2728. For more information, see IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2023-2728). See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2486 2584 Updated Go dependencies and to Go version 1.19.9. Updated base image.

Change log for worker node fix pack 1.25.10_1548, released 19 June 2023

The following table shows the changes that are in the worker node fix pack 1.25.10_1548. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.10_1547
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2020-11080,CVE-2023-24329,CVE-2023-2603,CVE-2023-2609,CVE-2023-2610,CVE-2023-32681
Ubuntu 20.04 packages 5.4.0-149-generic 5.4.0-150-generic Worker node kernel & package updates for CVE-2020-11080,CVE-2021-45078,CVE-2023-1380,CVE-2023-1667,CVE-2023-1670,CVE-2023-1859,CVE-2023-2283,CVE-2023-24329,CVE-2023-24593,CVE-2023-2602,CVE-2023-2603,CVE-2023-2609,CVE-2023-2610,CVE-2023-2612,CVE-2023-30456,CVE-2023-3138,CVE-2023-31436,CVE-2023-31484,CVE-2023-32233,CVE-2023-32643,CVE-2023-32681.
Kubernetes N/A N/A N/A

Change log for worker node fix pack 1.25.10_1547, released 5 June 2023

The following table shows the changes that are in the worker node fix pack 1.25.10_1547. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.10_1546
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-211-generic 4.15.0-212-generic Worker node kernel & package updates for CVE-2019-17595, CVE-2021-39537, CVE-2022-29458, CVE-2022-4304, CVE-2023-1380, CVE-2023-25584, CVE-2023-25585, CVE-2023-25588, CVE-2023-2650, CVE-2023-29491, CVE-2023-30456, CVE-2023-31436, CVE-2023-31484, CVE-2023-32233.
Ubuntu 20.04 packages 5.4.0-148-generic 5.4.0-149-generic Worker node kernel & package updates for CVE-2021-39537, CVE-2022-29458, CVE-2023-1075, CVE-2023-1118, CVE-2023-1380, CVE-2023-25584, CVE-2023-25585, CVE-2023-25588, CVE-2023-2612, CVE-2023-2650, CVE-2023-29491, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233.
Kubernetes N/A N/A N/A

Change log for master fix pack 1.25.10_1545, released 23 May 2023

The following table shows the changes that are in the master fix pack 1.25.10_1545. Master patch updates are applied automatically.

Changes since version 1.25.9_1543
Component Previous Current Description
Cluster health image v1.3.19 v1.3.20 Updated Go to version 1.19.9 and updated dependencies. Updated the base image. Resolved add-on health bugs.
etcd v3.5.7 v3.5.8 See the etcd release notes.
GPU device plug-in fc4cf22 28d80a0 Updated Go to version 1.19.8
IBM Cloud Controller Manager v1.25.9-1 v1.25.9-7 Updated support of the Kubernetes 1.25.9 release. Updated Go dependencies. Key rotation.
IBM Cloud RBAC Operator 778ef2b 4e2f346 Make armada-rbac-sync FIPS compliant
Key Management Service provider v2.6.5 v2.6.6 Updated Go to version 1.19.9 and updated dependencies.
Kubernetes v1.25.9 v1.25.10 See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache 1.22.18 1.22.21 See the Kubernetes NodeLocal DNS cache release notes.
Portieris admission controller v0.13.4 v0.13.5 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.25.10_1546, released 23 May 2023

The following table shows the changes that are in the worker node fix pack 1.25.10_1546. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.9_1544
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-210-generic 4.15.0-211-generic Worker node kernel & package updates for CVE-2021-3979, CVE-2023-1118.
Ubuntu 20.04 packages 5.4.0-139-generic 5.4.0-148-generic Worker node kernel & package updates for CVE-2023-2004.
Kubernetes 1.25.9 1.25.10 CVE-2023-2431. For more information, see IBM Cloud Kubernetes Service is affected by a kubelet security vulnerability (CVE-2023-2431). For more information, see the change logs.
Haproxy N\A N\A N\A

Change log for worker node fix pack 1.25.9_1544, released 9 May 2023

The following table shows the changes that are in the worker node fix pack 1.25.9_1544. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.9_1543
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-209-generic 4.15.0-210-generic Worker node kernel & package updates for CVE-2023-1786, CVE-2023-0464, CVE-2023-0466, CVE-2023-1829, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Ubuntu 20.04 packages n/a n/a Worker node kernel & package updates for CVE-2023-1786, CVE-2023-0464, CVE-2023-0466, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Kubernetes N/A N/A N/A

Change log for master fix pack 1.25.9_1543, released 27 April 2023

The following table shows the changes that are in the master fix pack 1.25.9_1543. Master patch updates are applied automatically.

Changes since version 1.25.8_1536
Component Previous Current Description
Cluster health image v1.3.17 v1.3.19 Updated Go to version 1.19.8 and updated dependencies.
Gateway-enabled cluster controller 2024 2106 Support Ubuntu 20 and update image to resolve CVEs.
GPU device plug-in a873e90 fc4cf22 Updated Go to version 1.19.7.
GPU installer a873e90 28d80a0 Updated Go to version 1.19.8.
IBM Calico extension 1366-amd64 1390-amd64 Eliminate IP syscall.
IBM Cloud Block Storage driver and plug-in v2.4.0 v2.4.5 Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.19.8 and updated dependencies.
IBM Cloud Controller Manager v1.25.8-1 v1.25.9-1 Updated to support the Kubernetes 1.25.9 release. Updated Go dependencies and to Go version 1.19.8.
IBM Cloud File Storage for Classic plug-in and monitor 429 431 Updated Go to version 1.19.8 and updated dependencies. Update UBI base image.
Key Management Service provider v2.6.4 v2.6.5 Updated Go to version 1.19.7 and updated dependencies.
Konnectivity agent and server v0.1.1_569_iks-amd64 v0.1.2_591_iks-amd64 See the Konnectivity release notes. Updated configuration to set keepalive-time to 40s.
Kubernetes v1.25.8 v1.25.9 See the Kubernetes release notes.
Kubernetes Metrics Server configuration N/A N/A Updated to use TLS version 1.3 ciphers.
Load balancer and load balancer monitor for IBM Cloud Provider 2420 2486 Updated Go to version 1.19.7 and updated dependencies.
Portieris admission controller v0.13.3 v0.13.4 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.25.9_1543, released 24 April 2023

The following table shows the changes that are in the worker node fix pack 1.25.9_1543. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.8_1541
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-208-generic 4.15.0-209-generic Worker node package updates for  CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207, CVE-2022-3903, CVE-2023-1281, CVE-2023-1326, CVE-2023-26545, CVE-2023-28450, CVE-2023-28484, CVE-2023-28486, CVE-2023-28487, CVE-2023-29469.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207, CVE-2022-3108, CVE-2022-3903, CVE-2023-1281, CVE-2023-1326, CVE-2023-26545, CVE-2023-28484, CVE-2023-28486, CVE-2023-28487, CVE-2023-29469.
Kubernetes 1.25.8 1.25.9 See change logs.
Containerd N/A N/A N/A
Haproxy N/A N/A N/A

Change log for worker node fix pack 1.25.8_1541, released 11 April 2023

The following table shows the changes that are in the worker node fix pack 1.25.8_1541. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.8_1539
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-206 4.15.0-208 Worker node kernel & package updates for CVE-2021-3669, CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-41218, CVE-2023-0045, CVE-2023-0266, CVE-2023-23559.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980. Updated sysctl setting for fs.inotify.max_user_instances from default 128 to 1024.
Kubernetes N/A N/A N/A
Haproxy 8398d1 8895ad CVE-2023-0361.
Containerd 1.6.19 1.6.21 For more information, see the change log and security bulletin for CVE-2023-28642 and CVE-2023-27561.

Change log for worker node fix pack 1.25.8_1539, released 29 March 2023

The following table shows the changes that are in the worker node fix pack 1.25.8_1539. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.8_1537
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-144 5.4.0-139 Downgrading kernel to address Upstream canonical bug.

Change log for master fix pack 1.25.8_1536, released 28 March 2023

The following table shows the changes that are in the master fix pack 1.25.8_1536. Master patch updates are applied automatically.

Changes since version 1.25.6_1534
Component Previous Current Description
Cluster health image v1.3.16 v1.3.17 Updated Go to version 1.19.7 and updated dependencies.
GPU device plug-in and installer 79a2232 a873e90 Updated Go to version 1.19.6.
IBM Calico extension 1308-amd64 1366-amd64 Updated to resolve CVE-2023-23916.
IBM Cloud Block Storage driver and plug-in v2.3.7 v2.4.0 Removed ExpandInUsePersistentVolumes feature gate.
IBM Cloud Controller Manager v1.25.6-10 v1.25.8-1 Updated to support the Kubernetes 1.25.8 release.
IBM Cloud File Storage for Classic plug-in and monitor 427 429 Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.19.6 and updated dependencies.
Key Management Service provider v2.6.3 v2.6.4 Updated Go to version 1.19.7 and updated dependencies.
Kubernetes v1.25.6 v1.25.8 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2383 2420 Updated the image to resolve CVEs.

Change log for worker node fix pack 1.25.8_1537, released 27 March 2023

The following table shows the changes that are in the worker node fix pack 1.25.8_1537. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.6_1535
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2021-36222, CVE-2021-37750, CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175, CVE-2023-24329, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2021-36222, CVE-2021-37750, CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-24329, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538.
Kubernetes 1.25.6 1.25.8 For more information, see the change log.
Containerd N/A N/A N/A
Haproxy af5031 8398d1 CVE-2023-23916.

Change log for worker node fix pack 1.25.6_1535, released 13 March 2023

The following table shows the changes that are in the worker node fix pack 1.25.6_1535. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.6_1532
Component Previous Current Description
Ubuntu 20.04 packages 5.4.0-139 5.4.0-144 Worker node kernel & package updates for CVE-2022-29154, CVE-2022-3545, CVE-2022-3821, CVE-2022-40898, CVE-2022-41218, CVE-2022-4139, CVE-2022-4415, CVE-2022-47520, CVE-2022-48303, CVE-2023-0266, CVE-2023-0361, CVE-2023-0461, CVE-2023-0767, CVE-2023-23916.
Ubuntu 18.04 packages 4.15.0-204 4.15.0-206 Worker node kernel & package updates for CVE-2022-29154, CVE-2022-3545, CVE-2022-3628, CVE-2022-37454, CVE-2022-3821, CVE-2022-40898, CVE-2022-48303, CVE-2023-0461, CVE-2023-0767, CVE-2023-22490, CVE-2023-23916.
Kubernetes N/A N/A N/A
Containerd 1.6.18 1.6.19 For more information, see the change log.

Change log for master fix pack 1.25.6_1534, released 2 March 2023

The following table shows the changes that are in the master fix pack 1.25.6_1534. Master patch updates are applied automatically.

Changes since version 1.25.6_1529
Component Previous Current Description
Calico configuration N/A N/A Calico configuration now sets container network sysctl tuning for net.ipv4.tcp_keepalive_intvl to 15, net.ipv4.tcp_keepalive_probes to 6 and net.ipv4.tcp_keepalive_time to 40.
Cluster health image v1.3.15 v1.3.16 Updated Go dependencies and to Go version 1.19.6. Updated universal base image (UBI) to resolve CVEs.
etcd v3.5.6 v3.5.7 See the etcd release notes.
IBM Calico extension 1305-amd64 1308-amd64 Updated universal base image (UBI) to resolve CVE-2022-47629.
IBM Cloud Block Storage driver and plug-in v2.3.6 v2.3.7 Updated universal base image (UBI) to resolve CVEs.
IBM Cloud File Storage for Classic plug-in and monitor 425 427 Updated universal base image (UBI) to resolve CVEs.
Gateway-enabled cluster controller 1902 1987 Updated armada-utils to version v1.9.35
IBM Cloud Controller Manager v1.25.6-2 v1.25.6-10 Updated Go dependencies. Updated k8s.io/utils digest to a5ecb01.
Key Management Service provider v2.5.13 v2.6.3 Updated Go dependencies and to Go version 1.19.6.
Konnectivity agent and server v0.0.34_491_iks v0.1.1_569_iks-amd64 Updated to Konnectivity version v0.1.0.
Kubernetes NodeLocal DNS cache 1.22.13 1.22.18-amd64 See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and Load balancer monitor for IBM Cloud Provider 2325 2383 Updated to armada-utils version 1.9.35.
Portieris admission controller v0.12.6 v0.13.3 See the Portieris admission controller release notes.

Change log for worker node fix pack 1.25.6_1532, released 27 February 2023

The following table shows the changes that are in the worker node fix pack 1.25.6_1532. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.6_1531
Component Previous Current Description
containerd v1.6.17 v1.6.18 See the 1.6.18 change log and the security bulletin for CVE-2023-25153 and CVE-2023-25173.
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2023-22490, CVE-2023-23946, CVE-2023-25725.
Ubuntu 20.04 packages N/A N/A Worker node package updates for CVE-2023-22490, CVE-2023-23946, CVE-2023-25725.
Kubernetes N/A N/A N/A
HAProxy d38f89 af5031 CVE-2022-40897, CVE-2022-4415, CVE-2020-10735, CVE-2021-28861, CVE-2022-45061.
Default Worker Pool Ubuntu 18 Ubuntu 20 For IBM Cloud Kubernetes Service, default worker-pool is created with Ubuntu 20 Operating system

Change log for worker node fix pack 1.25.6_1531, released 13 February 2023

The following table shows the changes that are in the worker node fix pack 1.25.6_1531. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.6_1530
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-202 4.15.0-204 Worker node kernel & package updates for CVE-2022-28321, CVE-2022-3437, CVE-2022-4304, CVE-2022-4450, CVE-2022-45142, CVE-2022-47016, CVE-2023-0215, CVE-2023-0286.
Ubuntu 20.04 packages 5.4.0-137 5.4.0-139 Worker node kernel & package updates for CVE-2022-28321, CVE-2022-3437, CVE-2022-4304, CVE-2022-4450, CVE-2022-45142, CVE-2022-47016, CVE-2023-0215, CVE-2023-0286.
Kubernetes N/A N/A N/A
HAProxy 8d6ea6 08c969 CVE-2022-47629.

Change log for master fix pack 1.25.6_1529, released 30 January 2023

The following table shows the changes that are in the master fix pack 1.25.6_1529. Master patch updates are applied automatically.

Changes since version 1.25.5_1525
Component Previous Current Description
Cluster health image v1.3.14 v1.3.15 Updated Go dependencies and to Go version 1.19.4.
GPU device plug-in and installer 03fd318 79a2232 Updated Go to version 1.19.4.
IBM Cloud Block Storage driver and plug-in v2.3.4 v2.3.6 Updated UBI images to 8.7-1031
IBM Calico extension 1257 1280 Publish s390x image.
IBM Cloud Controller Manager v1.25.4-2 v1.25.6-2 Updated to support the Kubernetes 1.25.6 release. Updated Go dependencies and to Go version 1.19.5.
IBM Cloud File Storage for Classic plug-in and monitor 421 425 Fixes for CVE-2022-40303 and CVE-2022-40304.
Key Management Service provider v2.5.12 v2.5.13 Updated Go dependencies and to Go version 1.19.4. Changed to focal distribution.
Konnectivity agent and server v0.0.33_418_iks v0.0.34_491_iks See the Konnectivity release notes.
Kubernetes v1.25.5 v1.25.6 See the Kubernetes release notes.

Change log for worker node fix pack 1.25.6_1530, released 30 January 2023

The following table shows the changes that are in the worker node fix pack 1.25.6_1530. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.5_1528
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node kernel & package updates for CVE-2018-20217, CVE-2022-23521, CVE-2022-28321, CVE-2022-40897, CVE-2022-40898, CVE-2022-41903, CVE-2022-42898, CVE-2023-22809.
Ubuntu 20.04 packages N/A N/A Worker node kernel & package updates for CVE-2021-33503, CVE-2022-23521, CVE-2022-28321, CVE-2022-3094, CVE-2022-40897, CVE-2022-40898, CVE-2022-41903, CVE-2022-42898, CVE-2023-0056, CVE-2023-22809.
Kubernetes 1.25.5 1.25.6 For more information, see the change log.
HAProxy 508bf6 8d6ea6 CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2022-40303, CVE-2022-40304, CVE-2022-3821, CVE-2022-35737, CVE-2022-43680, CVE-2021-46848.

Change log for worker node fix pack 1.25.5_1528, released 16 January 2023

The following table shows the changes that are in the worker node fix pack 1.25.5_1528. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.5_1527
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-200 4.15.0-202 Worker node kernel & package updates for CVE-2021-44758, CVE-2022-0392, CVE-2022-2663, CVE-2022-3061, CVE-2022-3437, CVE-2022-3643, CVE-2022-42896, CVE-2022-42898, CVE-2022-43552, CVE-2022-43945, CVE-2022-44640, CVE-2022-45934, CVE-2022-47629.
Ubuntu 20.04 packages 5.4.0-135 5.4.0-137 Worker node kernel & package updates for CVE-2021-44758, CVE-2022-0392, CVE-2022-0417, CVE-2022-2663, CVE-2022-3061, CVE-2022-3437, CVE-2022-3643, CVE-2022-42896, CVE-2022-42898, CVE-2022-43552, CVE-2022-43945, CVE-2022-44640, CVE-2022-45934, CVE-2022-47629.
Kubernetes N/A N/A N/A

Change log for worker node fix pack 1.25.5_1527, released 02 January 2023

The following table shows the changes that are in the worker node fix pack 1.25.5_1527. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.5_1526
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A N/A
Ubuntu 20.04 packages N/A N/A N/A
Kubernetes N/A N/A N/A

Change log for worker node fix pack 1.25.5_1526, released 19 December 2022

The following table shows the changes that are in the worker node fix pack 1.25.5_1526. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.4_1524
Component Previous Current Description
Containerd 1.6.10 1.6.12 See the 1.6.12 change log, the 1.6.11 change log, and the security bulletin for CVE-2022-23471.
Ubuntu 18.04 packages 4.15.0-197 4.15.0-200 Worker node kernel & package updates for CVE-2022-2309, CVE-2022-38533, CVE-2022-40303, CVE-2022-40304, CVE-2022-41916, CVE-2022-45061.
Ubuntu 20.04 packages 5.4.0-132 5.4.0-135 Worker node kernel & package updates for CVE-2022-2309, CVE-2022-38533, CVE-2022-40303, CVE-2022-40304, CVE-2022-41916.
Kubernetes 1.25.4 1.25.5 For more information, see the change log.

Change log for master fix pack 1.25.5_1525, released 14 December 2022

The following table shows the changes that are in the master fix pack 1.25.5_1525. Master patch updates are applied automatically.

Changes since version 1.25.4_1522
Component Previous Current Description
Cluster health image v1.3.13 v1.3.14 Updated Go dependencies. Exclude ingress status from cluster status aggregation.
etcd v3.5.5 v3.5.6 See the etcd release notes.
GPU device plug-in and installer cce0cfa 03fd318 Update GPU images with Go version 1.19.2 to resolve vulnerabilities
IBM Calico extension 1213 1257 Updated universal base image (UBI) to resolve: CVE-2022-1304, CVE-2016-3709, CVE-2022-42898.
IBM Cloud Block Storage driver and plug-in v2.3.3 v2.3.4 Updated universal base image (UBI) to resolve CVEs. Updated Go to version 1.18.6
IBM Cloud Controller Manager v1.25.3-10 v1.25.4-2 Updated to support the Kubernetes 1.25.4 release.
IBM Cloud File Storage for Classic plug-in and monitor 420 421 Updated universal base image (UBI) to resolve CVE-2022-42898. Updated Go to version 1.18.8
Key Management Service provider v2.5.11 v2.5.12 Updated Go dependencies.
Kubernetes v1.25.4 v1.25.5 See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider 2110 2325 Update Go to version 1.19.1 and update dependencies.

Change log for worker node fix pack 1.25.4_1524, released 05 December 2022

The following table shows the changes that are in the worker node fix pack 1.25.4_1524. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.4_1523
Component Previous Current Description
Containerd 1.6.8 1.6.10 See the 1.6.10 change log and the 1.6.9 change log.
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2013-4235, CVE-2022-3239, CVE-2022-3524, CVE-2022-3564, CVE-2022-3565, CVE-2022-3566, CVE-2022-3567, CVE-2022-3594, CVE-2022-3621, CVE-2022-42703.
Kubernetes N/A N/A N/A
HAProxy c619f4 508bf6 CVE-2016-3709, CVE-2022-42898, CVE-2022-1304.
CUDA fd4353 0ab756 CVE-2022-42898.

Change log for worker node fix pack 1.25.4_1523, released 21 November 2022

The following table shows the changes that are in the worker node fix pack 1.25.4_1523. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.3_1521
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-194 4.15.0-197 Worker node kernel & package updates for CVE-2018-16860, CVE-2019-12098, CVE-2020-16156, CVE-2021-3671, CVE-2021-43618, CVE-2022-2978, CVE-2022-3028, CVE-2022-3116, CVE-2022-32221, CVE-2022-3515, CVE-2022-35737, CVE-2022-39253, CVE-2022-39260, CVE-2022-40284, CVE-2022-40674, CVE-2022-40768, CVE-2022-41974, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012.
Kubernetes 1.25.3 1.25.4 For more information, see the change log.
CUDA 576234 cce0cf CVE-2022-3515, CVE-2022-2509, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527.

Change log for master fix pack 1.25.4_1522, released 16 November 2022

The following table shows the changes that are in the master fix pack 1.25.4_1522. Master patch updates are applied automatically.

Changes since version 1.25.3_1520
Component Previous Current Description
Calico v3.24.1 v3.24.5 See the Calico release notes.
Cluster health image v1.3.12 v1.3.13 Updated Go dependencies, golangci-lint, gosec, in Go version 1.19.3. Updated base image version to 116.
etcd v3.5.4 v3.5.5 See the etcd release notes.
Gateway-enabled cluster controller 1823 1902 Go module updates.
GPU device plug-in and installer 373bb9f cce0cfa Updated the GPU driver 470 minor version
IBM Calico extension 1096 1213 Updated image to fix the following CVEs: CVE-2020-35525, CVE-2020-35527, CVE-2022-3515, CVE-2022-37434, CVE-2022-2509, CVE-2022-32149.
IBM Cloud Block Storage driver and plug-in v2.3.1 v2.3.3 Updated universal base image (UBI) to version 8.7-923 to resolve CVEs.
IBM Cloud Controller Manager v1.25.3-1 v1.25.3-10 Key rotation, updated Go to version 1.19, and updated Go dependencies.
IBM Cloud File Storage for Classic plug-in and monitor 416 420 Updated universal base image (UBI) to version 8.7-923 to resolve CVEs.
Key Management Service provider v2.5.10 v2.5.11 Updated Go dependencies and to Go version 1.19.3.
Kubernetes v1.25.3 v1.25.4 CVE-2022-3294 and CVE-2022-3162. For more information, see IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities CVE-2022-3294 and CVE-2022-3162. See the Kubernetes release notes.

Change log for worker node fix pack 1.25.3_1521, released 07 November 2022

The following table shows the changes that are in the worker node fix pack 1.25.3_1521. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.2_1519
Component Previous Current Description
Ubuntu 18.04 packages N/A N/A Worker node package updates for CVE-2022-32221, CVE-2022-40284, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012.
Kubernetes 1.25.2 1.25.3 For more information, see the change log.
HAProxy b034b2 3a1392 CVE-2022-37434, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527, CVE-2022-3515, CVE-2022-2509.
CUDA 3ea43b 576234 CVE-2022-3515, CVE-2022-2509, CVE-2022-37434, CVE-2020-35525, CVE-2020-35527.

Change log for master fix pack 1.25.3_1520, released 27 October 2022

The following table shows the changes that are in the master fix pack 1.25.3_1520. Master patch updates are applied automatically.

Changes since version 1.25.21517
Component Previous Current Description
Cluster health image v1.3.11 v1.3.12 Updated Go dependencies, golangci-lint, and to Go version 1.19.2. Updated base image version to 109. Excluded ingress status from cluster status calculation.
IBM Cloud Controller Manager v1.25.2-2 v1.25.3-1 Updated to support the Kubernetes 1.25.3 release.
Key Management Service provider v2.5.9 v2.5.10 Updated Go dependencies and to Go version 1.19.2.
Kubernetes v1.25.2 v1.25.3 See the Kubernetes release notes.
Konnectivity agent and server v0.0.32_363_iks v0.0.33_418_iks Updated Konnectivity to version v0.0.33 and added s390x functionality. See the Konnectivity release notes.
IBM Cloud RBAC Operator dc1725a 778ef2b Updated to Go version 1.18.6.

Change log for worker node fix pack 1.25.2_1519, released 25 October 2022

The following table shows the changes that are in the worker node fix pack 1.25.2_1519. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.25.2_1518
Component Previous Current Description
Ubuntu 18.04 packages 4.15.0-193 4.15.0-194 Worker node kernel & package updates for CVE-2018-16860, CVE-2019-12098, CVE-2020-16156, CVE-2021-3671, CVE-2021-43618, CVE-2022-3116, CVE-2022-3515, CVE-2022-39253, CVE-2022-39260.
Kubernetes N/A N/A N/A

Change log for master fix pack 1.25.2_1517 and worker node fix pack 1.25.2_1516, released 6 October 2022

Changes since version 1.24.6_1538 master and 1.24.6_1539 worker node.
Component Previous Current Description
Calico v3.23.3 v3.24.1 See the Calico release notes. In addition, a default FelixConfiguration resource is created if it doesn't exist. The resource has natPortRange set to 32768:65535. For more information, see Why am I seeing SNAT port issues and egress connection failures?
CoreDNS 1.9.3 1.10.0 See the CoreDNS release notes.
IBM Cloud Controller Manager v1.24.5-1 v1.25.2-2 Updated to support the Kubernetes 1.25.2 release and Go version 1.19.1.
Kubernetes v1.24.6 v1.25.2 See the Kubernetes release notes.
Kubernetes admission controllers configuration N/A N/A Enabled the PodSecurity and removed the PodSecurityPolicy admission controllers. Pod Security Policies were removed in Kubernetes version 1.25. See the Kubernetes Deprecated API Migration Guide for more information. IBM Cloud Kubernetes Service version 1.25 now configures Pod Security Admission and no longer supports Pod Security Policies. For more information, see Migrating from PSPs to Pod Security Admission.
Kubernetes configuration N/A N/A Updated the feature gate configuration.
Kubernetes CSI snapshot CRDs v5.0.1 v6.0.1 See the Kubernetes container storage interface (CSI) snapshotter release notes.
Kubernetes CSI snapshot controller None v6.0.1 See the Kubernetes container storage interface (CSI) snapshotter release notes.
Kubernetes Dashboard v2.6.1 v2.7.0 See the Kubernetes Dashboard release notes.
Kubernetes DNS autoscaler 1.8.5 1.8.6 See the Kubernetes DNS autoscaler release notes. In addition, CPU resource requests were reduced from 5m to 1m to better align with normal resource utilization.
Pause container image 3.7 3.8 See the pause container image release notes.