Container-Optimized OS Release Notes: DEV

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

November 17, 2025

Change

cos-dev-129-19386-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.57	v27.5.1	v2.1.4	See List

Change

Updated app-containers/runc to v1.3.3.

Feature

Added support for the Lustre 2.14.0_p224 drivers.

Fixed

Updated the Google OS Config Agent package to version 20250522.00.

Fixed

Updated the OS Login package to version 20251022.00.

Fixed

Backported various TCPDirect networking fixes.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811473 -> 811420

November 11, 2025

Change

cos-dev-129-19370-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.57	v27.5.1	v2.1.4	See List

Fixed

Upgraded dev-python/coverage to v7.10.7.

Fixed

Updated net-misc/chrony to v4.8.

Fixed

Upgraded app-emulation/cloud-init to v25.1.4.

Fixed

Upgraded sys-process/audit to 4.0.2-r1.

Fixed

Enabled multiport support for CX-8 devices.

Change

Updated app-admin/sosreport to v4.10.1. Enabled containerd stack dump by default.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811384 -> 811473

Fixed

Upgraded sys-apps/makedumpfile to v1.7.8.

Change

Updated the Linux kernel to v6.12.57.

Feature

Enabled HTCP TCP congestion control algorithm as a module.

Fixed

Upgraded dev-libs/nss to 3.117 and dev-libs/nspr to 4.37.

Fixed

Fixed bcache latency spikes.

Change

Updated app-containers/containerd to v2.1.4.

Fixed

Upgraded net-libs/gnutls to v3.8.10 and dev-libs/nettle to 3.10.2.

Fixed

Upgraded sys-auth/pambase to v20251104.

Fixed

Upgraded chromeos-base/google-breakpad to v2025.10.31.183851-r257.

Feature

Added support for SCSI logging.

Fixed

Fixed a bug where setting MTU above 9000 on ARM systems with a 64k page size would cause IDPF networking to fail.

Fixed

Upgraded sys-libs/libcap to v2.77.

Security

Fixed CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 in app-containers/runc.

Change

Updated app-containers/runc to v1.3.2.

Fixed

Updated app-containers/cri-tools to 1.32.0.

Fixed

Made CX-8 NIC naming order deterministic.

November 03, 2025

Change

cos-dev-129-19350-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.55	v27.5.1	v2.1.3	See List

Change

Updated the Linux kernel to v6.12.55.

Fixed

Fixed a TCPX bug which would sometimes incorrectly report devices as being missing when route cache entries were missing or invalidated.

Feature

Fixed a bug in cos-extensions which would cause GB200 and GB300 devices not to be detected in one code path, which would result in Imex channels not being created by default.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811495 -> 811384

October 27, 2025

Change

cos-dev-129-19340-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.54	v27.5.1	v2.1.3	See List

Fixed

Upgraded chromeos-base/google-breakpad to v2025.10.16.221019-r255.

Security

Fixed CVE-2025-11413 and CVE-2025-11414 in binutils-libs.

Change

Updated the Linux kernel to v6.12.54.

Fixed

Upgraded sys-apps/pv to v1.9.44.

Fixed

Upgraded sys-apps/less to v685.

Change

Updated cos-gpu-installer to v2.5.9. This adds support for installing drivers for GB 300 devices.

Fixed

Added support for NVIDIA driver v535.274.02 and v570.195.03.

Feature

Added GB300 support to cos-extensions.

October 24, 2025

Change

cos-dev-129-19334-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.53	v27.5.1	v2.1.3	See List

Change

Added support for A4X-Max NICs.

Fixed

Upgraded sys-apps/hwdata to v0.400.

Feature

Added support for NVIDIA GB300 devices.

Security

Fixed CVE-2025-11412 in binutils-libs.

Change

Updated cos-gpu-installer to v2.5.8.

Fixed

Upgraded sys-apps/pv to v1.9.42.

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Fixed

Upgraded sys-auth/pambase to v20251013.

Security

Fixed CVE-2025-11494 in binutils-libs.

Change

Updated app-containers/runc to v1.2.7.

Security

Fixed CVE-2025-11495 in binutils-libs.

October 20, 2025

Change

cos-dev-129-19326-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.53	v27.5.1	v2.1.3	See List

Fixed

Updated golang.org/x/crypto, golang.org/x/net, and golang.org/x/oauth2 in kubelet and kubectl.

Fixed

Reduced gcr_wait_online retry gap.

Security

Fixed KCTF-6bb73db in the Linux Kernel.

Fixed

Updated the dump capture kernel to v6.12.52.

Change

Updated the Linux kernel to v6.12.53.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811438 -> 811426

October 13, 2025

Change

cos-dev-129-19319-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.50	v27.5.1	v2.1.3	See List

Fixed

Partially fixed an issue where excessive contention among writeback kworkers when switching a large number of inodes between cgroups could lead to system unresponsiveness.

Security

Upgraded open-vm-tools to 13.0.5. This fixes CVE-2025-41244 in anthos variant.

Security

Fixed KCTF-134121b in the Linux kernel.

Security

Updated dev-python/urllib3 to v2.5.0. This resolves CVE-2025-50181.

Fixed

Upgraded chromeos-base/google-breakpad to v2025.10.06.205107-r254.

Fixed

Updated toolbox container image tag to v20251002.

Fixed

Upgraded dev-libs/expat to v2.7.3.

Security

Fixed CVE-2025-11081, CVE-2025-11082 and CVE-2025-11083 in sys-libs/binutils-libs.

Security

Updated sys-apps/coreutils to v9.5. This resolves CVE-2024-0684.

Fixed

Upgraded net-libs/libtirpc to v1.3.7.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.4.

Change

Updated the Linux kernel to v6.12.50.

Feature

Added support for NVIDIA driver v580.95.05. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.95.05.

Fixed

Upgraded sys-apps/hwdata to v0.399.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811493 -> 811438
Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

October 06, 2025

Change

cos-dev-129-19302-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.49	v27.5.1	v2.1.3	See List

Security

Updated dev-python/jinja to v3.1.6. This resolves CVE-2024-56326, CVE-2024-56201 and CVE-2025-27516.

Change

Updated the Linux kernel to v6.12.49.

Feature

Configured the cos-gpu-installer to use R580 drivers as the default GPU drivers.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811490 -> 811493
Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Fixed

Add support for NVIDIA MFT Tools v4.33.0.

September 29, 2025

Change

cos-dev-129-19290-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.48	v27.5.1	v2.1.3	See List

Fixed

Upgraded sys-auth/pambase to v20250906.

Fixed

Upgraded app-admin/google-guest-configs to v20250913.00.

Change

Updated the Linux kernel to v6.12.48.

Fixed

Upgraded dev-libs/expat to v2.7.2.

Feature

Added support for the fwctl subsystem and the Mellanox fwctl driver for ARM64.

Feature

Added CPU balloon support for ARM CPUs.

Fixed

Updated golang.org/x/oauth2, golang.org/x/net, golang.org/x/crypto, and github.com/golang-jwt/jwt/v5 in Docker.

September 24, 2025

Change

cos-dev-129-19284-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.47	v27.5.1	v2.1.3	See List

Security

Upgraded dev-libs/libxml2 to version 2.13.9. This fixes CVE-2025-9714, CVE-2025-32415 and CVE-2025-32414.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811423 -> 811483
Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Fixed

Upgraded dev-libs/libxslt to version 1.1.43-r1.

Change

Updated cos-gpu-installer to v2.5.7.

Change

Enabled Coherent Driver Memory Management by default when installing GPU drivers on GB2000.

Change

Updated the Linux kernel to v6.12.47.

Fixed

Added support for NVIDIA driver v580.82.07. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.82.07.

September 16, 2025

Fixed

Fixed a kernel bug which caused boot to fail for n4 machine types.

Change

cos-dev-129-19279-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.46	v27.5.1	v2.1.3	See List

Change

Runtime sysctl changes:

Changed: fs.file-max: 811510 -> 811423

Feature

Added support for NVIDIA MFT Tools on arm64.

Change

Updated the Linux kernel to v6.12.46.

Feature

Added GDRCopy kernel module for NVIDIA drivers.

September 08, 2025

Change

cos-dev-129-19271-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.43	v27.5.1	v2.1.3	See List

Fixed

Upgraded app-admin/google-guest-configs to v20250826.00.

Feature

Added IPv6 support for machines using the IDPF driver.

Fixed

Upgraded app-admin/google-guest-configs to v20250818.00.

Fixed

Upgraded chromeos-base/google-breakpad to v2025.08.18.161925-r245.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811419 -> 811510

Feature

Added TDX RTMR support.

Fixed

Installed app-misc/c_rehash.

Feature

Disabled DNSSEC by default for COS TPU VMs.

Fixed

Upgraded sys-apps/hwdata to v0.398.

Change

Updated the Linux kernel to v6.12.43.

Security

Fixed CVE-2025-6052 in dev-libs/glib.

Fixed

Upgraded sys-apps/file to v5.46-r3.

Fixed

Upgraded sys-auth/pambase to v20250826.

Feature

Added iRDMA support in the Linux kernel.

Fixed

Fixed an issue where cpusets cgroups did not work with cgroup v1 enabled.

Change

Added kernel support for bare-metal on the NVIDIA Grace platform.

Feature

Enabled dynamic vlan configuration for non-primary NICs.

August 25, 2025

Change

cos-dev-129-19251-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.42	v27.5.1	v2.1.3	See List

Security

Fixed KCTF-abad3d0 in the Linux kernel.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811494 -> 811419

Fixed

Added support for the Lustre 2.14.0_p216 drivers.

August 18, 2025

Change

cos-dev-129-19246-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.41	v27.5.1	v2.1.3	See List

Fixed

Upgraded dev-db/sqlite to v3.50.4.

Feature

Backported support for AMD SEV-SNP SVSM vTPM driver and configfs-tsm addition for extended attestation protocol.

Feature

Added ConnectX-8 RDMA support.

Fixed

Upgraded app-admin/google-guest-configs to v20250807.00.

Security

Fixed KCTF-01d3c84 in the Linux kernel.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r668.

Fixed

Upgraded dev-lang/go to v1.23.12.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.4.

Feature

Enabled the google-guest-agent's network management functionality.

Fixed

Upgraded net-nds/rpcbind to v1.2.8.

Security

Upgraded sys-libs/binutils-libs to version 2.45. This fixes CVE-2025-8224,CVE-2025-8225 and CVE-2025-1153.

August 12, 2025

Change

cos-dev-129-19226-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.41	v27.5.1	v2.1.3	See List

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4879.

Feature

Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.

Feature

Removed the cloud-final.service dependency on multi-user.target which could delay cloud-init user-data scripts indefinitely when long-running startup scripts are used.

Fixed

Upgraded sys-process/lsof to v4.99.5.

Fixed

Upgraded chromeos-base/minijail to v18-r168.

Fixed

Reverted a containerd change which reduced the default soft file descriptor limit for processes in containers to 1024.

Feature

Enabled the Btrfs kernel module.

Feature

Enabled hardware optimized SHA256 algorithms for x86 machines with SSSE3 and AVX/AVX2 instructions and ARM64 machines with SHA-NI and ARMv8 Crypto Extensions.

Fixed

Upgraded virtual/logger to v0-r2.

Security

Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.

Fixed

Updated app-containers/cni-plugins to 1.7.1.

Change

Updated containerd to v2.1.3.

Security

Upgraded dev-libs/glib to 2.82.5. This resolves CVE-2024-52533.

Fixed

Upgraded dev-db/sqlite to v3.50.3.

Fixed

Fixed an issue where the cpuidle driver selected for some machine types would cause inflated reports of high CPU usage.

Fixed

Upgraded sys-apps/pv to v1.9.34.

Fixed

Upgraded app-admin/google-guest-configs to v20250718.00.

Fixed

Upgraded dev-lang/go to v1.23.11.

Security

Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.

Fixed

Updated app-admin/node-problem-detector to 0.8.21.

Security

Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.

Fixed

Updated dev-python/requests to v2.32.4.

Fixed

Upgraded app-admin/sudo to v1.9.17_p2.

Fixed

Upgraded net-misc/openssh to 10.0_p1.

Fixed

Upgraded chromeos-base/google-breakpad to v2025.07.23.214511-r244.

Fixed

Upgraded dev-libs/openssl to 3.5.1.

Fixed

Removed an artifact registry ping that would delay multi-user.target indefinitely for machines with no external IP address.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811510 -> 811531

Security

Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.

Security

Fixed CVE-2025-8058 in glibc.

Security

Upgraded urllib3 to version 1.26.18. This fixes CVE-2021-33503, CVE-2023-43804, and CVE-2023-45803.

July 30, 2025

Change

cos-dev-125-19175-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.37	v27.5.1	v2.0.4	See List

Security

Fixed KCTF-5e28d5a in the Linux kernel.

Security

Patched openssl to fix CVE-2023-50782 affecting dev-python/crytography.

Security

Fixed CVE-2024-26130 in dev-python/cryptography.

Fixed

Updated app-misc/jq to v1.8.1.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811539 -> 811510

Fixed

The NFS access cache is no longer cleared on login by default. To use the old behavior, load the NFS module with the nfs_fasc=1 module parameter.

Security

Upgraded sqlite to v3.50.2. This resolves CVE-2025-6965.

July 24, 2025

Change

cos-dev-125-19165-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.12.37	v27.5.1	v2.0.4	See List

Security

Upgraded app-admin/sudo to v1.9.17_p1. This resolves CVE-2025-32462 and CVE-2025-32463.

Fixed

Upgraded sysram to version 6.12-0.

Change

Updated cos-gpu-installer to v2.5.5.

Change

Runtime sysctl changes:

Added: kernel.apparmor_restrict_unprivileged_unconfined: 0
Added: kernel.core_file_note_size_limit: 4194304
Added: kernel.core_sort_vma: 0
Added: net.ipv4.fib_multipath_hash_seed: 0
Added: net.ipv4.tcp_pingpong_thresh: 1
Added: net.ipv6.conf.all.ra_honor_pio_life: 0
Added: net.ipv6.conf.all.ra_honor_pio_pflag: 0
Added: net.ipv6.conf.all.regen_min_advance: 2
Added: net.ipv6.conf.default.ra_honor_pio_life: 0
Added: net.ipv6.conf.default.ra_honor_pio_pflag: 0
Added: net.ipv6.conf.default.regen_min_advance: 2
Added: net.ipv6.conf.docker0.ra_honor_pio_life: 0
Added: net.ipv6.conf.docker0.ra_honor_pio_pflag: 0
Added: net.ipv6.conf.docker0.regen_min_advance: 2
Added: net.ipv6.conf.eth0.ra_honor_pio_life: 0
Added: net.ipv6.conf.eth0.ra_honor_pio_pflag: 0
Added: net.ipv6.conf.eth0.regen_min_advance: 2
Added: net.ipv6.conf.lo.ra_honor_pio_life: 0
Added: net.ipv6.conf.lo.ra_honor_pio_pflag: 0
Added: net.ipv6.conf.lo.regen_min_advance: 2
Added: vm.enable_soft_offline: 1
Changed: fs.epoll.max_user_watches: 1809007 -> 1808517
Changed: fs.fanotify.max_user_marks: 67544 -> 68412
Changed: fs.file-max: 811755 -> 811539
Changed: fs.inotify.max_user_watches: 63425 -> 64189
Changed: kernel.threads-max: 63487 -> 63178
Changed: net.ipv4.tcp_mem: 94041 125391 188082 -> 94017 125357 188034
Changed: net.ipv4.udp_mem: 188085 250783 376170 -> 188034 250715 376068
Changed: user.max_cgroup_namespaces: 31743 -> 31589
Changed: user.max_fanotify_marks: 67544 -> 68412
Changed: user.max_inotify_watches: 63425 -> 64189
Changed: user.max_ipc_namespaces: 31743 -> 31589
Changed: user.max_mnt_namespaces: 31743 -> 31589
Changed: user.max_net_namespaces: 31743 -> 31589
Changed: user.max_pid_namespaces: 31743 -> 31589
Changed: user.max_time_namespaces: 31743 -> 31589
Changed: user.max_user_namespaces: 31743 -> 31589
Changed: user.max_uts_namespaces: 31743 -> 31589
Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
Deleted: kernel.sched_child_runs_first: 0

Fixed

Upgraded chromeos-base/google-breakpad to v2025.07.01.161305-r243.

Security

Fixed CVE-2024-6174 and CVE-2024-11584 in cloud-init.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4875.

Change

Upgraded nvidia-container-toolkit to v1.17.8. This fixes CVE-2025-23266.

Change

Updated the Linux kernel to v6.12.37.

Fixed

Fixed an issue where some workloads could cause a full system hang when running close to their memory limit.

Feature

Added ARM support for the Lustre 2.14.0 drivers.

Fixed

Upgraded app-admin/google-guest-configs to v20250627.00.

Feature

Remove support for the v2.14.0_p184 and v2.14.0_p198 Lustre client drivers.

Security

Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.

Security

Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.

Change

Updated the NVIDIA GPU driver policy for New Feature Branch (NFB) drivers. The LATEST tag has been updated to point to the stable 570.133.20 Production Branch. The 575.57.08 NFB driver remains available for development and testing but must now be selected by its specific version number.Removed 575.57.08 NFB driver support for NVIDIA_GB200 machine.

Fixed

Upgraded uhaul to version 6.12-0.

June 30, 2025

Change

cos-dev-125-19126-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.94	v27.5.1	v2.0.4	See List

Fixed

Upgraded app-admin/sudo to v1.9.17.

Fixed

drop marvell-pcie-ep-octeon driver

Fixed

Upgraded sys-libs/libcap to v2.76.

Fixed

Upgraded app-admin/google-guest-configs to v20250605.00.

Fixed

Added support for the Lustre 2.14.0_p212 drivers.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811773 -> 811755

Fixed

Upgraded dev-lang/go to v1.23.10.

Fixed

Upgraded sys-process/procps to v4.0.5-r2.

Change

Upgraded sys-apps/ethtool to version 6.11.

Fixed

Upgraded dev-db/sqlite to v3.50.1.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4872.

Fixed

Upgraded sys-apps/less to v679.

Change

Updated nvidia-container-toolkit to v1.17.7.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4871.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r667.

Security

Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.

Fixed

Upgraded chromeos-base/google-breakpad to v2025.06.12.121629-r242.

June 23, 2025

Change

cos-125-19115-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.94	v27.5.1	v2.0.4	See List

Feature

Added a kernel patch to address bcache latency.

Security

Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811736 -> 811773

Change

Updated the Linux kernel to v6.6.94.

Feature

Added NVIDIA 570.133.20 vGPU driver.

June 18, 2025

Change

cos-dev-125-19104-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.93	v27.5.1	v2.0.4	See List

Change

Updated the Linux kernel to v6.6.93.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811779 -> 811736

Change

Upgraded dpdk-kmods to 9b182be2ee4b

Security

Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.

June 17, 2025

Change

cos-dev-125-19094-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.92	v27.5.1	v2.0.4	See List

Security

Fixed CVE-2025-47273 in dev-python/setuptools.

Fixed

Upgraded dev-db/sqlite to v3.50.0.

Change

Added support for the Lustre 2.14.0_p198 drivers.

Security

Updated systemd to v254.26. This resolves CVE-2025-4598.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4869.

Feature

Added support for Nvidia driver version 575.57.08.

Security

Fixed KCTF-ac9fe7d in the kernel.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811798 -> 811779

Change

Updated cos-gpu-installer to v2.5.3.

June 02, 2025

Change

cos-dev-125-19071-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.92	v27.5.1	v2.0.4	See List

Fixed

Upgraded dev-db/sqlite to v3.49.2.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2830.

Change

Upgraded google-guest-agent to 20250327.00. This included new services like google-guest-compat-manager.service and google-guest-agent-manager.service and new binaries like google_guest_compat_manager, gce_metadata_script_runner, google_guest_agent_manager, ggactl_plugin_cleanup and gce_compat_metadata_script_runner.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4866.

Security

Fixed CVE-20250-3198 in sys-libs/bintuils-libs.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r665.

Feature

Supported NVIDIA MFT Tools.

Fixed

Fixed docker MTU mismatch.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2734.

Security

Fixed CVE-2024-23337 in app-misc/jq.

Security

Upgraded net-misc/curl to version 8.12.1. This fixes CVE-2025-0167.

Fixed

Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.

Feature

Injected IMEX channel char device for GB200 GPUs.

Security

Fixed CVE-2025-46836 in sys-apps/net-tools

Change

Runtime sysctl changes:

Changed: fs.file-max: 811729 -> 811798
Changed: net.ipv6.conf.docker0.mtu: 1500 -> 1460

Change

Updated the Linux kernel to v6.6.92.

Fixed

Upgraded chromeos-base/google-breakpad to v2025.05.22.184901-r240.

Fixed

Upgraded dev-lang/go to v1.23.9.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2969.

Fixed

Upgraded sys-apps/dbus to v1.16.2-r197.

Fixed

Upgraded sys-apps/rootdev to v0.0.1-r51.

Fixed

Upgraded sys-apps/less to v678.

Fixed

Upgraded app-admin/google-guest-configs to v20250516.00.

Security

Fixed KCTF-3f98113 in the Linux kernel.

May 12, 2025

Change

cos-dev-125-19041-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.89	v27.5.1	v2.0.4	See List

Fixed

Increased kdump memory reservation.

Change

Upgraded app-admin/google-guest-configs to v20250501.00.

Security

Updated apparmor to 3.1.6. This fixes CVE-2016-1585.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811773 -> 811729

Change

Added support for 7th generation TPU devices.

Fixed

Fixed issue where modinfo could not display module signatures.

Change

Updated the Linux kernel to v6.6.89.

May 05, 2025

Change

cos-dev-125-19025-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.88	v27.5.1	v2.0.4	See List

Fixed

Upgraded app-admin/google-guest-configs to v20250409.00.

Fixed

Upgraded sys-apps/grep to v3.12.

Fixed

Upgraded app-admin/google-guest-agent to v20250418.00.

Security

Fixed CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.

Fixed

Upgraded app-benchmarks/microbenchmarks to v0.0.1-r20.

Change

Updated the Linux kernel to v6.6.88.

Fixed

Upgraded chromeos-base/google-breakpad to v2025.04.09.155244-r236.

Security

Updated NVIDIA GPU drivers to v535.247.01 for default/ R535 and v570.133.20 for latest/R570. This resolves CVE-2025-23244.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r664.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2968.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2829.

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2480.

Fixed

Upgraded net-dns/libidn2 to v2.3.8.

Fixed

Upgraded chromeos-base/minijail to v18-r167.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2733.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4853.

Fixed

Upgraded app-arch/gzip to v1.14.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.7.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811785 -> 811773

April 29, 2025

Change

cos-dev-125-19014-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.87	v27.5.1	v2.0.4	See List

Feature

Fixed an issue in containerd that prevented some v2 shims from shutting down properly.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811798 -> 811785

Security

Updated dev-go/net in policy manager to v0.39.0. This fixes CVE-2025-22870.

Security

Fixed CVE-2025-32728 in net-misc/openssh.

Change

Patched a null ptr exception bug in NVIDIA 570.124.06 OSS driver

Security

Fixed CVE-2025-31498 in net-dns/c-ares.

Feature

Fixed an issue in containerd that potentially breaks metric collection

April 25, 2025

Change

cos-dev-125-19000-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.87	v27.5.1	v2.0.4	See List

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2479.

Fixed

Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2967.

Security

Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2828.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2732.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r663.

Change

Updated the Linux kernel to v6.6.87.

Security

Fixed CVE-2024-53427 in app-misc/jq.

Security

Fixed CVE-2024-48615 in app-arch/libarchive.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4850.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811798 -> 811749

Change

Updated cos-gpu-installer to v2.5.0: Support IMEX Driver installation for NVIDIA_GB200 GPU device.

Fixed

Upgraded app-admin/google-guest-agent to v20250408.00.

April 14, 2025

Change

cos-dev-125-18986-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.86	v27.5.1	v2.0.4	See List

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r2.

Change

Updated app-containers/containerd to v2.0.4.

Fixed

Upgraded app-admin/google-guest-agent to v20250331.00.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.3.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4848.

Fixed

Upgraded dev-libs/nss to v3.110.

Fixed

Upgraded net-nds/rpcbind to v1.2.7.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r662.

Fixed

Upgraded sys-apps/diffutils to v3.11-r2.

Fixed

Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.

Fixed

Upgraded app-arch/unzip to v6.0_p29.

Fixed

Upgraded net-misc/rsync to v3.4.1.

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2478.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2731.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2827.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811816 -> 811798

Change

Updated the Linux kernel to v6.6.86.

Fixed

Upgraded sys-apps/dbus to v1.14.10-r196.

Fixed

Upgraded dev-libs/expat to v2.7.1.

Fixed

Upgraded app-admin/google-guest-configs to v20250328.00.

Fixed

Upgraded chromeos-base/google-breakpad to v2025.04.01.213855-r235.

Fixed

Fixed EINTR error in app-container/cni-plugins.

Fixed

Upgraded chromeos-base/minijail to v18-r164.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2966.

March 31, 2025

Change

cos-dev-125-18971-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.84	v27.5.1	v2.0.2	See List

Change

Runtime sysctl changes:

Changed: fs.file-max: 811727 -> 811816

Change

Updated the Linux kernel to v6.6.84.

March 24, 2025

Change

cos-dev-125-18964-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.83	v27.5.1	v2.0.2	See List

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2470.

Fixed

Upgraded sys-apps/acl to v2.3.2-r2.

Fixed

Updated dev-python/s3transfer to v0.11.4.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4825.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2962.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r658.

Change

Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.

Security

Fixed CVE-2024-9287 in dev-lang/python.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.20.

Security

Fixed CVE-2024-13176 in dev-libs/openssl.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4818.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r1.

Fixed

Upgraded sys-apps/which to v2.23.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2818.

Feature

Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.

Fixed

Upgraded dev-db/sqlite to v3.47.2-r1.

Security

Upgraded net-misc/openssh to version 9.9_p2. This fixed CVE-2025-26465 and CVE-2025-26466.

Fixed

Upgraded dev-libs/double-conversion to v3.3.1.

Feature

Added support for NVIDIA 570.124.06 GPU driver. Updated the LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2820.

Fixed

Updated dev-python/python-dateutil to v2.9.0.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.2.

Fixed

Upgraded sys-apps/hwdata to v0.391.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2726.

Fixed

Upgraded app-containers/runc to v1.2.5, Upgraded app-containers/runc-test to v1.2.5.

Security

Fixed CVE-2025-0840 in binutils.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2961.

Fixed

Upgraded app-admin/google-guest-agent to v20250225.00.

Fixed

Upgraded sys-apps/pv to v1.9.31.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2821.

Feature

Add support for iRDMA devices.

Fixed

Upgraded chromeos-base/minijail to v18-r160.

Fixed

Upgraded app-admin/google-guest-configs to v20250221.00.

Fixed

Upgraded sys-apps/diffutils to v3.11.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2728.

Fixed

Upgraded sys-apps/dbus to v1.14.10-r194.

Security

Upgrade sys-libs/binutils-libs to 2.44-r1. This fixes CVE-2024-53589.

Fixed

Upgraded sys-apps/diffutils to v3.11-r1.

Fixed

Upgraded app-admin/google-guest-configs to v20250124.00.

Feature

Added support for the Lustre 2.14.0 client drivers.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r657.

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2474.

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2471.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2963.

Fixed

Fixed a race condition that could cause a kernel panic.

Change

Fixed an issue that resulted in missing grub boot measurements in some machine configurations.

Change

Upgrade cloud-init from 23.4.3 to 24.4.1.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r659.

Fixed

Upgraded chromeos-base/google-breakpad to v2024.02.16.014630-r227.

Fixed

Disabled martian logging for ConnectX-7 network cards. These cards only communicate locally, but martian logging during communications with the host can lead to a race condition which causes GID table construction to sometimes fail.

Fixed

Upgraded dev-libs/nss to v3.108.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811701 -> 811727

Security

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed

Upgraded app-admin/google-guest-agent to v20250204.02.

Security

Upgraded dev-libs/libxml2 to version 1.12.10. Fixes CVE-2025-27113.

Feature

Updated cos-gpu-installer to v2.4.7: 1.Added Support for NVIDIA B200 GPU. 2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64

Security

Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4834.

Fixed

Upgraded dev-db/sqlite to v3.49.1.

Change

Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.

Security

Updated dev-go/oauth2 to v0.27.0. Fixes CVE-2025-22868.

Fixed

Upgraded app-admin/google-guest-agent to v20250122.00.

Feature

Added support for NVIDIA GB200 GPU with 570.124.06 GPU driver. This driver version has been assigned the latest, default, and R570 tags for this GPU type.

Fixed

Updated app-admin/awscli to v1.38.4.

Fixed

Upgraded app-admin/fluent-bit to v3.2.5.

Fixed

Upgraded sys-auth/pambase to v20250228.

Change

Updated Python to v3.11.

Fixed

Upgraded dev-libs/nss to v3.109.

Fixed

Updated dev-python/botocore to v1.37.9.

Feature

Applied Intel patches to add iRDMA support in the Linux kernel.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4838.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2817.

Fixed

Upgraded net-misc/socat to v1.8.0.3.

Feature

Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0.

Security

Upgraded net-misc/wget to version 1.25.0. Fixes CVE-2024-10524.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2727.

Fixed

Upgraded sys-apps/pv to v1.9.27.

Fixed

Upgraded chromeos-base/minijail to v18-r163.

Fixed

Upgraded app-admin/google-guest-agent to v20250304.03.

Fixed

Upgraded sys-apps/dbus to v1.14.10-r195.

Change

Updated app-admin/google-guest-configs to v20250207.00.

March 17, 2025

Change

cos-dev-121-18867-0-53

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.74	v27.5.1	v2.0.2	See List

Security

Fixed CVE-2024-58017 in the Linux kernel.

Security

Upgrade sys-libs/binutils-libs to 2.44-r1. This fixes CVE-2024-53589.

Security

Fixed CVE-2024-56549 in the Linux kernel.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811788 -> 811701
Deleted: net.bridge.bridge-nf-call-arptables: 1
Deleted: net.bridge.bridge-nf-call-ip6tables: 1
Deleted: net.bridge.bridge-nf-call-iptables: 1
Deleted: net.bridge.bridge-nf-filter-pppoe-tagged: 0
Deleted: net.bridge.bridge-nf-filter-vlan-tagged: 0
Deleted: net.bridge.bridge-nf-pass-vlan-input-dev: 0

Security

Upgraded net-misc/wget to version 1.25.0. This fixes CVE-2024-10524.

Security

Fixed KCTF-8802766 in the Linux kernel.

Feature

Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.

Feature

Applied Intel patches to add iRDMA support in the Linux kernel.

Security

Fixed CVE-2024-50146 in the Linux kernel.

Security

Fixed CVE-2024-49994 in the Linux kernel.

Security

Fixed KCTF-638ba50 in the Linux kernel.

Fixed

Security

Fixed CVE-2025-21690 in the Linux kernel.

Security

Upgraded dev-libs/libxml2 to version 1.12.10. This fixes CVE-2025-27113.

Security

Fixed CVE-2025-21814 in the Linux kernel.

Security

Fixed CVE-2024-50304 in the Linux kernel.

Security

Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.

Security

Fixed CVE-2025-21745 in the Linux kernel.

Security

Fixed KCTF-fcdd224 in the Linux kernel.

Change

Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.

Security

Fixed CVE-2024-50017 in the Linux kernel.

Feature

Added support for iRDMA devices.

Security

Fixed CVE-2024-50014 in the Linux kernel.

Security

Upgraded dev-go/oauth2 to v0.27.0. This fixes CVE-2025-22868.

Security

Upgraded net-misc/openssh to version 9.9_p2. This fixed CVE-2025-26465 and CVE-2025-26466.

Fixed

Upgraded net-misc/socat to v1.8.0.3.

February 24, 2025

Change

cos-dev-121-18867-0-24

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.74	v25.0.7	v2.0.2	See List

Change

Upgraded app-admin/google-guest-agent to v20250204.02.

Fixed

Upgraded sys-apps/hwdata to v0.391.

Security

Fixed CVE-2025-0395 in sys-libs/glibc.

Security

Fixed CVE-2024-13176 in dev-libs/openssl.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811771 -> 811788

Feature

Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.

Fixed

Upgraded sys-apps/pv to v1.9.27.

Change

Fixed CVE-2025-0840 in binutils.

Change

Upgraded cloud-init from 23.4.3 to 24.4.1.

Feature

Updated cos-gpu-installer to v2.4.7: 1.Added Support for NVIDIA B200 GPU. 2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64

Change

Updated Konlet to v0.13.4.

Change

Updated app-admin/google-guest-configs to v20250207.00.

Security

Fixed CVE-2024-9287 in dev-lang/python.

Change

Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.

Fixed

Upgraded app-admin/fluent-bit to v3.2.5.

Fixed

Upgraded sys-apps/diffutils to v3.11.

February 03, 2025

Change

cos-dev-121-18865-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.74	v25.0.7	v2.0.2	See List

Feature

Backported Intel TDX (Trust Domain Extensions) and confidential computing patches from Linux kernel 6.7 upstream to enable TDX feature support.

Feature

Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.

Feature

Enabled Grace platform support: Enabled DMA-BUF shared memory support for the ARM64 kernel.

Feature

Enabled Grace platform support: Enabled memory_hotplug and device_private in the ARM64 kernel.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811821 -> 811771

Feature

Enabled Grace platform support: Enabled SMMU (v3) for ARM64 kernel.

Change

Updated the Linux kernel to v6.6.74.

Feature

Enabled Grace platform support: Enabled ATS/PASID(PCI) for ARM64 kernel.

Feature

Enabled ECC kernel modules required for confidential GPU functionality.

Security

Fixed KCTF-bc50835 in the Linux kernel.

January 27, 2025

Change

cos-dev-121-18849-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.72	v25.0.7	v2.0.2	See List

Security

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed

Upgraded net-dns/c-ares to v1.34.4.

Security

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Security

Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4812.

Change

Updated app-admin/oslogin to v20241216.00.

Fixed

Upgraded sys-apps/file to v5.46-r2.

Fixed

Upgraded app-admin/google-guest-configs to v20250116.00.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811767 -> 811821

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2816.

Security

Upgraded net-misc/curl to version 8.11.1-r2. This fixes CVE-2024-11053.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2960.

Feature

Added support for nftables flow offload and the flowtable infrastructure.

Security

Upgraded dev-libs/libxml2 to version 2.12.9. This fixes CVE-2024-40896.

Change

Updated app-containers/containerd to v2.0.2.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r656.

Change

Updated google-osconfig-agent to v20250121.00.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2725.

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2469.

Change

Upgraded net-misc/openssh to v9.9.

Change

Upgraded dev-lang/go to v1.23.5.

Fixed

Upgraded app-admin/google-guest-agent to v20250117.00.

Change

Updated app-containers/runc to v1.2.4.

January 17, 2025

Change

cos-dev-121-18828-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.71	v25.0.7	v2.0.0	See List

Security

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811795 -> 811767

January 16, 2025

Change

cos-dev-121-18827-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.71	v25.0.7	v2.0.0	See List

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2723.

Fixed

Upgraded sys-apps/file to v5.46-r1.

Fixed

Upgraded dev-db/sqlite to v3.47.2.

Fixed

Upgraded app-containers/cni-plugins to v1.6.2.

Fixed

Upgraded sys-apps/pv to v1.9.25.

Change

Upgraded nvidia-container-toolkit to v1.17.3.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4804.

Feature

Added NVIDIA GPU drivers R565 branch - Updated R565 latest driver to v565.57.01.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2814.

Fixed

Upgraded app-admin/google-guest-configs to v20250107.00.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2958.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r654.

Fixed

Upgraded app-admin/fluent-bit to v3.2.4.

Change

Updated the Linux kernel to v6.6.71.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811786 -> 811795

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2467.

Fixed

Upgraded app-containers/docker to v25.0.7, Upgraded app-containers/docker-test to v25.0.7, Upgraded app-containers/docker-cli to v25.0.7.

Fixed

Upgraded net-misc/socat to v1.8.0.2.

January 06, 2025

Change

cos-dev-121-18808-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.68	v25.0.2	v2.0.0	See List

Change

Upgraded app-containers/cni-plugins to v1.6.1.

Fixed

Updated app-containers/docker to 25.0.2

Security

Upgraded nvidia-container-toolkit to v1.17.0. This fixes CVE-2024-0134.

Change

Upgraded app-admin/fluent-bit to v3.2.2.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4790.

Change

Updated app-admin/google-guest-configs to v20241205.00.

Fixed

Updated app-containers/docker-cli to 25.0.2.

Change

Upgraded sys-apps/file to v5.46.

Change

Updated the Linux kernel to v6.6.68.

Change

Upgraded sys-apps/hwdata to v0.390.

Change

Upgraded dev-db/sqlite to v3.47.1.

Change

Upgraded app-admin/sudo to v1.9.16_p2-r1.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811802 -> 811786

Change

Upgraded net-libs/libtirpc to v1.3.6.

Fixed

Updated app-containers/docker-test to 25.0.2.

Security

Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.

Fixed

Set device policy manager to log the metadata values that it takes as input.

Security

Updated dev-go/net in policy manager to v0.33.0. This fixes CVE-2024-45338.

Fixed

Updated app-containers/cri-tools to 1.31.1.

December 09, 2024

Change

cos-dev-121-18779-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.63	v24.0.9	v2.0.0	See List

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2811.

Change

Upgraded app-containers/cni-plugins to v1.6.0.

Change

Upgraded sys-apps/gentoo-functions to v1.7.3.

Change

Upgraded net-libs/libnetfilter_conntrack to v1.1.0.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r651.

Change

Upgraded sys-process/lsof to v4.99.4.

Feature

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Change

Upgraded sys-libs/libseccomp to v2.5.5-r2.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2464.

Change

Upgraded dev-libs/nss to v3.107.

Change

Upgraded sys-libs/libcap to v2.71.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2720.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4782.

Change

Upgraded chromeos-base/minijail to v18-r158.

Feature

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Change

Upgraded dev-db/sqlite to v3.47.0-r1.

Change

Upgraded sys-apps/makedumpfile to v1.7.6.

Change

Upgraded net-misc/socat to v1.8.0.1.

Change

Upgraded sys-apps/pv to v1.9.0.

Security

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681.

Change

Upgraded net-dns/c-ares to v1.34.3.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811752 -> 811802

Change

Updated the Linux kernel to v6.6.63.

Change

Upgraded app-shells/dash to v0.5.12-r1.

Change

Upgraded sys-apps/less to v668.

Change

Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.

Change

Upgraded dev-libs/expat to v2.6.4.

Change

Upgraded app-admin/sudo to v1.9.16_p1.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2955.

Change

Upgraded app-admin/fluent-bit to v3.2.1.

November 18, 2024

Change

cos-dev-121-18759-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.61	v24.0.9	v2.0.0	See List

Change

Updated app-containers/containerd to v2.0.0.

Fixed

Upgraded cos-gpu-installer to v2.4.4: Relax precise GPU driver version check to allow version with two numeric segments pass.

Change

Updated the Linux kernel to v6.6.61.

Change

Updated app-admin/google-guest-configs to v20241112.00.

November 11, 2024

Change

cos-dev-121-18747-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.59	v24.0.9	v1.7.23	See List

Security

Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811822 -> 811804

Security

Fixed CVE-2024-9143 in dev-libs/openssl.

Security

Fixed KCTF-2e95c43 in the Linux kernel.

November 06, 2024

Change

cos-dev-121-18736-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.59	v24.0.9	v1.7.23	See List

Change

Updated the Linux kernel to v6.6.59.

Security

Fixed CVE-2024-50602 in dev-libs/expat.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811799 -> 811822

Security

Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

October 21, 2024

Change

cos-dev-121-18718-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.56	v24.0.9	v1.7.23	See List

Change

Runtime sysctl changes:

Changed: fs.file-max: 811780 -> 811799

Change

Updated the Linux kernel to v6.6.56.

Security

Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Change

Updated app-containers/containerd to 1.7.23.

October 14, 2024

Change

cos-dev-121-18712-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.54	v24.0.9	v1.7.22	See List

Security

Upgraded to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.

Feature

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811792 -> 811780

Fixed

Disabled MGLRU by default due to integration issues with Kubernetes.

Change

Updated the Linux kernel to v6.6.54.

Feature

Update R535, default driver to v535.183.06.

October 07, 2024

Change

cos-dev-121-18699-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.52	v24.0.9	v1.7.22	See List

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4695.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811711 -> 811792

September 30, 2024

Change

cos-dev-121-18698-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.52	v24.0.9	v1.7.22	See List

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r642.

Change

Removed dev-python/zope-interface.

Change

Upgraded dev-python/configobj to v5.0.9.

Change

Removed sys-libs/libsepol and sys-libs/libselinux.

Change

Upgraded chromeos-base/minijail to v18-r155.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4688.

Change

Upgraded app-admin/google-guest-configs to v20240905.00.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2449.

Fixed

Updated net-misc/curl to 8.10.0.

Change

Upgraded app-admin/google-guest-configs to v20240924.00.

Change

Removed dev-libs/libusb.

Change

Updated the Linux kernel to v6.6.52.

Change

Upgraded dev-libs/nss to v3.104.

Change

Upgraded app-admin/fluent-bit to v3.1.8.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2801.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2947.

Change

Upgraded net-dns/c-ares to v1.33.1.

Change

Upgraded net-libs/libtirpc to v1.3.5.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2712.

Feature

Update R550, latest driver to v550.90.12.

Feature

Updated cos-gpu-installer to v2.4.2. This enables creation of /dev/dri when loading nvidia-drm.ko for COS kernels build with loadable drm and dependent modules.

Change

Upgraded app-containers/docker-credential-gcr to v2.1.25.

Change

Upgraded net-firewall/iptables to v1.8.10-r1.

Change

Removed sys-libs/gdbm.

Change

Upgraded app-admin/google-osconfig-agent to v20240924.02.

September 16, 2024

Change

cos-dev-121-18667-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.51	v24.0.9	v1.7.22	See List

Security

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Security

Fixed CVE-2023-27043 in dev-lang/python.

Security

Fixed CVE-2024-6119 in net-libs/openssl.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811768 -> 811782

Security

Fixed CVE-2024-7592 in dev-lang/python.

Change

Updated the Linux kernel to v6.6.51.

Security

Fixed CVE-2024-6232 in dev-lang/python.

Change

Updated app-containers/containerd to v1.7.22.

September 09, 2024

Change

cos-dev-121-18657-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.49	v24.0.9	v1.7.21	See List

Security

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed

Replaced cos-extensions with new Go binary.

Feature

Removed dev-python/setuptools.

Change

Updated dev-lang/python to 3.8.19_p1. This fixes CVE-2007-4559.

Feature

Removed dev-python/webcolors.

Security

Upgraded app-editors/vim, app-editors/vim-core to 9.1.0698. This fixed CVE-2024-43790, CVE-2024-43802.

Fixed

Updated google-osconfig-agent to v20240822.00.

Change

Updated dev-go/oauth2 to v0.23.0. Removed dev-go/appengine.

Security

Fixes CVE-2023-7256 in net-libs/libpcap.

Feature

Removed dev-libs/confuse and dev-embedded/libftdi.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811752 -> 811768

Feature

Removed chromeos-base/ec-utils and chromeos-base/ec-utils.

Change

Updated the Linux kernel to v6.6.49.

Security

Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Change

Updated app-containers/containerd to 1.7.21.

August 26, 2024

Change

cos-dev-121-18632-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.47	v24.0.9	v1.7.20	See List

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2945.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2710.

Change

Upgraded app-admin/fluent-bit to v3.1.6.

Change

Runtime sysctl changes:

Added: vm.unprivileged_userfaultfd: 0
Changed: fs.file-max: 811814 -> 811752

Change

Updated the Linux kernel to v6.6.47.

Change

Upgraded sys-fs/xfsprogs to v6.9.0.

Change

Upgraded app-admin/google-guest-agent to v20240816.00.

Change

Upgraded dev-db/sqlite to v3.46.1.

Change

Upgraded sys-apps/gentoo-functions to v1.7.2.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r640.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2799.

Change

Upgraded net-dns/c-ares to v1.33.0.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2445.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4654.

August 20, 2024

Change

cos-dev-121-18623-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.46	v24.0.9	v1.7.20	See List

Change

Upgraded sys-libs/gdbm to v1.24.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4612.

Security

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.

Change

Upgraded app-admin/google-guest-agent to v20240716.00.

Fixed

Updated protobuf-legacy-api to v1.5.4.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4637.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2442.

Security

Updated dev-go/net to v0.27.0. This fixes CVE-2023-45288.

Security

Updated dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.

Change

Upgraded app-containers/containerd to 1.7.20.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2943.

Change

Upgraded app-emulation/kubernetes to 1.29.7.

Change

Upgraded net-misc/rsync to v3.3.0-r1.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r638.

Change

Upgraded dev-libs/nss to v3.102.

Change

Upgraded sys-apps/less to v661.

Change

Runtime sysctl changes:

Changed: fs.file-max: 811776 -> 811814
Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2708.

Change

Upgraded sys-apps/gentoo-functions to v1.7.1.

Change

Upgraded net-libs/gnutls to v3.8.6.

Change

Upgraded dev-libs/nss to v3.103.

Fixed

Downgraded sys-apps/ethtool to v6.7.

Security

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.

Change

Upgraded app-arch/lz4 to v1.10.0-r1.

Change

Upgraded app-arch/gzip to v1.13-r1.

Change

Upgraded app-admin/fluent-bit to v3.1.3.

Security

Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.

Change

Upgraded net-libs/libtirpc to v1.3.4-r3.

Security

Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.

Change

Upgraded app-admin/google-guest-configs to v20240725.00.

Fixed

Allowed GPU driver installation on dev-channel images without the -test flag.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.

Change

Upgraded sys-apps/pv to v1.8.12.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2797.

Change

Upgraded the Linux kernel to v6.6.46.

Change

Upgraded app-containers/docker-credential-gcr to v2.1.23.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.

Feature

Added more service logs to the default Cloud Logging configuration.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2707.

Change

Updated app-emulation/kubernetes to 1.30.3.

July 22, 2024

Change

cos-dev-117-18567-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.40	v24.0.9	v2.0.0rc2	See List

Fixed

Disable NVIDIA persistence mode with -no-verify flag

Security

Fixed CVE-2024-39894 in net-misc/openssh.

Change

Updated the Linux kernel to v6.6.40.

July 15, 2024

Change

cos-dev-117-18555-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.37	v24.0.9	v2.0.0rc2	See List

Change

Upgraded chromeos-base/minijail to v18-r142.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2437.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2703.

Change

Upgraded app-containers/cni-plugins to v1.5.1.

Feature

Added the package revision number to the SSH banner in net-misc/openssh.

Change

Upgraded dev-python/pygobject to v3.46.0-r1.

Change

Upgraded sys-libs/libseccomp to v2.5.5-r1.

Change

Upgraded app-admin/google-guest-configs to v20240607.00.

Change

Upgraded app-admin/node-problem-detector to v0.8.19.

Change

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Change

Upgraded dev-libs/nss to v3.101.

Change

Upgraded net-dns/c-ares to v1.31.0.

Feature

Updated cos-gpu-installer to v2.3.5.

Change

Runtime sysctl changes:

Added: net.ipv4.tcp_rto_min_us: 200000
Changed: fs.file-max: 811785 -> 811776

Change

Upgraded sys-apps/ethtool to v6.9.

Change

Upgraded dev-db/sqlite to v3.46.0.

Change

Upgraded dev-embedded/libftdi to v1.5-r7.

Fixed

Fixed glibc-2.36 build errors in sys-boot/syslinux.

Security

Fixed CVE-2024-35195 in dev-python/requests.

Security

Upgraded dev-lang/go to v1.22.4. This fixes CVE-2024-24790 and CVE-2024-24789.

Change

Upgraded sys-apps/hwdata to v0.383.

Change

Upgraded sys-apps/findutils to v4.10.0.

Change

Upgraded sys-apps/dbus to v1.14.10-r192.

Change

Added support for TPU v6 devices.

Change

Upgraded sys-apps/pv to v1.8.10.

Change

Upgraded net-misc/rsync to v3.3.0.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4577.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r633.

Change

Upgraded net-misc/curl to v8.8.0-r1.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2937.

Change

Upgrade fluent-bit to v3.0.6.

Change

Upgraded app-admin/logrotate to v3.22.0.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2792.

June 24, 2024

Change

cos-dev-117-18514-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.34	v24.0.9	v2.0.0rc2	v535.183.01(default),v550.90.07(latest)

Change

Runtime sysctl changes:

Added: net.ipv4.tcp_backlog_ack_defer: 1
Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
Changed: fs.fanotify.max_user_marks: 67560 -> 67544
Changed: fs.file-max: 811880 -> 811785
Changed: fs.inotify.max_user_watches: 63441 -> 63425
Changed: kernel.threads-max: 63503 -> 63487
Changed: net.core.optmem_max: 20480 -> 131072
Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
Changed: user.max_cgroup_namespaces: 31751 -> 31743
Changed: user.max_fanotify_marks: 67560 -> 67544
Changed: user.max_inotify_watches: 63441 -> 63425
Changed: user.max_ipc_namespaces: 31751 -> 31743
Changed: user.max_mnt_namespaces: 31751 -> 31743
Changed: user.max_net_namespaces: 31751 -> 31743
Changed: user.max_pid_namespaces: 31751 -> 31743
Changed: user.max_time_namespaces: 31751 -> 31743
Changed: user.max_user_namespaces: 31751 -> 31743
Changed: user.max_uts_namespaces: 31751 -> 31743
Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0

Security

Updated R550, latest driver to v550.90.07.This fixes CVE-2024-0090, CVE-2024-0091 and CVE-2024-0092.

Feature

Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".

Security

Updated R535, default driver to v535.183.01.This fixes CVE-2024-0090 and CVE-2024-0092.

June 18, 2024

Change

cos-dev-117-18508-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.6.33	v24.0.9	v2.0.0rc2	v535.161.08(default),v550.54.15(latest)

Change

Upgraded app-admin/sosreport to v4.7.1.

Fixed

Updated cos-gpu-installer to v2.3.2. Added a validation check to ensure the '--no-verify' flag is specified when the '--target-gpu' flag is used in 'install' command.

Change

Upgraded sys-apps/makedumpfile to v1.7.5.

Change

Upgraded sys-apps/hwdata to v0.382.

Fixed

Updated dev-go/pprof to v0.0.0_p20230811.

Change

Upgraded sys-libs/timezone-data to v2024a-r1.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2693.

Change

Upgraded sys-libs/libcap to v2.70.

Change

Upgraded sys-apps/sed to v4.9-r1.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4515.

Change

Upgraded net-misc/curl to v8.8.0.

Fixed

Updated dev-go/go-tools to v0.16.2_p20231218.

Security

Fixed CVE-2023-5388 in dev-libs/nss.

Change

Upgraded dev-libs/double-conversion to v3.3.0.

Change

Updated cos-gpu-installer to v2.3.1. This switches the default location of GPU drivers sourced from gs://nvidia-drivers-{region}-public to gs://cos-nvidia-gpu-drivers.

Change

Upgraded dev-libs/nss to v3.100.

Change

Upgraded sys-fs/e2fsprogs to v1.47.0-r3.

Fixed

Updated dev-go/go-arch to v0.6.0.

Change

Upgraded app-admin/google-osconfig-agent to v20240501.00.

Change

Upgraded app-containers/cni-plugins to v1.5.0.

Fixed

Uprev GPU driver version to v470.239.06.

Security

Fixed CVE-2024-3772 in dev-python/pydantic.

Feature

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Security

Fixed CVE-2024-28182 in net-libs/nghttp2.

Change

Upgraded net-dns/c-ares to v1.29.0.

Change

Upgraded net-misc/wget to v1.24.5.

Change

Upgraded sys-apps/dmidecode to v3.6.

Security

Updated net-dns/c-ares to version 1.27. This fixed CVE-2024-25629.

Change

Upgraded dev-python/jinja to v3.1.4.

Change

Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.

Feature

Added igzip CLI tool.

Change

Upgraded sys-apps/acl to v2.3.2-r1.

Change

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Feature

Removed dev-go/grpc.

Security

Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.

Security

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Fixed

Updated dev-go/term to v0.15.0.

Change

Upgraded dev-util/puffin to v1.0.0-r451.

Fixed

Updated dev-go/sync to v0.5.0.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2430.

Feature

Removed support for NVIDIA 470 drivers.

Security

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Change

Upgraded net-libs/libtirpc to v1.3.4-r2.

Change

Upgraded app-admin/google-guest-agent to v20240528.00.

Change

Updated the Linux kernel to v6.6.33.

Fixed

Updated Konlet to v.0.12.0. This fixes an iptables compatibility issue.

Change

Upgraded sys-apps/rootdev to v0.0.1-r50.

Change

Upgraded app-admin/google-guest-configs to v20240514.00.

Change

Upgraded net-libs/gnutls to v3.8.5-r1.

Security

Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Fixed

Updated dev-go/demangle to v0.0.0_p20230524.

Security

Fixed CVE-2024-34459 in the libxml2 package.

Fixed

Updated dev-go/mod to v0.14.0.

Change

Upgraded sys-apps/less to v643-r2.

Fixed

Updated dev-go/go-sys to v0.15.0.

Change

Upgraded sys-libs/libcap-ng to v0.8.5.

Fixed

Fix bug that cause constant restarts in fluent-bit stackdriver plugin.

Security

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.

Change

Upgraded sys-apps/gentoo-functions to v1.6.

Fixed

Installed the google_optimize_local_ssd script.

Change

Runtime sysctl changes:

Added: dev.tty.legacy_tiocsti: 1
Added: kernel.io_uring_group: -1
Added: kernel.kexec_load_limit_panic: -1
Added: kernel.kexec_load_limit_reboot: -1
Added: kernel.loadpin.enforce: 1
Added: net.core.mem_pcpu_rsv: 256
Added: net.core.rps_default_mask: 00
Added: net.ipv4.tcp_plb_cong_thresh: 128
Added: net.ipv4.tcp_plb_enabled: 0
Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
Added: net.ipv4.tcp_plb_rehash_rounds: 12
Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
Added: net.ipv4.tcp_syn_linear_timeouts: 4
Added: net.ipv4.udp_child_hash_entries: 0
Added: net.ipv4.udp_hash_entries: 4096
Added: net.ipv6.icmp.error_anycast_as_unicast: 0
Added: vm.memfd_noexec: 0
Changed: fs.file-max: 812391 -> 811880
Changed: net.core.optmem_max: 131072 -> 20480
Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
Deleted: net.ipv4.tcp_backlog_ack_defer: 1

Security

Updated net-misc/curl to version 8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.

Security

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Feature

Updated cos-gpu-installer to v2.2.3. New changes in cos-gpu-installer:v2.2.3: 1. Introduced --gcs-download-bucket-nvidia and --gcs-download-prefix-nvidia flags for customizing NVIDIA installer runfile downloads from Google Cloud Storage. 2. Introduced the --target-gpu flag to facilitate precise GPU driver installations when no GPU is attached. 3. Replaced the HTTP client with a Google Cloud Storage client to improve the reliability of NVIDIA OSS installer runfiles downloads. 4. Implemented the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type. (Currently disabled) 5. Fixed an issue in the Google Cloud Storage Object download functionality to automatically remove the empty target file if a download fails. 6. Internal Cleanup: Migrated GPU device-related information to the deviceInfo package. Created a feature flags module in the features package. Added a config reader in the utils module to parse the cos-gpu-config.json.

Change

Upgraded sys-process/procps to v4.0.4-r1.

Change

Upgraded sys-fs/xfsprogs to v6.8.0.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2928.

Security

Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.

Feature

Removed crash-reporter KVM support.

Security

Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.

Fixed

Upgraded go to version 1.22.3.

Feature

Mount efivarfs fs by default on EFI-enabled systems.

Security

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Security

Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.

Fixed

Updated cos-gpu-installer to v2.3.3 - Resolved potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Change

Upgraded dev-libs/libusb to v1.0.27-r1.

Change

Upgraded dev-embedded/libftdi to v1.5-r6.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r627.

Change

Upgraded sys-apps/pv to v1.8.9.

Change

Upgraded chromeos-base/minijail to v18-r141.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2784.

Security

Updated cos-gpu-installer to v2.3.3 - Fix CVEs for cos-gpu-installer: Upgraded golang from 1.16 to 1.22.3, Upgraded google.golang.org/protobuf from v1.28.0 to v1.33.0, Upgraded google.golang.org/grpc from v1.48.0 to v1.56.3.

Security

Fixed CVE-2023-4641 in sys-apps/shadow.

Change

Upgraded app-admin/node-problem-detector to v0.8.18.

Change

Upgraded sys-apps/grep to v3.11-r1.

Security

Fixed CVE-2023-32681 in dev-python/requests.

Change

Upgraded containerd to 2.0.0-rc.2

Feature

Removed net-libs/grpc.

April 15, 2024

Change

cos-dev-117-18374-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.85	v24.0.9	v1.7.10	v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Change

Updated the Linux kernel to v6.1.85.

Change

Upgraded sys-boot/grub-lakitu to the FC 39's current version.

Fixed

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

Fixed

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

April 01, 2024

Change

cos-dev-117-18342-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.83	v24.0.9	v1.7.10	v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Change

Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r613.

Feature

Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2889.

Change

Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4408.

Change

Upgraded chromeos-base/hiberman-client to v0.0.1-r470.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2404.

Change

Upgraded app-containers/cni-plugins to v1.4.1.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2753.

Change

Upgraded chromeos-base/vm_protos to v0.0.1-r563.

Change

Upgraded app-benchmarks/bootchart to v0.9.2-r5.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2662.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r610.

Change

Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2788.

Change

Upgraded app-admin/google-osconfig-agent to v20240320.00.

Change

Upgraded app-admin/google-guest-configs to v20240307.00.

Change

Upgraded app-admin/node-problem-detector to v0.8.17.

Fixed

Fixed a bug in google-guest-agent service enablement.

Change

Upgraded app-admin/google-guest-agent to v20240314.00.

Change

Updated the Linux kernel to v6.1.83.

Change

Update app-containers/nvidia-container-toolkit to v1.14.6.

Change

Downgraded app-misc/ca-certificates to v20230311.3.96.1.

March 27, 2024

Change

cos-dev-117-18313-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.80	v24.0.9	v1.7.10	v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs)

Feature

Fixed integrity-fs dm-crypt creation flakiness.

March 22, 2024

Change

cos-dev-117-18269-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.79	v24.0.9	v1.7.10	v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Change

Upgraded app-admin/google-osconfig-agent to v20240123.01.

Security

Fixed CVE-2024-23851 in the Linux kernel.

Change

Updated app-containers/runc to v1.1.12.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2722.

Change

Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.

Change

Upgraded net-misc/chrony to v4.5.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2634.

Change

Updated app-admin/sosreport to v4.6.1.

Feature

Added support for iSCSI targets and RAM block devices.

Security

Fixed CVE-2024-0684 in sys-apps/coreutils.

Change

Upgraded chromeos-base/system_api to v0.0.1-r5643.

Security

Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.

Change

Upgraded chromeos-base/system_api to v0.0.1-r5653.

Change

Upgraded sys-apps/file to v5.45-r4.

Change

Upgraded app-containers/docker-credential-helpers to v0.8.1.

Security

Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853.

Change

Upgraded sys-libs/timezone-data to v2024a.

Change

Upgraded chromeos-base/minijail to v18-r136.

Change

Upgraded sys-libs/libcap to v2.69-r1.

Change

Upgraded sys-apps/attr to v2.5.2-r1.

Change

Upgraded chromeos-base/minijail to v18-r135.

Change

Upgraded dev-libs/expat to v2.6.0.

Change

Upgraded app-admin/google-guest-agent to v20240213.00.

Change

Upgraded chromeos-base/dlcservice-client to v0.0.1-r872.

Change

Upgraded app-admin/sosreport to v4.7.0.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2861.

Feature

Include nvidia plugin into sosreport.

Change

Upgraded sys-apps/ethtool to v6.7.

Change

Updated app-emulation/kubernetes to v1.29.1.

Change

Upgraded sys-fs/squashfs-tools to v4.6.1.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4341.

Fixed

Fixed a time-to-login slowdown introduced by cloud-init changes.

Change

Upgraded dev-db/sqlite to v3.45.1-r1.

Change

Upgraded app-admin/google-guest-configs to v20240122.00.

Change

Updated sys-apps/systemd to v254.9.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4308.

Change

Upgraded sys-auth/pambase to v20240128.

Change

Upgraded net-misc/curl to v8.5.0-r3.

Change

Upgraded net-dns/libidn2 to v2.3.7.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2385.

Change

Upgraded app-containers/cni-plugins to v1.4.0.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2859.

Change

Upgraded chromeos-base/hiberman-client to v0.0.1-r455.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2641.

Change

Upgraded sys-libs/zlib to v1.3.1-r1.

Change

Upgraded app-admin/google-osconfig-agent to v20240126.00.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2369.

Change

Updated gzip to v1.13.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2723.

Security

Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.

Security

Upgrade docker to v24.0.9. This fixes CVE-2024-24557.

Change

Updated docker-credential-gcr to v2.1.22.

Change

Upgraded sys-apps/sandbox to v2.29-r1.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2849.

Change

Upgraded sys-apps/acl to v2.3.2.

Change

Updated app-emulation/cloud-init to v23.4.2.

Change

Upgraded chromeos-base/dlcservice-client to v0.0.1-r884.

Change

Upgraded sys-apps/makedumpfile to v1.7.4.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r601.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4325.

Change

Upgraded net-dns/c-ares to v1.26.0.

Feature

Updated cos-gpu-installer to v2.2.0.

Change

Runtime sysctl changes:

Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
Changed: fs.file-max: 812400 -> 812392
Changed: kernel.threads-max: 63504 -> 63503
Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
Changed: user.max_cgroup_namespaces: 31752 -> 31751
Changed: user.max_ipc_namespaces: 31752 -> 31751
Changed: user.max_mnt_namespaces: 31752 -> 31751
Changed: user.max_net_namespaces: 31752 -> 31751
Changed: user.max_pid_namespaces: 31752 -> 31751
Changed: user.max_time_namespaces: 31752 -> 31751
Changed: user.max_user_namespaces: 31752 -> 31751
Changed: user.max_uts_namespaces: 31752 -> 31751

Change

Upgraded chromeos-base/vm_protos to v0.0.1-r552.

Change

Upgraded app-emulation/cloud-init to v23.4.3.

Change

Upgraded dev-libs/libusb to v1.0.27.

Change

Upgraded app-misc/ca-certificates to v20230311.3.97.

Security

Fixed CVE-2023-40547 in sys-boot/shim.

Feature

Added automatic generation of known modules list to image build process.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2721.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r602.

Security

Fixed CVE-2023-40551 in sys-boot/shim.

Change

Upgraded dev-util/puffin to v1.0.0-r450.

Change

Upgraded chromeos-base/hiberman-client to v0.0.1-r446.

Change

Upgraded chromeos-base/hiberman-client to v0.0.1-r456.

Security

Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in sys-boot/shim.

Change

Upgraded app-arch/xz-utils to v5.4.6-r1.

Change

Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.

Change

Upgraded app-admin/google-guest-agent to v20240122.00.

February 12, 2024

Change

cos-dev-113-18203-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.75	v24.0.5	v1.7.10	v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed

Upgraded app-admin/google-guest-agent to v20240109.00.

Feature

Removed legacy logging agent (fluentd).

Change

Upgraded net-dns/c-ares to v1.25.0-r1.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r597.

Change

Upgraded dev-python/jinja to v3.1.3.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2628.

Change

Upgraded sys-apps/attr to v2.5.2.

Fixed

Upgraded app-eselect/eselect-iptables to v20220320.

Change

Upgraded net-libs/gnutls to v3.8.3.

Change

Upgraded chromeos-base/hiberman-client to v0.0.1-r437.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4278.

Change

Upgraded dev-libs/nss to v3.97.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2712.

Feature

Changed default umask value for a user to 027.

Security

Fixed CVE-2024-21626 in app-containers/runc.

Change

Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r225.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2844.

Fixed

Upgraded dev-python/netifaces to v0.11.0-r2.

Fixed

Upgraded app-admin/google-guest-configs to v20240109.00.

Fixed

Upgraded app-admin/google-osconfig-agent to v20231219.00.

Change

Upgraded chromeos-base/dlcservice-client to v0.0.1-r871.

Change

Update default and latest NVIDIA GPU drivers to 535.154.05.

Change

Runtime sysctl changes:

Added: net.ipv4.tcp_backlog_ack_defer: 1
Changed: fs.epoll.max_user_watches: 1809920 -> 1809474
Changed: fs.fanotify.max_user_marks: 67577 -> 67560
Changed: fs.file-max: 812606 -> 812400
Changed: fs.inotify.max_user_watches: 63456 -> 63441
Changed: kernel.threads-max: 63520 -> 63504
Changed: net.core.optmem_max: 20480 -> 131072
Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94068 125424 188136
Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188136 250848 376272
Changed: net.ipv6.route.max_size: 4096 -> 2147483647
Changed: user.max_cgroup_namespaces: 31760 -> 31752
Changed: user.max_fanotify_marks: 67577 -> 67560
Changed: user.max_inotify_watches: 63456 -> 63441
Changed: user.max_ipc_namespaces: 31760 -> 31752
Changed: user.max_mnt_namespaces: 31760 -> 31752
Changed: user.max_net_namespaces: 31760 -> 31752
Changed: user.max_pid_namespaces: 31760 -> 31752
Changed: user.max_time_namespaces: 31760 -> 31752
Changed: user.max_user_namespaces: 31760 -> 31752
Changed: user.max_uts_namespaces: 31760 -> 31752
Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4263.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.15.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2367.

Fixed

Upgraded net-misc/rsync to v3.2.7-r4.

Fixed

Upgraded net-misc/curl to v8.5.0-r2.

Fixed

Upgraded sys-libs/libcap-ng to v0.8.4-r1.

Change

Updated the Linux kernel to v6.1.75.

Feature

Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation

Feature

Removed deprecated R525 NVIDIA GPU drivers.

Feature

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

Feature

Enhanced integrity-fs with disk resize and dm-clone.

Feature

Added support for dm-zero and dm-clone.

January 16, 2024

Change

cos-dev-113-18146-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.71	v24.0.5	v1.7.10	v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed

Upgraded sys-apps/ethtool to v6.6.

Fixed

Upgraded app-misc/jq to v1.7.1.

Security

Upgraded dev-db/sqlite to v3.44.2-r2. This fixes CVE-2023-7104.

Fixed

Upgraded sys-apps/pv to v1.8.5.

Fixed

Upgraded net-libs/libtirpc to v1.3.4-r1.

Security

Updated dev-lang/go to v1.21.5. This fixes CVE-2023-45285 and CVE-2023-39326.

Feature

Sosreport now includes GPU Installer logs.

Fixed

Upgraded app-misc/ca-certificates to v20230311.3.96.1.

Fixed

Upgraded sys-libs/libcap-ng to v0.8.4.

Fixed

Upgraded net-dns/libidn2 to v2.3.4-r2.

Fixed

Upgraded dev-libs/nss to v3.96.1.

Fixed

Upgraded app-editors/vim to v9.0.2167 and app-editors/vim-core to v9.0.2167.

Fixed

Upgraded net-misc/rsync to v3.2.7-r3.

Fixed

Upgraded sys-libs/timezone-data to v2023d.

Fixed

Upgraded sys-process/lsof to v4.99.3.

Fixed

Upgraded app-admin/sudo to v1.9.15_p5.

Change

Updated the Linux kernel to v6.1.71.

Fixed

Upgraded sys-libs/zlib to v1.3-r3.

January 08, 2024

Change

cos-dev-113-18137-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.70	v24.0.5	v1.7.10	v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2362.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2704.

Fixed

Upgraded dev-util/puffin to v1.0.0-r449.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r594.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2834.

Fixed

Upgraded dev-util/bsdiff to v4.3.1-r42.

Fixed

Upgraded app-admin/google-guest-configs to v20231214.00.

Fixed

Upgraded chromeos-base/dlcservice-client to v0.0.1-r864.

Fixed

Upgraded app-admin/google-guest-agent to v20231214.00.

Security

Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4236.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2614.

Security

Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.

Fixed

Upgraded chromeos-base/hiberman-client to v0.0.1-r426.

Fixed

Upgraded net-misc/curl to v8.5.0.

Fixed

Updated net-misc/openssh to v9.6_p1-r1.

January 02, 2024

Change

cos-dev-113-18125-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.69	v24.0.5	v1.7.10	v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Change

Updated the Linux kernel to v6.1.69.

Change

Runtime sysctl changes:

Added: net.netfilter.nf_flowtable_tcp_timeout: 30
Added: net.netfilter.nf_flowtable_udp_timeout: 30

Fixed

Updated docker-credential-gcr to v2.1.21.

Feature

Added additional option to existing kernel cmdline flag that moves protected stateful partition integrity tags to memory.

Change

Updated cos-gpu-installer to v2.1.10.

Fixed

Fixed a performance issue that was observed in Postgres databases.

Fixed

Updated net-misc/openssh to v9.6_p1-r1.

December 19, 2023

Change

cos-dev-113-18106-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.64	v24.0.5	v1.7.10	v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed

Fixed a kernel crash that occurred when running Postgres databases.

Fixed

Fixed a container performance issue that occurred after running systemctl start cloud-audit-setup.

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2357.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4185.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2693.

Security

Fixed CVE-2023-6622 in the Linux kernel.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2600.

Security

Fixed CVE-2023-49083 in package dev-python/cryptography.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2826.

Fixed

Upgraded chromeos-base/dlcservice-client to v0.0.1-r857.

Fixed

Upgraded chromeos-base/hiberman-client to v0.0.1-r408.

December 11, 2023

Change

cos-dev-113-18091-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.64	v24.0.5	v1.7.10	v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Change

Updated app-containers/containerd to v1.7.10.

Change

Upgraded dev-libs/nss to v3.95.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2823.

Change

Upgraded net-dns/c-ares to v1.23.0.

Change

Upgraded sys-libs/timezone-data to v2023c-r1.

Change

Upgraded chromeos-base/hiberman-client to v0.0.1-r407.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2356.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2599.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4175.

Change

Upgraded app-misc/ca-certificates to v20230311.3.95.

Change

Upgraded net-libs/gnutls to v3.8.2.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r590.

Change

Upgraded chromeos-base/dlcservice-client to v0.0.1-r855.

Change

Upgraded sys-apps/less to v643-r1.

December 04, 2023

Change

cos-dev-113-18080-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.64	v24.0.5	v1.7.7	v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed

Upgraded dev-lang/python-exec to v2.4.10.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r588.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2597.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2690.

Fixed

Upgraded dev-python/configobj to v5.0.8.

Fixed

Upgraded chromeos-base/dlcservice-client to v0.0.1-r851.

Fixed

Upgraded net-misc/socat to v1.8.0.0.

Change

Updated the Linux kernel to v6.1.64.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4162.

Fixed

Upgraded dev-python/netifaces to v0.11.0-r1.

Security

Upgraded dev-libs/openssl to v3.0.12. This resolves CVE-2023-5363 and CVE-2023-5678.

Fixed

Upgraded dev-python/nose to v1.3.7_p20221026.

Fixed

Upgraded sys-process/lsof to v4.99.0.

Fixed

Upgraded app-admin/sudo to v1.9.15_p2.

Fixed

Upgraded net-dns/c-ares to v1.22.1.

Fixed

Upgraded dev-python/mock to v5.1.0.

Change

Runtime sysctl changes:

Changed: fs.file-max: 812608 -> 812606

Fixed

Upgraded dev-python/pyyaml to v6.0.1-r1.

Fixed

Upgraded chromeos-base/mojo_service_manager to v0.0.1-r271.

Fixed

Upgraded app-admin/oslogin to 20231004.00.

Security

Upgraded dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2354.

Fixed

Upgraded dev-python/jsonpatch to v1.33.

Fixed

Upgraded chromeos-base/hiberman-client to v0.0.1-r404.

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2819.

Fixed

Upgraded dev-python/six to v1.16.0-r1.

Fixed

Upgraded app-admin/google-guest-agent to 20231016.00.

November 29, 2023

Change

cos-dev-113-18059-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.62	v24.0.5	v1.7.7	v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Feature

Updated NVIDIA GPU drivers.

November 15, 2023

Change

cos-dev-113-18054-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.62	v24.0.5	v1.7.7	v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs)

Fixed

Upgraded app-arch/xz-utils to v5.4.5.

Change

Updated the Linux kernel to v6.1.62.

Security

Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.

Security

Updated dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.

Fixed

Upgraded dev-python/pyserial to v3.5-r2.

Fixed

Upgraded net-dns/c-ares to v1.21.0.

Security

Updated dev-go/net to v0.17.0. This fixes CVE-2023-44487 and CVE-2023-39325.

Fixed

Upgraded sys-apps/hwdata to v0.376.

Fixed

Upgraded sys-libs/zlib to v1.3-r2.

Security

Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.

Feature

Backported support for TCP RTO configuration in networkd.

Change

Updated the Linux kernel to v6.1.61.

November 14, 2023

Change

cos-dev-113-18054-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.62	v24.0.5	v1.7.7	v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs)

Change

Updated the Linux kernel to v6.1.61.

Security

Updated dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.

Fixed

Upgraded sys-apps/hwdata to v0.376.

Fixed

Upgraded dev-python/pyserial to v3.5-r2.

Feature

Backported support for TCP RTO configuration in networkd.

Fixed

Upgraded app-arch/xz-utils to v5.4.5.

Change

Updated the Linux kernel to v6.1.62.

Security

Fixed

Upgraded sys-libs/zlib to v1.3-r2.

Security

Updated dev-go/net to v0.17.0. This resolves CVE-2023-44487 and CVE-2023-39325.

Security

Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.

Fixed

Upgraded net-dns/c-ares to v1.21.0.

November 07, 2023

Change

cos-dev-113-18041-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.60	v24.0.5	v1.7.7	v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs)

Change

Upgraded chromeos-base/power_manager-client to v0.0.1-r2803.

Change

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r578.

Change

Upgraded chromeos-base/update_engine-client to v0.0.1-r2335.

Change

Upgraded chromeos-base/session_manager-client to v0.0.1-r2669.

Change

Upgraded chromeos-base/dlcservice-client to v0.0.1-r836.

Change

Upgraded chromeos-base/system_api to v0.0.1-r5482.

Change

Upgraded chromeos-base/debugd-client to v0.0.1-r2581.

Fixed

Updated google-guest-configs to 20230929.00.

Change

Upgraded chromeos-base/shill-client to v0.0.1-r4104.

October 30, 2023

Change

cos-dev-113-18026-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.60	v24.0.5	v1.7.7	v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs)

Change

Updated default and latest NVIDIA GPU drivers to v535.104.12.

Change

Updated the Linux kernel to v6.1.60.

Security

Upgraded net-misc/curl to version v8.4.0. This resolves CVE-2023-38545.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r566.

Feature

Add compiler mitigations to mitigate memory corruption vulnerabilities.

Fixed

Upgraded sys-apps/pv to v1.8.0.

Change

Runtime sysctl changes:

Added: net.ipv4.tcp_shrink_window: 0
Added: net.ipv6.conf.all.accept_ra_min_lft: 0
Added: net.ipv6.conf.default.accept_ra_min_lft: 0
Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
Added: net.ipv6.conf.lo.accept_ra_min_lft: 0

Change

Upgraded dev-python/pygobject to v3.46.0.

Fixed

Upgraded net-fs/cifs-utils to v7.0-r1, Upgraded sys-libs/talloc to v2.4.1.

Fixed

Upgraded net-dns/c-ares to v1.20.1.

Fixed

Upgraded dev-libs/nss to v3.94.

Feature

Sequence named before nss-lookup.target.

Fixed

Upgraded dev-libs/double-conversion to v3.2.1.

Change

Upgraded sys-apps/file to v5.45-r3.

Fixed

Upgraded chromeos-base/mojo_service_manager to v0.0.1-r265.

Security

Updated dev-lang/go to v1.21.2. This resolves CVE-2023-39323.

Change

Updated app-containers/containerd to v1.7.7.

Fixed

Upgraded chromeos-base/update_engine-client to v0.0.1-r2317.

Fixed

Upgraded dev-util/bsdiff to v4.3.1-r41.

Fixed

Upgraded net-libs/libtirpc to v1.3.4.

Fixed

Upgraded sys-libs/zlib to v1.3-r1.

Change

Updated app-containers/runc to v1.1.9.

Fixed

Upgraded net-dns/libidn2 to v2-2.3.4-r1.

Fixed

Restore systemd-logind restart behavior when dbus restarts.

Fixed

Upgraded dev-util/puffin to v1.0.0-r448.

Fixed

Upgraded chromeos-base/vm_protos to v0.0.1-r513.

Feature

Enable portmapper registration reporting for lsof. This also fixes an issue where lsof is missing from SOS reports.

Fixed

Upgraded sys-apps/dmidecode to v3.5-r3.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2781.

Fixed

Upgraded sys-apps/hwdata to v0.375.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2568.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4043.

Change

Upgraded sys-fs/xfsprogs to v6.5.0.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2655.

Fixed

Upgraded app-arch/unzip to v6.0_p27-r1.

Fixed

Upgraded sys-devel/libtool to v2.4.6-r7.

Fixed

Upgraded chromeos-base/hiberman-client to v0.0.1-r374.

October 11, 2023

Change

cos-dev-113-17965-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.55	v24.0.5	v1.7.6	v535.104.05(default, latest),v470.199.02(R470 for compatibility with K80 GPUs)

Security

Fixed CVE-2023-5345 in COS kernel.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r561.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2649.

Security

Fixed CVE-2023-4911 in sys-libs/glibc.

Fixed

Upgraded cos-gpu-installer to v2.1.9.

Fixed

Upgraded chromeos-base/google-breakpad to v2023.06.01.191934-r222.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2559.

Security

Fixed CVE-2023-42756 in COS kernel.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4030.

Security

Fixed CVE-2023-5197 in the Linux kernel.

Change

Upgraded app-containers/containerd to v1.7.6.

Security

Fixed CVE-2023-38039 in net-misc/curl.

Fixed

Upgraded dev-util/gn to v2121.

October 03, 2023

Change

cos-dev-113-17935-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.55	v24.0.5	v1.7.3	v535.104.05(default),v470.199.02(R470)

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r554.

Fixed

Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2787.

Security

Fixed CVE-2023-42753 in the Linux kernel.

September 26, 2023

Change

cos-dev-113-17927-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.52	v24.0.5	v1.7.3	v535.104.05(default, latest),v470.199.02(R470 for K80 compatibility)

Security

Updated dev-lang/go to 1.21.1. This fixes CVE-2023-39318 CVE-2023-39319, CVE-2023-39320, CVE-2023-39321, and CVE-2023-39322.

Security

Fixed CVE-2023-40217 in the dev-lang/python package.

Security

Fixed CVE-2023-32636, CVE-2023-29499, CVE-2023-32643, CVE-2023-32665, CVE-2023-32611 in glib and glib-utils.

Security

Fixed CVE-2023-4921 in the Linux Kernel.

September 18, 2023

Change

cos-dev-113-17908-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.52	v24.0.5	v1.7.3	v535.104.05(default),v470.199.02(R470)

Fixed

Upgraded app-misc/ca-certificates to v20230311.3.93.

Fixed

Upgraded sys-apps/coreutils to v9.4.

Change

Updated cos-gpu-installer to v2.1.8.

Fixed

Fixed an issue where IPv6 networking would fail under high CPU load.

Fixed

Fixed an issue with NFS reconnects on GKE.

Change

Updated dev-libs/nss to v3.79.4.

Change

Fixed an issue where symlinks could not be moved.

Fixed

Upgraded sys-process/procps to v4.0.4.

Security

Fixed CVE-2023-4623 in the linux kernel.

Fixed

Upgraded app-misc/jq to v1.7.

Change

Updated dev-embedded/libftdi to v1.5-r5.

September 11, 2023

Change

cos-dev-113-17877-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.51	v24.0.5	v1.7.3	v535.104.05(default),v470.199.02(R470)

Change

Updated the Linux kernel to v6.1.51.

Change

Updated latest GPU driver to v535.104.05.

September 07, 2023

Change

cos-dev-113-17872-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.49	v24.0.5	v1.7.3	v535.54.03(default),v470.199.02(R470)

Change

Updated the Linux kernel to v6.1.49.

Fixed

Upgraded sys-apps/less to v643.

Fixed

The get_metadata_value script will now retry if it experiences a connection error.

Fixed

Enabled persistence mode with Nvidia GPU driver installation.

Fixed

Fixed an issue in ip6tables where the -C option did not work correctly.

Change

Updated dev-go/go-tools to v0.11.1_p20230712.

Fixed

Upgraded app-misc/jq to v1.7_rc2.

Security

Fixed CVE-2023-4016 in sys-process/procps.

Change

Runtime sysctl changes:

Added: kernel.io_uring_disabled: 0
Changed: fs.file-max: 812619 -> 812608
Changed: kernel.threads-max: 63519 -> 63520
Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
Changed: user.max_cgroup_namespaces: 31759 -> 31760
Changed: user.max_ipc_namespaces: 31759 -> 31760
Changed: user.max_mnt_namespaces: 31759 -> 31760
Changed: user.max_net_namespaces: 31759 -> 31760
Changed: user.max_pid_namespaces: 31759 -> 31760
Changed: user.max_time_namespaces: 31759 -> 31760
Changed: user.max_user_namespaces: 31759 -> 31760
Changed: user.max_uts_namespaces: 31759 -> 31760

Change

Updated dev-lang/go to v1.21.0.

Security

Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.

Fixed

Upgraded app-editors/vim to v9.0.1777. Upgraded app-editors/vim-core to v9.0.1777.

Fixed

Upgraded app-arch/pigz to v2.8.

August 21, 2023

Change

cos-dev-113-17833-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.43	v24.0.5	v1.7.3	v535.54.03(default),v470.199.02(R470)

Fixed

Upgraded app-misc/jq to v1.7_rc1.

Fixed

Upgraded app-arch/xz-utils to v5.4.4.

Fixed

Update cos-gpu-installer to v2.1.4. This fixes a permissions issue in the GPU driver install directory with OSS drivers.

Security

Updated dev-libs/openssl to v3.0.10. This resolves CVE-2023-3817.

Fixed

Updated app-containers/docker to 24.0.5.

Fixed

Upgraded app-editors/vim and app-editors/vim-core to v9.0.1678.

Fixed

Updated app-containers/docker-cli to 24.0.5.

Security

Fixed CVE-2023-4194 in the Linux kernel.

Security

Updated dev-go/yaml to v3.0.1. This resolves CVE-2022-28948.

Fixed

Upgraded net-libs/gnutls to v3.8.1-r1.

August 14, 2023

Change

cos-dev-113-17819-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.43	v24.0.4	v1.7.3	v535.54.03(default),v470.199.02(R470)

Change

Updated app-containers/containerd to v1.7.3.

Fixed

Upgraded sys-apps/pv to v1.7.24.

Change

Updated app-emulation/cloud-init to v23.2.2.

Change

Updated app-emulation/kubernetes to v1.27.4.

Change

Updated the Linux kernel to v6.1.43.

August 07, 2023

Change

cos-dev-113-17811-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.42	v24.0.4	v1.7.2	v535.54.03(default),v470.199.02(R470)

Fixed

Upgraded sys-apps/less to v633-r2.

Fixed

Upgraded app-misc/jq to v1.7_pre20230210.

Change

Update cos-gpu-installer to v2.1.2. Switched precompiled driver and signature location to COS build artifacts for M109.

Change

Updated GPU drivers to 535.54.03 (R535 LTSB NVIDIA branch).

Change

Updated app-emulation/cloud-init to v23.2.1.

Fixed

Upgraded sys-process/procps to v3.3.17-r2.

Fixed

Upgraded app-arch/tar to v1.35.

Fixed

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r2.

Fixed

Upgraded sys-apps/pv to v1.7.0.

Security

Fixed CVE-2022-40896 in pygments.

Change

Simplified GPU driver installation by remounting driver installation path as executable from cos-extensions.

Fixed

Upgraded app-editors/vim to v9.0.1627, Upgraded app-editors/vim-core to v9.0.1627.

Fixed

Upgraded app-admin/sudo to v1.9.14_p3.

Fixed

Upgraded sys-process/lsof to v4.98.0-r1.

Fixed

Upgraded net-misc/curl to v8.2.1.

Feature

Added support for user.* xattr on tmpfs.

Change

Updated the Linux kernel to v6.1.42.

Fixed

Upgraded net-fs/cifs-utils to v7.0.

Change

Updated google-guest-agent to v20230726.00.

Fixed

Upgraded sys-apps/file to v5.45-r1.

Change

Updated sys-apps/systemd to v253.7.

August 01, 2023

Change

cos-dev-109-17788-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.41	v24.0.4	v1.7.2	v470.199.02(default),v525.125.06

Change

Updated the Linux kernel to v6.1.40.

Feature

Enabled support for MGLRU in the Linux kernel.

Change

Updated cos-gpu-installer to v2.1.1.

Fixed

Enabled vrf, ip_gre, and ip6_gre modules.

Change

Updated toolbox to v20230714.

Change

Updated app-containers/nvidia-container-toolkit to v1.13.5.

Change

Updated app-containers/docker-cli to v24.0.4.

Change

Updated app-containers/docker to 24.0.4.

Feature

Updated cos-gpu-installer and simplified GPU driver installation by remounting driver installation path as executable from cos-extensions.

July 18, 2023

Change

cos-dev-109-17758-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.38	v23.0.3	v1.7.2	v470.199.02(default),v525.125.06

Feature

Enabled TDX Guest support in the Linux Kernel.

Change

Updated docker-credential-gcr to v2.1.10.

Change

Runtime sysctl changes:

Changed: fs.file-max: 812620 -> 812619

Change

Updated google-osconfig-agent to v20230706.02.

Security

Updated default GPU driver to v470.199.02 and latest GPU driver to v525.125.06. This resolves CVE-2023-25515 and CVE-2023-25516.

Change

Updated oslogin to v20230531.00.

Change

Updated app-emulation/kubernetes to v1.27.3.

July 13, 2023

Change

cos-dev-109-17749-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.38	v23.0.3	v1.7.2	v470.182.03(default),v525.105.17

Fixed

Upgraded localtoast from v1.1.5.1 to v1.1.6.

Change

Updated google-guest-agent to v20230628.00.

Change

Updated the Linux kernel to v6.1.38.

July 05, 2023

Change

cos-dev-109-17727-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.35	v23.0.3	v1.7.2	v470.182.03(default),v525.105.17

Fixed

Upgraded sys-apps/less to v633-r1.

Fixed

Upgraded sys-fs/e2fsprogs to v1.47.0-r2.

Fixed

Upgraded sys-apps/coreutils to v9.3.

June 26, 2023

Change

cos-dev-109-17722-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.35	v23.0.3	v1.7.2	v470.182.03(default),v525.105.17

Security

Updated open-vm-tools to v12.2.5 to fix CVE-2023-20867.

Change

Updated google-guest-configs to v20230526.00.

Fixed

Disabled CONFIG_DEBUG_CREDENTIALS in the kernel due to its performance impact on some container workloads.

Fixed

Upgraded app-misc/mime-types to v2.1.54.

Change

Updated sosreport to v4.5.4.

Fixed

Upgraded app-misc/ca-certificates to v20230311.3.90.

Fixed

Upgraded net-misc/curl to v8.1.2.

Security

Updated dev-lang/go to v1.20.5. This fixes CVE-2023-29403, CVE-2023-29404, CVE-2023-29402 and CVE-2023-29405.

Fixed

Updated toolbox to v20230615.

June 12, 2023

Change

cos-dev-109-17691-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.33	v23.0.3	v1.7.2	v470.182.03(default),v525.105.17

Security

Updated dev-lang/go to 1.20.4. This fixes CVE-2023-24539 CVE-2023-24540, and CVE-2023-29400.

Fixed

Updated net-dns/c-ares to v1.19.1.

Security

Updated dev-libs/openssl to v3.0.9. This resolves CVE-2023-2650.

Feature

Enabled KVM-based nested virtualization for the x86 architecture.

Fixed

Updated sys-apps/diffutils to v3.10.

Change

Updated containerd to 1.7.2.

Change

Rollback pciutils from 3.10.0 back to 3.7.0.

Change

Updated app-containers/runc to 1.1.7.

Security

Fixed ncurses upgrade to 6.4p20220423. This resolves CVE-2023-29491.

Change

Updated sosreport to v4.5.3.

Fixed

Updated net-misc/curl to v8.1.0-r1.

Change

Updated app-emulation/kubernetes to 1.27.1.

Security

Fixed CVE-2023-24329 in dev-lang/python.

May 22, 2023

Change

cos-dev-109-17637-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.29	v23.0.3	v1.7.0	v470.182.03(default),v525.105.17

Fixed

Upgraded sys-apps/ethtool to v6.3.

Fixed

Upgraded sys-apps/coreutils to v9.3-r1.

Security

Fixed CVE-2023-1255 in the dev-libs/openssl package.

Fixed

Upgraded sys-libs/libcap to v2.69.

Security

Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.

Change

Updated the Linux kernel to v6.1.29.

Change

Runtime sysctl changes:

Added: fs.overflowgid: 65534
Added: fs.overflowuid: 65534

Fixed

Upgraded sys-apps/grep to v3.11.

Fixed

Upgraded net-misc/wget to v1.21.4

Fixed

Added rt-tests package.

Feature

Added noexec, nodev, nosuid to /etc/resolv.conf bind mount. It fixes EPERM errors when running a pod in UserNS in COS.

Security

Updated app-emulation/cloud-init to 23.1.2.

May 15, 2023

Change

cos-dev-109-17622-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.27	v23.0.3	v1.7.0	v470.182.03(default),v525.105.17

Change

Upgraded sys-apps/less to v633.

Change

Upgraded app-misc/ca-certificates to v20230311.3.89.1.

Change

Upgraded sys-apps/acl to v2.3.1-r2.

Change

Upgraded sys-apps/pciutils to v3.10.0.

Change

Upgraded app-arch/xz-utils to v5.4.3.

Change

Upgraded app-admin/sudo to v1.9.13_p3-r1.

May 09, 2023

Change

cos-dev-109-17611-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.27	v23.0.3	v1.7.0	v470.182.03(default),v525.105.17

Feature

Added kernel support for nftables.

Security

Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.

Change

Add MAX_SKB_FRAGS configuration in the Linux kernel

May 01, 2023

Change

cos-dev-109-17602-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.26	v23.0.3	v1.7.0	v470.182.03(default),v525.105.17

Security

Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.

Change

Updated sys-apps/systemd to v253.3.

Fixed

Updated docker to v23.0.3.

Change

Updated the Linux kernel to v6.1.26.

Change

Updated iproute2 to v6.2.0.

Fixed

Increase /dev/stateful wait timeout with protected stateful partition.

April 25, 2023

Change

cos-dev-109-17591-0-0

Kernel	Docker	Containerd	GPU Drivers
COS-6.1.25	v23.0.0	v1.7.0	v470.182.03(default),v525.105.17

Change

Upgrade app-misc/jq to v1.7_pre20201109-r1

Change

Upgraded net-firewall/iptables to v1.8.9.

Change

Updated the Linux kernel to v6.1.25.

Change

Updated app-admin/google-osconfig-agent to 20230403.00.

Security

Updated dev-lang/go to v1.20.3. This resolves CVE-2023-24536, CVE-2023-24537, CVE-2023-24538.

Change

Upgraded sys-fs/e2fsprogs to v2fsprogs-1.47.0-r1.

Change

Upgraded sys-apps/coreutils to v9.3.

Fixed

Added Restart=always to chronyd config.

Change

Updated containerd to v1.7.0.

Change

Upgraded sys-fs/lvm2 to v2-2.03.20.

Feature

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Change

Upgraded net-libs/libnetfilter_conntrack to v1.0.9-r1.

cos-dev-109-17570-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Apr 17, 2023	COS-6.1.23	v23.0.0	v1.7.0-beta.1	v470.182.03(default),v525.105.17

Updated google-guest-agent to v20230330.00.

Enabled the kernel configs CONFIG_AMD_IOMMU and CONFIG_AMD_IOMMU_V2.

Upgraded sys-apps/dmidecode to v3.5-r2.

Fixed CVE-2023-25809 in app-containers/runc.

Fixed CVE-2023-0465, CVE-2023-0466 in dev-libs/openssl.

Runtime sysctl changes:

Changed: fs.epoll.max_user_watches: 1810387 -> 1809920
Changed: fs.fanotify.max_user_marks: 67593 -> 67577
Changed: fs.file-max: 812825 -> 812620
Changed: fs.inotify.max_user_watches: 63472 -> 63456
Changed: kernel.threads-max: 63535 -> 63519
Changed: net.ipv4.tcp_mem: 94116 125488 188232 -> 94092 125456 188184
Changed: net.ipv4.udp_mem: 188232 250976 376464 -> 188184 250912 376368
Changed: user.max_cgroup_namespaces: 31767 -> 31759
Changed: user.max_fanotify_marks: 67593 -> 67577
Changed: user.max_inotify_watches: 63472 -> 63456
Changed: user.max_ipc_namespaces: 31767 -> 31759
Changed: user.max_mnt_namespaces: 31767 -> 31759
Changed: user.max_net_namespaces: 31767 -> 31759
Changed: user.max_pid_namespaces: 31767 -> 31759
Changed: user.max_time_namespaces: 31767 -> 31759
Changed: user.max_user_namespaces: 31767 -> 31759
Changed: user.max_uts_namespaces: 31767 -> 31759

cos-dev-109-17561-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Apr 10, 2023	COS-6.1.23	v23.0.0	v1.7.0-beta.1	v470.182.03(default),v525.105.17

Updated the Linux kernel to v6.1.23.

Fixed an issue where pstore is not cleaned at boot time if COS metrics are disabled.

Upgraded sys-libs/libcap to v2.68.

Upgraded app-admin/sudo to v1.9.13_p3.

Upgraded net-misc/wget to v1.21.3-r1.

Upgraded app-arch/xz-utils to v5.4.2.

Upgraded net-misc/curl to v8.0.1.

Upgraded app-misc/ca-certificates to v20230311.3.89.

Upgraded sys-apps/file to v5.44-r3.

Upgraded sys-fs/xfsprogs to v6.2.0.

Upgraded virtual/editor to v0-r5.

Upgraded net-libs/libnfnetlink to v1.0.2.

Upgraded net-misc/rsync to v3.2.7-r2.

Upgraded sys-process/lsof to v4.98.0.

Upgraded sys-libs/libcap-ng to v0.8.3.

Upgraded sys-apps/dmidecode to v3.5-r1.

Upgraded sys-apps/grep to v3.10.

Upgraded sys-libs/timezone-data to v2023c.

Update default driver to 470.182.03. This resolves: CVE CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.

Also update latest driver to 525.105.17. This resolves CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.

Updated to pick up CVE-2023-0394 patch for ipv6 raw.

Updated to pick up CVE-2023-0386 and CVE-2023-1281 patches for net-sched in the kernel.

Updated to pick up CVE-2023-0179 patch for netfilter in kernel.

Fixed CVE-2023-0464 in dev-libs/openssl.

Runtime sysctl changes:

Changed: net.core.bpf_jit_limit: 264241152 -> 528482304
Changed: vm.mmap_rnd_bits: 32 -> 31

cos-dev-109-17549-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Apr 03, 2023	COS-6.1.21	v23.0.0	v1.7.0-beta.1	v470.161.03(default),v525.60.13

Updated the gvnic driver in the Linux kernel.

Updated the Linux kernel to v6.1.21.

Added support for L4 GPU in cos-gpu-installer and fixed cached driver installation for prebuilt driver modules.

Enabled INET_DIAG_DESTROY kernel configuration.

Fixed CVE-2023-27561 in runc.

cos-dev-109-17536-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Mar 27, 2023	COS-6.1.20	v23.0.0	v1.7.0-beta.1	v470.161.03(default),v525.60.13

Updated the Linux kernel to v6.1.20.

Updated dev-lang/go to v1.20.2. This resolves CVE-2023-24532.

Upgraded net-misc/openssh package to v9.3. This resolves CVE-2023-28531 in net-misc/openssh.

cos-dev-109-17523-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Mar 16, 2023	COS-6.1.19	v23.0.0	v1.7.0-beta.1	v470.161.03(default),v525.60.13

Updated cos-gpu-installer to v2.0.32.

Allowed preloading GPU driver dependencies through cos-extensions for dev-channel images.

Updated google-guest-agent to v20230207.00.

Updated dev-go/go-tools to 070db2996ebe3aa00667288f8e5749e867deeb39.

Upgraded sys-libs/libcap to v2.67.

Upgraded sys-fs/xfsprogs to v6.1.1.

Upgraded sys-fs/e2fsprogs to e2fsprogs-1.47.0.

Upgraded sys-apps/net-tools to v2.10.

Upgraded sys-apps/kexec-tools to v2.0.24.

Upgraded sys-apps/grep to v3.9.

Upgraded sys-apps/gentoo-functions to v0.19.

Upgraded sys-apps/ethtool to v6.2.

Upgraded sys-apps/dmidecode to v3.4.

Upgraded sys-apps/diffutils to v3.9-r1.

Upgraded sys-apps/attr to v2.5.1-r2.

Upgraded sys-apps/acl to v2.3.1-r1.

Upgraded net-nds/rpcbind to v1.2.6.

Upgraded net-misc/curl to v7.88.1-r1. This resolves CVE-2022-43552.

Upgraded net-misc/bridge-utils to v1.7.1-r1.

Upgraded net-libs/libnetfilter_queue to v1.0.5.

Upgraded net-libs/libnetfilter_cttimeout to v1.0.1.

Upgraded net-libs/libnetfilter_cthelper to v1.0.1-r1.

Upgraded net-libs/libmnl to v1.0.5.

Upgraded net-libs/gnutls to v3.8.0.

Upgraded net-fs/autofs to v5.1.8-r1.

Upgraded net-dns/libidn2 to v2-2.3.4.

Upgraded net-dns/c-ares to v1.19.0.

Upgraded net-analyzer/netcat to v110.20180111-r2.

Upgraded dev-libs/userspace-rcu to v0.13.2.

Upgraded dev-libs/re2 to v2-0.2022.12.01.

Upgraded dev-libs/popt to v1.19.

Upgraded dev-libs/libzip to v1.9.2.

Upgraded dev-libs/nettle to v3.8.1.

Upgraded dev-libs/nspr to v4.35-r1.

Upgraded dev-libs/libyaml to v0.2.5.

Upgraded dev-libs/libverto to v0.3.2.

Upgraded dev-libs/libpcre2 to v2-10.42-r1.

Upgraded dev-libs/libpcre to v8.45-r1.

Upgraded dev-libs/libgpg-error to v1.46-r1.

Upgraded dev-libs/libgcrypt to v1.10.1-r3.

Upgraded dev-libs/libevent to v2.1.12-r1.

Upgraded dev-libs/gmp to v6.2.1-r5.

Upgraded dev-libs/expat to v2.5.0.

Upgraded dev-libs/elfutils to v0.189.

Upgraded dev-libs/dbus-glib to v0.112.

Upgraded dev-libs/confuse to v3.3 and fixed CVE-2022-40320.

Upgraded dev-db/sqlite to v3.41.0.

Upgraded app-shells/dash to v0.5.12.

Upgraded app-arch/xz-utils to v5.4.1.

Upgraded app-arch/pigz to v2.7-r1.

Upgraded app-admin/logrotate to v3.21.0.

Updated the Linux kernel to v6.1.19.

Made toolbox compatible with AR and GCR.

Use the Fluent-bit logging agent when the google-logging-use-fluentbit metadata key is true and logging is enabled.

Fixed containers losing access to GPUs with error "Failed to initialize NVML: Unknown error".

Updated dev-go/go-sys to v0.5.0.

Upgraded bind-tools to v9.16.37.

Updated open-iscsi to v2.1.8 to fix CVE-2020-17437.

Updated app-containers/containerd to v1.7.0-beta.1.

Upgraded dev-python/cryptography to v39.0.1. This solves CVE-2023-23931.

Updated dev-libs/openssl to v3.0.8.

Updated dev-lang/go to v1.20.1. Updated dev-go/net to v0.7.0. This resolves CVE-2022-41723 and CVE-2022-41725.

Fixes CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, and CVE-2022-45061 in dev-lang/python.

Updated app-editors/vim,app-editors/vim-core to v9.0.1403. This resolves CVE-2023-0512, CVE-2023-1127, CVE-2023-1175, CVE-2023-1170, CVE-2023-1355 and CVE-2023-1264.

Fixed CVE-2022-48303 in app-arch/tar.

Updated net-misc/openssh to v9.2. This resolves CVE-2023-25136.

Fixed CVE-2022-2928 and CVE-2022-2929 in net-misc/dhcp.

Fixed CVE-2022-46663 in sys-apps/less.

Fixed CVE-2021-4122 in sys-fs/cryptsetup. Upgraded sys-fs/cryptsetup from 2.3.4 to 2.4.3.

Updated net-fs/cifs-utils to v6.15. This fixes CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239.

Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.

Updated binutils-libs to v2.40. This fixes CVE-2022-4285.

Runtime sysctl changes:

Added: kernel.apparmor_display_secid_mode: 0
Added: kernel.arch: x86_64
Added: kernel.split_lock_mitigate: 1
Added: net.core.skb_defer_max: 64
Added: net.core.txrehash: 1
Added: net.ipv4.conf.all.arp_evict_nocarrier: 1
Added: net.ipv4.conf.default.arp_evict_nocarrier: 1
Added: net.ipv4.conf.docker0.arp_evict_nocarrier: 1
Added: net.ipv4.conf.eth0.arp_evict_nocarrier: 1
Added: net.ipv4.conf.lo.arp_evict_nocarrier: 1
Added: net.ipv4.neigh.default.interval_probe_time_ms: 5000
Added: net.ipv4.neigh.docker0.interval_probe_time_ms: 5000
Added: net.ipv4.neigh.eth0.interval_probe_time_ms: 5000
Added: net.ipv4.neigh.lo.interval_probe_time_ms: 5000
Added: net.ipv4.tcp_child_ehash_entries: 0
Added: net.ipv4.tcp_ehash_entries: 65536
Added: net.ipv4.tcp_tso_rtt_log: 9
Added: net.ipv6.conf.all.accept_untracked_na: 0
Added: net.ipv6.conf.all.ndisc_evict_nocarrier: 1
Added: net.ipv6.conf.default.accept_untracked_na: 0
Added: net.ipv6.conf.default.ndisc_evict_nocarrier: 1
Added: net.ipv6.conf.docker0.accept_untracked_na: 0
Added: net.ipv6.conf.docker0.ndisc_evict_nocarrier: 1
Added: net.ipv6.conf.eth0.accept_untracked_na: 0
Added: net.ipv6.conf.eth0.ndisc_evict_nocarrier: 1
Added: net.ipv6.conf.lo.accept_untracked_na: 0
Added: net.ipv6.conf.lo.ndisc_evict_nocarrier: 1
Added: net.ipv6.neigh.default.interval_probe_time_ms: 5000
Added: net.ipv6.neigh.docker0.interval_probe_time_ms: 5000
Added: net.ipv6.neigh.eth0.interval_probe_time_ms: 5000
Added: net.ipv6.neigh.lo.interval_probe_time_ms: 5000
Added: vm.hugetlb_optimize_vmemmap: 0
Changed: fs.epoll.max_user_watches: 1810832 -> 1810387
Changed: fs.fanotify.max_user_marks: 67610 -> 67593
Changed: fs.file-max: 813043 -> 812825
Changed: fs.inotify.max_user_watches: 63488 -> 63472
Changed: kernel.threads-max: 63551 -> 63535
Changed: net.ipv4.tcp_challenge_ack_limit: 1000 -> 2147483647
Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94116 125488 188232
Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188232 250976 376464
Changed: net.netfilter.nf_conntrack_events: 1 -> 2
Changed: user.max_cgroup_namespaces: 31775 -> 31767
Changed: user.max_fanotify_marks: 67610 -> 67593
Changed: user.max_inotify_watches: 63488 -> 63472
Changed: user.max_ipc_namespaces: 31775 -> 31767
Changed: user.max_mnt_namespaces: 31775 -> 31767
Changed: user.max_net_namespaces: 31775 -> 31767
Changed: user.max_pid_namespaces: 31775 -> 31767
Changed: user.max_time_namespaces: 31775 -> 31767
Changed: user.max_user_namespaces: 31775 -> 31767
Changed: user.max_uts_namespaces: 31775 -> 31767
Deleted: fs.overflowgid: 65534
Deleted: fs.overflowuid: 65534
Deleted: net.ipv4.tcp_rx_skb_cache: 0
Deleted: net.ipv4.tcp_tx_skb_cache: 0
Deleted: net.netfilter.nf_conntrack_helper: 0
Deleted: net.netfilter.nf_log.11: NONE
Deleted: net.netfilter.nf_log.12: NONE

cos-dev-109-17432-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Feb 14, 2023	COS-5.15.92	v23.0.0	v1.6.15	v470.161.03(default),v525.60.13

Removed support for Rust symbol demangling in google-breakpad.

Upgraded docker to v23.0.0.

Updated Nvidia latest drivers from v510.108.03 to v525.60.13 (OSS).

Updated sys-fs/e2fsprogs package to v1.46.6.

Updated the Linux kernel to v5.15.92.

Installed fluent-bit for stackdriver logging in x86 images. See this page for more details.

Retry starting systemd-networkd permanently in case of failure instead of default limit of 5.

Enabled fluent-bit to use customized configuration.

Updated cos-gpu-installer to v2.0.31. This adds support for gsp_tu10x.bin and gsp_ad10x.bin gsp firmware files and removes the container dependency on python2.

Updated dev-libs/openssl to v1.1.1t. This resolves CVE-2022-4450, CVE-2023-0215, CVE-2022-4304 and CVE-2023-0286.

Runtime sysctl changes:

Added: kernel.oops_limit: 10000
Added: kernel.warn_limit: 0
Changed: net.netfilter.nf_conntrack_sctp_timeout_established: 432000 -> 210
Deleted: net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked: 210

cos-dev-105-17400-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Jan 31, 2023	COS-5.15.90	v20.10.12	v1.6.15	v470.161.03(default),v510.108.03

Updated Python to version 3.8.

Updated cloud-init to v22.4.

Upgraded nfs-utils to v2.6.2.

Updated containerd to v1.6.15.

Updated built-in kubelet/kubectl to v1.25.5.

Upgraded localtoast from 1.1.4.3 to 1.1.5.1.

Updated sosreport to v4.4.

Updated dev-python/pexpect to v4.8.0.

Upgraded pam to v1.5.2.

Upgraded a number of packages:

app-admin/sudo to v1.9.12_p1

app-arch/pigz to v2.7

app-arch/xz-utils to v5.2.9

app-editors/vim-core to v9.0.1000

app-eselect/eselect-awk to v0.4

app-eselect/eselect-vi to v20221122

dev-libs/inih to v56-r1

net-misc/curl to v7.86.0-r3

sys-apps/file to v5.43-r1

sys-apps/findutils to v4.9.0-r2

sys-apps/grep to v3.8-r1

sys-apps/less to v608-r1,

sys-apps/sed to v4.9

sys-auth/passwdqc to v2.0.2-r1

sys-block/thin-provisioning-tools to v0.9.0-r1

sys-fs/e2fsprogs to v2fsprogs-1.46.5-r4

sys-libs/libcap to v2.66

sys-libs/timezone-data to v2022g

sys-libs/zlib to v1.2.13-r1

sys-process/lsof to v4.96.4

virtual/editor to v0-r4.

Updated the Linux kernel to v5.15.90.

Removed the mosys package.

Move standalone kubelet runtime to containerd.

Add cni-plugins by default.

Move containerd default cgroup to systemd.

Fixed CVE-2023-0054 in vim.

Fixed CVE-2022-40897 in dev-python/setuptools.

Fixed CVE-2022-3715 in bash.

Runtime sysctl changes:

Changed: vm.mmap_rnd_bits: 28 -> 32

cos-dev-105-17353-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Jan 09, 2023	COS-5.15.86	v20.10.12	v1.6.12	v470.161.03(default),v510.108.03

Updated sys-apps/apparmor to v3.1.2.

Updated dev-lang/go to v1.19.4.

Updated the Linux kernel to v5.15.86.

Fixed no CNI info for pod sandbox on restart in app-emulation/containerd.

Updated libseccomp to v2.5.4.

Updated app-emulation/containerd to v1.6.12 which fixes CVE-2022-23471.

Upgraded vim to v9.0.1000. This fixes CVE-2022-4292.

Updated lxml to v4.6.5. This fixes CVE-2021-43818.

cos-dev-105-17328-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Dec 12, 2022	COS-5.15.81	v20.10.12	v1.6.9	v470.161.03(default),v510.108.03

Upgraded openssh package to v9.1_p1.

Updated the Linux kernel to v5.15.81.

Updated Nvidia default drivers to 470.161.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264 and latest to 510.108.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255,CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260,CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264.

Updated dev-go/text to v0.3.8. This fixes CVE-2022-32149.

Updated dev-libs/libxml2 to v2.10.3. This resolves CVE-2022-40304 and CVE-2022-40303.

Fixed CVE-2022-36227 in app-arch/libarchive package.

cos-dev-105-17317-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Dec 05, 2022	COS-5.15.80	v20.10.12	v1.6.9	v470.141.03(default),v510.47.03

Upgraded systemd to v252.1.

Updated app-emulation/cri-tools to v1.25.0.

Updated stackdriver logging agent to v1.9.9.

Updated dev-go/go-tools to v0.1.11.

Upgraded dev-lang/go to v1.19.3.

Updated the Linux kernel to v5.15.80.

Fixed CVE-2022-3821 in sys-apps/systemd.

Fixed CVE-2022-37454 in dev-lang/python.

Updated x11-libs/pixman to v0.42.2. This resolves CVE-2022-44638.

cos-dev-105-17295-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Nov 10, 2022	COS-5.15.77	v20.10.12	v1.6.9	v470.141.03(default),v510.47.03

Updated app-emulation/docker-credential-helpers to v0.7.0.

Set ManageForeignRoutes and ManageForeignRoutingPolicyRules to `no` to avoid systemd deleting foreign routes and foreign routing policy rules during startup.

Updated cos-gpu-installer to v2.0.29. This addresses CVE-2022-3602 in cos-gpu-installer.

Fixed CVE-2022-3543 in the Linux kernel.

cos-dev-105-17287-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Nov 07, 2022	COS-5.15.77	v20.10.12	v1.6.9	v470.141.03(default),v510.47.03

Updated sys-apps/shadow to v4.12.3.

Updated sys-apps/makedumpfile to v1.7.2.

Updated app-emulation/runc to v1.1.4.

Updated grub2 to Fedora-38.

Updated containerd to v1.6.9.

Updated cos-gpu-installer to v2.0.28. The new installer installs NVIDIA GSP firmware if it is available.

Updated lvm2 to v2.03.14.

Updated the Linux kernel to v5.15.77.

Removed Network Time Security support in Chrony.

Removed Python 2 from the image.

Updated sys-boot/shim to v15.6.

Fixed an issue where sudo -i is not working correctly.

Fixed CVE-2022-40768, CVE-2022-43750 and CVE-2022-3543 in the Linux kernel.

Updated app-editors/vim and app-editors/vim-core to v9.0.0828. This resolves CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352 and CVE-2022-3705.

Fixed CVE-2022-42915 in curl.

Fixed CVE-2021-46848 in libtasn1.

cos-dev-105-17251-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Oct 17, 2022	COS-5.15.73	v20.10.12	v1.6.8	v470.141.03(default),v510.47.03

Updated the Linux kernel to v5.15.73.

Fixed an issue related to IP leakage in containerd.

Updated net-misc/curl package to 7.85.0-r2. This resolves CVE-2022-35252.

Updating app-arch/libarchive to v3.6.1. This resolves CVE-2022-26280.

cos-dev-105-17234-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Oct 03, 2022	COS-5.15.71	v20.10.12	v1.6.8	v470.141.03(default),v510.47.03

Updated the Linux kernel to v5.15.71.

Updated vim to v9.0.0467. This resolves CVE-2022-3153, CVE-2022-3134, CVE-2022-3099, CVE-2022-3037, CVE-2022-3016, CVE-2022-2982, CVE-2022-2980, CVE-2022-2946, CVE-2022-2923, CVE-2022-2889, CVE-2022-2874, CVE-2022-2862, CVE-2022-2849, CVE-2022-2845, CVE-2022-2819, CVE-2022-2817, CVE-2022-2816, CVE-2022-2598, CVE-2022-2581, CVE-2022-2580, and CVE-2022-2571.

Updated vim-core to v9.0.0467. This resolves CVE-2022-3153, CVE-2022-3134, CVE-2022-3099, CVE-2022-3037, CVE-2022-3016, CVE-2022-2982, CVE-2022-2980, CVE-2022-2946, CVE-2022-2923, CVE-2022-2889, CVE-2022-2874, CVE-2022-2862,CVE-2022-2849, CVE-2022-2845, CVE-2022-2819, CVE-2022-2817, CVE-2022-2816, CVE-2022-2598, CVE-2022-2581, CVE-2022-2580, and CVE-2022-2571.

cos-dev-105-17228-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Sep 26, 2022	COS-5.15.69	v20.10.12	v1.6.8	v470.141.03(default),v510.47.03

Updated the Linux kernel to v5.15.69.

cos-dev-105-17222-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Sep 19, 2022	COS-5.15.68	v20.10.12	v1.6.8	v470.141.03(default),v510.47.03

Updated google-guest-agent to v20220614.00.

Updated the Linux kernel to v5.15.68.

Added kernel flag to protect stateful partition with AEAD.

Updated cos-gpu-installer to v2.0.27. This resolves the issue where multiple installers can be started in the same VM.

Updated app-arch/gzip to v1.12. This resolves CVE-2022-1271.

cos-dev-105-17215-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Sep 12, 2022	COS-5.15.65	v20.10.12	v1.6.8	v470.141.03(default),v510.47.03

Upgraded the GPU driver version in the "latest" track to v510.47.03.

Updated the Linux kernel to v5.15.65.

Updated cos-gpu-installer to v2.0.26. This resolves the compatibility issue with K80 GPU devices. When an incompatible driver version (R510+) is chosen in an instance with K80 GPU, the installer will automatically fall back to an available R470 driver version.

Upgraded Google OS Config Agent(aka VMManager) to v20220801.00.

Fixed a scenario of high contention state of the system in case filesystem is almost full and processes is trying to write content.

Fixed memory leak in the seccomp subsystem.

Updated gnutls to v3.7.7 fixing CVE-2022-2509.

Upgraded libtirpc to v1.3.3 fixing CVE-2021-46828.

cos-dev-105-17205-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Sep 06, 2022	COS-5.15.64	v20.10.12	v1.6.8	v470.141.03(default)

Fixed kdump on NVME disks.

Updated the Linux kernel to v5.15.64.

Added support for cryptsetup using AEAD.

Updated open-vm-tools package to version 12.1.0 to fix CVE-2022-31676.

Updated gnutls to v3.7.6. This resolves CVE-2021-4209.

cos-dev-105-17196-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Aug 29, 2022	COS-5.15.62	v20.10.12	v1.6.8	v470.141.03(default)

Updated the built-in kubectl/kubelet to 1.23.10.

Updated the Linux kernel to v5.15.62.

Fixed issues in cos-gpu-installer where nvidia-peermem.ko was not installed and where driver signatures were included in the cached build tools.

Fixed CVE-2022-1158 in Linux Kernel.

cos-dev-105-17189-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Aug 22, 2022	COS-5.15.60	v20.10.12	v1.6.8	v470.141.03(default)

Updated containerd to v1.6.8.

Updated the Linux kernel to v5.15.60.

Opting out of a CIS Benchmark now prevents scripts from adjusting your instance.

Updated net-misc/rsync to v3.2.5 and fixed CVE-2022-29154.

Updated dev-db/sqlite to v3.39.2 to fix CVE-2022-35737.

cos-dev-105-17181-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Aug 15, 2022	COS-5.15.59	v20.10.12	v1.6.6	v470.141.03(default)

Updated the Linux kernel to v5.15.59.

Removed stackdriver-correct-container benchmark for cis-level2 compliance.

Enable IOMMU_SUPPORT and IRQ_REMAP kernel configurations.

Updated app-editors/vim and app-editors/vim-core to 9.0.0099. This resolves CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2288,CVE-2022-2289,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522.

Runtime sysctl changes:

Changed: fs.epoll.max_user_watches: 1811300 -> 1810832
Changed: fs.fanotify.max_user_marks: 67627 -> 67610
Changed: fs.file-max: 813249 -> 813043
Changed: fs.inotify.max_user_watches: 63503 -> 63488
Changed: kernel.threads-max: 63567 -> 63551
Changed: net.ipv4.tcp_mem: 94164 125552 188328 -> 94140 125520 188280
Changed: net.ipv4.udp_mem: 188328 251105 376656 -> 188280 251041 376560
Changed: user.max_cgroup_namespaces: 31783 -> 31775
Changed: user.max_fanotify_marks: 67627 -> 67610
Changed: user.max_inotify_watches: 63503 -> 63488
Changed: user.max_ipc_namespaces: 31783 -> 31775
Changed: user.max_mnt_namespaces: 31783 -> 31775
Changed: user.max_net_namespaces: 31783 -> 31775
Changed: user.max_pid_namespaces: 31783 -> 31775
Changed: user.max_time_namespaces: 31783 -> 31775
Changed: user.max_user_namespaces: 31783 -> 31775
Changed: user.max_uts_namespaces: 31783 -> 31775

cos-dev-105-17174-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Aug 08, 2022	COS-5.15.58	v20.10.12	v1.6.6	v470.141.03(default)

Updated the Linux kernel to v5.15.58.

Updated default and latest Nvidia drivers to v470.141.03.

cos-dev-105-17169-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Aug 01, 2022	COS-5.15.57	v20.10.12	v1.6.6	v470.82.01(default)

Enabled FANOTIFY_ACCESS_PERMISSIONS configuration in kernel.

Updated sosreport to v4.3.

Backported support for SEV-SNP in the Linux kernel.

Updated the Linux kernel to v5.15.57.

Added a new systemd unit logging-agent.target to group stackdriver logging agents.

Enabled CONFIG_SCHED_CORE in the kernel config.

Updated toolbox to v20220722.

Updated oslogin to v20220721.00

Fixed an issue where the "logs", "crictl", and "kdump" sosreport plugins did not work properly.

cos-dev-101-17154-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Jul 25, 2022	COS-5.15.56	v20.10.12	v1.6.6	v470.82.01(default)

Updated the built-in kubectl/kubelet to v1.23.9.

Updated stackdriver logging agent to v1.9.8.

Updated the Linux kernel to v5.15.56.

Users created via OS Login or via manually managed SSH keys will now have UIDs and GIDs in range [65536, 2^31 - 1).

cos-dev-101-17148-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Jul 18, 2022	COS-5.15.54	v20.10.12	v1.6.6	v470.82.01(default)

Updated the Linux kernel to v5.15.54.

Updated openssl to v1.1.1q. This resolves CVE-2022-2097.

Updated net-misc/curl to v7.84.0. This resolves CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208.

cos-dev-101-17136-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Jul 11, 2022	COS-5.15.52	v20.10.12	v1.6.6	v470.82.01(default)

Updated the Linux kernel to v5.15.52.

Upgraded openssl to 1.1.1p to resolve CVE-2022-2068.

cos-dev-101-17134-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Jul 06, 2022	COS-5.15.51	v20.10.12	v1.6.6	v470.82.01(default)

Updated the built-in kubelet to be compiled from source instead of using official Kubernetes releases.

Updated sys-apps/irqbalance to v1.8.0-r1.

Updated the Linux kernel to v5.15.51.

Moved the toolchain source from gs://chromiumos-sdk to gs://cos-sdk.

Upgrade ice kernel module from v1.3.2 to v1.8.8 due to incompatibility with kernel 5.15.

Add 5.15 vanilla and rt kernel in project-edgeos.

Updated toolbox to v20220630.

Fixed the bug in toolbox where long project name/container image tag can fail to run the toolbox container.

Fixed CVE-2022-29217 in dev-python/pyjwt.

Updated app-editors/vim and app-editors/vim-core to v8.2.5066. This resolves CVE-2022-2126,CVE-2022-2125,CVE-2022-2124,CVE-2022-2129,CVE-2022-1720, CVE-2022-1942,CVE-2022-1886,CVE-2022-1851,CVE-2022-1160,CVE-2022-1154, CVE-2022-1381,CVE-2022-1420,CVE-2022-1733,CVE-2022-1796,CVE-2022-1769, CVE-2022-1735,CVE-2022-1674,CVE-2022-1771,CVE-2022-1620,CVE-2022-1785, CVE-2022-1629,CVE-2022-1616,CVE-2022-1621,CVE-2022-1619,CVE-2022-1927, CVE-2022-1898.

Fixed CVE-2021-22570 in libprotobuf.

Runtime sysctl changes:

Changed: fs.file-max: 813250 -> 813249

cos-dev-101-17109-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Jun 27, 2022	COS-5.15.47	v20.10.12	v1.6.6	v470.82.01(default)

Updated default toolbox container to v20220614.

Upgraded Google OS Config Agent(aka VMManager) to v20220606.00.

Updated docker-credential-gcr to v2.1.5.

Updated cos-gpu-installer to fetch the COS toolchain from gs://cos-tools instead of gs://chromiumos-sdk.

Updated app-emulation/containerd to v1.6.6. This resolves CVE-2022-31030.

Updated net-misc/netplan to v0.104.

Upgraded sys-fs/e2tools to v0.1.0.

Upgraded sys-fs/xfsprogs to v5.18.0 and sys-fs/e2fsprogs to v1.46.5.

Updated the Linux kernel to v5.15.47.

Updated net-misc/curl to v7.83.1. This resolves CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115.

Runtime sysctl changes:

Changed: fs.fanotify.max_user_marks: 54813 -> 67627
Changed: fs.inotify.max_user_watches: 51557 -> 63503
Changed: user.max_fanotify_marks: 54813 -> 67627
Changed: user.max_inotify_watches: 51557 -> 63503

cos-dev-101-17079-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Jun 03, 2022	COS-5.15.44	v20.10.12	v1.6.2	v470.82.01(default)

Updated the Linux kernel to v5.15.44.

Enabled kernel config CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS.

Updated google-guest-agent to v20220523.00.

Runtime sysctl changes:

Changed: kernel.random.poolsize: 4096 -> 256
Changed: kernel.random.write_wakeup_threshold: 896 -> 256

cos-dev-101-17069-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
May 23, 2022	COS-5.15.41	v20.10.12	v1.6.2	v470.82.01(default)

Updated runc to v1.1.2.

Updated the Linux kernel to v5.15.41.

Added TPU driver v20220117.

Fixed an issue that prevented large cloud-configs (~256KB) from working properly.

Disabled bracketed paste mode by default in readline.

Upgraded openssl to v1.1.1o. This resolves CVE-2022-1292.

Upgraded dev-libs/libxml2 to v2.9.14. This resolves CVE-2022-29824.

Upgraded dev-libs/libxslt to v1.1.35. This resolves CVE-2022-29824.

Upgraded sys-libs/ncurses to v6.3_p20220423. This resolves CVE-2022-29458.

Fixed CVE-2022-28893 in the Linux kernel.

cos-dev-101-17053-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
May 16, 2022	COS-5.15.38	v20.10.12	v1.6.2	v470.82.01(default)

Updated the Linux kernel to v5.15.38.

Backported upstream patch to fix the issue where systemd affects BFQ IO setup.

cos-dev-101-17047-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
May 09, 2022	COS-5.15.37	v20.10.12	v1.6.2	v470.82.01(default)

Updated the Linux kernel to v5.15.37.

Upgraded package sys-boot/shim to version 15.5.

cos-dev-101-17043-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
May 02, 2022	COS-5.15.36	v20.10.12	v1.6.2	v470.82.01(default)

Updated the default toolbox container to v20220429.

Upgraded docker-credential-gcr to v2.1.2.

Updated the Linux kernel to v5.15.36.

Upgraded dump-capture-kernel to 5.15.

cos-dev-101-17033-0-0

Date	Kernel	Docker	Containerd	GPU Drivers
Apr 25, 2022	COS-5.15.35	v20.10.12	v1.6.2	v470.82.01(default)

Added pci=clearmsi option in dump-capture-kernel command line.

Updated net-misc/chrony to v4.2.

Upgraded docker-credential-gcr to v2.1.1.

Upgraded COS to Linux kernel v5.15.

Updated app-admin/localtoast(cis_scanner) to v1.1.4.3.

Updated google-guest-configs to v20220211.00.

Updated ChromeOS base to ChromeOS version 14542.0.0.

Made CIS-Scanner show results for passing and non-passing benchmarks.

Added option to GPU driver installation script for populating and resetting toolchain cache.

Built cos-gpu-installer using debian:bookworm.

Increased number of vCPUs support from 256 to 512.

Added cgroup-driver=systemd flag to kubelet.

Upgraded contanerd to v1.6.2. This resolves CVE-2022-24769.

Upgraded open-vm-tools package to v12.0.0_p19345655. This resolves CVE-2022-22943.

Upgraded openssl package to v1.1.1n. This resolves CVE-2022-0778.

Upgraded dev-libs/libxml2 to v2.9.13. This resolves CVE-2022-23308.

Updated app-editors/vim and app-editors/vim-core to v8.2.4586. This resoloves CVE-2022-0714, CVE-2022-0696, CVE-2022-0685, CVE-2022-0729, CVE-2022-0572 and CVE-2022-0629.

Fixed CVE-2021-25217 in net-misc/dhcp.

Fixed CVE-2022-29581 in the Linux kernel.

Runtime sysctl changes:

Added: fs.fanotify.max_queued_events: 16384
Added: fs.fanotify.max_user_groups: 128
Added: fs.fanotify.max_user_marks: 54813
Added: kernel.max_rcu_stall_to_panic: 0
Added: kernel.sched_schedstats: 0
Added: kernel.task_delayacct: 0
Added: net.core.netdev_unregister_timeout_secs: 10
Added: net.ipv4.fib_multipath_hash_fields: 7
Added: net.ipv4.fib_notify_on_flag_change: 0
Added: net.ipv4.icmp_echo_enable_probe: 0
Added: net.ipv4.tcp_migrate_req: 0
Added: net.ipv6.conf.all.ioam6_enabled: 0
Added: net.ipv6.conf.all.ioam6_id: 65535
Added: net.ipv6.conf.all.ioam6_id_wide: 4294967295
Added: net.ipv6.conf.all.ra_defrtr_metric: 1024
Added: net.ipv6.conf.default.ioam6_enabled: 0
Added: net.ipv6.conf.default.ioam6_id: 65535
Added: net.ipv6.conf.default.ioam6_id_wide: 4294967295
Added: net.ipv6.conf.default.ra_defrtr_metric: 1024
Added: net.ipv6.conf.docker0.ioam6_enabled: 0
Added: net.ipv6.conf.docker0.ioam6_id: 65535
Added: net.ipv6.conf.docker0.ioam6_id_wide: 4294967295
Added: net.ipv6.conf.docker0.ra_defrtr_metric: 1024
Added: net.ipv6.conf.eth0.ioam6_enabled: 0
Added: net.ipv6.conf.eth0.ioam6_id: 65535
Added: net.ipv6.conf.eth0.ioam6_id_wide: 4294967295
Added: net.ipv6.conf.eth0.ra_defrtr_metric: 1024
Added: net.ipv6.conf.lo.ioam6_enabled: 0
Added: net.ipv6.conf.lo.ioam6_id: 65535
Added: net.ipv6.conf.lo.ioam6_id_wide: 4294967295
Added: net.ipv6.conf.lo.ra_defrtr_metric: 1024
Added: net.ipv6.fib_multipath_hash_fields: 7
Added: net.ipv6.fib_notify_on_flag_change: 0
Added: net.ipv6.ioam6_id: 16777215
Added: net.ipv6.ioam6_id_wide: 72057594037927935
Added: net.netfilter.nf_conntrack_tcp_ignore_invalid_rst: 0
Added: net.netfilter.nf_hooks_lwtunnel: 0
Added: user.max_fanotify_groups: 128
Added: user.max_fanotify_marks: 54813
Added: vm.percpu_pagelist_high_fraction: 0
Changed: fs.epoll.max_user_watches: 1666560 -> 1811300
Changed: fs.file-max: 813432 -> 813248
Changed: fs.inotify.max_user_watches: 8192 -> 51557
Changed: fs.xfs.speculative_cow_prealloc_lifetime: 1800 -> 300
Changed: kernel.threads-max: 63574 -> 63567
Changed: net.ipv4.tcp_mem: 94173 125565 188346 -> 94164 125552 188328
Changed: net.ipv4.udp_mem: 188346 251131 376692 -> 188328 251105 376656
Changed: net.netfilter.nf_conntrack_buckets: 65536 -> 262144
Changed: net.netfilter.nf_conntrack_expect_max: 1024 -> 4096
Changed: user.max_cgroup_namespaces: 31787 -> 31783
Changed: user.max_inotify_watches: 8192 -> 51557
Changed: user.max_ipc_namespaces: 31787 -> 31783
Changed: user.max_mnt_namespaces: 31787 -> 31783
Changed: user.max_net_namespaces: 31787 -> 31783
Changed: user.max_pid_namespaces: 31787 -> 31783
Changed: user.max_time_namespaces: 31787 -> 31783
Changed: user.max_user_namespaces: 31787 -> 31783
Changed: user.max_uts_namespaces: 31787 -> 31783
Deleted: vm.block_dump: 0
Deleted: vm.percpu_pagelist_fraction: 0

cos-dev-101-16963-0-0

Date	Kernel	Docker	Containerd	Default GPU Driver
Mar 16, 2022	COS-5.10.105	v20.10.12	v1.6.1	v470.82.01

Updated the Linux kernel to v5.10.105.

Added get_status API in device policy manager.

Fixed a warning related to IPv4 parsing error in cloud-init.

Fixed an issue in systemd to consider primary network interface configured only after non-link-local IPv4 address is available.

Updated CIS Scanner to v1.1.4.2.

cos-dev-101-16941-0-0

Date	Kernel	Docker	Containerd	Default GPU Driver
Mar 07, 2022	COS-5.10.101	v20.10.12	v1.6.1	v470.82.01

cos_extensions and toolbox utilities now fetch container images from multi-region Artifact Registry.

Enabled disk_setup module in cloud-init.

Fixed CVE-2022-0847 in the Linux kernel.

Updated containerd to v1.6.1. This resolves CVE-2022-23648.

cos-dev-101-16928-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Feb 28, 2022	COS-5.10.101	v1.23.3	v20.10.12	v1.6.0	v470.82.01

Fixed CVE-2021-45346 in dev-db/sqlite.

Updated app-editors/vim and app-editors/vim-core to v8.2.4328. This resolves CVE-2021-4187, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0392, CVE-2022-0368, CVE-2022-0393, CVE-2022-0361, CVE-2022-0359, CVE-2022-0413, CVE-2022-0408, CVE-2022-0407 and CVE-2022-0443.

Fixed segmentation fault in ebtables.

Updated stackdriver logging default config to support multiple time formats which fixed bug of dropped logs in some conditions.

Updated toolbox script to use nspawn share system environment variable.

Updated containerd to v1.6.0.

Updated cri-tools to v1.23.0.

Updated the Linux kernel to v5.10.101.

Added CLI to change cgroup versions.

Added CIS Scanner (app-admin/localtoast) v1.1.4.1.

Renamed cos-alphabet-compliance to cis-compliance. cis-compliance will only install scripts needed to make the VM Level 2 CIS compliant.

Added the support to export logs of the cis-level1, cis-level2 and cis-compliance-scanner systemd services via stackdriver logging.

Enabled CONFIG_BFQ_GROUP_IOSCHED kernel configuration.

Added command "cos-extensions list -- --gpu-installer" to show the default cos-gpu-installer.

Set NVMe IO timeout to 4294967295.

Fixed an issue in the Linux kernel where I/Os would sometimes fail on SEV-enabled machines due to a full swiotlb buffer.

Added xemu kernel module.

Added support for NFSv4 Kerberos authentication.

cos-dev-97-16882-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Feb 07, 2022	COS-5.10.96	v1.23.3	v20.10.12	v1.5.9	v470.82.01

Updated app-admin/sosreport to v4.2.

Updated default gpu driver version to 470.82.01.

Added a workaround for configuring NTP sources through DHCP.

Upgraded runc to v1.1.0.

Updated the built-in kubectl/kubelet to 1.23.3.

Updated oslogin to v20220113.00.

Updated docker-cli to v20.10.12.

Updated docker to v20.10.12.

Updated the Linux kernel to v5.10.96.

Fixed an issue related to shim exiting during system shutdown.

Enabled XDP support.

Added dev-libs/userspace-rcu package.

Upgraded sys-fs/e2fsprogs to v1.46.4.

Upgraded sys-libs/e2fsprogs-libs to v1.46.4.

Upgraded sys-fs/xfsprogs to v5.14.2.

Auto-updates will now only occur within a single milestone. Upgrading your VMs to a new COS milestone will now require you to recreate your VMs.

Added SEV live migration support to the Linux kernel.

Fixed a bug that created excessive warning logs on missing attrs.tag from container logs.

Enabled IBLOCK and FILEIO iSCSI backing stores in the Linux kernel.

cos-dev-97-16853-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Jan 31, 2022	COS-5.10.93	v1.22.4	v20.10.6	v1.5.9	v450.119.04

Updated Linux Audit (sys-process/audit) to v3.0.6.

Updated sys-apps/shadow to v4.11.1.

Upgraded Google OS Config Agent(aka VMManager) to v20220107.00.

Updated the Linux kernel to v5.10.93.

Updated cos-gpu-installer-v2 to v2.0.17 in cos-extensions. Refined error message for installing latest driver. Preinstalled dependencies are now detected separately.

Changed default file permissions used by stackdriver logging agent to not be world readable.

Updated containerd to v1.5.9. This resolves CVE-2021-43816.

cos-dev-97-16843-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Jan 19, 2022	COS-5.10.92	v1.22.4	v20.10.6	v1.5.8	v450.119.04

Updated UEFI shim to v15.4.

Updated the makedumpfile package to v1.7.0.

Updated the stackdriver logging agent to v1.9.4.

Updated the default toolbox container to v20211027.

Upgraded app-admin/google-guest-agent to v20220104.00.

Updated the Linux kernel to v5.10.92.

Fixed an issue where IPv6 address allocation sometimes fails in systemd.

Update vim and vim-core to v8.2.3950. This resolves CVE-2021-4193, CVE-2021-4192, CVE-2021-4173, CVE-2021-4166, and CVE-2021-4136.

Fixed a privilege escalation vulnerability in fs_context in the Linux kernel. This resolves CVE-2022-0185.

Runtime sysctl changes:

Changed: net.ipv6.conf.all.forwarding: 1 -> 0
Changed: net.ipv6.conf.default.forwarding: 1 -> 0
Changed: net.ipv6.conf.docker0.forwarding: 1 -> 0
Changed: net.ipv6.conf.eth0.forwarding: 1 -> 0
Changed: net.ipv6.conf.lo.forwarding: 1 -> 0

cos-dev-97-16832-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Jan 11, 2022	COS-5.10.90	v1.22.4	v20.10.6	v1.5.8	v450.119.04

Upgraded app-emulation/runc to v1.0.3. This resolves CVE-2021-43784.

Fixed CVE-2021-41190 in app-emulation/docker.

Updated vim and vim-core to v8.2.3741. This resolves CVE-2021-3973, CVE-2021-3968, CVE-2021-4069, CVE-2021-4019, CVE-2021-3984 and CVE-2021-3974.

Upgraded dev-libs/nspr to v3.42. This resolves CVE-2021-43527.

Upgraded dev-libs/nss to v3.73. This resolves CVE-2021-43527.

Upgraded app-crypt/nss to v3.73. This resolves CVE-2021-43527.

Fixed CVE-2021-4155 in the Linux kernel.

Disabled VDSO on ARM by default.

Added support for consistent device naming for NVMe disks.

Fixed access to private toolbox images hosted on GCR.

Fixed resolv.conf in toolbox.

Added Google Guest Configs.

Added lsof package.

Updated cloud-init to v21.4.

Updated netplan to v0.103.

Updated net-misc/prips to v1.2.0.

Updated google-guest-agent to v20211011.00.

Updated systemd to v249.6.

Updated the Linux kernel to v5.10.90.

Updated docker-credential-gcr to v2.1.0.

Runtime sysctl changes:

Changed: fs.epoll.max_user_watches: 1667850 -> 1666560
Changed: fs.file-max: 814061 -> 813432
Changed: kernel.bootloader_type: 114 -> 6
Changed: kernel.bootloader_version: 2 -> 38
Changed: kernel.core_pattern: |/sbin/crash_reporter --user=%P:%s:%u:%g:%f -> |/bin/false
Changed: kernel.core_pipe_limit: 4 -> 0
Changed: kernel.threads-max: 63623 -> 63574
Changed: net.ipv4.conf.all.log_martians: 0 -> 1
Changed: net.ipv4.conf.default.log_martians: 0 -> 1
Changed: net.ipv4.conf.docker0.log_martians: 0 -> 1
Changed: net.ipv4.conf.eth0.log_martians: 0 -> 1
Changed: net.ipv4.tcp_mem: 94245 125663 188490 -> 94173 125565 188346
Changed: net.ipv4.udp_mem: 188493 251327 376986 -> 188346 251131 376692
Changed: user.max_cgroup_namespaces: 31811 -> 31787
Changed: user.max_ipc_namespaces: 31811 -> 31787
Changed: user.max_mnt_namespaces: 31811 -> 31787
Changed: user.max_net_namespaces: 31811 -> 31787
Changed: user.max_pid_namespaces: 31811 -> 31787
Changed: user.max_time_namespaces: 31811 -> 31787
Changed: user.max_user_namespaces: 31811 -> 31787
Changed: user.max_uts_namespaces: 31811 -> 31787

cos-dev-97-16778-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Dec 01, 2021	COS-5.10.81	v1.22.4	v20.10.6	v1.5.8	v450.119.04

Upgraded the built-in Kubelet to v1.22.4.

Updated ChromeOS base to ChromeOS version 14283.0.0.

Updated the Linux kernel to v5.10.81.

Enabled cgroup v2.

Enabled ipv4 and ipv6 in sshd.

Updated containerd to v1.5.8. This resolves CVE-2021-41190 in containerd.

Fixed CVE-2021-35942 and CVE-2021-38604 in glibc.

Updated openssl to 1.1.1l. This resolves CVE-2021-3711 and CVE-2021-3712.

Fixed CVE-2020-12403 in nss.

Fixed CVE-2021-41617 in openssh.

Fixed CVE-2020-14387 in rsync.

Upgraded dev-libs/libgcrypt to v1.9.4. This resolves CVE-2021-40528.

Updated vim and vim-core to v8.2.3582. This resolves CVE-2021-3928, CVE-2021-3927, CVE-2021-3872, CVE-2021-3903, and CVE-2021-3875.

cos-dev-97-16748-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Nov 08, 2021	COS-5.10.77	v1.21.3	v20.10.6	v1.5.7	v450.119.04

Updated the Linux kernel to v5.10.77.

Enabled virtual console.

Enabled cos-extensions to fetch artifacts with geo-redundancy when installing GPU driver.

Upgraded openssl to v1.1.1l. This fixes CVE-2021-3711.

Upgraded app-arch/libarchive to v3.5.2. This fixes CVE-2021-36976.

Runtime sysctl changes:

Added: dev.cdrom.autoclose: 1
Added: dev.cdrom.autoeject: 0
Added: dev.cdrom.check_media: 0
Added: dev.cdrom.debug: 0
Added: dev.cdrom.lock: 1
Changed: fs.epoll.max_user_watches: 1667911 -> 1667891
Changed: fs.file-max: 814101 -> 814087
Changed: net.ipv4.tcp_mem: 94251 125668 188502 -> 94248 125667 188496
Changed: net.ipv4.udp_mem: 188502 251336 377004 -> 188499 251335 376998

cos-dev-97-16723-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Oct 18, 2021	COS-5.10.72	v1.21.3	v20.10.6	v1.5.7	v450.119.04

Updated the Linux kernel to v5.10.72.

Upgraded net-dns/c-ares to v1.17.2.

Add LZ4 compression support in kernel.

Upgraded net-misc/curl to v7.79.1. This resolves CVE-2021-22945.

Fixed CVE-2021-39537 in sys-libs/ncurses.

cos-dev-97-16714-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Oct 11, 2021	COS-5.10.71	v1.21.3	v20.10.6	v1.5.7	v450.119.04

Updated the Linux kernel to v5.10.71.

Enable ipip and fou kernel modules.

Added crictl commands to sosreport.

Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.

Updated containerd to 1.5.7. This resolves CVE-2021-41103.

Updated vim to version 8.2.3428. This resolves CVE-2021-3796, CVE-2021-3778, and CVE-2021-3770.

cos-dev-97-16699-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Oct 04, 2021	COS-5.10.69	v1.21.3	v20.10.6	v1.5.4	v450.119.04

Updated the Linux kernel to v5.10.69.

cos-dev-97-16695-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Sep 27, 2021	COS-5.10.68	v1.21.3	v20.10.6	v1.5.4	v450.119.04

Updated node-problem-detector to v0.8.10.

Updated the Linux kernel to v5.10.68.

Made XFRM statistics available at /proc/net/xfrm_stat.

Created kernel config file under /boot directory.

Fixed CVE-2020-12403 in dev-libs/nss.

Updated glib, glib-utils and gdbus-codegen to v2.68.3. This resolves CVE-2021-28153.

cos-dev-97-16687-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Sep 20, 2021	COS-5.10.65	v1.21.3	v20.10.6	v1.5.4	v450.119.04

Updated the Linux kernel to v5.10.65.

Updated app-emulation/containerd to v1.5.4. This resolves CVE-2021-32760.

cos-dev-97-16678-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Sep 13, 2021	COS-5.10.62	v1.21.3	v20.10.6	v1.5.3	v450.119.04

Updated the Linux kernel to v5.10.62.

cos-dev-97-16669-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Sep 07, 2021	COS-5.10.61	v1.21.3	v20.10.6	v1.5.3	v450.119.04

Upgraded sys-libs/ncurses to v6.2. This resolves CVE-2019-17594 and CVE-2019-17595.

Upgraded net-misc/wget to v1.21.1. This resolves CVE-2021-31879.

Upgraded net-misc/curl to v7.78.0. This resolves CVE-2021-22924 and CVE-2021-22926.

Enabled configuring NTP server using cloud-init.

Updated the Linux kernel to v5.10.61.

Updated nanopb to v0.4.5 in KTD.

cos-dev-93-16594-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Aug 02, 2021	COS-5.10.53	v1.21.3	v20.10.6	v1.5.3	v450.119.04

Updated the built-in kubectl/kubelet to v1.21.3.

Updated containerd to v1.5.3.

Updated sosreport to v4.1.

Updated chronyd to v4.1.

Updated containerd to v1.5.3.

Updated docker-credential-gcr to v2.0.5.

Updated docker-cli to v20.10.6.

Updated ChromeOS base to ChromeOS version 14056.0.0.

Updated the Linux kernel to v5.10.53.

Upgraded Linux Audit (sys-process/audit) to v3.0.2.

Upgraded openssl package to v1.1.1k to resolve CVEs CVE-2021-3449 and CVE-2021-3450.

Upgraded xfsprogs to version v5.10.

Upgraded dev-util/gdbus-codegen to version 2.66.7 on x86.

Upgraded dev-libs/glib and dev-util/glib-utils to v2.66.7.

Removed toolbox's dependency on docker command.

Added sys-block/open-iscsi package.

Renamed 99-virtio.network to 99-default.network to include gve driver support.

Enabled IPV6 configuration by default. This does not disable IPV4 configuration. In addition, fixed an issue where enabling both IPv6 and IPv4 configuration on IPv4-exclusive networks resulted in slow boot times.

Fixed CVE-2021-33910 in sys-apps/systemd.

cos-dev-93-16546-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Jul 12, 2021	COS-5.10.48	v1.20.5	v20.10.6	v1.4.4	v450.119.04

Updated the stackdriver logging agent to v1.8.9.

Updated runc to v1.0.0.

Upgraded cos-gpu-installer-v2 to v2.0.6 in cos-extensions. Users can now specify --version=latest when installing GPU drivers.

Updated app-emulation/docker-proxy to v0.8.0_p20210525.

Updated the Linux kernel to v5.10.48.

Enabled CONFIG_MEMORY_FAILURE and CONFIG_X86_MCE in the Linux kernel.

Upgraded libgcrypt to v1.9.3. This fixes CVE-2021-33560.

Added support for ext4 journal checkpointing in the Linux kernel.

Runtime sysctl changes:

Changed: fs.epoll.max_user_watches: 1668341 -> 1667911
Changed: fs.file-max: 814308 -> 814100
Changed: kernel.threads-max: 63641 -> 63625
Changed: net.ipv4.tcp_mem: 94275 125700 188550 -> 94251 125668 188502
Changed: net.ipv4.udp_mem: 188550 251401 377100 -> 188502 251336 377004
Changed: user.max_cgroup_namespaces: 31820 -> 31812
Changed: user.max_ipc_namespaces: 31820 -> 31812
Changed: user.max_mnt_namespaces: 31820 -> 31812
Changed: user.max_net_namespaces: 31820 -> 31812
Changed: user.max_pid_namespaces: 31820 -> 31812
Changed: user.max_time_namespaces: 31820 -> 31812
Changed: user.max_user_namespaces: 31820 -> 31812
Changed: user.max_uts_namespaces: 31820 -> 31812

cos-dev-93-16511-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Jun 28, 2021	COS-5.10.44	v1.20.5	v20.10.6	v1.4.4	v450.119.04

Updated app-emulation/docker-credential-helpers to v0.6.4.

cos-dev-93-16509-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Jun 21, 2021	COS-5.10.44	v1.20.5	v20.10.6	v1.4.4	v450.119.04

Updated the Linux kernel to v5.10.44.

Set kernel config flag to enable dump capture kernel for ARM64.

Runtime sysctl changes:

Changed: fs.epoll.max_user_watches: 1668321 -> 1668341
Changed: fs.file-max: 814309 -> 814308

cos-dev-93-16482-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Jun 09, 2021	COS-5.10.42	v1.20.5	v20.10.6	v1.4.4	v450.119.04

Updated runc to v1.0.0_rc95. This resolves CVE-2021-30465.

Upgraded Google OS Config Agent (VMManager) to version 20210607.00.

Upgraded cloud-init to v21.2.

Upgraded the Linux kernel to v5.10.42.

Stackdriver logs now record Docker container names by default.

As a result of the kernel upgrade, the following sysctl changes occurred:

Added: kernel.hung_task_all_cpu_backtrace: 0
Added: kernel.oops_all_cpu_backtrace: 0
Added: kernel.sched_deadline_period_max_us: 4194304
Added: kernel.sched_deadline_period_min_us: 100
Added: net.ipv4.ip_autobind_reuse: 0
Added: net.ipv4.nexthop_compat_mode: 1
Added: net.ipv4.tcp_comp_sack_slack_ns: 100000
Added: net.ipv4.tcp_no_ssthresh_metrics_save: 1
Added: net.ipv4.tcp_reflect_tos: 0
Added: net.ipv6.conf.all.rpl_seg_enabled: 0
Added: net.ipv6.conf.default.rpl_seg_enabled: 0
Added: net.ipv6.conf.docker0.rpl_seg_enabled: 0
Added: net.ipv6.conf.eth0.rpl_seg_enabled: 0
Added: net.ipv6.conf.lo.rpl_seg_enabled: 0
Added: user.max_time_namespaces: 31820
Added: vm.compaction_proactiveness: 20
Added: vm.page_lock_unfairness: 5
Changed: fs.epoll.max_user_watches: 1668751 -> 1668321
Changed: fs.file-max: 814576 -> 814309
Changed: kernel.cap_last_cap: 37 -> 40
Changed: kernel.threads-max: 63658 -> 63641
Changed: kernel.usermodehelper.bset: 4294967295 63 -> 4294967295 511
Changed: kernel.usermodehelper.inheritable: 4294967295 63 -> 4294967295 511
Changed: net.core.bpf_jit_kallsyms: 0 -> 1
Changed: net.ipv4.tcp_mem: 94299 125733 188598 -> 94275 125700 188550
Changed: net.ipv4.udp_mem: 188598 251466 377196 -> 188550 251401 377100
Changed: user.max_cgroup_namespaces: 31829 -> 31820
Changed: user.max_ipc_namespaces: 31829 -> 31820
Changed: user.max_mnt_namespaces: 31829 -> 31820
Changed: user.max_net_namespaces: 31829 -> 31820
Changed: user.max_pid_namespaces: 31829 -> 31820
Changed: user.max_user_namespaces: 31829 -> 31820
Changed: user.max_uts_namespaces: 31829 -> 31820
Deleted: kernel.random.read_wakeup_threshold: 64

cos-dev-93-16442-0-0

Date	Kernel	Kubernetes	Docker	Containerd	Default GPU Driver
Jun 01, 2021	COS-5.4.120	v1.20.5	v20.10.6	v1.4.4	v450.119.04

Fixed CPU usage for workloads with heavy page cache usage.

Fixed 32 x truesize under-estimation for tiny skbs in the Linux kernel.

Fixed CVE-2021-3537 in libxml2.

Automatically mount OEM partition if it is sealed.

Upgraded the default GPU drver version to 450.119.04.

Upgraded Google OS Config Agent to v20210506.00.

Updated docker to v20.10.6.

Updated the Linux kernel to v5.4.120.

Updated makedumpfile package to v1.6.9.

cos-dev-93-16379-0-0

Date	Kernel	Kubernetes	Docker	Containerd
May 03, 2021	COS-5.4.114	v1.20.5	v20.10.3	v1.4.4

Updated the Linux kernel to v5.4.114.

Updated sshd.service to not drop active ssh sessions when sshd is restarted.

Updated google-guest-agent to v20210408.00.

Fixed CVE-2020-24977 in libxml2.

cos-dev-93-16351-0-0

Date	Kernel	Kubernetes	Docker	Containerd
Apr 22, 2021	COS-5.4.113	v1.20.5	v20.10.3	v1.4.4

Updated the Linux kernel to v5.4.113.

Upgraded dev-vcs/git to version 2.31.0. This resolves CVE-2021-21300.

Fixed an out-of-bounds write issue in the Linux kernel.

cos-dev-93-16340-0-0

Date	Kernel	Kubernetes	Docker	Containerd
Apr 19, 2021	COS-5.4.112	v1.20.5	v20.10.3	v1.4.4

Updated the Linux kernel to v5.4.112.

Updated kubernetes to v1.20.5.

Upgrade tar to 1.34.

Enable ip6table_nat as module.

cos-dev-93-16331-0-0

Date	Kernel	Kubernetes	Docker	Containerd
Apr 12, 2021	COS-5.4.110	v1.20.2	v20.10.3	v1.4.4

Updated the Linux kernel to v5.4.110.

Upgraded dev-db/sqlite to version 3.34.1. This resolves CVE-2021-20227.

Upgraded Google OS Config Agent to version 20210331.00.

Updated containerd to version 1.4.4.

Configured google-guest-agent to use usermod instead of gpasswd to add users to groups. This fixes an issue where users created through cloud-init sometimes were not added to the appropriate groups.

Enabled CONFIG_IP6_NF_MANGLE to allow ip6table_mangle kernel module.

cos-dev-93-16303-0-0

Date	Kernel	Kubernetes	Docker
Apr 05, 2021	COS-5.4.108	v1.20.2	v20.10.3

Updated openssl to 1.1.1k to resolve CVE-2021-3449 and CVE-2021-3450.

Enabled CONFIG_TLS and CONFIG_TLS_DEVICE in the kernel to support kTLS.

cos-dev-93-16295-0-0

Date	Kernel	Kubernetes	Docker
Mar 29, 2021	COS-5.4.108	v1.20.2	v20.10.3

Upgraded OpenSSH to v8.5_p1. This resolved CVE-2021-28041.

Updated docker-credential-gcr to v2.0.4.

Updated the Linux kernel to v5.4.108.

Fixed an issue in google-guest-agent where the GID of a user's home directory referred to a different user after a reboot.

Enabled CONFIG_TLS in the kernel to support OpenSSL3.0.

cos-dev-93-16259-0-0

Date	Kernel	Kubernetes	Docker
Mar 22, 2021	COS-5.4.104	v1.20.2	v20.10.3

Updated cos-gpu-installer to v2.0.5 in cos-extensions.

Upgrade e2fsprogs to version 1.46.2

Updated the Linux kernel to upstream/v5.4.104.

cos-dev-93-16240-0-0

Date	Kernel	Kubernetes	Docker
Mar 15, 2021	COS-5.4.102	v1.20.2	v20.10.3

Updated the Linux kernel to v5.4.102.

cos-dev-93-16234-0-0

Date	Kernel	Kubernetes	Docker
Mar 08, 2021	COS-5.4.101	v1.20.2	v20.10.3

Revert "Stackdriver logs now record Docker container names by default" due to an incompatibility with Kubernetes.

Upgraded sys-auth/pambase to version 20201103.

Upgraded sys-libs/pam to version 1.5.1.

Upgraded sys-auth/passwdqc to version 1.4.0.

Updated the Linux kernel to upstream/v5.4.101.

Updated Docker to 20.10.3.

Updated chronyd to run as the chrony user instead of the root user.

Updated openssl to version 1.1.1j. This resolves CVE-2021-23840 and CVE-2021-23841.

cos-dev-93-16207-0-0

Date	Kernel	Kubernetes	Docker
Mar 01, 2021	COS-5.4.100	v1.20.2	v20.10.2

Upgraded libgcrypt to v1.9.1. This addresses CVE-2021-3345.

Upgraded dev-python/jinja to v2.11.3. This addresses CVE-2020-28493.

Updated glib to v2.66.7. This addresses CVE-2021-27218 and CVE-2021-27219.

Updated the Linux kernel to v5.4.100.

Updated cos-gpu-installer to v2.0.4 in cos-extensions.

Fixed warning in docker when homedir not present.

Added support for multiple architectures in toolbox.

cos-dev-93-16173-0-0

Date	Kernel	Kubernetes	Docker
Feb 22, 2021	COS-5.4.98	v1.20.2	v20.10.2

Fixed a kernel crash due to fast commit changes.

Updated the Linux kernel to upstream/v5.4.98.

cos-dev-93-16136-0-0

Date	Kernel	Kubernetes	Docker
Feb 08, 2021	COS-5.4.95	v1.20.2	v20.10.2

Remove read/write/execute permissions of group and other user accounts for systemd timer files.

Upgraded e2fsprogs to version 1.46.0.

Upgraded sys-libs/e2fsprogs-libs-1.46.0.

Downgraded Google OS Config Agent to v20201229.01.

Updated the Linux kernel to v5.4.95.

Added package net-fs/cifs-utils v6.11.

Container-Optimized OS Release Notes: DEV Stay organized with collections Save and categorize content based on your preferences.

November 17, 2025

cos-dev-129-19386-0-0

November 11, 2025

cos-dev-129-19370-0-0

November 03, 2025

cos-dev-129-19350-0-0

October 27, 2025

cos-dev-129-19340-0-0

October 24, 2025

cos-dev-129-19334-0-0

October 20, 2025

cos-dev-129-19326-0-0

October 13, 2025

cos-dev-129-19319-0-0

October 06, 2025

cos-dev-129-19302-0-0

September 29, 2025

cos-dev-129-19290-0-0

September 24, 2025

cos-dev-129-19284-0-0

September 16, 2025

cos-dev-129-19279-0-0

September 08, 2025

cos-dev-129-19271-0-0

August 25, 2025

cos-dev-129-19251-0-0

August 18, 2025

cos-dev-129-19246-0-0

August 12, 2025

cos-dev-129-19226-0-0

July 30, 2025

cos-dev-125-19175-0-0

July 24, 2025

cos-dev-125-19165-0-0

June 30, 2025

cos-dev-125-19126-0-0

June 23, 2025

cos-125-19115-0-0

June 18, 2025

cos-dev-125-19104-0-0

June 17, 2025

cos-dev-125-19094-0-0

June 02, 2025

cos-dev-125-19071-0-0

May 12, 2025

cos-dev-125-19041-0-0

May 05, 2025

cos-dev-125-19025-0-0

April 29, 2025

cos-dev-125-19014-0-0

April 25, 2025

cos-dev-125-19000-0-0

April 14, 2025

cos-dev-125-18986-0-0

March 31, 2025

cos-dev-125-18971-0-0

March 24, 2025

cos-dev-125-18964-0-0

March 17, 2025

cos-dev-121-18867-0-53

February 24, 2025

cos-dev-121-18867-0-24

February 03, 2025

cos-dev-121-18865-0-0

January 27, 2025

cos-dev-121-18849-0-0

January 17, 2025

cos-dev-121-18828-0-0

January 16, 2025

cos-dev-121-18827-0-0

January 06, 2025

cos-dev-121-18808-0-0

December 09, 2024

cos-dev-121-18779-0-0

November 18, 2024

cos-dev-121-18759-0-0

November 11, 2024

cos-dev-121-18747-0-0

November 06, 2024

Container-Optimized OS Release Notes: DEV