You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
February 24, 2026
cos-dev-133-19566-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.74 | v27.5.1 | v2.2.1 | See List |
Made it so that /run is mounted as noexec.
Updated the Linux kernel to v6.12.74.
Upgraded containerd to v2.2.1.
Added support for 590.44.01 and 590.48.01 NVIDIA driver for NVIDIA_RTX_PRO_6000
Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.
Added support for NVIDIA driver v580.126.09-grid for NVIDIA_RTX_PRO_6000 GPU type.
Enabled buffer overflow detection for kernel str/mem functions.
Upgraded app-admin/google-guest-agent to v20260121.00.
Upgraded app-admin/oslogin to v20260128.00.
Upgraded app-admin/oslogin to v20260129.00.
Upgraded dev-db/sqlite to v3.51.2.
Upgraded net-libs/libnetfilter_conntrack to v1.1.1.
Upgraded net-misc/rsync to v3.4.1-r2.
Upgraded net-misc/socat to v1.8.1.0-r1.
Upgraded sys-apps/gentoo-functions to v1.7.6.
Upgraded sys-apps/less to v692.
Upgraded sys-process/procps to v4.0.6.
Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.
Fixed CVE-2025-40147 in the Linux kernel.
Fixed CVE-2026-0915 in sys-apps/glibc.
Fixed KCTF-e3f000f in the Linux kernel.
Fixed KCTF-f8db647 in the Linux kernel.
Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.
Updated dev-libs/openssl to v3.5.5. This resolves CVE-2025-15467.
Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.
February 03, 2026
cos-dev-129-19506-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.67 | v27.5.1 | v2.2.0 | See List |
Made it so that /mnt/disks is mounted as noexec.
Updated CONFIG_BLK_DEV_LOOP_MIN_COUNT to 0. This allows unlimited loop devices.
Updated app-containers/containerd to v2.2.0.
Updated app-containers/runc to v1.4.0.
Updated dev-libs/openssl to v3.5.4.
Updated the Linux kernel to v6.12.67.
Upgrade dev-libs/json-c from 0.16-r1 to 0.18.0.
Upgrade dev-libs/libuv from 1.43.0 to 1.51.0-r1.
Upgrade dev-util/cmake from 3.26.4 to 3.31.9.
Added support for CASFS (Content Addressable Storage File System) as a kernel module.
Removed the futility program from the root file system.
Added binary auth-provider-gcp.
Updated cos-gpu-installer to v2.5.10.
Updated kubelet and kubectl to v1.35.0.
Updated sys-libs/readline to v8.3.
Upgraded app-admin/fluent-bit to v4.2.2.
Upgraded app-admin/google-guest-configs to v20260112.00.
Upgraded app-admin/oslogin to v20260116.00.
Upgraded app-admin/sosreport to v4.10.2.
Upgraded app-benchmarks/microbenchmarks to v0.0.1-r21.
Upgraded app-containers/cni-plugins to v1.9.0.
Upgraded app-containers/docker-credential-gcr to v2.1.31
Upgraded app-containers/docker-credential-helpers to v0.9.5.
Upgraded app-crypt/mit-krb5 from version 1.20.1 to version 1.22.1.
Upgraded app-shells/bash to v5.3.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r671.
Upgraded chromeos-base/debugd-client to v0.0.1-r2737.
Upgraded chromeos-base/google-breakpad to v2025.12.22.204548-r263.
Upgraded chromeos-base/google-breakpad to v2026.01.12.054131-r266.
Upgraded chromeos-base/google-breakpad to v2026.01.16.201758-r268.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2972.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2833.
Upgraded dev-db/sqlite to v3.51.1.
Upgraded google-guest-configs to v20260121.00.
Upgraded net-dns/c-ares to v1.34.6.
Upgraded net-libs/gnutls to v3.8.11.
Upgraded net-misc/socat to v1.8.1.0.
Upgraded sys-apps/dmidecode to v3.7.
Upgraded sys-apps/kmod to v34.2.
Upgraded sys-apps/less to v691.
Upgraded sys-apps/nvme-cli from version 1.6-r1 to version 2.16, added package sys-libs/libnvme.
Upgraded sys-apps/pv to v1.10.3.
Upgraded sys-libs/libseccomp to v2.6.0-r3.
Fixed CVE-2025-12084 in dev-lang/python.
Fixed CVE-2025-13836 in dev-lang/python.
Fixed CVE-2025-13837 in dev-lang/python.
Fixed CVE-2025-61727 in dev-lang/go.
Fixed CVE-2025-61729 in dev-lang/go.
Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.
Fixed CVE-2026-21441 in dev-python/urllib3.
Fixed KCTF-2397e92 in the Linux kernel.
Fixed KCTF-50da4b9 in the Linux kernel.
Runtime sysctl changes:
- Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068
December 16, 2025
cos-dev-129-19437-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.61 | v27.5.1 | v2.1.5 | See List |
Applied ethtool ring length changes to a4x's first Diorite interface.
Added guest support for paravirtualization of cpuids on ARM machines.
Upgraded net-misc/curl from 8.12.1 to 8.17.0.
Fixed CVE-2025-40256 in the Linux kernel.
Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.
Updated containerd and containerd-test to v2.1.5. This resolves CVE-2024-25621 and CVE-2025-64329.
Runtime sysctl changes:
- Changed: fs.file-max: 811412 -> 811430
December 10, 2025
cos-dev-129-19424-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.61 | v27.5.1 | v2.1.4 | See List |
Updated the Linux kernel to v6.12.61.
Added patches to handle IDPF tx timeouts.
Added support for NVIDIA driver v580.105.08 and set it as the default version for all GPU types.
Enabled automatic loading of RDMA kernel modules when CX-8 devices are detected.
Upgraded app-admin/fluent-bit to v4.2.0.
upgraded net-fs/cifs-utils to v7.4.
Runtime sysctl changes:
- Changed: fs.file-max: 811490 -> 811412
December 03, 2025
cos-dev-129-19407-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.57 | v27.5.1 | v2.1.4 | See List |
Made the google-guest-agent more resilient to network link flakes.
Fixed CVE-2025-40212 in the Linux kernel.
Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.
Runtime sysctl changes:
- Changed: fs.file-max: 811538 -> 811490
December 02, 2025
cos-dev-129-19403-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.57 | v27.5.1 | v2.1.4 | See List |
Enabled KVM for COS ARM64.
Enabled Software Watchdog as a module.
Fixed an issue in app-containers/runc that caused runc to use more file descriptors than intended.
Upgraded net-libs/libtirpc to v1.3.7-r2.
Upgraded net-misc/rsync to v3.4.1-r1.
Upgraded net-misc/wget to v1.25.0-r1.
Upgraded sys-apps/pv to v1.10.1.
Upgraded sys-apps/pv to v1.10.2.
Upgraded sys-process/procps to v4.0.5-r3.
Fixed KCTF-60e6489 in the Linux Kernel.
Fixed KCTF-b441cf3 in the Linux kernel.
November 17, 2025
cos-dev-129-19386-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.57 | v27.5.1 | v2.1.4 | See List |
Updated app-containers/runc to v1.3.3.
Added support for the Lustre 2.14.0_p224 drivers.
Updated the Google OS Config Agent package to version 20250522.00.
Updated the OS Login package to version 20251022.00.
Backported various TCPDirect networking fixes.
Runtime sysctl changes:
- Changed: fs.file-max: 811473 -> 811420
November 11, 2025
cos-dev-129-19370-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.57 | v27.5.1 | v2.1.4 | See List |
Made CX-8 NIC naming order deterministic.
Updated app-containers/cri-tools to 1.32.0.
Updated app-containers/runc to v1.3.2.
Fixed CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 in app-containers/runc.
Upgraded sys-libs/libcap to v2.77.
Fixed a bug where setting MTU above 9000 on ARM systems with a 64k page size would cause IDPF networking to fail.
Added support for SCSI logging.
Upgraded chromeos-base/google-breakpad to v2025.10.31.183851-r257.
Upgraded sys-auth/pambase to v20251104.
Upgraded net-libs/gnutls to v3.8.10 and dev-libs/nettle to 3.10.2.
Updated app-containers/containerd to v2.1.4.
Fixed bcache latency spikes.
Upgraded dev-libs/nss to 3.117 and dev-libs/nspr to 4.37.
Enabled HTCP TCP congestion control algorithm as a module.
Updated the Linux kernel to v6.12.57.
Upgraded sys-apps/makedumpfile to v1.7.8.
Runtime sysctl changes:
- Changed: fs.file-max: 811384 -> 811473
Updated app-admin/sosreport to v4.10.1. Enabled containerd stack dump by default.
Enabled multiport support for CX-8 devices.
Upgraded sys-process/audit to 4.0.2-r1.
Upgraded app-emulation/cloud-init to v25.1.4.
Updated net-misc/chrony to v4.8.
Upgraded dev-python/coverage to v7.10.7.
November 03, 2025
cos-dev-129-19350-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.55 | v27.5.1 | v2.1.3 | See List |
Runtime sysctl changes:
- Changed: fs.file-max: 811495 -> 811384
Fixed a bug in cos-extensions which would cause GB200 and GB300 devices not to be detected in one code path, which would result in Imex channels not being created by default.
Fixed a TCPX bug which would sometimes incorrectly report devices as being missing when route cache entries were missing or invalidated.
Updated the Linux kernel to v6.12.55.
October 27, 2025
cos-dev-129-19340-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.54 | v27.5.1 | v2.1.3 | See List |
Added GB300 support to cos-extensions.
Added support for NVIDIA driver v535.274.02 and v570.195.03.
Updated cos-gpu-installer to v2.5.9. This adds support for installing drivers for GB 300 devices.
Upgraded sys-apps/less to v685.
Upgraded sys-apps/pv to v1.9.44.
Updated the Linux kernel to v6.12.54.
Fixed CVE-2025-11413 and CVE-2025-11414 in binutils-libs.
Upgraded chromeos-base/google-breakpad to v2025.10.16.221019-r255.
October 24, 2025
cos-dev-129-19334-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.53 | v27.5.1 | v2.1.3 | See List |
Fixed CVE-2025-11495 in binutils-libs.
Updated app-containers/runc to v1.2.7.
Fixed CVE-2025-11494 in binutils-libs.
Upgraded sys-auth/pambase to v20251013.
Upgraded app-admin/google-guest-configs to v20251014.00.
Upgraded sys-apps/pv to v1.9.42.
Updated cos-gpu-installer to v2.5.8.
Fixed CVE-2025-11412 in binutils-libs.
Added support for NVIDIA GB300 devices.
Upgraded sys-apps/hwdata to v0.400.
Added support for A4X-Max NICs.
October 20, 2025
cos-dev-129-19326-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.53 | v27.5.1 | v2.1.3 | See List |
Runtime sysctl changes:
- Changed: fs.file-max: 811438 -> 811426
Updated the Linux kernel to v6.12.53.
Updated the dump capture kernel to v6.12.52.
Fixed KCTF-6bb73db in the Linux Kernel.
Reduced gcr_wait_online retry gap.
Updated golang.org/x/crypto, golang.org/x/net, and golang.org/x/oauth2 in kubelet and kubectl.
October 13, 2025
cos-dev-129-19319-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.50 | v27.5.1 | v2.1.3 | See List |
Runtime sysctl changes:
- Changed: fs.file-max: 811493 -> 811438
- Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068
Upgraded sys-apps/hwdata to v0.399.
Added support for NVIDIA driver v580.95.05. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.95.05.
Updated the Linux kernel to v6.12.50.
Upgraded app-containers/docker-credential-helpers to v0.9.4.
Upgraded net-libs/libtirpc to v1.3.7.
Updated sys-apps/coreutils to v9.5. This resolves CVE-2024-0684.
Fixed CVE-2025-11081, CVE-2025-11082 and CVE-2025-11083 in sys-libs/binutils-libs.
Upgraded dev-libs/expat to v2.7.3.
Updated toolbox container image tag to v20251002.
Upgraded chromeos-base/google-breakpad to v2025.10.06.205107-r254.
Updated dev-python/urllib3 to v2.5.0. This resolves CVE-2025-50181.
Fixed KCTF-134121b in the Linux kernel.
Upgraded open-vm-tools to 13.0.5. This fixes CVE-2025-41244 in anthos variant.
Partially fixed an issue where excessive contention among writeback kworkers when switching a large number of inodes between cgroups could lead to system unresponsiveness.
October 06, 2025
cos-dev-129-19302-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.49 | v27.5.1 | v2.1.3 | See List |
Add support for NVIDIA MFT Tools v4.33.0.
Runtime sysctl changes:
- Changed: fs.file-max: 811490 -> 811493
- Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068
Configured the cos-gpu-installer to use R580 drivers as the default GPU drivers.
Updated the Linux kernel to v6.12.49.
Updated dev-python/jinja to v3.1.6. This resolves CVE-2024-56326, CVE-2024-56201 and CVE-2025-27516.
September 29, 2025
cos-dev-129-19290-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.48 | v27.5.1 | v2.1.3 | See List |
Updated golang.org/x/oauth2, golang.org/x/net, golang.org/x/crypto, and github.com/golang-jwt/jwt/v5 in Docker.
Added CPU balloon support for ARM CPUs.
Added support for the fwctl subsystem and the Mellanox fwctl driver for ARM64.
Upgraded dev-libs/expat to v2.7.2.
Updated the Linux kernel to v6.12.48.
Upgraded app-admin/google-guest-configs to v20250913.00.
Upgraded sys-auth/pambase to v20250906.
September 24, 2025
cos-dev-129-19284-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.47 | v27.5.1 | v2.1.3 | See List |
Added support for NVIDIA driver v580.82.07. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.82.07.
Updated the Linux kernel to v6.12.47.
Enabled Coherent Driver Memory Management by default when installing GPU drivers on GB2000.
Updated cos-gpu-installer to v2.5.7.
Upgraded dev-libs/libxslt to version 1.1.43-r1.
Runtime sysctl changes:
- Changed: fs.file-max: 811423 -> 811483
- Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068
Upgraded dev-libs/libxml2 to version 2.13.9. This fixes CVE-2025-9714, CVE-2025-32415 and CVE-2025-32414.
September 16, 2025
cos-dev-129-19279-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.46 | v27.5.1 | v2.1.3 | See List |
Fixed a kernel bug which caused boot to fail for n4 machine types.
Added GDRCopy kernel module for NVIDIA drivers.
Updated the Linux kernel to v6.12.46.
Added support for NVIDIA MFT Tools on arm64.
Runtime sysctl changes:
- Changed: fs.file-max: 811510 -> 811423
September 08, 2025
cos-dev-129-19271-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.43 | v27.5.1 | v2.1.3 | See List |
Enabled dynamic vlan configuration for non-primary NICs.
Added kernel support for bare-metal on the NVIDIA Grace platform.
Fixed an issue where cpusets cgroups did not work with cgroup v1 enabled.
Added iRDMA support in the Linux kernel.
Upgraded sys-auth/pambase to v20250826.
Upgraded sys-apps/file to v5.46-r3.
Fixed CVE-2025-6052 in dev-libs/glib.
Updated the Linux kernel to v6.12.43.
Upgraded sys-apps/hwdata to v0.398.
Disabled DNSSEC by default for COS TPU VMs.
Installed app-misc/c_rehash.
Added TDX RTMR support.
Runtime sysctl changes:
- Changed: fs.file-max: 811419 -> 811510
Upgraded chromeos-base/google-breakpad to v2025.08.18.161925-r245.
Upgraded app-admin/google-guest-configs to v20250818.00.
Added IPv6 support for machines using the IDPF driver.
Upgraded app-admin/google-guest-configs to v20250826.00.
August 25, 2025
cos-dev-129-19251-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.42 | v27.5.1 | v2.1.3 | See List |
Added support for the Lustre 2.14.0_p216 drivers.
Runtime sysctl changes:
- Changed: fs.file-max: 811494 -> 811419
Fixed KCTF-abad3d0 in the Linux kernel.
August 18, 2025
cos-dev-129-19246-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.41 | v27.5.1 | v2.1.3 | See List |
Upgraded sys-libs/binutils-libs to version 2.45. This fixes CVE-2025-8224,CVE-2025-8225 and CVE-2025-1153.
Upgraded net-nds/rpcbind to v1.2.8.
Enabled the google-guest-agent's network management functionality.
Upgraded sys-apps/gentoo-functions to v1.7.4.
Upgraded dev-lang/go to v1.23.12.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r668.
Fixed KCTF-01d3c84 in the Linux kernel.
Upgraded app-admin/google-guest-configs to v20250807.00.
Added ConnectX-8 RDMA support.
Backported support for AMD SEV-SNP SVSM vTPM driver and configfs-tsm addition for extended attestation protocol.
Upgraded dev-db/sqlite to v3.50.4.
August 12, 2025
cos-dev-129-19226-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.41 | v27.5.1 | v2.1.3 | See List |
Upgraded urllib3 to version 1.26.18. This fixes CVE-2021-33503, CVE-2023-43804, and CVE-2023-45803.
Fixed CVE-2025-8058 in glibc.
Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.
Runtime sysctl changes:
- Changed: fs.file-max: 811510 -> 811531
Removed an artifact registry ping that would delay multi-user.target indefinitely for machines with no external IP address.
Upgraded dev-libs/openssl to 3.5.1.
Upgraded chromeos-base/google-breakpad to v2025.07.23.214511-r244.
Upgraded net-misc/openssh to 10.0_p1.
Upgraded app-admin/sudo to v1.9.17_p2.
Updated dev-python/requests to v2.32.4.
Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.
Updated app-admin/node-problem-detector to 0.8.21.
Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.
Upgraded dev-lang/go to v1.23.11.
Upgraded app-admin/google-guest-configs to v20250718.00.
Upgraded sys-apps/pv to v1.9.34.
Fixed an issue where the cpuidle driver selected for some machine types would cause inflated reports of high CPU usage.
Upgraded dev-db/sqlite to v3.50.3.
Upgraded dev-libs/glib to 2.82.5. This resolves CVE-2024-52533.
Updated containerd to v2.1.3.
Updated app-containers/cni-plugins to 1.7.1.
Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.
Upgraded virtual/logger to v0-r2.
Enabled hardware optimized SHA256 algorithms for x86 machines with SSSE3 and AVX/AVX2 instructions and ARM64 machines with SHA-NI and ARMv8 Crypto Extensions.
Enabled the Btrfs kernel module.
Reverted a containerd change which reduced the default soft file descriptor limit for processes in containers to 1024.
Upgraded chromeos-base/minijail to v18-r168.
Upgraded sys-process/lsof to v4.99.5.
Removed the cloud-final.service dependency on multi-user.target which could delay cloud-init user-data scripts indefinitely when long-running startup scripts are used.
Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.
Upgraded chromeos-base/shill-client to v0.0.1-r4879.
July 30, 2025
cos-dev-125-19175-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.37 | v27.5.1 | v2.0.4 | See List |
Upgraded sqlite to v3.50.2. This resolves CVE-2025-6965.
The NFS access cache is no longer cleared on login by default. To use the old behavior, load the NFS module with the nfs_fasc=1 module parameter.
Runtime sysctl changes:
- Changed: fs.file-max: 811539 -> 811510
Updated app-misc/jq to v1.8.1.
Fixed CVE-2024-26130 in dev-python/cryptography.
Patched openssl to fix CVE-2023-50782 affecting dev-python/crytography.
Fixed KCTF-5e28d5a in the Linux kernel.
July 24, 2025
cos-dev-125-19165-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.37 | v27.5.1 | v2.0.4 | See List |
Upgraded uhaul to version 6.12-0.
Updated the NVIDIA GPU driver policy for New Feature Branch (NFB) drivers. The LATEST tag has been updated to point to the stable 570.133.20 Production Branch. The 575.57.08 NFB driver remains available for development and testing but must now be selected by its specific version number.Removed 575.57.08 NFB driver support for NVIDIA_GB200 machine.
Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.
Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.
Remove support for the v2.14.0_p184 and v2.14.0_p198 Lustre client drivers.
Upgraded app-admin/google-guest-configs to v20250627.00.
Added ARM support for the Lustre 2.14.0 drivers.
Fixed an issue where some workloads could cause a full system hang when running close to their memory limit.
Updated the Linux kernel to v6.12.37.
Upgraded nvidia-container-toolkit to v1.17.8. This fixes CVE-2025-23266.
Upgraded chromeos-base/shill-client to v0.0.1-r4875.
Fixed CVE-2024-6174 and CVE-2024-11584 in cloud-init.
Upgraded chromeos-base/google-breakpad to v2025.07.01.161305-r243.
Runtime sysctl changes:
- Added: kernel.apparmor_restrict_unprivileged_unconfined: 0
- Added: kernel.core_file_note_size_limit: 4194304
- Added: kernel.core_sort_vma: 0
- Added: net.ipv4.fib_multipath_hash_seed: 0
- Added: net.ipv4.tcp_pingpong_thresh: 1
- Added: net.ipv6.conf.all.ra_honor_pio_life: 0
- Added: net.ipv6.conf.all.ra_honor_pio_pflag: 0
- Added: net.ipv6.conf.all.regen_min_advance: 2
- Added: net.ipv6.conf.default.ra_honor_pio_life: 0
- Added: net.ipv6.conf.default.ra_honor_pio_pflag: 0
- Added: net.ipv6.conf.default.regen_min_advance: 2
- Added: net.ipv6.conf.docker0.ra_honor_pio_life: 0
- Added: net.ipv6.conf.docker0.ra_honor_pio_pflag: 0
- Added: net.ipv6.conf.docker0.regen_min_advance: 2
- Added: net.ipv6.conf.eth0.ra_honor_pio_life: 0
- Added: net.ipv6.conf.eth0.ra_honor_pio_pflag: 0
- Added: net.ipv6.conf.eth0.regen_min_advance: 2
- Added: net.ipv6.conf.lo.ra_honor_pio_life: 0
- Added: net.ipv6.conf.lo.ra_honor_pio_pflag: 0
- Added: net.ipv6.conf.lo.regen_min_advance: 2
- Added: vm.enable_soft_offline: 1
- Changed: fs.epoll.max_user_watches: 1809007 -> 1808517
- Changed: fs.fanotify.max_user_marks: 67544 -> 68412
- Changed: fs.file-max: 811755 -> 811539
- Changed: fs.inotify.max_user_watches: 63425 -> 64189
- Changed: kernel.threads-max: 63487 -> 63178
- Changed: net.ipv4.tcp_mem: 94041 125391 188082 -> 94017 125357 188034
- Changed: net.ipv4.udp_mem: 188085 250783 376170 -> 188034 250715 376068
- Changed: user.max_cgroup_namespaces: 31743 -> 31589
- Changed: user.max_fanotify_marks: 67544 -> 68412
- Changed: user.max_inotify_watches: 63425 -> 64189
- Changed: user.max_ipc_namespaces: 31743 -> 31589
- Changed: user.max_mnt_namespaces: 31743 -> 31589
- Changed: user.max_net_namespaces: 31743 -> 31589
- Changed: user.max_pid_namespaces: 31743 -> 31589
- Changed: user.max_time_namespaces: 31743 -> 31589
- Changed: user.max_user_namespaces: 31743 -> 31589
- Changed: user.max_uts_namespaces: 31743 -> 31589
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
- Deleted: kernel.sched_child_runs_first: 0
Updated cos-gpu-installer to v2.5.5.
Upgraded sysram to version 6.12-0.
Upgraded app-admin/sudo to v1.9.17_p1. This resolves CVE-2025-32462 and CVE-2025-32463.
June 30, 2025
cos-dev-125-19126-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.94 | v27.5.1 | v2.0.4 | See List |
Upgraded chromeos-base/google-breakpad to v2025.06.12.121629-r242.
Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r667.
Upgraded chromeos-base/shill-client to v0.0.1-r4871.
Updated nvidia-container-toolkit to v1.17.7.
Upgraded sys-apps/less to v679.
Upgraded chromeos-base/shill-client to v0.0.1-r4872.
Upgraded dev-db/sqlite to v3.50.1.
Upgraded sys-apps/ethtool to version 6.11.
Upgraded sys-process/procps to v4.0.5-r2.
Upgraded dev-lang/go to v1.23.10.
Runtime sysctl changes:
- Changed: fs.file-max: 811773 -> 811755
Added support for the Lustre 2.14.0_p212 drivers.
Upgraded app-admin/google-guest-configs to v20250605.00.
Upgraded sys-libs/libcap to v2.76.
drop marvell-pcie-ep-octeon driver
Upgraded app-admin/sudo to v1.9.17.
June 23, 2025
cos-125-19115-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.94 | v27.5.1 | v2.0.4 | See List |
Added NVIDIA 570.133.20 vGPU driver.
Updated the Linux kernel to v6.6.94.
Runtime sysctl changes:
- Changed: fs.file-max: 811736 -> 811773
Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.
Added a kernel patch to address bcache latency.
June 18, 2025
cos-dev-125-19104-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.93 | v27.5.1 | v2.0.4 | See List |
Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.
Upgraded dpdk-kmods to 9b182be2ee4b
Runtime sysctl changes:
- Changed: fs.file-max: 811779 -> 811736
Updated the Linux kernel to v6.6.93.
June 17, 2025
cos-dev-125-19094-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.92 | v27.5.1 | v2.0.4 | See List |
Updated cos-gpu-installer to v2.5.3.
Runtime sysctl changes:
- Changed: fs.file-max: 811798 -> 811779
Fixed KCTF-ac9fe7d in the kernel.
Added support for Nvidia driver version 575.57.08.
Upgraded chromeos-base/shill-client to v0.0.1-r4869.
Updated systemd to v254.26. This resolves CVE-2025-4598.
Added support for the Lustre 2.14.0_p198 drivers.
Upgraded dev-db/sqlite to v3.50.0.
Fixed CVE-2025-47273 in dev-python/setuptools.
June 02, 2025
cos-dev-125-19071-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.92 | v27.5.1 | v2.0.4 | See List |
Fixed KCTF-3f98113 in the Linux kernel.
Upgraded app-admin/google-guest-configs to v20250516.00.
Upgraded sys-apps/less to v678.
Upgraded sys-apps/rootdev to v0.0.1-r51.
Upgraded sys-apps/dbus to v1.16.2-r197.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2969.
Upgraded dev-lang/go to v1.23.9.
Upgraded chromeos-base/google-breakpad to v2025.05.22.184901-r240.
Updated the Linux kernel to v6.6.92.
Runtime sysctl changes:
- Changed: fs.file-max: 811729 -> 811798
- Changed: net.ipv6.conf.docker0.mtu: 1500 -> 1460
Fixed CVE-2025-46836 in sys-apps/net-tools
Injected IMEX channel char device for GB200 GPUs.
Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.
Upgraded net-misc/curl to version 8.12.1. This fixes CVE-2025-0167.
Fixed CVE-2024-23337 in app-misc/jq.
Upgraded chromeos-base/debugd-client to v0.0.1-r2734.
Fixed docker MTU mismatch.
Supported NVIDIA MFT Tools.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r665.
Fixed CVE-20250-3198 in sys-libs/bintuils-libs.
Upgraded chromeos-base/shill-client to v0.0.1-r4866.
Upgraded google-guest-agent to 20250327.00. This included
new services like google-guest-compat-manager.service and
google-guest-agent-manager.service and new binaries like
google_guest_compat_manager, gce_metadata_script_runner,
google_guest_agent_manager, ggactl_plugin_cleanup and
gce_compat_metadata_script_runner.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2830.
Upgraded dev-db/sqlite to v3.49.2.
May 12, 2025
cos-dev-125-19041-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.89 | v27.5.1 | v2.0.4 | See List |
Updated the Linux kernel to v6.6.89.
Fixed issue where modinfo could not display module signatures.
Added support for 7th generation TPU devices.
Runtime sysctl changes:
- Changed: fs.file-max: 811773 -> 811729
Updated apparmor to 3.1.6. This fixes CVE-2016-1585.
Upgraded app-admin/google-guest-configs to v20250501.00.
Increased kdump memory reservation.
May 05, 2025
cos-dev-125-19025-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.88 | v27.5.1 | v2.0.4 | See List |
Upgraded sys-apps/makedumpfile to v1.7.7.
Upgraded app-arch/gzip to v1.14.
Upgraded chromeos-base/shill-client to v0.0.1-r4853.
Upgraded chromeos-base/debugd-client to v0.0.1-r2733.
Upgraded chromeos-base/minijail to v18-r167.
Upgraded net-dns/libidn2 to v2.3.8.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2480.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2829.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2968.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r664.
Updated NVIDIA GPU drivers to v535.247.01 for default/ R535 and v570.133.20 for latest/R570. This resolves CVE-2025-23244.
Upgraded chromeos-base/google-breakpad to v2025.04.09.155244-r236.
Updated the Linux kernel to v6.6.88.
Upgraded app-benchmarks/microbenchmarks to v0.0.1-r20.
Fixed CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.
Upgraded app-admin/google-guest-agent to v20250418.00.
Upgraded sys-apps/grep to v3.12.
Upgraded app-admin/google-guest-configs to v20250409.00.
Runtime sysctl changes:
- Changed: fs.file-max: 811785 -> 811773
April 29, 2025
cos-dev-125-19014-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.87 | v27.5.1 | v2.0.4 | See List |
Fixed an issue in containerd that potentially breaks metric collection
Fixed CVE-2025-31498 in net-dns/c-ares.
Patched a null ptr exception bug in NVIDIA 570.124.06 OSS driver
Fixed CVE-2025-32728 in net-misc/openssh.
Updated dev-go/net in policy manager to v0.39.0. This fixes CVE-2025-22870.
Runtime sysctl changes:
- Changed: fs.file-max: 811798 -> 811785
Fixed an issue in containerd that prevented some v2 shims from shutting down properly.
April 25, 2025
cos-dev-125-19000-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.87 | v27.5.1 | v2.0.4 | See List |
Upgraded app-admin/google-guest-agent to v20250408.00.
Updated cos-gpu-installer to v2.5.0: Support IMEX Driver installation for NVIDIA_GB200 GPU device.
Runtime sysctl changes:
- Changed: fs.file-max: 811798 -> 811749
Upgraded chromeos-base/shill-client to v0.0.1-r4850.
Fixed CVE-2024-48615 in app-arch/libarchive.
Fixed CVE-2024-53427 in app-misc/jq.
Updated the Linux kernel to v6.6.87.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r663.
Upgraded chromeos-base/debugd-client to v0.0.1-r2732.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2828.
Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349
Upgraded chromeos-base/power_manager-client to v0.0.1-r2967.
Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2479.
April 14, 2025
cos-dev-125-18986-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.86 | v27.5.1 | v2.0.4 | See List |
Upgraded chromeos-base/power_manager-client to v0.0.1-r2966.
Upgraded chromeos-base/minijail to v18-r164.
Fixed EINTR error in app-container/cni-plugins.
Upgraded chromeos-base/google-breakpad to v2025.04.01.213855-r235.
Upgraded app-admin/google-guest-configs to v20250328.00.
Upgraded dev-libs/expat to v2.7.1.
Upgraded sys-apps/dbus to v1.14.10-r196.
Updated the Linux kernel to v6.6.86.
Runtime sysctl changes:
- Changed: fs.file-max: 811816 -> 811798
Upgraded chromeos-base/session_manager-client to v0.0.1-r2827.
Upgraded chromeos-base/debugd-client to v0.0.1-r2731.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2478.
Upgraded net-misc/rsync to v3.4.1.
Upgraded app-arch/unzip to v6.0_p29.
Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.
Upgraded sys-apps/diffutils to v3.11-r2.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r662.
Upgraded net-nds/rpcbind to v1.2.7.
Upgraded dev-libs/nss to v3.110.
Upgraded chromeos-base/shill-client to v0.0.1-r4848.
Upgraded app-containers/docker-credential-helpers to v0.9.3.
Upgraded app-admin/google-guest-agent to v20250331.00.
Updated app-containers/containerd to v2.0.4.
Upgraded sys-libs/libseccomp to v2.6.0-r2.
March 31, 2025
cos-dev-125-18971-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.84 | v27.5.1 | v2.0.2 | See List |
Updated the Linux kernel to v6.6.84.
Runtime sysctl changes:
- Changed: fs.file-max: 811727 -> 811816
March 24, 2025
cos-dev-125-18964-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.83 | v27.5.1 | v2.0.2 | See List |
Updated app-admin/google-guest-configs to v20250207.00.
Upgraded sys-apps/dbus to v1.14.10-r195.
Upgraded app-admin/google-guest-agent to v20250304.03.
Upgraded chromeos-base/minijail to v18-r163.
Upgraded sys-apps/pv to v1.9.27.
Upgraded chromeos-base/debugd-client to v0.0.1-r2727.
Upgraded net-misc/wget to version 1.25.0. Fixes CVE-2024-10524.
Upgraded sys-libs/libseccomp to v2.6.0.
Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.
Upgraded net-misc/socat to v1.8.0.3.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2817.
Upgraded chromeos-base/shill-client to v0.0.1-r4838.
Applied Intel patches to add iRDMA support in the Linux kernel.
Updated dev-python/botocore to v1.37.9.
Upgraded dev-libs/nss to v3.109.
Updated Python to v3.11.
Upgraded sys-auth/pambase to v20250228.
Upgraded app-admin/fluent-bit to v3.2.5.
Updated app-admin/awscli to v1.38.4.
Added support for NVIDIA GB200 GPU with 570.124.06 GPU driver. This driver version has been assigned the latest, default, and R570 tags for this GPU type.
Upgraded app-admin/google-guest-agent to v20250122.00.
Updated dev-go/oauth2 to v0.27.0. Fixes CVE-2025-22868.
Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.
Upgraded dev-db/sqlite to v3.49.1.
Upgraded chromeos-base/shill-client to v0.0.1-r4834.
Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.
Updated cos-gpu-installer to v2.4.7: 1.Added Support for NVIDIA B200 GPU. 2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64
Upgraded dev-libs/libxml2 to version 1.12.10. Fixes CVE-2025-27113.
Upgraded app-admin/google-guest-agent to v20250204.02.
Fixed CVE-2025-0395 in sys-libs/glibc.
Runtime sysctl changes:
- Changed: fs.file-max: 811701 -> 811727
Upgraded dev-libs/nss to v3.108.
Disabled martian logging for ConnectX-7 network cards. These cards only communicate locally, but martian logging during communications with the host can lead to a race condition which causes GID table construction to sometimes fail.
Upgraded chromeos-base/google-breakpad to v2024.02.16.014630-r227.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r659.
Upgrade cloud-init from 23.4.3 to 24.4.1.
Fixed an issue that resulted in missing grub boot measurements in some machine configurations.
Fixed a race condition that could cause a kernel panic.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2963.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2471.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2474.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r657.
Added support for the Lustre 2.14.0 client drivers.
Upgraded app-admin/google-guest-configs to v20250124.00.
Upgraded sys-apps/diffutils to v3.11-r1.
Upgrade sys-libs/binutils-libs to 2.44-r1. This fixes CVE-2024-53589.
Upgraded sys-apps/dbus to v1.14.10-r194.
Upgraded chromeos-base/debugd-client to v0.0.1-r2728.
Upgraded sys-apps/diffutils to v3.11.
Upgraded app-admin/google-guest-configs to v20250221.00.
Upgraded chromeos-base/minijail to v18-r160.
Add support for iRDMA devices.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2821.
Upgraded sys-apps/pv to v1.9.31.
Upgraded app-admin/google-guest-agent to v20250225.00.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2961.
Fixed CVE-2025-0840 in binutils.
Upgraded app-containers/runc to v1.2.5, Upgraded app-containers/runc-test to v1.2.5.
Upgraded chromeos-base/debugd-client to v0.0.1-r2726.
Upgraded sys-apps/hwdata to v0.391.
Upgraded app-containers/docker-credential-helpers to v0.9.2.
Updated dev-python/python-dateutil to v2.9.0.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2820.
Added support for NVIDIA 570.124.06 GPU driver. Updated the LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.
Upgraded dev-libs/double-conversion to v3.3.1.
Upgraded net-misc/openssh to version 9.9_p2. This fixed CVE-2025-26465 and CVE-2025-26466.
Upgraded dev-db/sqlite to v3.47.2-r1.
Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2818.
Upgraded sys-apps/which to v2.23.
Upgraded sys-libs/libseccomp to v2.6.0-r1.
Upgraded chromeos-base/shill-client to v0.0.1-r4818.
Fixed CVE-2024-13176 in dev-libs/openssl.
Upgraded app-admin/node-problem-detector to v0.8.20.
Fixed CVE-2024-9287 in dev-lang/python.
Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r658.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2962.
Upgraded chromeos-base/shill-client to v0.0.1-r4825.
Updated dev-python/s3transfer to v0.11.4.
Upgraded sys-apps/acl to v2.3.2-r2.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2470.
March 17, 2025
cos-dev-121-18867-0-53
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.74 | v27.5.1 | v2.0.2 | See List |
Upgraded net-misc/socat to v1.8.0.3.
Upgraded net-misc/openssh to version 9.9_p2. This fixed CVE-2025-26465 and CVE-2025-26466.
Upgraded dev-go/oauth2 to v0.27.0. This fixes CVE-2025-22868.
Fixed CVE-2024-50014 in the Linux kernel.
Added support for iRDMA devices.
Fixed CVE-2024-50017 in the Linux kernel.
Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.
Fixed KCTF-fcdd224 in the Linux kernel.
Fixed CVE-2025-21745 in the Linux kernel.
Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.
Fixed CVE-2024-50304 in the Linux kernel.
Fixed CVE-2025-21814 in the Linux kernel.
Upgraded dev-libs/libxml2 to version 1.12.10. This fixes CVE-2025-27113.
Fixed CVE-2025-21690 in the Linux kernel.
Disabled martian logging for ConnectX-7 network cards. These cards only communicate locally, but martian logging during communications with the host can lead to a race condition which causes GID table construction to sometimes fail.
Fixed KCTF-638ba50 in the Linux kernel.
Fixed CVE-2024-49994 in the Linux kernel.
Fixed CVE-2024-50146 in the Linux kernel.
Applied Intel patches to add iRDMA support in the Linux kernel.
Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.
Fixed KCTF-8802766 in the Linux kernel.
Upgraded net-misc/wget to version 1.25.0. This fixes CVE-2024-10524.
Runtime sysctl changes:
- Changed: fs.file-max: 811788 -> 811701
- Deleted: net.bridge.bridge-nf-call-arptables: 1
- Deleted: net.bridge.bridge-nf-call-ip6tables: 1
- Deleted: net.bridge.bridge-nf-call-iptables: 1
- Deleted: net.bridge.bridge-nf-filter-pppoe-tagged: 0
- Deleted: net.bridge.bridge-nf-filter-vlan-tagged: 0
- Deleted: net.bridge.bridge-nf-pass-vlan-input-dev: 0
Fixed CVE-2024-56549 in the Linux kernel.
Upgrade sys-libs/binutils-libs to 2.44-r1. This fixes CVE-2024-53589.
Fixed CVE-2024-58017 in the Linux kernel.
February 24, 2025
cos-dev-121-18867-0-24
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.74 | v25.0.7 | v2.0.2 | See List |
Upgraded sys-apps/diffutils to v3.11.
Upgraded app-admin/fluent-bit to v3.2.5.
Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.
Fixed CVE-2024-9287 in dev-lang/python.
Updated app-admin/google-guest-configs to v20250207.00.
Updated Konlet to v0.13.4.
Updated cos-gpu-installer to v2.4.7: 1.Added Support for NVIDIA B200 GPU. 2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64
Upgraded cloud-init from 23.4.3 to 24.4.1.
Fixed CVE-2025-0840 in binutils.
Upgraded sys-apps/pv to v1.9.27.
Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.
Runtime sysctl changes:
- Changed: fs.file-max: 811771 -> 811788
Fixed CVE-2024-13176 in dev-libs/openssl.
Fixed CVE-2025-0395 in sys-libs/glibc.
Upgraded sys-apps/hwdata to v0.391.
Upgraded app-admin/google-guest-agent to v20250204.02.
February 03, 2025
cos-dev-121-18865-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.74 | v25.0.7 | v2.0.2 | See List |
Fixed KCTF-bc50835 in the Linux kernel.
Enabled ECC kernel modules required for confidential GPU functionality.
Enabled Grace platform support: Enabled ATS/PASID(PCI) for ARM64 kernel.
Updated the Linux kernel to v6.6.74.
Enabled Grace platform support: Enabled SMMU (v3) for ARM64 kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811821 -> 811771
Enabled Grace platform support: Enabled memory_hotplug and device_private in the ARM64 kernel.
Enabled Grace platform support: Enabled DMA-BUF shared memory support for the ARM64 kernel.
Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.
Backported Intel TDX (Trust Domain Extensions) and confidential computing patches from Linux kernel 6.7 upstream to enable TDX feature support.
January 27, 2025
cos-dev-121-18849-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.72 | v25.0.7 | v2.0.2 | See List |
Updated app-containers/runc to v1.2.4.
Upgraded app-admin/google-guest-agent to v20250117.00.
Upgraded dev-lang/go to v1.23.5.
Upgraded net-misc/openssh to v9.9.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2469.
Upgraded chromeos-base/debugd-client to v0.0.1-r2725.
Updated google-osconfig-agent to v20250121.00.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r656.
Updated app-containers/containerd to v2.0.2.
Upgraded dev-libs/libxml2 to version 2.12.9. This fixes CVE-2024-40896.
Added support for nftables flow offload and the flowtable infrastructure.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2960.
Upgraded net-misc/curl to version 8.11.1-r2. This fixes CVE-2024-11053.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2816.
Runtime sysctl changes:
- Changed: fs.file-max: 811767 -> 811821
Upgraded app-admin/google-guest-configs to v20250116.00.
Upgraded sys-apps/file to v5.46-r2.
Updated app-admin/oslogin to v20241216.00.
Upgraded chromeos-base/shill-client to v0.0.1-r4812.
Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.
Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.
Upgraded net-dns/c-ares to v1.34.4.
Fixed CVE-2024-45306 and CVE-2024-47814 in vim.
January 17, 2025
cos-dev-121-18828-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.71 | v25.0.7 | v2.0.0 | See List |
Runtime sysctl changes:
- Changed: fs.file-max: 811795 -> 811767
Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.
January 16, 2025
cos-dev-121-18827-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.71 | v25.0.7 | v2.0.0 | See List |
Upgraded net-misc/socat to v1.8.0.2.
Upgraded app-containers/docker to v25.0.7, Upgraded app-containers/docker-test to v25.0.7, Upgraded app-containers/docker-cli to v25.0.7.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2467.
Runtime sysctl changes:
- Changed: fs.file-max: 811786 -> 811795
Updated the Linux kernel to v6.6.71.
Upgraded app-admin/fluent-bit to v3.2.4.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r654.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2958.
Upgraded app-admin/google-guest-configs to v20250107.00.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2814.
Added NVIDIA GPU drivers R565 branch - Updated R565 latest driver to v565.57.01.
Upgraded chromeos-base/shill-client to v0.0.1-r4804.
Upgraded nvidia-container-toolkit to v1.17.3.
Upgraded sys-apps/pv to v1.9.25.
Upgraded app-containers/cni-plugins to v1.6.2.
Upgraded dev-db/sqlite to v3.47.2.
Upgraded sys-apps/file to v5.46-r1.
Upgraded chromeos-base/debugd-client to v0.0.1-r2723.
January 06, 2025
cos-dev-121-18808-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.68 | v25.0.2 | v2.0.0 | See List |
Updated app-containers/cri-tools to 1.31.1.
Updated dev-go/net in policy manager to v0.33.0. This fixes CVE-2024-45338.
Set device policy manager to log the metadata values that it takes as input.
Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.
Updated app-containers/docker-test to 25.0.2.
Upgraded net-libs/libtirpc to v1.3.6.
Runtime sysctl changes:
- Changed: fs.file-max: 811802 -> 811786
Upgraded app-admin/sudo to v1.9.16_p2-r1.
Upgraded dev-db/sqlite to v3.47.1.
Upgraded sys-apps/hwdata to v0.390.
Updated the Linux kernel to v6.6.68.
Upgraded sys-apps/file to v5.46.
Updated app-containers/docker-cli to 25.0.2.
Updated app-admin/google-guest-configs to v20241205.00.
Upgraded chromeos-base/shill-client to v0.0.1-r4790.
Upgraded app-admin/fluent-bit to v3.2.2.
Upgraded nvidia-container-toolkit to v1.17.0. This fixes CVE-2024-0134.
Updated app-containers/docker to 25.0.2
Upgraded app-containers/cni-plugins to v1.6.1.
December 09, 2024
cos-dev-121-18779-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.63 | v24.0.9 | v2.0.0 | See List |
Upgraded app-admin/fluent-bit to v3.2.1.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2955.
Upgraded app-admin/sudo to v1.9.16_p1.
Upgraded dev-libs/expat to v2.6.4.
Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.
Upgraded sys-apps/less to v668.
Upgraded app-shells/dash to v0.5.12-r1.
Updated the Linux kernel to v6.6.63.
Runtime sysctl changes:
- Changed: fs.file-max: 811752 -> 811802
Upgraded net-dns/c-ares to v1.34.3.
Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681.
Upgraded sys-apps/pv to v1.9.0.
Upgraded net-misc/socat to v1.8.0.1.
Upgraded sys-apps/makedumpfile to v1.7.6.
Upgraded dev-db/sqlite to v3.47.0-r1.
Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer
Upgraded chromeos-base/minijail to v18-r158.
Upgraded chromeos-base/shill-client to v0.0.1-r4782.
Upgraded chromeos-base/debugd-client to v0.0.1-r2720.
Upgraded sys-libs/libcap to v2.71.
Upgraded dev-libs/nss to v3.107.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2464.
Upgraded sys-libs/libseccomp to v2.5.5-r2.
Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.
Upgraded sys-process/lsof to v4.99.4.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r651.
Upgraded net-libs/libnetfilter_conntrack to v1.1.0.
Upgraded sys-apps/gentoo-functions to v1.7.3.
Upgraded app-containers/cni-plugins to v1.6.0.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2811.
November 18, 2024
cos-dev-121-18759-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.61 | v24.0.9 | v2.0.0 | See List |
Updated app-admin/google-guest-configs to v20241112.00.
Updated the Linux kernel to v6.6.61.
Upgraded cos-gpu-installer to v2.4.4: Relax precise GPU driver version check to allow version with two numeric segments pass.
Updated app-containers/containerd to v2.0.0.
November 11, 2024
cos-dev-121-18747-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.59 | v24.0.9 | v1.7.23 | See List |
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-9143 in dev-libs/openssl.
Runtime sysctl changes:
- Changed: fs.file-max: 811822 -> 811804
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.
November 06, 2024
cos-dev-121-18736-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.59 | v24.0.9 | v1.7.23 | See List |
Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Runtime sysctl changes:
- Changed: fs.file-max: 811799 -> 811822
Fixed CVE-2024-50602 in dev-libs/expat.
Updated the Linux kernel to v6.6.59.
October 21, 2024
cos-dev-121-18718-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.56 | v24.0.9 | v1.7.23 | See List |
Updated app-containers/containerd to 1.7.23.
Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.
Updated the Linux kernel to v6.6.56.
Runtime sysctl changes:
- Changed: fs.file-max: 811780 -> 811799
October 14, 2024
cos-dev-121-18712-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.54 | v24.0.9 | v1.7.22 | See List |
Update R535, default driver to v535.183.06.
Updated the Linux kernel to v6.6.54.
Disabled MGLRU by default due to integration issues with Kubernetes.
Runtime sysctl changes:
- Changed: fs.file-max: 811792 -> 811780
Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.
Upgraded to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.
October 07, 2024
cos-dev-121-18699-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.52 | v24.0.9 | v1.7.22 | See List |
Runtime sysctl changes:
- Changed: fs.file-max: 811711 -> 811792
Upgraded chromeos-base/shill-client to v0.0.1-r4695.
September 30, 2024
cos-dev-121-18698-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.52 | v24.0.9 | v1.7.22 | See List |
Upgraded app-admin/google-osconfig-agent to v20240924.02.
Removed sys-libs/gdbm.
Upgraded net-firewall/iptables to v1.8.10-r1.
Upgraded app-containers/docker-credential-gcr to v2.1.25.
Updated cos-gpu-installer to v2.4.2. This enables creation of /dev/dri when loading nvidia-drm.ko for COS kernels build with loadable drm and dependent modules.
Update R550, latest driver to v550.90.12.
Upgraded chromeos-base/debugd-client to v0.0.1-r2712.
Upgraded net-libs/libtirpc to v1.3.5.
Upgraded net-dns/c-ares to v1.33.1.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2947.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2801.
Upgraded app-admin/fluent-bit to v3.1.8.
Upgraded dev-libs/nss to v3.104.
Updated the Linux kernel to v6.6.52.
Removed dev-libs/libusb.
Upgraded app-admin/google-guest-configs to v20240924.00.
Updated net-misc/curl to 8.10.0.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2449.
Upgraded app-admin/google-guest-configs to v20240905.00.
Upgraded chromeos-base/shill-client to v0.0.1-r4688.
Upgraded chromeos-base/minijail to v18-r155.
Removed sys-libs/libsepol and sys-libs/libselinux.
Upgraded dev-python/configobj to v5.0.9.
Removed dev-python/zope-interface.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r642.
September 16, 2024
cos-dev-121-18667-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.51 | v24.0.9 | v1.7.22 | See List |
Updated app-containers/containerd to v1.7.22.
Fixed CVE-2024-6232 in dev-lang/python.
Updated the Linux kernel to v6.6.51.
Fixed CVE-2024-7592 in dev-lang/python.
Runtime sysctl changes:
- Changed: fs.file-max: 811768 -> 811782
Fixed CVE-2024-6119 in net-libs/openssl.
Fixed CVE-2023-27043 in dev-lang/python.
Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.
September 09, 2024
cos-dev-121-18657-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.49 | v24.0.9 | v1.7.21 | See List |
Updated app-containers/containerd to 1.7.21.
Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Updated the Linux kernel to v6.6.49.
Removed chromeos-base/ec-utils and chromeos-base/ec-utils.
Runtime sysctl changes:
- Changed: fs.file-max: 811752 -> 811768
Removed dev-libs/confuse and dev-embedded/libftdi.
Fixes CVE-2023-7256 in net-libs/libpcap.
Updated dev-go/oauth2 to v0.23.0. Removed dev-go/appengine.
Updated google-osconfig-agent to v20240822.00.
Upgraded app-editors/vim, app-editors/vim-core to 9.1.0698. This fixed CVE-2024-43790, CVE-2024-43802.
Removed dev-python/webcolors.
Updated dev-lang/python to 3.8.19_p1. This fixes CVE-2007-4559.
Removed dev-python/setuptools.
Replaced cos-extensions with new Go binary.
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
August 26, 2024
cos-dev-121-18632-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.47 | v24.0.9 | v1.7.20 | See List |
Upgraded chromeos-base/shill-client to v0.0.1-r4654.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2445.
Upgraded net-dns/c-ares to v1.33.0.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2799.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r640.
Upgraded sys-apps/gentoo-functions to v1.7.2.
Upgraded dev-db/sqlite to v3.46.1.
Upgraded app-admin/google-guest-agent to v20240816.00.
Upgraded sys-fs/xfsprogs to v6.9.0.
Updated the Linux kernel to v6.6.47.
Runtime sysctl changes:
- Added: vm.unprivileged_userfaultfd: 0
- Changed: fs.file-max: 811814 -> 811752
Upgraded app-admin/fluent-bit to v3.1.6.
Upgraded chromeos-base/debugd-client to v0.0.1-r2710.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2945.
August 20, 2024
cos-dev-121-18623-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.46 | v24.0.9 | v1.7.20 | See List |
Updated app-emulation/kubernetes to 1.30.3.
Upgraded chromeos-base/debugd-client to v0.0.1-r2707.
Added more service logs to the default Cloud Logging configuration.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.
Upgraded app-containers/docker-credential-gcr to v2.1.23.
Upgraded the Linux kernel to v6.6.46.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2797.
Upgraded sys-apps/pv to v1.8.12.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.
Allowed GPU driver installation on dev-channel images without the -test flag.
Upgraded app-admin/google-guest-configs to v20240725.00.
Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.
Upgraded net-libs/libtirpc to v1.3.4-r3.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.
Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.
Upgraded app-admin/fluent-bit to v3.1.3.
Upgraded app-arch/gzip to v1.13-r1.
Upgraded app-arch/lz4 to v1.10.0-r1.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Downgraded sys-apps/ethtool to v6.7.
Upgraded dev-libs/nss to v3.103.
Upgraded net-libs/gnutls to v3.8.6.
Upgraded sys-apps/gentoo-functions to v1.7.1.
Upgraded chromeos-base/debugd-client to v0.0.1-r2708.
Runtime sysctl changes:
- Changed: fs.file-max: 811776 -> 811814
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
Upgraded sys-apps/less to v661.
Upgraded dev-libs/nss to v3.102.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r638.
Upgraded net-misc/rsync to v3.3.0-r1.
Upgraded app-emulation/kubernetes to 1.29.7.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2943.
Upgraded app-containers/containerd to 1.7.20.
Updated dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.
Updated dev-go/net to v0.27.0. This fixes CVE-2023-45288.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2442.
Upgraded chromeos-base/shill-client to v0.0.1-r4637.
Updated protobuf-legacy-api to v1.5.4.
Upgraded app-admin/google-guest-agent to v20240716.00.
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.
Upgraded chromeos-base/shill-client to v0.0.1-r4612.
Upgraded sys-libs/gdbm to v1.24.
July 22, 2024
cos-dev-117-18567-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.40 | v24.0.9 | v2.0.0rc2 | See List |
Updated the Linux kernel to v6.6.40.
Fixed CVE-2024-39894 in net-misc/openssh.
Disable NVIDIA persistence mode with -no-verify flag
July 15, 2024
cos-dev-117-18555-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.37 | v24.0.9 | v2.0.0rc2 | See List |
Upgraded chromeos-base/session_manager-client to v0.0.1-r2792.
Upgraded app-admin/logrotate to v3.22.0.
Upgrade fluent-bit to v3.0.6.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2937.
Upgraded net-misc/curl to v8.8.0-r1.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r633.
Upgraded chromeos-base/shill-client to v0.0.1-r4577.
Upgraded net-misc/rsync to v3.3.0.
Upgraded sys-apps/pv to v1.8.10.
Added support for TPU v6 devices.
Upgraded sys-apps/dbus to v1.14.10-r192.
Upgraded sys-apps/findutils to v4.10.0.
Upgraded sys-apps/hwdata to v0.383.
Upgraded dev-lang/go to v1.22.4. This fixes CVE-2024-24790 and CVE-2024-24789.
Fixed CVE-2024-35195 in dev-python/requests.
Fixed glibc-2.36 build errors in sys-boot/syslinux.
Upgraded dev-embedded/libftdi to v1.5-r7.
Upgraded dev-db/sqlite to v3.46.0.
Upgraded sys-apps/ethtool to v6.9.
Runtime sysctl changes:
- Added: net.ipv4.tcp_rto_min_us: 200000
- Changed: fs.file-max: 811785 -> 811776
Updated cos-gpu-installer to v2.3.5.
Upgraded net-dns/c-ares to v1.31.0.
Upgraded dev-libs/nss to v3.101.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.
Upgraded app-admin/node-problem-detector to v0.8.19.
Upgraded app-admin/google-guest-configs to v20240607.00.
Upgraded sys-libs/libseccomp to v2.5.5-r1.
Upgraded dev-python/pygobject to v3.46.0-r1.
Added the package revision number to the SSH banner in net-misc/openssh.
Upgraded app-containers/cni-plugins to v1.5.1.
Upgraded chromeos-base/debugd-client to v0.0.1-r2703.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2437.
Upgraded chromeos-base/minijail to v18-r142.
June 24, 2024
cos-dev-117-18514-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.34 | v24.0.9 | v2.0.0rc2 | v535.183.01(default),v550.90.07(latest) |
Updated R535, default driver to v535.183.01.This fixes CVE-2024-0090 and CVE-2024-0092.
Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".
Updated R550, latest driver to v550.90.07.This fixes CVE-2024-0090, CVE-2024-0091 and CVE-2024-0092.
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
- Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
- Changed: fs.fanotify.max_user_marks: 67560 -> 67544
- Changed: fs.file-max: 811880 -> 811785
- Changed: fs.inotify.max_user_watches: 63441 -> 63425
- Changed: kernel.threads-max: 63503 -> 63487
- Changed: net.core.optmem_max: 20480 -> 131072
- Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
- Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
- Changed: user.max_cgroup_namespaces: 31751 -> 31743
- Changed: user.max_fanotify_marks: 67560 -> 67544
- Changed: user.max_inotify_watches: 63441 -> 63425
- Changed: user.max_ipc_namespaces: 31751 -> 31743
- Changed: user.max_mnt_namespaces: 31751 -> 31743
- Changed: user.max_net_namespaces: 31751 -> 31743
- Changed: user.max_pid_namespaces: 31751 -> 31743
- Changed: user.max_time_namespaces: 31751 -> 31743
- Changed: user.max_user_namespaces: 31751 -> 31743
- Changed: user.max_uts_namespaces: 31751 -> 31743
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
June 18, 2024
cos-dev-117-18508-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.33 | v24.0.9 | v2.0.0rc2 | v535.161.08(default),v550.54.15(latest) |
Removed net-libs/grpc.
Upgraded containerd to 2.0.0-rc.2
Fixed CVE-2023-32681 in dev-python/requests.
Upgraded sys-apps/grep to v3.11-r1.
Upgraded app-admin/node-problem-detector to v0.8.18.
Fixed CVE-2023-4641 in sys-apps/shadow.
Updated cos-gpu-installer to v2.3.3 - Fix CVEs for cos-gpu-installer: Upgraded golang from 1.16 to 1.22.3, Upgraded google.golang.org/protobuf from v1.28.0 to v1.33.0, Upgraded google.golang.org/grpc from v1.48.0 to v1.56.3.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2784.
Upgraded chromeos-base/minijail to v18-r141.
Upgraded sys-apps/pv to v1.8.9.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r627.
Upgraded dev-embedded/libftdi to v1.5-r6.
Upgraded dev-libs/libusb to v1.0.27-r1.
Updated cos-gpu-installer to v2.3.3 - Resolved potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.
Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.
Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.
Mount efivarfs fs by default on EFI-enabled systems.
Upgraded go to version 1.22.3.
Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.
Removed crash-reporter KVM support.
Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2928.
Upgraded sys-fs/xfsprogs to v6.8.0.
Upgraded sys-process/procps to v4.0.4-r1.
Updated cos-gpu-installer to v2.2.3.
New changes in cos-gpu-installer:v2.2.3:
1. Introduced --gcs-download-bucket-nvidia and --gcs-download-prefix-nvidia flags for customizing NVIDIA installer runfile downloads from Google Cloud Storage.
2. Introduced the --target-gpu flag to facilitate precise GPU driver installations when no GPU is attached.
3. Replaced the HTTP client with a Google Cloud Storage client to improve the reliability of NVIDIA OSS installer runfiles downloads.
4. Implemented the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type. (Currently disabled)
5. Fixed an issue in the Google Cloud Storage Object download functionality to automatically remove the empty target file if a download fails.
6. Internal Cleanup: Migrated GPU device-related information to the deviceInfo package. Created a feature flags module in the features package. Added a config reader in the utils module to parse the cos-gpu-config.json.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Updated net-misc/curl to version 8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Runtime sysctl changes:
- Added: dev.tty.legacy_tiocsti: 1
- Added: kernel.io_uring_group: -1
- Added: kernel.kexec_load_limit_panic: -1
- Added: kernel.kexec_load_limit_reboot: -1
- Added: kernel.loadpin.enforce: 1
- Added: net.core.mem_pcpu_rsv: 256
- Added: net.core.rps_default_mask: 00
- Added: net.ipv4.tcp_plb_cong_thresh: 128
- Added: net.ipv4.tcp_plb_enabled: 0
- Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
- Added: net.ipv4.tcp_plb_rehash_rounds: 12
- Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
- Added: net.ipv4.tcp_syn_linear_timeouts: 4
- Added: net.ipv4.udp_child_hash_entries: 0
- Added: net.ipv4.udp_hash_entries: 4096
- Added: net.ipv6.icmp.error_anycast_as_unicast: 0
- Added: vm.memfd_noexec: 0
- Changed: fs.file-max: 812391 -> 811880
- Changed: net.core.optmem_max: 131072 -> 20480
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
- Deleted: net.ipv4.tcp_backlog_ack_defer: 1
Installed the google_optimize_local_ssd script.
Upgraded sys-apps/gentoo-functions to v1.6.
Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.
Fix bug that cause constant restarts in fluent-bit stackdriver plugin.
Upgraded sys-libs/libcap-ng to v0.8.5.
Updated dev-go/go-sys to v0.15.0.
Upgraded sys-apps/less to v643-r2.
Updated dev-go/mod to v0.14.0.
Fixed CVE-2024-34459 in the libxml2 package.
Updated dev-go/demangle to v0.0.0_p20230524.
Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Upgraded net-libs/gnutls to v3.8.5-r1.
Upgraded app-admin/google-guest-configs to v20240514.00.
Upgraded sys-apps/rootdev to v0.0.1-r50.
Updated Konlet to v.0.12.0. This fixes an iptables compatibility issue.
Updated the Linux kernel to v6.6.33.
Upgraded app-admin/google-guest-agent to v20240528.00.
Upgraded net-libs/libtirpc to v1.3.4-r2.
Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.
Removed support for NVIDIA 470 drivers.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2430.
Updated dev-go/sync to v0.5.0.
Upgraded dev-util/puffin to v1.0.0-r451.
Updated dev-go/term to v0.15.0.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.
Removed dev-go/grpc.
Upgraded app-containers/docker-credential-helpers to v0.8.2.
Upgraded sys-apps/acl to v2.3.2-r1.
Added igzip CLI tool.
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.
Upgraded dev-python/jinja to v3.1.4.
Updated net-dns/c-ares to version 1.27. This fixed CVE-2024-25629.
Upgraded sys-apps/dmidecode to v3.6.
Upgraded net-misc/wget to v1.24.5.
Upgraded net-dns/c-ares to v1.29.0.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.
Fixed CVE-2024-3772 in dev-python/pydantic.
Uprev GPU driver version to v470.239.06.
Upgraded app-containers/cni-plugins to v1.5.0.
Upgraded app-admin/google-osconfig-agent to v20240501.00.
Updated dev-go/go-arch to v0.6.0.
Upgraded sys-fs/e2fsprogs to v1.47.0-r3.
Upgraded dev-libs/nss to v3.100.
Updated cos-gpu-installer to v2.3.1. This switches the default location of GPU drivers sourced from gs://nvidia-drivers-{region}-public to gs://cos-nvidia-gpu-drivers.
Upgraded dev-libs/double-conversion to v3.3.0.
Fixed CVE-2023-5388 in dev-libs/nss.
Updated dev-go/go-tools to v0.16.2_p20231218.
Upgraded net-misc/curl to v8.8.0.
Upgraded chromeos-base/shill-client to v0.0.1-r4515.
Upgraded sys-apps/sed to v4.9-r1.
Upgraded sys-libs/libcap to v2.70.
Upgraded chromeos-base/debugd-client to v0.0.1-r2693.
Upgraded sys-libs/timezone-data to v2024a-r1.
Updated dev-go/pprof to v0.0.0_p20230811.
Upgraded sys-apps/hwdata to v0.382.
Upgraded sys-apps/makedumpfile to v1.7.5.
Updated cos-gpu-installer to v2.3.2. Added a validation check to ensure the '--no-verify' flag is specified when the '--target-gpu' flag is used in 'install' command.
Upgraded app-admin/sosreport to v4.7.1.
April 15, 2024
cos-dev-117-18374-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.85 | v24.0.9 | v1.7.10 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Upgraded sys-boot/grub-lakitu to the FC 39's current version.
Updated the Linux kernel to v6.1.85.
April 01, 2024
cos-dev-117-18342-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.83 | v24.0.9 | v1.7.10 | v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Update app-containers/nvidia-container-toolkit to v1.14.6.
Updated the Linux kernel to v6.1.83.
Upgraded app-admin/google-guest-agent to v20240314.00.
Fixed a bug in google-guest-agent service enablement.
Upgraded app-admin/node-problem-detector to v0.8.17.
Upgraded app-admin/google-guest-configs to v20240307.00.
Upgraded app-admin/google-osconfig-agent to v20240320.00.
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2788.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r610.
Upgraded chromeos-base/debugd-client to v0.0.1-r2662.
Upgraded app-benchmarks/bootchart to v0.9.2-r5.
Upgraded chromeos-base/vm_protos to v0.0.1-r563.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2753.
Upgraded app-containers/cni-plugins to v1.4.1.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2404.
Upgraded chromeos-base/hiberman-client to v0.0.1-r470.
Upgraded chromeos-base/shill-client to v0.0.1-r4408.
Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2889.
Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r613.
Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.
Downgraded app-misc/ca-certificates to v20230311.3.96.1.
March 27, 2024
cos-dev-117-18313-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.80 | v24.0.9 | v1.7.10 | v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Fixed integrity-fs dm-crypt creation flakiness.
March 22, 2024
cos-dev-117-18269-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.79 | v24.0.9 | v1.7.10 | v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded app-admin/google-guest-agent to v20240122.00.
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.
Upgraded app-arch/xz-utils to v5.4.6-r1.
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in sys-boot/shim.
Upgraded chromeos-base/hiberman-client to v0.0.1-r456.
Upgraded chromeos-base/hiberman-client to v0.0.1-r446.
Upgraded dev-util/puffin to v1.0.0-r450.
Fixed CVE-2023-40551 in sys-boot/shim.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r602.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2721.
Added automatic generation of known modules list to image build process.
Fixed CVE-2023-40547 in sys-boot/shim.
Upgraded app-misc/ca-certificates to v20230311.3.97.
Upgraded dev-libs/libusb to v1.0.27.
Upgraded app-emulation/cloud-init to v23.4.3.
Upgraded chromeos-base/vm_protos to v0.0.1-r552.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
- Changed: fs.file-max: 812400 -> 812392
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
- Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
Updated cos-gpu-installer to v2.2.0.
Upgraded net-dns/c-ares to v1.26.0.
Upgraded chromeos-base/shill-client to v0.0.1-r4325.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r601.
Upgraded sys-apps/makedumpfile to v1.7.4.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r884.
Updated app-emulation/cloud-init to v23.4.2.
Upgraded sys-apps/acl to v2.3.2.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2849.
Upgraded sys-apps/sandbox to v2.29-r1.
Updated docker-credential-gcr to v2.1.22.
Upgrade docker to v24.0.9. This fixes CVE-2024-24557.
Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2723.
Updated gzip to v1.13.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2369.
Upgraded app-admin/google-osconfig-agent to v20240126.00.
Upgraded sys-libs/zlib to v1.3.1-r1.
Upgraded chromeos-base/debugd-client to v0.0.1-r2641.
Upgraded chromeos-base/hiberman-client to v0.0.1-r455.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2859.
Upgraded app-containers/cni-plugins to v1.4.0.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2385.
Upgraded net-dns/libidn2 to v2.3.7.
Upgraded net-misc/curl to v8.5.0-r3.
Upgraded sys-auth/pambase to v20240128.
Upgraded chromeos-base/shill-client to v0.0.1-r4308.
Updated sys-apps/systemd to v254.9.
Upgraded app-admin/google-guest-configs to v20240122.00.
Upgraded dev-db/sqlite to v3.45.1-r1.
Fixed a time-to-login slowdown introduced by cloud-init changes.
Upgraded chromeos-base/shill-client to v0.0.1-r4341.
Upgraded sys-fs/squashfs-tools to v4.6.1.
Updated app-emulation/kubernetes to v1.29.1.
Upgraded sys-apps/ethtool to v6.7.
Include nvidia plugin into sosreport.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2861.
Upgraded app-admin/sosreport to v4.7.0.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r872.
Upgraded app-admin/google-guest-agent to v20240213.00.
Upgraded dev-libs/expat to v2.6.0.
Upgraded chromeos-base/minijail to v18-r135.
Upgraded sys-apps/attr to v2.5.2-r1.
Upgraded sys-libs/libcap to v2.69-r1.
Upgraded chromeos-base/minijail to v18-r136.
Upgraded sys-libs/timezone-data to v2024a.
Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853.
Upgraded app-containers/docker-credential-helpers to v0.8.1.
Upgraded sys-apps/file to v5.45-r4.
Upgraded chromeos-base/system_api to v0.0.1-r5653.
Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.
Upgraded chromeos-base/system_api to v0.0.1-r5643.
Fixed CVE-2024-0684 in sys-apps/coreutils.
Added support for iSCSI targets and RAM block devices.
Updated app-admin/sosreport to v4.6.1.
Upgraded chromeos-base/debugd-client to v0.0.1-r2634.
Upgraded net-misc/chrony to v4.5.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2722.
Updated app-containers/runc to v1.1.12.
Fixed CVE-2024-23851 in the Linux kernel.
Upgraded app-admin/google-osconfig-agent to v20240123.01.
February 12, 2024
cos-dev-113-18203-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.75 | v24.0.5 | v1.7.10 | v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation
Updated the Linux kernel to v6.1.75.
Upgraded sys-libs/libcap-ng to v0.8.4-r1.
Upgraded net-misc/curl to v8.5.0-r2.
Upgraded net-misc/rsync to v3.2.7-r4.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2367.
Upgraded app-admin/node-problem-detector to v0.8.15.
Upgraded chromeos-base/shill-client to v0.0.1-r4263.
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
- Changed: fs.epoll.max_user_watches: 1809920 -> 1809474
- Changed: fs.fanotify.max_user_marks: 67577 -> 67560
- Changed: fs.file-max: 812606 -> 812400
- Changed: fs.inotify.max_user_watches: 63456 -> 63441
- Changed: kernel.threads-max: 63520 -> 63504
- Changed: net.core.optmem_max: 20480 -> 131072
- Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94068 125424 188136
- Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188136 250848 376272
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
- Changed: user.max_cgroup_namespaces: 31760 -> 31752
- Changed: user.max_fanotify_marks: 67577 -> 67560
- Changed: user.max_inotify_watches: 63456 -> 63441
- Changed: user.max_ipc_namespaces: 31760 -> 31752
- Changed: user.max_mnt_namespaces: 31760 -> 31752
- Changed: user.max_net_namespaces: 31760 -> 31752
- Changed: user.max_pid_namespaces: 31760 -> 31752
- Changed: user.max_time_namespaces: 31760 -> 31752
- Changed: user.max_user_namespaces: 31760 -> 31752
- Changed: user.max_uts_namespaces: 31760 -> 31752
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
Update default and latest NVIDIA GPU drivers to 535.154.05.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r871.
Upgraded app-admin/google-osconfig-agent to v20231219.00.
Upgraded app-admin/google-guest-configs to v20240109.00.
Upgraded dev-python/netifaces to v0.11.0-r2.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2844.
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r225.
Fixed CVE-2024-21626 in app-containers/runc.
Changed default umask value for a user to 027.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2712.
Upgraded dev-libs/nss to v3.97.
Upgraded chromeos-base/shill-client to v0.0.1-r4278.
Upgraded chromeos-base/hiberman-client to v0.0.1-r437.
Upgraded net-libs/gnutls to v3.8.3.
Upgraded app-eselect/eselect-iptables to v20220320.
Upgraded sys-apps/attr to v2.5.2.
Upgraded chromeos-base/debugd-client to v0.0.1-r2628.
Upgraded dev-python/jinja to v3.1.3.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r597.
Upgraded net-dns/c-ares to v1.25.0-r1.
Removed legacy logging agent (fluentd).
Upgraded app-admin/google-guest-agent to v20240109.00.
Added support for dm-zero and dm-clone.
Enhanced integrity-fs with disk resize and dm-clone.
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
Removed deprecated R525 NVIDIA GPU drivers.
January 16, 2024
cos-dev-113-18146-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.71 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded sys-libs/zlib to v1.3-r3.
Updated the Linux kernel to v6.1.71.
Upgraded app-admin/sudo to v1.9.15_p5.
Upgraded sys-process/lsof to v4.99.3.
Upgraded sys-libs/timezone-data to v2023d.
Upgraded net-misc/rsync to v3.2.7-r3.
Upgraded app-editors/vim to v9.0.2167 and app-editors/vim-core to v9.0.2167.
Upgraded dev-libs/nss to v3.96.1.
Upgraded net-dns/libidn2 to v2.3.4-r2.
Upgraded sys-libs/libcap-ng to v0.8.4.
Upgraded app-misc/ca-certificates to v20230311.3.96.1.
Sosreport now includes GPU Installer logs.
Updated dev-lang/go to v1.21.5. This fixes CVE-2023-45285 and CVE-2023-39326.
Upgraded net-libs/libtirpc to v1.3.4-r1.
Upgraded sys-apps/pv to v1.8.5.
Upgraded dev-db/sqlite to v3.44.2-r2. This fixes CVE-2023-7104.
Upgraded app-misc/jq to v1.7.1.
Upgraded sys-apps/ethtool to v6.6.
January 08, 2024
cos-dev-113-18137-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.70 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated net-misc/openssh to v9.6_p1-r1.
Upgraded net-misc/curl to v8.5.0.
Upgraded chromeos-base/hiberman-client to v0.0.1-r426.
Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.
Upgraded chromeos-base/debugd-client to v0.0.1-r2614.
Upgraded chromeos-base/shill-client to v0.0.1-r4236.
Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969.
Upgraded app-admin/google-guest-agent to v20231214.00.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r864.
Upgraded app-admin/google-guest-configs to v20231214.00.
Upgraded dev-util/bsdiff to v4.3.1-r42.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2834.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r594.
Upgraded dev-util/puffin to v1.0.0-r449.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2704.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2362.
January 02, 2024
cos-dev-113-18125-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.69 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated net-misc/openssh to v9.6_p1-r1.
Fixed a performance issue that was observed in Postgres databases.
Updated cos-gpu-installer to v2.1.10.
Added additional option to existing kernel cmdline flag that moves protected stateful partition integrity tags to memory.
Updated docker-credential-gcr to v2.1.21.
Runtime sysctl changes:
- Added: net.netfilter.nf_flowtable_tcp_timeout: 30
- Added: net.netfilter.nf_flowtable_udp_timeout: 30
Updated the Linux kernel to v6.1.69.
December 19, 2023
cos-dev-113-18106-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.64 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded chromeos-base/hiberman-client to v0.0.1-r408.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r857.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2826.
Fixed CVE-2023-49083 in package dev-python/cryptography.
Upgraded chromeos-base/debugd-client to v0.0.1-r2600.
Fixed CVE-2023-6622 in the Linux kernel.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2693.
Upgraded chromeos-base/shill-client to v0.0.1-r4185.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2357.
Fixed a container performance issue that occurred after
running systemctl start cloud-audit-setup.
Fixed a kernel crash that occurred when running Postgres databases.
December 11, 2023
cos-dev-113-18091-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.64 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded sys-apps/less to v643-r1.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r855.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r590.
Upgraded net-libs/gnutls to v3.8.2.
Upgraded app-misc/ca-certificates to v20230311.3.95.
Upgraded chromeos-base/shill-client to v0.0.1-r4175.
Upgraded chromeos-base/debugd-client to v0.0.1-r2599.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2356.
Upgraded chromeos-base/hiberman-client to v0.0.1-r407.
Upgraded sys-libs/timezone-data to v2023c-r1.
Upgraded net-dns/c-ares to v1.23.0.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2823.
Upgraded dev-libs/nss to v3.95.
Updated app-containers/containerd to v1.7.10.
December 04, 2023
cos-dev-113-18080-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.64 | v24.0.5 | v1.7.7 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded app-admin/google-guest-agent to 20231016.00.
Upgraded dev-python/six to v1.16.0-r1.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2819.
Upgraded chromeos-base/hiberman-client to v0.0.1-r404.
Upgraded dev-python/jsonpatch to v1.33.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2354.
Upgraded dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.
Upgraded app-admin/oslogin to 20231004.00.
Upgraded chromeos-base/mojo_service_manager to v0.0.1-r271.
Upgraded dev-python/pyyaml to v6.0.1-r1.
Runtime sysctl changes:
- Changed: fs.file-max: 812608 -> 812606
Upgraded dev-python/mock to v5.1.0.
Upgraded net-dns/c-ares to v1.22.1.
Upgraded app-admin/sudo to v1.9.15_p2.
Upgraded sys-process/lsof to v4.99.0.
Upgraded dev-python/nose to v1.3.7_p20221026.
Upgraded dev-libs/openssl to v3.0.12. This resolves CVE-2023-5363 and CVE-2023-5678.
Upgraded dev-python/netifaces to v0.11.0-r1.
Upgraded chromeos-base/shill-client to v0.0.1-r4162.
Updated the Linux kernel to v6.1.64.
Upgraded net-misc/socat to v1.8.0.0.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r851.
Upgraded dev-python/configobj to v5.0.8.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2690.
Upgraded chromeos-base/debugd-client to v0.0.1-r2597.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r588.
Upgraded dev-lang/python-exec to v2.4.10.
November 29, 2023
cos-dev-113-18059-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.62 | v24.0.5 | v1.7.7 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers.
November 15, 2023
cos-dev-113-18054-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.62 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Updated the Linux kernel to v6.1.61.
Backported support for TCP RTO configuration in networkd.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Upgraded sys-libs/zlib to v1.3-r2.
Upgraded sys-apps/hwdata to v0.376.
Updated dev-go/net to v0.17.0. This fixes CVE-2023-44487 and CVE-2023-39325.
Upgraded net-dns/c-ares to v1.21.0.
Upgraded dev-python/pyserial to v3.5-r2.
Updated dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated the Linux kernel to v6.1.62.
Upgraded app-arch/xz-utils to v5.4.5.
November 14, 2023
cos-dev-113-18054-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.62 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Upgraded net-dns/c-ares to v1.21.0.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Updated dev-go/net to v0.17.0. This resolves CVE-2023-44487 and CVE-2023-39325.
Upgraded sys-libs/zlib to v1.3-r2.
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated the Linux kernel to v6.1.62.
Upgraded app-arch/xz-utils to v5.4.5.
Backported support for TCP RTO configuration in networkd.
Upgraded dev-python/pyserial to v3.5-r2.
Upgraded sys-apps/hwdata to v0.376.
Updated dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated the Linux kernel to v6.1.61.
November 07, 2023
cos-dev-113-18041-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.60 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Upgraded chromeos-base/shill-client to v0.0.1-r4104.
Updated google-guest-configs to 20230929.00.
Upgraded chromeos-base/debugd-client to v0.0.1-r2581.
Upgraded chromeos-base/system_api to v0.0.1-r5482.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r836.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2669.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2335.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r578.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2803.
October 30, 2023
cos-dev-113-18026-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.60 | v24.0.5 | v1.7.7 | v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Updated the Linux kernel to v6.1.60.
Updated default and latest NVIDIA GPU drivers to v535.104.12.
Upgraded chromeos-base/hiberman-client to v0.0.1-r374.
Upgraded sys-devel/libtool to v2.4.6-r7.
Upgraded app-arch/unzip to v6.0_p27-r1.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2655.
Upgraded sys-fs/xfsprogs to v6.5.0.
Upgraded chromeos-base/shill-client to v0.0.1-r4043.
Upgraded chromeos-base/debugd-client to v0.0.1-r2568.
Upgraded sys-apps/hwdata to v0.375.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2781.
Upgraded sys-apps/dmidecode to v3.5-r3.
Enable portmapper registration reporting for lsof. This also fixes an issue where lsof is missing from SOS reports.
Upgraded chromeos-base/vm_protos to v0.0.1-r513.
Upgraded dev-util/puffin to v1.0.0-r448.
Restore systemd-logind restart behavior when dbus restarts.
Upgraded net-dns/libidn2 to v2-2.3.4-r1.
Updated app-containers/runc to v1.1.9.
Upgraded sys-libs/zlib to v1.3-r1.
Upgraded net-libs/libtirpc to v1.3.4.
Upgraded dev-util/bsdiff to v4.3.1-r41.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2317.
Updated app-containers/containerd to v1.7.7.
Updated dev-lang/go to v1.21.2. This resolves CVE-2023-39323.
Upgraded chromeos-base/mojo_service_manager to v0.0.1-r265.
Upgraded sys-apps/file to v5.45-r3.
Upgraded dev-libs/double-conversion to v3.2.1.
Sequence named before nss-lookup.target.
Upgraded dev-libs/nss to v3.94.
Upgraded net-dns/c-ares to v1.20.1.
Upgraded net-fs/cifs-utils to v7.0-r1, Upgraded sys-libs/talloc to v2.4.1.
Upgraded dev-python/pygobject to v3.46.0.
Runtime sysctl changes:
- Added: net.ipv4.tcp_shrink_window: 0
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
Upgraded sys-apps/pv to v1.8.0.
Add compiler mitigations to mitigate memory corruption vulnerabilities.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r566.
Upgraded net-misc/curl to version v8.4.0. This resolves CVE-2023-38545.
October 11, 2023
cos-dev-113-17965-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.55 | v24.0.5 | v1.7.6 | v535.104.05(default, latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Upgraded dev-util/gn to v2121.
Fixed CVE-2023-38039 in net-misc/curl.
Upgraded app-containers/containerd to v1.7.6.
Fixed CVE-2023-5197 in the Linux kernel.
Upgraded chromeos-base/shill-client to v0.0.1-r4030.
Fixed CVE-2023-42756 in COS kernel.
Upgraded chromeos-base/debugd-client to v0.0.1-r2559.
Upgraded chromeos-base/google-breakpad to v2023.06.01.191934-r222.
Upgraded cos-gpu-installer to v2.1.9.
Fixed CVE-2023-4911 in sys-libs/glibc.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2649.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r561.
Fixed CVE-2023-5345 in COS kernel.
October 03, 2023
cos-dev-113-17935-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.55 | v24.0.5 | v1.7.3 | v535.104.05(default),v470.199.02(R470) |
Fixed CVE-2023-42753 in the Linux kernel.
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2787.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r554.
September 26, 2023
cos-dev-113-17927-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.52 | v24.0.5 | v1.7.3 | v535.104.05(default, latest),v470.199.02(R470 for K80 compatibility) |
Fixed CVE-2023-4921 in the Linux Kernel.
Fixed CVE-2023-32636, CVE-2023-29499, CVE-2023-32643, CVE-2023-32665, CVE-2023-32611 in glib and glib-utils.
Fixed CVE-2023-40217 in the dev-lang/python package.
Updated dev-lang/go to 1.21.1. This fixes CVE-2023-39318 CVE-2023-39319, CVE-2023-39320, CVE-2023-39321, and CVE-2023-39322.
September 18, 2023
cos-dev-113-17908-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.52 | v24.0.5 | v1.7.3 | v535.104.05(default),v470.199.02(R470) |
Updated dev-embedded/libftdi to v1.5-r5.
Upgraded app-misc/jq to v1.7.
Fixed CVE-2023-4623 in the linux kernel.
Upgraded sys-process/procps to v4.0.4.
Fixed an issue where symlinks could not be moved.
Updated dev-libs/nss to v3.79.4.
Fixed an issue with NFS reconnects on GKE.
Fixed an issue where IPv6 networking would fail under high CPU load.
Updated cos-gpu-installer to v2.1.8.
Upgraded sys-apps/coreutils to v9.4.
Upgraded app-misc/ca-certificates to v20230311.3.93.
September 11, 2023
cos-dev-113-17877-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.51 | v24.0.5 | v1.7.3 | v535.104.05(default),v470.199.02(R470) |
Updated the Linux kernel to v6.1.51.
Updated latest GPU driver to v535.104.05.
September 07, 2023
cos-dev-113-17872-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.49 | v24.0.5 | v1.7.3 | v535.54.03(default),v470.199.02(R470) |
Upgraded app-arch/pigz to v2.8.
Upgraded app-editors/vim to v9.0.1777. Upgraded app-editors/vim-core to v9.0.1777.
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Updated dev-lang/go to v1.21.0.
Runtime sysctl changes:
- Added: kernel.io_uring_disabled: 0
- Changed: fs.file-max: 812619 -> 812608
- Changed: kernel.threads-max: 63519 -> 63520
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
- Changed: user.max_cgroup_namespaces: 31759 -> 31760
- Changed: user.max_ipc_namespaces: 31759 -> 31760
- Changed: user.max_mnt_namespaces: 31759 -> 31760
- Changed: user.max_net_namespaces: 31759 -> 31760
- Changed: user.max_pid_namespaces: 31759 -> 31760
- Changed: user.max_time_namespaces: 31759 -> 31760
- Changed: user.max_user_namespaces: 31759 -> 31760
- Changed: user.max_uts_namespaces: 31759 -> 31760
Fixed CVE-2023-4016 in sys-process/procps.
Upgraded app-misc/jq to v1.7_rc2.
Updated dev-go/go-tools to v0.11.1_p20230712.
Fixed an issue in ip6tables where the -C option did not
work correctly.
Enabled persistence mode with Nvidia GPU driver installation.
The get_metadata_value script will now retry if it experiences a connection error.
Upgraded sys-apps/less to v643.
Updated the Linux kernel to v6.1.49.
August 21, 2023
cos-dev-113-17833-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.43 | v24.0.5 | v1.7.3 | v535.54.03(default),v470.199.02(R470) |
Upgraded net-libs/gnutls to v3.8.1-r1.
Updated dev-go/yaml to v3.0.1. This resolves CVE-2022-28948.
Fixed CVE-2023-4194 in the Linux kernel.
Updated app-containers/docker-cli to 24.0.5.
Upgraded app-editors/vim and app-editors/vim-core to v9.0.1678.
Updated app-containers/docker to 24.0.5.
Updated dev-libs/openssl to v3.0.10. This resolves CVE-2023-3817.
Update cos-gpu-installer to v2.1.4. This fixes a permissions issue in the GPU driver install directory with OSS drivers.
Upgraded app-arch/xz-utils to v5.4.4.
Upgraded app-misc/jq to v1.7_rc1.
August 14, 2023
cos-dev-113-17819-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.43 | v24.0.4 | v1.7.3 | v535.54.03(default),v470.199.02(R470) |
Updated the Linux kernel to v6.1.43.
Updated app-emulation/kubernetes to v1.27.4.
Updated app-emulation/cloud-init to v23.2.2.
Upgraded sys-apps/pv to v1.7.24.
Updated app-containers/containerd to v1.7.3.
August 07, 2023
cos-dev-113-17811-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.42 | v24.0.4 | v1.7.2 | v535.54.03(default),v470.199.02(R470) |
Updated sys-apps/systemd to v253.7.
Upgraded sys-apps/file to v5.45-r1.
Updated google-guest-agent to v20230726.00.
Upgraded net-fs/cifs-utils to v7.0.
Updated the Linux kernel to v6.1.42.
Added support for user.* xattr on tmpfs.
Upgraded net-misc/curl to v8.2.1.
Upgraded sys-process/lsof to v4.98.0-r1.
Upgraded app-admin/sudo to v1.9.14_p3.
Upgraded app-editors/vim to v9.0.1627, Upgraded app-editors/vim-core to v9.0.1627.
Simplified GPU driver installation by remounting driver installation path as executable from cos-extensions.
Fixed CVE-2022-40896 in pygments.
Upgraded sys-apps/pv to v1.7.0.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r2.
Upgraded app-arch/tar to v1.35.
Upgraded sys-process/procps to v3.3.17-r2.
Updated app-emulation/cloud-init to v23.2.1.
Updated GPU drivers to 535.54.03 (R535 LTSB NVIDIA branch).
Update cos-gpu-installer to v2.1.2. Switched precompiled driver and signature location to COS build artifacts for M109.
Upgraded app-misc/jq to v1.7_pre20230210.
Upgraded sys-apps/less to v633-r2.
August 01, 2023
cos-dev-109-17788-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.41 | v24.0.4 | v1.7.2 | v470.199.02(default),v525.125.06 |
Updated cos-gpu-installer and simplified GPU driver installation by remounting driver installation path as executable from cos-extensions.
Updated app-containers/docker to 24.0.4.
Updated app-containers/docker-cli to v24.0.4.
Updated app-containers/nvidia-container-toolkit to v1.13.5.
Updated toolbox to v20230714.
Enabled vrf, ip_gre, and ip6_gre modules.
Updated cos-gpu-installer to v2.1.1.
Enabled support for MGLRU in the Linux kernel.
Updated the Linux kernel to v6.1.40.
July 18, 2023
cos-dev-109-17758-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.38 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Enabled TDX Guest support in the Linux Kernel.
Updated app-emulation/kubernetes to v1.27.3.
Updated oslogin to v20230531.00.
Updated default GPU driver to v470.199.02 and latest GPU driver to v525.125.06. This resolves CVE-2023-25515 and CVE-2023-25516.
Updated google-osconfig-agent to v20230706.02.
Runtime sysctl changes:
- Changed: fs.file-max: 812620 -> 812619
Updated docker-credential-gcr to v2.1.10.
July 13, 2023
cos-dev-109-17749-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.38 | v23.0.3 | v1.7.2 | v470.182.03(default),v525.105.17 |
Updated the Linux kernel to v6.1.38.
Updated google-guest-agent to v20230628.00.
Upgraded localtoast from v1.1.5.1 to v1.1.6.
July 05, 2023
cos-dev-109-17727-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.35 | v23.0.3 | v1.7.2 | v470.182.03(default),v525.105.17 |
Upgraded sys-apps/coreutils to v9.3.
Upgraded sys-fs/e2fsprogs to v1.47.0-r2.
Upgraded sys-apps/less to v633-r1.
June 26, 2023
cos-dev-109-17722-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.35 | v23.0.3 | v1.7.2 | v470.182.03(default),v525.105.17 |
Updated toolbox to v20230615.
Updated dev-lang/go to v1.20.5. This fixes CVE-2023-29403, CVE-2023-29404, CVE-2023-29402 and CVE-2023-29405.
Upgraded net-misc/curl to v8.1.2.
Upgraded app-misc/ca-certificates to v20230311.3.90.
Updated sosreport to v4.5.4.
Upgraded app-misc/mime-types to v2.1.54.
Disabled CONFIG_DEBUG_CREDENTIALS in the kernel due to its performance impact on some container workloads.
Updated google-guest-configs to v20230526.00.
Updated open-vm-tools to v12.2.5 to fix CVE-2023-20867.
June 12, 2023
cos-dev-109-17691-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.33 | v23.0.3 | v1.7.2 | v470.182.03(default),v525.105.17 |
Fixed CVE-2023-24329 in dev-lang/python.
Updated app-emulation/kubernetes to 1.27.1.
Updated net-misc/curl to v8.1.0-r1.
Updated sosreport to v4.5.3.
Fixed ncurses upgrade to 6.4p20220423. This resolves CVE-2023-29491.
Updated app-containers/runc to 1.1.7.
Rollback pciutils from 3.10.0 back to 3.7.0.
Updated containerd to 1.7.2.
Updated sys-apps/diffutils to v3.10.
Enabled KVM-based nested virtualization for the x86 architecture.
Updated dev-libs/openssl to v3.0.9. This resolves CVE-2023-2650.
Updated net-dns/c-ares to v1.19.1.
Updated dev-lang/go to 1.20.4. This fixes CVE-2023-24539 CVE-2023-24540, and CVE-2023-29400.
May 22, 2023
cos-dev-109-17637-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.29 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated app-emulation/cloud-init to 23.1.2.
Added noexec, nodev, nosuid to /etc/resolv.conf bind mount. It fixes EPERM errors when running a pod in UserNS in COS.
Added rt-tests package.
Upgraded net-misc/wget to v1.21.4
Upgraded sys-apps/grep to v3.11.
Runtime sysctl changes:
- Added: fs.overflowgid: 65534
- Added: fs.overflowuid: 65534
Updated the Linux kernel to v6.1.29.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
Upgraded sys-libs/libcap to v2.69.
Fixed CVE-2023-1255 in the dev-libs/openssl package.
Upgraded sys-apps/coreutils to v9.3-r1.
Upgraded sys-apps/ethtool to v6.3.
May 15, 2023
cos-dev-109-17622-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.27 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Upgraded app-admin/sudo to v1.9.13_p3-r1.
Upgraded app-arch/xz-utils to v5.4.3.
Upgraded sys-apps/pciutils to v3.10.0.
Upgraded sys-apps/acl to v2.3.1-r2.
Upgraded app-misc/ca-certificates to v20230311.3.89.1.
Upgraded sys-apps/less to v633.
May 09, 2023
cos-dev-109-17611-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.27 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Add MAX_SKB_FRAGS configuration in the Linux kernel
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
Added kernel support for nftables.
May 01, 2023
cos-dev-109-17602-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.26 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Increase /dev/stateful wait timeout with protected stateful partition.
Updated iproute2 to v6.2.0.
Updated the Linux kernel to v6.1.26.
Updated docker to v23.0.3.
Updated sys-apps/systemd to v253.3.
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
April 25, 2023
cos-dev-109-17591-0-0
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.25 | v23.0.0 | v1.7.0 | v470.182.03(default),v525.105.17 |
Upgraded net-libs/libnetfilter_conntrack to v1.0.9-r1.
Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.
Upgraded sys-fs/lvm2 to v2-2.03.20.
Updated containerd to v1.7.0.
Added Restart=always to chronyd config.
Upgraded sys-apps/coreutils to v9.3.
Upgraded sys-fs/e2fsprogs to v2fsprogs-1.47.0-r1.
Updated dev-lang/go to v1.20.3. This resolves CVE-2023-24536, CVE-2023-24537, CVE-2023-24538.
Updated app-admin/google-osconfig-agent to 20230403.00.
Updated the Linux kernel to v6.1.25.
Upgraded net-firewall/iptables to v1.8.9.
Upgrade app-misc/jq to v1.7_pre20201109-r1
cos-dev-109-17570-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 17, 2023 | COS-6.1.23 | v23.0.0 | v1.7.0-beta.1 | v470.182.03(default),v525.105.17 |
Updated google-guest-agent to v20230330.00.
Enabled the kernel configs CONFIG_AMD_IOMMU and CONFIG_AMD_IOMMU_V2.
Upgraded sys-apps/dmidecode to v3.5-r2.
Fixed CVE-2023-25809 in app-containers/runc.
Fixed CVE-2023-0465, CVE-2023-0466 in dev-libs/openssl.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1810387 -> 1809920
- Changed: fs.fanotify.max_user_marks: 67593 -> 67577
- Changed: fs.file-max: 812825 -> 812620
- Changed: fs.inotify.max_user_watches: 63472 -> 63456
- Changed: kernel.threads-max: 63535 -> 63519
- Changed: net.ipv4.tcp_mem: 94116 125488 188232 -> 94092 125456 188184
- Changed: net.ipv4.udp_mem: 188232 250976 376464 -> 188184 250912 376368
- Changed: user.max_cgroup_namespaces: 31767 -> 31759
- Changed: user.max_fanotify_marks: 67593 -> 67577
- Changed: user.max_inotify_watches: 63472 -> 63456
- Changed: user.max_ipc_namespaces: 31767 -> 31759
- Changed: user.max_mnt_namespaces: 31767 -> 31759
- Changed: user.max_net_namespaces: 31767 -> 31759
- Changed: user.max_pid_namespaces: 31767 -> 31759
- Changed: user.max_time_namespaces: 31767 -> 31759
- Changed: user.max_user_namespaces: 31767 -> 31759
- Changed: user.max_uts_namespaces: 31767 -> 31759
cos-dev-109-17561-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 10, 2023 | COS-6.1.23 | v23.0.0 | v1.7.0-beta.1 | v470.182.03(default),v525.105.17 |
Updated the Linux kernel to v6.1.23.
Fixed an issue where pstore is not cleaned at boot time if COS metrics are disabled.
Upgraded sys-libs/libcap to v2.68.
Upgraded app-admin/sudo to v1.9.13_p3.
Upgraded net-misc/wget to v1.21.3-r1.
Upgraded app-arch/xz-utils to v5.4.2.
Upgraded net-misc/curl to v8.0.1.
Upgraded app-misc/ca-certificates to v20230311.3.89.
Upgraded sys-apps/file to v5.44-r3.
Upgraded sys-fs/xfsprogs to v6.2.0.
Upgraded virtual/editor to v0-r5.
Upgraded net-libs/libnfnetlink to v1.0.2.
Upgraded net-misc/rsync to v3.2.7-r2.
Upgraded sys-process/lsof to v4.98.0.
Upgraded sys-libs/libcap-ng to v0.8.3.
Upgraded sys-apps/dmidecode to v3.5-r1.
Upgraded sys-apps/grep to v3.10.
Upgraded sys-libs/timezone-data to v2023c.
Update default driver to 470.182.03. This resolves: CVE
CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185,
CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188,
CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Also update latest driver to 525.105.17. This resolves CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187,
CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190,
CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Updated to pick up CVE-2023-0394 patch for ipv6 raw.
Updated to pick up CVE-2023-0386 and CVE-2023-1281 patches for net-sched in the kernel.
Updated to pick up CVE-2023-0179 patch for netfilter in kernel.
Fixed CVE-2023-0464 in dev-libs/openssl.
Runtime sysctl changes:
- Changed: net.core.bpf_jit_limit: 264241152 -> 528482304
- Changed: vm.mmap_rnd_bits: 32 -> 31
cos-dev-109-17549-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 03, 2023 | COS-6.1.21 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Updated the gvnic driver in the Linux kernel.
Updated the Linux kernel to v6.1.21.
Added support for L4 GPU in cos-gpu-installer and fixed cached driver installation for prebuilt driver modules.
Enabled INET_DIAG_DESTROY kernel configuration.
Fixed CVE-2023-27561 in runc.
cos-dev-109-17536-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 27, 2023 | COS-6.1.20 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Updated the Linux kernel to v6.1.20.
Updated dev-lang/go to v1.20.2. This resolves CVE-2023-24532.
Upgraded net-misc/openssh package to v9.3. This resolves CVE-2023-28531 in net-misc/openssh.
cos-dev-109-17523-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 16, 2023 | COS-6.1.19 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Updated cos-gpu-installer to v2.0.32.
Allowed preloading GPU driver dependencies through cos-extensions for dev-channel images.
Updated google-guest-agent to v20230207.00.
Updated dev-go/go-tools to 070db2996ebe3aa00667288f8e5749e867deeb39.
Upgraded sys-libs/libcap to v2.67.
Upgraded sys-fs/xfsprogs to v6.1.1.
Upgraded sys-fs/e2fsprogs to e2fsprogs-1.47.0.
Upgraded sys-apps/net-tools to v2.10.
Upgraded sys-apps/kexec-tools to v2.0.24.
Upgraded sys-apps/grep to v3.9.
Upgraded sys-apps/gentoo-functions to v0.19.
Upgraded sys-apps/ethtool to v6.2.
Upgraded sys-apps/dmidecode to v3.4.
Upgraded sys-apps/diffutils to v3.9-r1.
Upgraded sys-apps/attr to v2.5.1-r2.
Upgraded sys-apps/acl to v2.3.1-r1.
Upgraded net-nds/rpcbind to v1.2.6.
Upgraded net-misc/curl to v7.88.1-r1. This resolves CVE-2022-43552.
Upgraded net-misc/bridge-utils to v1.7.1-r1.
Upgraded net-libs/libnetfilter_queue to v1.0.5.
Upgraded net-libs/libnetfilter_cttimeout to v1.0.1.
Upgraded net-libs/libnetfilter_cthelper to v1.0.1-r1.
Upgraded net-libs/libmnl to v1.0.5.
Upgraded net-libs/gnutls to v3.8.0.
Upgraded net-fs/autofs to v5.1.8-r1.
Upgraded net-dns/libidn2 to v2-2.3.4.
Upgraded net-dns/c-ares to v1.19.0.
Upgraded net-analyzer/netcat to v110.20180111-r2.
Upgraded dev-libs/userspace-rcu to v0.13.2.
Upgraded dev-libs/re2 to v2-0.2022.12.01.
Upgraded dev-libs/popt to v1.19.
Upgraded dev-libs/libzip to v1.9.2.
Upgraded dev-libs/nettle to v3.8.1.
Upgraded dev-libs/nspr to v4.35-r1.
Upgraded dev-libs/libyaml to v0.2.5.
Upgraded dev-libs/libverto to v0.3.2.
Upgraded dev-libs/libpcre2 to v2-10.42-r1.
Upgraded dev-libs/libpcre to v8.45-r1.
Upgraded dev-libs/libgpg-error to v1.46-r1.
Upgraded dev-libs/libgcrypt to v1.10.1-r3.
Upgraded dev-libs/libevent to v2.1.12-r1.
Upgraded dev-libs/gmp to v6.2.1-r5.
Upgraded dev-libs/expat to v2.5.0.
Upgraded dev-libs/elfutils to v0.189.
Upgraded dev-libs/dbus-glib to v0.112.
Upgraded dev-libs/confuse to v3.3 and fixed CVE-2022-40320.
Upgraded dev-db/sqlite to v3.41.0.
Upgraded app-shells/dash to v0.5.12.
Upgraded app-arch/xz-utils to v5.4.1.
Upgraded app-arch/pigz to v2.7-r1.
Upgraded app-admin/logrotate to v3.21.0.
Updated the Linux kernel to v6.1.19.
Made toolbox compatible with AR and GCR.
Use the Fluent-bit logging agent when the google-logging-use-fluentbit metadata key is true and logging is enabled.
Fixed containers losing access to GPUs with error "Failed to initialize NVML: Unknown error".
Updated dev-go/go-sys to v0.5.0.
Upgraded bind-tools to v9.16.37.
Updated open-iscsi to v2.1.8 to fix CVE-2020-17437.
Updated app-containers/containerd to v1.7.0-beta.1.
Upgraded dev-python/cryptography to v39.0.1. This solves CVE-2023-23931.
Updated dev-libs/openssl to v3.0.8.
Updated dev-lang/go to v1.20.1. Updated dev-go/net to v0.7.0. This resolves CVE-2022-41723 and CVE-2022-41725.
Fixes CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, and CVE-2022-45061 in dev-lang/python.
Updated app-editors/vim,app-editors/vim-core to v9.0.1403. This resolves CVE-2023-0512, CVE-2023-1127, CVE-2023-1175, CVE-2023-1170, CVE-2023-1355 and CVE-2023-1264.
Fixed CVE-2022-48303 in app-arch/tar.
Updated net-misc/openssh to v9.2. This resolves CVE-2023-25136.
Fixed CVE-2022-2928 and CVE-2022-2929 in net-misc/dhcp.
Fixed CVE-2022-46663 in sys-apps/less.
Fixed CVE-2021-4122 in sys-fs/cryptsetup. Upgraded sys-fs/cryptsetup from 2.3.4 to 2.4.3.
Updated net-fs/cifs-utils to v6.15. This fixes CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239.
Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.
Updated binutils-libs to v2.40. This fixes CVE-2022-4285.
Runtime sysctl changes:
- Added: kernel.apparmor_display_secid_mode: 0
- Added: kernel.arch: x86_64
- Added: kernel.split_lock_mitigate: 1
- Added: net.core.skb_defer_max: 64
- Added: net.core.txrehash: 1
- Added: net.ipv4.conf.all.arp_evict_nocarrier: 1
- Added: net.ipv4.conf.default.arp_evict_nocarrier: 1
- Added: net.ipv4.conf.docker0.arp_evict_nocarrier: 1
- Added: net.ipv4.conf.eth0.arp_evict_nocarrier: 1
- Added: net.ipv4.conf.lo.arp_evict_nocarrier: 1
- Added: net.ipv4.neigh.default.interval_probe_time_ms: 5000
- Added: net.ipv4.neigh.docker0.interval_probe_time_ms: 5000
- Added: net.ipv4.neigh.eth0.interval_probe_time_ms: 5000
- Added: net.ipv4.neigh.lo.interval_probe_time_ms: 5000
- Added: net.ipv4.tcp_child_ehash_entries: 0
- Added: net.ipv4.tcp_ehash_entries: 65536
- Added: net.ipv4.tcp_tso_rtt_log: 9
- Added: net.ipv6.conf.all.accept_untracked_na: 0
- Added: net.ipv6.conf.all.ndisc_evict_nocarrier: 1
- Added: net.ipv6.conf.default.accept_untracked_na: 0
- Added: net.ipv6.conf.default.ndisc_evict_nocarrier: 1
- Added: net.ipv6.conf.docker0.accept_untracked_na: 0
- Added: net.ipv6.conf.docker0.ndisc_evict_nocarrier: 1
- Added: net.ipv6.conf.eth0.accept_untracked_na: 0
- Added: net.ipv6.conf.eth0.ndisc_evict_nocarrier: 1
- Added: net.ipv6.conf.lo.accept_untracked_na: 0
- Added: net.ipv6.conf.lo.ndisc_evict_nocarrier: 1
- Added: net.ipv6.neigh.default.interval_probe_time_ms: 5000
- Added: net.ipv6.neigh.docker0.interval_probe_time_ms: 5000
- Added: net.ipv6.neigh.eth0.interval_probe_time_ms: 5000
- Added: net.ipv6.neigh.lo.interval_probe_time_ms: 5000
- Added: vm.hugetlb_optimize_vmemmap: 0
- Changed: fs.epoll.max_user_watches: 1810832 -> 1810387
- Changed: fs.fanotify.max_user_marks: 67610 -> 67593
- Changed: fs.file-max: 813043 -> 812825
- Changed: fs.inotify.max_user_watches: 63488 -> 63472
- Changed: kernel.threads-max: 63551 -> 63535
- Changed: net.ipv4.tcp_challenge_ack_limit: 1000 -> 2147483647
- Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94116 125488 188232
- Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188232 250976 376464
- Changed: net.netfilter.nf_conntrack_events: 1 -> 2
- Changed: user.max_cgroup_namespaces: 31775 -> 31767
- Changed: user.max_fanotify_marks: 67610 -> 67593
- Changed: user.max_inotify_watches: 63488 -> 63472
- Changed: user.max_ipc_namespaces: 31775 -> 31767
- Changed: user.max_mnt_namespaces: 31775 -> 31767
- Changed: user.max_net_namespaces: 31775 -> 31767
- Changed: user.max_pid_namespaces: 31775 -> 31767
- Changed: user.max_time_namespaces: 31775 -> 31767
- Changed: user.max_user_namespaces: 31775 -> 31767
- Changed: user.max_uts_namespaces: 31775 -> 31767
- Deleted: fs.overflowgid: 65534
- Deleted: fs.overflowuid: 65534
- Deleted: net.ipv4.tcp_rx_skb_cache: 0
- Deleted: net.ipv4.tcp_tx_skb_cache: 0
- Deleted: net.netfilter.nf_conntrack_helper: 0
- Deleted: net.netfilter.nf_log.11: NONE
- Deleted: net.netfilter.nf_log.12: NONE
cos-dev-109-17432-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Feb 14, 2023 | COS-5.15.92 | v23.0.0 | v1.6.15 | v470.161.03(default),v525.60.13 |
Removed support for Rust symbol demangling in google-breakpad.
Upgraded docker to v23.0.0.
Updated Nvidia latest drivers from v510.108.03 to v525.60.13 (OSS).
Updated sys-fs/e2fsprogs package to v1.46.6.
Updated the Linux kernel to v5.15.92.
Installed fluent-bit for stackdriver logging in x86 images. See this page for more details.
Retry starting systemd-networkd permanently in case of failure instead of default limit of 5.
Enabled fluent-bit to use customized configuration.
Updated cos-gpu-installer to v2.0.31. This adds support for gsp_tu10x.bin and gsp_ad10x.bin gsp firmware files and removes the container dependency on python2.
Updated dev-libs/openssl to v1.1.1t. This resolves CVE-2022-4450, CVE-2023-0215, CVE-2022-4304 and CVE-2023-0286.
Runtime sysctl changes:
- Added: kernel.oops_limit: 10000
- Added: kernel.warn_limit: 0
- Changed: net.netfilter.nf_conntrack_sctp_timeout_established: 432000 -> 210
- Deleted: net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked: 210
cos-dev-105-17400-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jan 31, 2023 | COS-5.15.90 | v20.10.12 | v1.6.15 | v470.161.03(default),v510.108.03 |
Updated Python to version 3.8.
Updated cloud-init to v22.4.
Upgraded nfs-utils to v2.6.2.
Updated containerd to v1.6.15.
Updated built-in kubelet/kubectl to v1.25.5.
Upgraded localtoast from 1.1.4.3 to 1.1.5.1.
Updated sosreport to v4.4.
Updated dev-python/pexpect to v4.8.0.
Upgraded pam to v1.5.2.
Upgraded a number of packages:
Updated the Linux kernel to v5.15.90.
Removed the mosys package.
Move standalone kubelet runtime to containerd.
Add cni-plugins by default.
Move containerd default cgroup to systemd.
Fixed CVE-2023-0054 in vim.
Fixed CVE-2022-40897 in dev-python/setuptools.
Fixed CVE-2022-3715 in bash.
Runtime sysctl changes:
- Changed: vm.mmap_rnd_bits: 28 -> 32
cos-dev-105-17353-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jan 09, 2023 | COS-5.15.86 | v20.10.12 | v1.6.12 | v470.161.03(default),v510.108.03 |
Updated sys-apps/apparmor to v3.1.2.
Updated dev-lang/go to v1.19.4.
Updated the Linux kernel to v5.15.86.
Fixed no CNI info for pod sandbox on restart in app-emulation/containerd.
Updated libseccomp to v2.5.4.
Updated app-emulation/containerd to v1.6.12 which fixes CVE-2022-23471.
Upgraded vim to v9.0.1000. This fixes CVE-2022-4292.
Updated lxml to v4.6.5. This fixes CVE-2021-43818.
cos-dev-105-17328-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Dec 12, 2022 | COS-5.15.81 | v20.10.12 | v1.6.9 | v470.161.03(default),v510.108.03 |
Upgraded openssh package to v9.1_p1.
Updated the Linux kernel to v5.15.81.
Updated Nvidia default drivers to 470.161.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264 and latest to 510.108.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255,CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260,CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264.
Updated dev-go/text to v0.3.8. This fixes CVE-2022-32149.
Updated dev-libs/libxml2 to v2.10.3. This resolves CVE-2022-40304 and CVE-2022-40303.
Fixed CVE-2022-36227 in app-arch/libarchive package.
cos-dev-105-17317-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Dec 05, 2022 | COS-5.15.80 | v20.10.12 | v1.6.9 | v470.141.03(default),v510.47.03 |
Upgraded systemd to v252.1.
Updated app-emulation/cri-tools to v1.25.0.
Updated stackdriver logging agent to v1.9.9.
Updated dev-go/go-tools to v0.1.11.
Upgraded dev-lang/go to v1.19.3.
Updated the Linux kernel to v5.15.80.
Fixed CVE-2022-3821 in sys-apps/systemd.
Fixed CVE-2022-37454 in dev-lang/python.
Updated x11-libs/pixman to v0.42.2. This resolves CVE-2022-44638.
cos-dev-105-17295-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Nov 10, 2022 | COS-5.15.77 | v20.10.12 | v1.6.9 | v470.141.03(default),v510.47.03 |
Updated app-emulation/docker-credential-helpers to v0.7.0.
Set ManageForeignRoutes and ManageForeignRoutingPolicyRules to `no` to avoid systemd deleting foreign routes and foreign routing policy rules during startup.
Updated cos-gpu-installer to v2.0.29. This addresses CVE-2022-3602 in cos-gpu-installer.
Fixed CVE-2022-3543 in the Linux kernel.
cos-dev-105-17287-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Nov 07, 2022 | COS-5.15.77 | v20.10.12 | v1.6.9 | v470.141.03(default),v510.47.03 |
Updated sys-apps/shadow to v4.12.3.
Updated sys-apps/makedumpfile to v1.7.2.
Updated app-emulation/runc to v1.1.4.
Updated grub2 to Fedora-38.
Updated containerd to v1.6.9.
Updated cos-gpu-installer to v2.0.28. The new installer installs NVIDIA GSP firmware if it is available.
Updated lvm2 to v2.03.14.
Updated the Linux kernel to v5.15.77.
Removed Network Time Security support in Chrony.
Removed Python 2 from the image.
Updated sys-boot/shim to v15.6.
Fixed an issue where sudo -i is not working correctly.
Fixed CVE-2022-40768, CVE-2022-43750 and CVE-2022-3543 in the Linux kernel.
Updated app-editors/vim and app-editors/vim-core to v9.0.0828. This resolves CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352 and CVE-2022-3705.
Fixed CVE-2022-42915 in curl.
Fixed CVE-2021-46848 in libtasn1.
cos-dev-105-17251-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Oct 17, 2022 | COS-5.15.73 | v20.10.12 | v1.6.8 | v470.141.03(default),v510.47.03 |
Updated the Linux kernel to v5.15.73.
Fixed an issue related to IP leakage in containerd.
Updated net-misc/curl package to 7.85.0-r2. This resolves CVE-2022-35252.
Updating app-arch/libarchive to v3.6.1. This resolves CVE-2022-26280.
cos-dev-105-17234-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Oct 03, 2022 | COS-5.15.71 | v20.10.12 | v1.6.8 | v470.141.03(default),v510.47.03 |
Updated the Linux kernel to v5.15.71.
Updated vim to v9.0.0467. This resolves CVE-2022-3153, CVE-2022-3134, CVE-2022-3099, CVE-2022-3037, CVE-2022-3016, CVE-2022-2982, CVE-2022-2980, CVE-2022-2946, CVE-2022-2923, CVE-2022-2889, CVE-2022-2874, CVE-2022-2862, CVE-2022-2849, CVE-2022-2845, CVE-2022-2819, CVE-2022-2817, CVE-2022-2816, CVE-2022-2598, CVE-2022-2581, CVE-2022-2580, and CVE-2022-2571.
Updated vim-core to v9.0.0467. This resolves CVE-2022-3153, CVE-2022-3134, CVE-2022-3099, CVE-2022-3037, CVE-2022-3016, CVE-2022-2982, CVE-2022-2980, CVE-2022-2946, CVE-2022-2923, CVE-2022-2889, CVE-2022-2874, CVE-2022-2862,CVE-2022-2849, CVE-2022-2845, CVE-2022-2819, CVE-2022-2817, CVE-2022-2816, CVE-2022-2598, CVE-2022-2581, CVE-2022-2580, and CVE-2022-2571.
cos-dev-105-17228-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Sep 26, 2022 | COS-5.15.69 | v20.10.12 | v1.6.8 | v470.141.03(default),v510.47.03 |
Updated the Linux kernel to v5.15.69.
cos-dev-105-17222-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Sep 19, 2022 | COS-5.15.68 | v20.10.12 | v1.6.8 | v470.141.03(default),v510.47.03 |
Updated google-guest-agent to v20220614.00.
Updated the Linux kernel to v5.15.68.
Added kernel flag to protect stateful partition with AEAD.
Updated cos-gpu-installer to v2.0.27. This resolves the issue where multiple installers can be started in the same VM.
Updated app-arch/gzip to v1.12. This resolves CVE-2022-1271.
cos-dev-105-17215-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Sep 12, 2022 | COS-5.15.65 | v20.10.12 | v1.6.8 | v470.141.03(default),v510.47.03 |
Upgraded the GPU driver version in the "latest" track to v510.47.03.
Updated the Linux kernel to v5.15.65.
Updated cos-gpu-installer to v2.0.26. This resolves the compatibility issue with K80 GPU devices. When an incompatible driver version (R510+) is chosen in an instance with K80 GPU, the installer will automatically fall back to an available R470 driver version.
Upgraded Google OS Config Agent(aka VMManager) to v20220801.00.
Fixed a scenario of high contention state of the system in case filesystem is almost full and processes is trying to write content.
Fixed memory leak in the seccomp subsystem.
Updated gnutls to v3.7.7 fixing CVE-2022-2509.
Upgraded libtirpc to v1.3.3 fixing CVE-2021-46828.
cos-dev-105-17205-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Sep 06, 2022 | COS-5.15.64 | v20.10.12 | v1.6.8 | v470.141.03(default) |
Fixed kdump on NVME disks.
Updated the Linux kernel to v5.15.64.
Added support for cryptsetup using AEAD.
Updated open-vm-tools package to version 12.1.0 to fix CVE-2022-31676.
Updated gnutls to v3.7.6. This resolves CVE-2021-4209.
cos-dev-105-17196-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 29, 2022 | COS-5.15.62 | v20.10.12 | v1.6.8 | v470.141.03(default) |
Updated the built-in kubectl/kubelet to 1.23.10.
Updated the Linux kernel to v5.15.62.
Fixed issues in cos-gpu-installer where nvidia-peermem.ko was not installed and where driver signatures were included in the cached build tools.
Fixed CVE-2022-1158 in Linux Kernel.
cos-dev-105-17189-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 22, 2022 | COS-5.15.60 | v20.10.12 | v1.6.8 | v470.141.03(default) |
Updated containerd to v1.6.8.
Updated the Linux kernel to v5.15.60.
Opting out of a CIS Benchmark now prevents scripts from adjusting your instance.
Updated net-misc/rsync to v3.2.5 and fixed CVE-2022-29154.
Updated dev-db/sqlite to v3.39.2 to fix CVE-2022-35737.
cos-dev-105-17181-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 15, 2022 | COS-5.15.59 | v20.10.12 | v1.6.6 | v470.141.03(default) |
Updated the Linux kernel to v5.15.59.
Removed stackdriver-correct-container benchmark for cis-level2 compliance.
Enable IOMMU_SUPPORT and IRQ_REMAP kernel configurations.
Updated app-editors/vim and app-editors/vim-core to 9.0.0099. This resolves CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2288,CVE-2022-2289,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1811300 -> 1810832
- Changed: fs.fanotify.max_user_marks: 67627 -> 67610
- Changed: fs.file-max: 813249 -> 813043
- Changed: fs.inotify.max_user_watches: 63503 -> 63488
- Changed: kernel.threads-max: 63567 -> 63551
- Changed: net.ipv4.tcp_mem: 94164 125552 188328 -> 94140 125520 188280
- Changed: net.ipv4.udp_mem: 188328 251105 376656 -> 188280 251041 376560
- Changed: user.max_cgroup_namespaces: 31783 -> 31775
- Changed: user.max_fanotify_marks: 67627 -> 67610
- Changed: user.max_inotify_watches: 63503 -> 63488
- Changed: user.max_ipc_namespaces: 31783 -> 31775
- Changed: user.max_mnt_namespaces: 31783 -> 31775
- Changed: user.max_net_namespaces: 31783 -> 31775
- Changed: user.max_pid_namespaces: 31783 -> 31775
- Changed: user.max_time_namespaces: 31783 -> 31775
- Changed: user.max_user_namespaces: 31783 -> 31775
- Changed: user.max_uts_namespaces: 31783 -> 31775
cos-dev-105-17174-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 08, 2022 | COS-5.15.58 | v20.10.12 | v1.6.6 | v470.141.03(default) |
Updated the Linux kernel to v5.15.58.
Updated default and latest Nvidia drivers to v470.141.03.
cos-dev-105-17169-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 01, 2022 | COS-5.15.57 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Enabled FANOTIFY_ACCESS_PERMISSIONS configuration in kernel.
Updated sosreport to v4.3.
Backported support for SEV-SNP in the Linux kernel.
Updated the Linux kernel to v5.15.57.
Added a new systemd unit logging-agent.target to group stackdriver logging agents.
Enabled CONFIG_SCHED_CORE in the kernel config.
Updated toolbox to v20220722.
Updated oslogin to v20220721.00
Fixed an issue where the "logs", "crictl", and "kdump" sosreport plugins did not work properly.
cos-dev-101-17154-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 25, 2022 | COS-5.15.56 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated the built-in kubectl/kubelet to v1.23.9.
Updated stackdriver logging agent to v1.9.8.
Updated the Linux kernel to v5.15.56.
Users created via OS Login or via manually managed SSH keys will now have UIDs and GIDs in range [65536, 2^31 - 1).
cos-dev-101-17148-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 18, 2022 | COS-5.15.54 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated the Linux kernel to v5.15.54.
Updated openssl to v1.1.1q. This resolves CVE-2022-2097.
Updated net-misc/curl to v7.84.0. This resolves CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208.
cos-dev-101-17136-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 11, 2022 | COS-5.15.52 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated the Linux kernel to v5.15.52.
Upgraded openssl to 1.1.1p to resolve CVE-2022-2068.
cos-dev-101-17134-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 06, 2022 | COS-5.15.51 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated the built-in kubelet to be compiled from source instead of using official Kubernetes releases.
Updated sys-apps/irqbalance to v1.8.0-r1.
Updated the Linux kernel to v5.15.51.
Moved the toolchain source from gs://chromiumos-sdk to gs://cos-sdk.
Upgrade ice kernel module from v1.3.2 to v1.8.8 due to incompatibility with kernel 5.15.
Add 5.15 vanilla and rt kernel in project-edgeos.
Updated toolbox to v20220630.
Fixed the bug in toolbox where long project name/container image tag can fail to run the toolbox container.
Fixed CVE-2022-29217 in dev-python/pyjwt.
Updated app-editors/vim and app-editors/vim-core to v8.2.5066. This resolves CVE-2022-2126,CVE-2022-2125,CVE-2022-2124,CVE-2022-2129,CVE-2022-1720, CVE-2022-1942,CVE-2022-1886,CVE-2022-1851,CVE-2022-1160,CVE-2022-1154, CVE-2022-1381,CVE-2022-1420,CVE-2022-1733,CVE-2022-1796,CVE-2022-1769, CVE-2022-1735,CVE-2022-1674,CVE-2022-1771,CVE-2022-1620,CVE-2022-1785, CVE-2022-1629,CVE-2022-1616,CVE-2022-1621,CVE-2022-1619,CVE-2022-1927, CVE-2022-1898.
Fixed CVE-2021-22570 in libprotobuf.
Runtime sysctl changes:
- Changed: fs.file-max: 813250 -> 813249
cos-dev-101-17109-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jun 27, 2022 | COS-5.15.47 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated default toolbox container to v20220614.
Upgraded Google OS Config Agent(aka VMManager) to v20220606.00.
Updated docker-credential-gcr to v2.1.5.
Updated cos-gpu-installer to fetch the COS toolchain from gs://cos-tools instead of gs://chromiumos-sdk.
Updated app-emulation/containerd to v1.6.6. This resolves CVE-2022-31030.
Updated net-misc/netplan to v0.104.
Upgraded sys-fs/e2tools to v0.1.0.
Upgraded sys-fs/xfsprogs to v5.18.0 and sys-fs/e2fsprogs to v1.46.5.
Updated the Linux kernel to v5.15.47.
Updated net-misc/curl to v7.83.1. This resolves CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115.
Runtime sysctl changes:
- Changed: fs.fanotify.max_user_marks: 54813 -> 67627
- Changed: fs.inotify.max_user_watches: 51557 -> 63503
- Changed: user.max_fanotify_marks: 54813 -> 67627
- Changed: user.max_inotify_watches: 51557 -> 63503
cos-dev-101-17079-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jun 03, 2022 | COS-5.15.44 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated the Linux kernel to v5.15.44.
Enabled kernel config CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS.
Updated google-guest-agent to v20220523.00.
Runtime sysctl changes:
- Changed: kernel.random.poolsize: 4096 -> 256
- Changed: kernel.random.write_wakeup_threshold: 896 -> 256
cos-dev-101-17069-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 23, 2022 | COS-5.15.41 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated runc to v1.1.2.
Updated the Linux kernel to v5.15.41.
Added TPU driver v20220117.
Fixed an issue that prevented large cloud-configs (~256KB) from working properly.
Disabled bracketed paste mode by default in readline.
Upgraded openssl to v1.1.1o. This resolves CVE-2022-1292.
Upgraded dev-libs/libxml2 to v2.9.14. This resolves CVE-2022-29824.
Upgraded dev-libs/libxslt to v1.1.35. This resolves CVE-2022-29824.
Upgraded sys-libs/ncurses to v6.3_p20220423. This resolves CVE-2022-29458.
Fixed CVE-2022-28893 in the Linux kernel.
cos-dev-101-17053-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 16, 2022 | COS-5.15.38 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated the Linux kernel to v5.15.38.
Backported upstream patch to fix the issue where systemd affects BFQ IO setup.
cos-dev-101-17047-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 09, 2022 | COS-5.15.37 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated the Linux kernel to v5.15.37.
Upgraded package sys-boot/shim to version 15.5.
cos-dev-101-17043-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 02, 2022 | COS-5.15.36 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Updated the default toolbox container to v20220429.
Upgraded docker-credential-gcr to v2.1.2.
Updated the Linux kernel to v5.15.36.
Upgraded dump-capture-kernel to 5.15.
cos-dev-101-17033-0-0
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 25, 2022 | COS-5.15.35 | v20.10.12 | v1.6.2 | v470.82.01(default) |
Added pci=clearmsi option in dump-capture-kernel command line.
Updated net-misc/chrony to v4.2.
Upgraded docker-credential-gcr to v2.1.1.
Upgraded COS to Linux kernel v5.15.
Updated app-admin/localtoast(cis_scanner) to v1.1.4.3.
Updated google-guest-configs to v20220211.00.
Updated ChromeOS base to ChromeOS version 14542.0.0.
Made CIS-Scanner show results for passing and non-passing benchmarks.
Added option to GPU driver installation script for populating and resetting toolchain cache.
Built cos-gpu-installer using debian:bookworm.
Increased number of vCPUs support from 256 to 512.
Added cgroup-driver=systemd flag to kubelet.
Upgraded contanerd to v1.6.2. This resolves CVE-2022-24769.
Upgraded open-vm-tools package to v12.0.0_p19345655. This resolves CVE-2022-22943.
Upgraded openssl package to v1.1.1n. This resolves CVE-2022-0778.
Upgraded dev-libs/libxml2 to v2.9.13. This resolves CVE-2022-23308.
Updated app-editors/vim and app-editors/vim-core to v8.2.4586. This resoloves CVE-2022-0714, CVE-2022-0696, CVE-2022-0685, CVE-2022-0729, CVE-2022-0572 and CVE-2022-0629.
Fixed CVE-2021-25217 in net-misc/dhcp.
Fixed CVE-2022-29581 in the Linux kernel.
Runtime sysctl changes:
- Added: fs.fanotify.max_queued_events: 16384
- Added: fs.fanotify.max_user_groups: 128
- Added: fs.fanotify.max_user_marks: 54813
- Added: kernel.max_rcu_stall_to_panic: 0
- Added: kernel.sched_schedstats: 0
- Added: kernel.task_delayacct: 0
- Added: net.core.netdev_unregister_timeout_secs: 10
- Added: net.ipv4.fib_multipath_hash_fields: 7
- Added: net.ipv4.fib_notify_on_flag_change: 0
- Added: net.ipv4.icmp_echo_enable_probe: 0
- Added: net.ipv4.tcp_migrate_req: 0
- Added: net.ipv6.conf.all.ioam6_enabled: 0
- Added: net.ipv6.conf.all.ioam6_id: 65535
- Added: net.ipv6.conf.all.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.all.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.default.ioam6_enabled: 0
- Added: net.ipv6.conf.default.ioam6_id: 65535
- Added: net.ipv6.conf.default.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.default.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.docker0.ioam6_enabled: 0
- Added: net.ipv6.conf.docker0.ioam6_id: 65535
- Added: net.ipv6.conf.docker0.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.docker0.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.eth0.ioam6_enabled: 0
- Added: net.ipv6.conf.eth0.ioam6_id: 65535
- Added: net.ipv6.conf.eth0.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.eth0.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.lo.ioam6_enabled: 0
- Added: net.ipv6.conf.lo.ioam6_id: 65535
- Added: net.ipv6.conf.lo.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.lo.ra_defrtr_metric: 1024
- Added: net.ipv6.fib_multipath_hash_fields: 7
- Added: net.ipv6.fib_notify_on_flag_change: 0
- Added: net.ipv6.ioam6_id: 16777215
- Added: net.ipv6.ioam6_id_wide: 72057594037927935
- Added: net.netfilter.nf_conntrack_tcp_ignore_invalid_rst: 0
- Added: net.netfilter.nf_hooks_lwtunnel: 0
- Added: user.max_fanotify_groups: 128
- Added: user.max_fanotify_marks: 54813
- Added: vm.percpu_pagelist_high_fraction: 0
- Changed: fs.epoll.max_user_watches: 1666560 -> 1811300
- Changed: fs.file-max: 813432 -> 813248
- Changed: fs.inotify.max_user_watches: 8192 -> 51557
- Changed: fs.xfs.speculative_cow_prealloc_lifetime: 1800 -> 300
- Changed: kernel.threads-max: 63574 -> 63567
- Changed: net.ipv4.tcp_mem: 94173 125565 188346 -> 94164 125552 188328
- Changed: net.ipv4.udp_mem: 188346 251131 376692 -> 188328 251105 376656
- Changed: net.netfilter.nf_conntrack_buckets: 65536 -> 262144
- Changed: net.netfilter.nf_conntrack_expect_max: 1024 -> 4096
- Changed: user.max_cgroup_namespaces: 31787 -> 31783
- Changed: user.max_inotify_watches: 8192 -> 51557
- Changed: user.max_ipc_namespaces: 31787 -> 31783
- Changed: user.max_mnt_namespaces: 31787 -> 31783
- Changed: user.max_net_namespaces: 31787 -> 31783
- Changed: user.max_pid_namespaces: 31787 -> 31783
- Changed: user.max_time_namespaces: 31787 -> 31783
- Changed: user.max_user_namespaces: 31787 -> 31783
- Changed: user.max_uts_namespaces: 31787 -> 31783
- Deleted: vm.block_dump: 0
- Deleted: vm.percpu_pagelist_fraction: 0
cos-dev-101-16963-0-0
| Date | Kernel | Docker | Containerd | Default GPU Driver |
| Mar 16, 2022 | COS-5.10.105 | v20.10.12 | v1.6.1 | v470.82.01 |
Updated the Linux kernel to v5.10.105.
Added get_status API in device policy manager.
Fixed a warning related to IPv4 parsing error in cloud-init.
Fixed an issue in systemd to consider primary network interface configured only after non-link-local IPv4 address is available.
Updated CIS Scanner to v1.1.4.2.
cos-dev-101-16941-0-0
| Date | Kernel | Docker | Containerd | Default GPU Driver |
| Mar 07, 2022 | COS-5.10.101 | v20.10.12 | v1.6.1 | v470.82.01 |
cos_extensions and toolbox utilities now fetch
container images from multi-region Artifact Registry.
Enabled disk_setup module in cloud-init.
Fixed CVE-2022-0847 in the Linux kernel.
Updated containerd to v1.6.1. This resolves CVE-2022-23648.
cos-dev-101-16928-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Feb 28, 2022 | COS-5.10.101 | v1.23.3 | v20.10.12 | v1.6.0 | v470.82.01 |
Fixed CVE-2021-45346 in dev-db/sqlite.
Updated app-editors/vim and app-editors/vim-core to v8.2.4328. This resolves CVE-2021-4187, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0392, CVE-2022-0368, CVE-2022-0393, CVE-2022-0361, CVE-2022-0359, CVE-2022-0413, CVE-2022-0408, CVE-2022-0407 and CVE-2022-0443.
Fixed segmentation fault in ebtables.
Updated stackdriver logging default config to support multiple time formats which fixed bug of dropped logs in some conditions.
Updated toolbox script to use nspawn share system environment variable.
Updated containerd to v1.6.0.
Updated cri-tools to v1.23.0.
Updated the Linux kernel to v5.10.101.
Added CLI to change cgroup versions.
Added CIS Scanner (app-admin/localtoast) v1.1.4.1.
Renamed cos-alphabet-compliance to cis-compliance. cis-compliance will only install scripts needed to make the VM Level 2 CIS compliant.
Added the support to export logs of the cis-level1, cis-level2 and cis-compliance-scanner systemd services via stackdriver logging.
Enabled CONFIG_BFQ_GROUP_IOSCHED kernel configuration.
Added command "cos-extensions list -- --gpu-installer" to show the default cos-gpu-installer.
Set NVMe IO timeout to 4294967295.
Fixed an issue in the Linux kernel where I/Os would sometimes fail on SEV-enabled machines due to a full swiotlb buffer.
Added xemu kernel module.
Added support for NFSv4 Kerberos authentication.
cos-dev-97-16882-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Feb 07, 2022 | COS-5.10.96 | v1.23.3 | v20.10.12 | v1.5.9 | v470.82.01 |
Updated app-admin/sosreport to v4.2.
Updated default gpu driver version to 470.82.01.
Added a workaround for configuring NTP sources through DHCP.
Upgraded runc to v1.1.0.
Updated the built-in kubectl/kubelet to 1.23.3.
Updated oslogin to v20220113.00.
Updated docker-cli to v20.10.12.
Updated docker to v20.10.12.
Updated the Linux kernel to v5.10.96.
Fixed an issue related to shim exiting during system shutdown.
Enabled XDP support.
Added dev-libs/userspace-rcu package.
Upgraded sys-fs/e2fsprogs to v1.46.4.
Upgraded sys-libs/e2fsprogs-libs to v1.46.4.
Upgraded sys-fs/xfsprogs to v5.14.2.
Auto-updates will now only occur within a single milestone. Upgrading your VMs to a new COS milestone will now require you to recreate your VMs.
Added SEV live migration support to the Linux kernel.
Fixed a bug that created excessive warning logs on missing attrs.tag from container logs.
Enabled IBLOCK and FILEIO iSCSI backing stores in the Linux kernel.
cos-dev-97-16853-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jan 31, 2022 | COS-5.10.93 | v1.22.4 | v20.10.6 | v1.5.9 | v450.119.04 |
Updated Linux Audit (sys-process/audit) to v3.0.6.
Updated sys-apps/shadow to v4.11.1.
Upgraded Google OS Config Agent(aka VMManager) to v20220107.00.
Updated the Linux kernel to v5.10.93.
Updated cos-gpu-installer-v2 to v2.0.17 in cos-extensions. Refined error message for installing latest driver. Preinstalled dependencies are now detected separately.
Changed default file permissions used by stackdriver logging agent to not be world readable.
Updated containerd to v1.5.9. This resolves CVE-2021-43816.
cos-dev-97-16843-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jan 19, 2022 | COS-5.10.92 | v1.22.4 | v20.10.6 | v1.5.8 | v450.119.04 |
Updated UEFI shim to v15.4.
Updated the makedumpfile package to v1.7.0.
Updated the stackdriver logging agent to v1.9.4.
Updated the default toolbox container to v20211027.
Upgraded app-admin/google-guest-agent to v20220104.00.
Updated the Linux kernel to v5.10.92.
Fixed an issue where IPv6 address allocation sometimes fails in systemd.
Update vim and vim-core to v8.2.3950. This resolves CVE-2021-4193, CVE-2021-4192, CVE-2021-4173, CVE-2021-4166, and CVE-2021-4136.
Fixed a privilege escalation vulnerability in fs_context in the Linux kernel. This resolves CVE-2022-0185.
Runtime sysctl changes:
- Changed: net.ipv6.conf.all.forwarding: 1 -> 0
- Changed: net.ipv6.conf.default.forwarding: 1 -> 0
- Changed: net.ipv6.conf.docker0.forwarding: 1 -> 0
- Changed: net.ipv6.conf.eth0.forwarding: 1 -> 0
- Changed: net.ipv6.conf.lo.forwarding: 1 -> 0
cos-dev-97-16832-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jan 11, 2022 | COS-5.10.90 | v1.22.4 | v20.10.6 | v1.5.8 | v450.119.04 |
Upgraded app-emulation/runc to v1.0.3. This resolves CVE-2021-43784.
Fixed CVE-2021-41190 in app-emulation/docker.
Updated vim and vim-core to v8.2.3741. This resolves CVE-2021-3973, CVE-2021-3968, CVE-2021-4069, CVE-2021-4019, CVE-2021-3984 and CVE-2021-3974.
Upgraded dev-libs/nspr to v3.42. This resolves CVE-2021-43527.
Upgraded dev-libs/nss to v3.73. This resolves CVE-2021-43527.
Upgraded app-crypt/nss to v3.73. This resolves CVE-2021-43527.
Fixed CVE-2021-4155 in the Linux kernel.
Disabled VDSO on ARM by default.
Added support for consistent device naming for NVMe disks.
Fixed access to private toolbox images hosted on GCR.
Fixed resolv.conf in toolbox.
Added Google Guest Configs.
Added lsof package.
Updated cloud-init to v21.4.
Updated netplan to v0.103.
Updated net-misc/prips to v1.2.0.
Updated google-guest-agent to v20211011.00.
Updated systemd to v249.6.
Updated the Linux kernel to v5.10.90.
Updated docker-credential-gcr to v2.1.0.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1667850 -> 1666560
- Changed: fs.file-max: 814061 -> 813432
- Changed: kernel.bootloader_type: 114 -> 6
- Changed: kernel.bootloader_version: 2 -> 38
- Changed: kernel.core_pattern: |/sbin/crash_reporter --user=%P:%s:%u:%g:%f -> |/bin/false
- Changed: kernel.core_pipe_limit: 4 -> 0
- Changed: kernel.threads-max: 63623 -> 63574
- Changed: net.ipv4.conf.all.log_martians: 0 -> 1
- Changed: net.ipv4.conf.default.log_martians: 0 -> 1
- Changed: net.ipv4.conf.docker0.log_martians: 0 -> 1
- Changed: net.ipv4.conf.eth0.log_martians: 0 -> 1
- Changed: net.ipv4.tcp_mem: 94245 125663 188490 -> 94173 125565 188346
- Changed: net.ipv4.udp_mem: 188493 251327 376986 -> 188346 251131 376692
- Changed: user.max_cgroup_namespaces: 31811 -> 31787
- Changed: user.max_ipc_namespaces: 31811 -> 31787
- Changed: user.max_mnt_namespaces: 31811 -> 31787
- Changed: user.max_net_namespaces: 31811 -> 31787
- Changed: user.max_pid_namespaces: 31811 -> 31787
- Changed: user.max_time_namespaces: 31811 -> 31787
- Changed: user.max_user_namespaces: 31811 -> 31787
- Changed: user.max_uts_namespaces: 31811 -> 31787
cos-dev-97-16778-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Dec 01, 2021 | COS-5.10.81 | v1.22.4 | v20.10.6 | v1.5.8 | v450.119.04 |
Upgraded the built-in Kubelet to v1.22.4.
Updated ChromeOS base to ChromeOS version 14283.0.0.
Updated the Linux kernel to v5.10.81.
Enabled cgroup v2.
Enabled ipv4 and ipv6 in sshd.
Updated containerd to v1.5.8. This resolves CVE-2021-41190 in containerd.
Fixed CVE-2021-35942 and CVE-2021-38604 in glibc.
Updated openssl to 1.1.1l. This resolves CVE-2021-3711 and CVE-2021-3712.
Fixed CVE-2020-12403 in nss.
Fixed CVE-2021-41617 in openssh.
Fixed CVE-2020-14387 in rsync.
Upgraded dev-libs/libgcrypt to v1.9.4. This resolves CVE-2021-40528.
Updated vim and vim-core to v8.2.3582. This resolves CVE-2021-3928, CVE-2021-3927, CVE-2021-3872, CVE-2021-3903, and CVE-2021-3875.
cos-dev-97-16748-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Nov 08, 2021 | COS-5.10.77 | v1.21.3 | v20.10.6 | v1.5.7 | v450.119.04 |
Updated the Linux kernel to v5.10.77.
Enabled virtual console.
Enabled cos-extensions to fetch artifacts with geo-redundancy when installing GPU driver.
Upgraded openssl to v1.1.1l. This fixes CVE-2021-3711.
Upgraded app-arch/libarchive to v3.5.2. This fixes CVE-2021-36976.
Runtime sysctl changes:
- Added: dev.cdrom.autoclose: 1
- Added: dev.cdrom.autoeject: 0
- Added: dev.cdrom.check_media: 0
- Added: dev.cdrom.debug: 0
- Added: dev.cdrom.lock: 1
- Changed: fs.epoll.max_user_watches: 1667911 -> 1667891
- Changed: fs.file-max: 814101 -> 814087
- Changed: net.ipv4.tcp_mem: 94251 125668 188502 -> 94248 125667 188496
- Changed: net.ipv4.udp_mem: 188502 251336 377004 -> 188499 251335 376998
cos-dev-97-16723-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Oct 18, 2021 | COS-5.10.72 | v1.21.3 | v20.10.6 | v1.5.7 | v450.119.04 |
Updated the Linux kernel to v5.10.72.
Upgraded net-dns/c-ares to v1.17.2.
Add LZ4 compression support in kernel.
Upgraded net-misc/curl to v7.79.1. This resolves CVE-2021-22945.
Fixed CVE-2021-39537 in sys-libs/ncurses.
cos-dev-97-16714-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Oct 11, 2021 | COS-5.10.71 | v1.21.3 | v20.10.6 | v1.5.7 | v450.119.04 |
Updated the Linux kernel to v5.10.71.
Enable ipip and fou kernel modules.
Added crictl commands to sosreport.
Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.
Updated containerd to 1.5.7. This resolves CVE-2021-41103.
Updated vim to version 8.2.3428. This resolves CVE-2021-3796, CVE-2021-3778, and CVE-2021-3770.
cos-dev-97-16699-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Oct 04, 2021 | COS-5.10.69 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Updated the Linux kernel to v5.10.69.
cos-dev-97-16695-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Sep 27, 2021 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Updated node-problem-detector to v0.8.10.
Updated the Linux kernel to v5.10.68.
Made XFRM statistics available at /proc/net/xfrm_stat.
Created kernel config file under /boot directory.
Fixed CVE-2020-12403 in dev-libs/nss.
Updated glib, glib-utils and gdbus-codegen to v2.68.3. This resolves CVE-2021-28153.
cos-dev-97-16687-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Sep 20, 2021 | COS-5.10.65 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Updated the Linux kernel to v5.10.65.
Updated app-emulation/containerd to v1.5.4. This resolves CVE-2021-32760.
cos-dev-97-16678-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Sep 13, 2021 | COS-5.10.62 | v1.21.3 | v20.10.6 | v1.5.3 | v450.119.04 |
Updated the Linux kernel to v5.10.62.
cos-dev-97-16669-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Sep 07, 2021 | COS-5.10.61 | v1.21.3 | v20.10.6 | v1.5.3 | v450.119.04 |
Upgraded sys-libs/ncurses to v6.2. This resolves CVE-2019-17594 and CVE-2019-17595.
Upgraded net-misc/wget to v1.21.1. This resolves CVE-2021-31879.
Upgraded net-misc/curl to v7.78.0. This resolves CVE-2021-22924 and CVE-2021-22926.
Enabled configuring NTP server using cloud-init.
Updated the Linux kernel to v5.10.61.
Updated nanopb to v0.4.5 in KTD.
cos-dev-93-16594-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Aug 02, 2021 | COS-5.10.53 | v1.21.3 | v20.10.6 | v1.5.3 | v450.119.04 |
Updated the built-in kubectl/kubelet to v1.21.3.
Updated containerd to v1.5.3.
Updated sosreport to v4.1.
Updated chronyd to v4.1.
Updated containerd to v1.5.3.
Updated docker-credential-gcr to v2.0.5.
Updated docker-cli to v20.10.6.
Updated ChromeOS base to ChromeOS version 14056.0.0.
Updated the Linux kernel to v5.10.53.
Upgraded Linux Audit (sys-process/audit) to v3.0.2.
Upgraded openssl package to v1.1.1k to resolve CVEs CVE-2021-3449 and CVE-2021-3450.
Upgraded xfsprogs to version v5.10.
Upgraded dev-util/gdbus-codegen to version 2.66.7 on x86.
Upgraded dev-libs/glib and dev-util/glib-utils to v2.66.7.
Removed toolbox's dependency on docker command.
Added sys-block/open-iscsi package.
Renamed 99-virtio.network to 99-default.network to include gve driver support.
Enabled IPV6 configuration by default. This does not disable IPV4 configuration. In addition, fixed an issue where enabling both IPv6 and IPv4 configuration on IPv4-exclusive networks resulted in slow boot times.
Fixed CVE-2021-33910 in sys-apps/systemd.
cos-dev-93-16546-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jul 12, 2021 | COS-5.10.48 | v1.20.5 | v20.10.6 | v1.4.4 | v450.119.04 |
Updated the stackdriver logging agent to v1.8.9.
Updated runc to v1.0.0.
Upgraded cos-gpu-installer-v2 to v2.0.6 in cos-extensions. Users can now specify --version=latest when installing GPU drivers.
Updated app-emulation/docker-proxy to v0.8.0_p20210525.
Updated the Linux kernel to v5.10.48.
Enabled CONFIG_MEMORY_FAILURE and CONFIG_X86_MCE in the Linux kernel.
Upgraded libgcrypt to v1.9.3. This fixes CVE-2021-33560.
Added support for ext4 journal checkpointing in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1668341 -> 1667911
- Changed: fs.file-max: 814308 -> 814100
- Changed: kernel.threads-max: 63641 -> 63625
- Changed: net.ipv4.tcp_mem: 94275 125700 188550 -> 94251 125668 188502
- Changed: net.ipv4.udp_mem: 188550 251401 377100 -> 188502 251336 377004
- Changed: user.max_cgroup_namespaces: 31820 -> 31812
- Changed: user.max_ipc_namespaces: 31820 -> 31812
- Changed: user.max_mnt_namespaces: 31820 -> 31812
- Changed: user.max_net_namespaces: 31820 -> 31812
- Changed: user.max_pid_namespaces: 31820 -> 31812
- Changed: user.max_time_namespaces: 31820 -> 31812
- Changed: user.max_user_namespaces: 31820 -> 31812
- Changed: user.max_uts_namespaces: 31820 -> 31812
cos-dev-93-16511-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 28, 2021 | COS-5.10.44 | v1.20.5 | v20.10.6 | v1.4.4 | v450.119.04 |
Updated app-emulation/docker-credential-helpers to v0.6.4.
cos-dev-93-16509-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 21, 2021 | COS-5.10.44 | v1.20.5 | v20.10.6 | v1.4.4 | v450.119.04 |
Updated the Linux kernel to v5.10.44.
Set kernel config flag to enable dump capture kernel for ARM64.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1668321 -> 1668341
- Changed: fs.file-max: 814309 -> 814308
cos-dev-93-16482-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 09, 2021 | COS-5.10.42 | v1.20.5 | v20.10.6 | v1.4.4 | v450.119.04 |
Updated runc to v1.0.0_rc95. This resolves CVE-2021-30465.
Upgraded Google OS Config Agent (VMManager) to version 20210607.00.
Upgraded cloud-init to v21.2.
Upgraded the Linux kernel to v5.10.42.
Stackdriver logs now record Docker container names by default.
As a result of the kernel upgrade, the following sysctl changes occurred:
- Added: kernel.hung_task_all_cpu_backtrace: 0
- Added: kernel.oops_all_cpu_backtrace: 0
- Added: kernel.sched_deadline_period_max_us: 4194304
- Added: kernel.sched_deadline_period_min_us: 100
- Added: net.ipv4.ip_autobind_reuse: 0
- Added: net.ipv4.nexthop_compat_mode: 1
- Added: net.ipv4.tcp_comp_sack_slack_ns: 100000
- Added: net.ipv4.tcp_no_ssthresh_metrics_save: 1
- Added: net.ipv4.tcp_reflect_tos: 0
- Added: net.ipv6.conf.all.rpl_seg_enabled: 0
- Added: net.ipv6.conf.default.rpl_seg_enabled: 0
- Added: net.ipv6.conf.docker0.rpl_seg_enabled: 0
- Added: net.ipv6.conf.eth0.rpl_seg_enabled: 0
- Added: net.ipv6.conf.lo.rpl_seg_enabled: 0
- Added: user.max_time_namespaces: 31820
- Added: vm.compaction_proactiveness: 20
- Added: vm.page_lock_unfairness: 5
- Changed: fs.epoll.max_user_watches: 1668751 -> 1668321
- Changed: fs.file-max: 814576 -> 814309
- Changed: kernel.cap_last_cap: 37 -> 40
- Changed: kernel.threads-max: 63658 -> 63641
- Changed: kernel.usermodehelper.bset: 4294967295 63 -> 4294967295 511
- Changed: kernel.usermodehelper.inheritable: 4294967295 63 -> 4294967295 511
- Changed: net.core.bpf_jit_kallsyms: 0 -> 1
- Changed: net.ipv4.tcp_mem: 94299 125733 188598 -> 94275 125700 188550
- Changed: net.ipv4.udp_mem: 188598 251466 377196 -> 188550 251401 377100
- Changed: user.max_cgroup_namespaces: 31829 -> 31820
- Changed: user.max_ipc_namespaces: 31829 -> 31820
- Changed: user.max_mnt_namespaces: 31829 -> 31820
- Changed: user.max_net_namespaces: 31829 -> 31820
- Changed: user.max_pid_namespaces: 31829 -> 31820
- Changed: user.max_user_namespaces: 31829 -> 31820
- Changed: user.max_uts_namespaces: 31829 -> 31820
- Deleted: kernel.random.read_wakeup_threshold: 64
cos-dev-93-16442-0-0
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 01, 2021 | COS-5.4.120 | v1.20.5 | v20.10.6 | v1.4.4 | v450.119.04 |
Fixed CPU usage for workloads with heavy page cache usage.
Fixed 32 x truesize under-estimation for tiny skbs in the Linux kernel.
Fixed CVE-2021-3537 in libxml2.
Automatically mount OEM partition if it is sealed.
Upgraded the default GPU drver version to 450.119.04.
Upgraded Google OS Config Agent to v20210506.00.
Updated docker to v20.10.6.
Updated the Linux kernel to v5.4.120.
Updated makedumpfile package to v1.6.9.
cos-dev-93-16379-0-0
| Date | Kernel | Kubernetes | Docker | Containerd |
| May 03, 2021 | COS-5.4.114 | v1.20.5 | v20.10.3 | v1.4.4 |
Updated the Linux kernel to v5.4.114.
Updated sshd.service to not drop active ssh sessions when sshd is restarted.
Updated google-guest-agent to v20210408.00.
Fixed CVE-2020-24977 in libxml2.
cos-dev-93-16351-0-0
| Date | Kernel | Kubernetes | Docker | Containerd |
| Apr 22, 2021 | COS-5.4.113 | v1.20.5 | v20.10.3 | v1.4.4 |
Updated the Linux kernel to v5.4.113.
Upgraded dev-vcs/git to version 2.31.0. This resolves CVE-2021-21300.
Fixed an out-of-bounds write issue in the Linux kernel.
cos-dev-93-16340-0-0
| Date | Kernel | Kubernetes | Docker | Containerd |
| Apr 19, 2021 | COS-5.4.112 | v1.20.5 | v20.10.3 | v1.4.4 |
Updated the Linux kernel to v5.4.112.
Updated kubernetes to v1.20.5.
Upgrade tar to 1.34.
Enable ip6table_nat as module.
cos-dev-93-16331-0-0
| Date | Kernel | Kubernetes | Docker | Containerd |
| Apr 12, 2021 | COS-5.4.110 | v1.20.2 | v20.10.3 | v1.4.4 |
Updated the Linux kernel to v5.4.110.
Upgraded dev-db/sqlite to version 3.34.1. This resolves CVE-2021-20227.
Upgraded Google OS Config Agent to version 20210331.00.
Updated containerd to version 1.4.4.
Configured google-guest-agent to use usermod instead of gpasswd to add users to groups. This fixes an issue where users created through cloud-init sometimes were not added to the appropriate groups.
Enabled CONFIG_IP6_NF_MANGLE to allow ip6table_mangle kernel module.
cos-dev-93-16303-0-0
| Date | Kernel | Kubernetes | Docker |
| Apr 05, 2021 | COS-5.4.108 | v1.20.2 | v20.10.3 |
Updated openssl to 1.1.1k to resolve CVE-2021-3449 and CVE-2021-3450.
Enabled CONFIG_TLS and CONFIG_TLS_DEVICE in the kernel to support kTLS.
cos-dev-93-16295-0-0
| Date | Kernel | Kubernetes | Docker |
| Mar 29, 2021 | COS-5.4.108 | v1.20.2 | v20.10.3 |
Upgraded OpenSSH to v8.5_p1. This resolved CVE-2021-28041.
Updated docker-credential-gcr to v2.0.4.
Updated the Linux kernel to v5.4.108.
Fixed an issue in google-guest-agent where the GID of a user's home directory referred to a different user after a reboot.
Enabled CONFIG_TLS in the kernel to support OpenSSL3.0.
cos-dev-93-16259-0-0
| Date | Kernel | Kubernetes | Docker |
| Mar 22, 2021 | COS-5.4.104 | v1.20.2 | v20.10.3 |
Updated cos-gpu-installer to v2.0.5 in cos-extensions.
Upgrade e2fsprogs to version 1.46.2
Updated the Linux kernel to upstream/v5.4.104.
cos-dev-93-16240-0-0
| Date | Kernel | Kubernetes | Docker |
| Mar 15, 2021 | COS-5.4.102 | v1.20.2 | v20.10.3 |
Updated the Linux kernel to v5.4.102.
cos-dev-93-16234-0-0
| Date | Kernel | Kubernetes | Docker |
| Mar 08, 2021 | COS-5.4.101 | v1.20.2 | v20.10.3 |
Revert "Stackdriver logs now record Docker container names by default" due to an incompatibility with Kubernetes.
Upgraded sys-auth/pambase to version 20201103.
Upgraded sys-libs/pam to version 1.5.1.
Upgraded sys-auth/passwdqc to version 1.4.0.
Updated the Linux kernel to upstream/v5.4.101.
Updated Docker to 20.10.3.
Updated chronyd to run as the chrony user instead of the root user.
Updated openssl to version 1.1.1j. This resolves CVE-2021-23840 and CVE-2021-23841.
cos-dev-93-16207-0-0
| Date | Kernel | Kubernetes | Docker |
| Mar 01, 2021 | COS-5.4.100 | v1.20.2 | v20.10.2 |
Upgraded libgcrypt to v1.9.1. This addresses CVE-2021-3345.
Upgraded dev-python/jinja to v2.11.3. This addresses CVE-2020-28493.
Updated glib to v2.66.7. This addresses CVE-2021-27218 and CVE-2021-27219.
Updated the Linux kernel to v5.4.100.
Updated cos-gpu-installer to v2.0.4 in cos-extensions.
Fixed warning in docker when homedir not present.
Added support for multiple architectures in toolbox.
cos-dev-93-16173-0-0
| Date | Kernel | Kubernetes | Docker |
| Feb 22, 2021 | COS-5.4.98 | v1.20.2 | v20.10.2 |
Fixed a kernel crash due to fast commit changes.
Updated the Linux kernel to upstream/v5.4.98.
cos-dev-93-16136-0-0
| Date | Kernel | Kubernetes | Docker |
| Feb 08, 2021 | COS-5.4.95 | v1.20.2 | v20.10.2 |
Remove read/write/execute permissions of group and other user accounts for systemd timer files.
Upgraded e2fsprogs to version 1.46.0.
Upgraded sys-libs/e2fsprogs-libs-1.46.0.
Downgraded Google OS Config Agent to v20201229.01.
Updated the Linux kernel to v5.4.95.
Added package net-fs/cifs-utils v6.11.