Backported a kernel patch to ensure the cfs cgroup quota/period ratio
always stays the same. This addresses a Kubernetes issue where the pod
cgroup could be changed into an inconsistent state.
cos-69-10895-348-0
Date: Aug 30, 2019
Backported upstream writeback patches to fix a Docker hung issue.
cos-69-10895-329-0
Date: Aug 08, 2019
Upgraded the Linux kernel to v4.14.137. This resolves CVE-2019-1125.
cos-69-10895-299-0
Date: Jul 12, 2019
Fixed vulnerability in app-arch/bzip2 (CVE-2019-12900).
Updated kernel to version v4.14.132.
Fixed an issue introduced by NFLX-2019-001 fixes.
cos-69-10895-277-0
Date: Jun 19, 2019
Updated the Linux kernel to version 4.14.127 to resolve the NFLX-2019-001
TCP SACK vulnerabilities.
cos-69-10895-273-0
Date: Jun 17, 2019
Updated kernel to version v4.14.124.
cos-69-10895-255-0
Date: May 28, 2019
Upgraded curl to v7.64.1 to fix CVE-2018-16890.
Cherry-picked upstream patch https://patchwork.kernel.org/patch/10951403/ in kernel to fix
a bug in lockd introduced by commit 01b79d20008d "lockd: Show pid of lockd for remote locks"
in Linux kernel v4.14.105.
Rotated keys used by UEFI Secure Boot for signing and verifying the UEFI boot path.
cos-69-10895-242-0
Date: May 15, 2019
Merged Linux Stable Kernel 'v4.14.119' for resolving Microarchitectural
Data Sampling (MDS) vulnerabilities (CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11091).
Mitigated a mount hang issue in the Linux kernel.
cos-69-10895-211-0
Date: Apr 11, 2019
Fixed slow access to /sys/fs/cgroup/memory/memory.stat. This resolves
kubelet performance degradation.
cos-69-10895-201-0
Date: Apr 01, 2019
Included perf tool in the image.
Included sosreport in the image.
Updated the built-in kubelet to 1.11.8.
Fixed an issue where Shielded VM integrity measurements weren't being
logged properly.
Merged Linux Stable Kernel 'v4.14.106'.
cos-69-10895-172-0
Date: Feb 28, 2019
Enabled kernel.softlockup_all_cpu_backtrace. This was previously disabled
to mitigate a kernel deadlock issue, which is now resolved.
Configured docker.service by setting RestartSecs=10 to always restart
Docker after 10 seconds.
cos-69-10895-138-0
Date: Jan 24, 2019
Backported the fix for a deadlock issue in kernel panic.
Merged Linux Stable Kernel 'v4.14.91'.
cos-69-10895-123-0
Date: Jan 10, 2019
Set CONFIG_BLK_WBT_MQ=y to improve performance isolation on
persistent disks. This fixes a bug where writes on a SSD persistent
disk can affect performance on the Standard persistent boot disk.
Cherry-picked Ext4 commits that address FS inconsistencies caused by
disruptions during NFS CREATE operation under certain conditions.
Merged Linux Stable Kernel 'v4.14.89'.
cos-69-10895-102-0
Date: Dec 20, 2018
Disabled auto update on shielded images. Images in cos-cloud
are not impacted by this change.
Enabled the "metadata_csum" ext4 feature on the stateful partition.
This also improves performance of boot-disk resize operation.
Apply IMA Policy only when cloud-audit-setup.service is explicitly
run.
cos-69-10895-93-0
Date: Nov 16, 2018
Updated kernel to v4.14.79.
Fixed the bug that cloud-init can't write gzipped files.
cos-69-10895-91-0
Date: Oct 29, 2018
Fixed an issue where an interaction between IMA and NFS could cause deadlock.
Fixed a stackdriver-logging.service issue observed in Containers on Compute Engine.
PCID is now enabled by default when supported by the CPU platform.
cos-69-10895-85-0
Date: Oct 11, 2018
Reset softlockup_all_cpu_backtrace to '0' to avoid kernel deadlock on
high CPU machines under certain circumstances.
cos-69-10895-71-0
Date: Oct 1, 2018
Removed userspace headers from kernel header artifact.
cos-69-10895-62-0
Date: Sept 18, 2018
Promoted to Stable channel.
Backport a fix to ensure that SCSI contributes to randomness when running
rotational device.
This addresses an issue where docker is slow to start because of
low entropy on standard PDs since v4.14.63 merge.
Enabled CONFIG_RANDOM_TRUST_CPU to address entropy starvation on PD-SSD boot disks.
Upgraded OpenSSL to 1.0.2p.
Merged Linux stable version v4.14.65.
Backported the fix for a bug that write_files could handle for ASCII
content, but not other content.
Backport fix for a kernel warning
"WARNING: fs/overlayfs/readdir.c:393 ovl_iterate+0x25c/0x260 WARN_ON(!cache->refcount)".
Fix for Linux Kernel CVE-2018-12232.
Backport fixes for L1 Terminal Fault (L1TF) issue (CVE-2018-3615, CVE-2018-3620 and
CVE-2018-3646).
Fixes for CVE-2018-5391.
Fixed a softlockup issue that occurred on single VCPU VMs when using FUSE filesystems.
Updated Kubernetes to v1.11.1
Fixes for CVE-2018-5390.
Increase default kernel.pid_max to 2^22.
Merged Linux stable version v4.14.54 into the kernel.
Removed SCSI CD-ROM support. This resolves CVE-2018-11506.
Upgraded built-in kubelet to v1.11.0
Updated docker-credential-gcr to 1.5.0
Updated BUG_REPORT_URL in /etc/os-release.
Enabled NFS debug configs in the kernel.
Enabled tcp_bbr kernel module for TCP congestion control.
Upgraded Git to version 2.16.4 to fix CVE 2018-11235.
Set --disable-legacy-registry Docker config to true by default.
Updated Kubernetes to 1.10.4.
Updated sshd_config to drop cbc based Ciphers.
Updated root CA certificates to match Mozilla NSS 3.36.1.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-11-19 UTC."],[],[]]
