v1.5.4-rc2

v1.5.4-rc1

Release v1.5.3

Versions

• Linux 4.14.128
• Buildroot: 2018.02.11
• Docker docker-18.06.3-ce by default
• RPi64: Linux 4.14.114
• Console:
  • Alpine: 3.9
  • CentOS: 7.5.1804
  • Debian: stretch
  • Fedora: 28
  • Ubuntu: bionic

Important

This release contains the fix to Linux TCP remotely-triggerable kernel panic and excessive resource consumption. You can view CVE vulnerability details:

• CVE-2019-11477
• CVE-2019-11478
• CVE-2019-11479

Major Features and Enhancements

• Enabled the CONFIG_AQTION ethernet driver in the os-kernel. [#2733]

Major Bug Fixes since v1.5.2

• Fixed an issue where failed to switch to console on install sometimes. [#2812]
• Fixed an issue where the service indexes may be accidentally deleted in the air-gap environment. [#2828]

v1.5.3-rc1

Release v1.5.2

RancherOS will only be distributing releases on basic x86 platform. For other distributions, please refer to the README.

Versions

• Linux 4.14.122
• Buildroot: 2018.02.11
• Docker docker-18.06.3-ce by default
• RPi64: Linux 4.14.114
• Console:
  • Alpine: 3.9
  • CentOS: 7.5.1804
  • Debian: stretch
  • Fedora: 28
  • Ubuntu: bionic

Important

• This release can mitigate Microarchitectural Data Sampling (MDS). Four CVEs have been assigned to cover different variations of the data sampling flaw:

  • CVE-2018-12126 for Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12127 for Microarchitectural Load Port Data Samping (MLPDS)
  • CVE-2018-12130 for Microarchitectural Fill Buffer Data Sampling (MFBDS)
  • CVE-2019-11091 for Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

• There is now a built-in service for system upgrades that requires access to the internet. By default, it can detect system updates and downloads the required files. It will not automatically apply the patch. If you want to completely disable this feature, just run ros config set rancher.upgrade.policy none.

Major Features and Enhancements

• Support for loading custom data from Azure metadata service. [#2762]
• Support for wildcard matching on MAC addresses. [#2707]
• Support for service cache updating. [#2677]
• Support for tftp datasource for cloud config. [#2774]
• Support for setting Wi-Fi on Raspberry Pi. [#2604]
• Support for running RancherOS on Ping An Cloud. [#2752]
• Support for pre-defined user images in the ISO. [#2697]
• Upgraded open vm tools version to 10.3.10. [#2763]
• Enhanced ros cloud-config validation. [#2693]

Major Bug Fixes since v1.5.1

• Fixed an issue where writing proxy.sh from environment character escape errors. [#2785]
• Fixed an issue where logrotate config files are overwritten every hour. [#2773]
• Fixed an issue where sshd_config file disappears on upgrade when using a non-default console. [#2672]
• Fixed an issue where ros config merge broken from stdin. [#2689]
• Fixed an issue there are some errors reported by busybox in the network container. [#2684]
• Fixed an issue where the utmp file is missing in the console. [#2676]
• Fixed an issue where zfs volumes cannot be shown under /dev. [#2673]
• Fixed an issue where zfs datasets cannot get mounted after reboot. [#2256]

v1.5.2-rc2

v1.5.2-rc1

Release v1.4.3

Versions

• Linux 4.14.73
• Buildroot: 2018.02
• Docker docker-18.03.1-ce by default
• RPi64: Linux 4.9.80
• Console:
  • Alpine: 3.8
  • CentOS: 7.5.1804
  • Debian: stretch
  • Fedora: 28
  • Ubuntu: bionic

Important

• This release addresses CVE-2019-5736. Both system-docker and the default user-docker have been patched. For x86 platforms, the following user docker versions(v1.12.6/v1.13.1/v17.03.2/v17.06.2/v17.09.1/v17.12.1/v18.03.1/v18.06.1) have been patched. For arm64 platforms, the following user docker versions(v17.09.1/v17.12.1/v18.03.1/v18.06.1) have been patched.

• There is now a built-in service for system upgrades that requires access to the internet. By default, it can detect system updates and downloads the required files. It will not automatically apply the patch. If you want to completely disable this feature, just run ros config set rancher.upgrade.policy none

Release v1.5.1

RancherOS will only be distributing releases on basic x86 platform. For other distributions, please refer to the README.

Versions

• Linux: 4.14.85
• Buildroot: 2018.02.7
• Docker docker-18.06.1-ce by default
• RPi64: Linux 4.9.80
• Console:
  • Alpine: 3.8
  • CentOS: 7.5.1804
  • Debian: stretch
  • Fedora: 28
  • Ubuntu: bionic

Important

• This release addresses CVE-2019-5736. Both system-docker and the default user-docker have been patched. For x86 platforms, the following user docker versions(v1.12.6/v1.13.1/v17.03.2/v17.06.2/v17.09.1/v17.12.1/v18.03.1/v18.06.1) have been patched. For arm64 platforms, the following user docker versions(v17.09.1/v17.12.1/v18.03.1/v18.06.1) have been patched.

• There is now a built-in service for system upgrades that requires access to the internet. By default, it can detect system updates and downloads the required files. It will not automatically apply the patch. If you want to completely disable this feature, just run ros config set rancher.upgrade.policy none

• Known issue: the sshd_config file disappears on upgrade when using a non-default console, the workaround you can refer to [#2672]

Major Features and Enhancements

• Support for VirtualBox tools [#143]
• Support for booting on Proxmox VE by docker-machine [#2621]
• Support for bash completion for Docker in the non-default consoles [#1345]

Major Bug Fixes since v1.5.0

• Fixed an issue there is an error when attempting to shutdown or reboot on ARM [#2602]
• Fixed an issue where DigitalOcean droplets do not start with a functioning network [#2640]
• Fixed an issue where there are unreasonable line breaks in ros config get ssh_authorized_keys [#2579]
• Fixed an issue where growing sshd_config after restarting multiple times prevents SSH access [#2581]
• Fixed an issue where configfiles in windows format will now fail with a warning [#2631]
• Fixed an issue where zfs cannot be enabled under http proxy network [#2633]

v1.4.3-rc1