# Flatcar Container Linux Release - May 22nd 2024
## Alpha 3975.0.0
- AMD64-usr
- Platforms succeeded: All except EM
- Platforms failed: EM
- Platforms not tested: None
- ARM64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: None
VERDICT: _GO_
## Beta 3941.1.0
- AMD64-usr
- Platforms succeeded: All except EM
- Platforms failed: EM
- Platforms not tested: None
- ARM64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: None
VERDICT: _GO_
## Stable 3815.2.3
- AMD64-usr
- Platforms succeeded: All
- Platforms failed: EM
- Platforms not tested: None
- ARM64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: None
VERDICT: _GO_
## Communication
---
#### Guidelines / Things to Remember
- Release notes are used in a PR and will appear on https://www.flatcar.org/releases/
- [Announcement Message](#Announcement-Message) is posted in [Flatcar-Linux-user](https://groups.google.com/g/flatcar-linux-user). Make sure to post as βFlatcar Container Linux Userβ, not with your personal user (this can be selected when drafting the post).
---
### Announcement Message
Subject: Announcing new releases Alpha 3975.0.0 Beta 3941.1.0 Stable 3815.2.3
Hello,
We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta, Stable channel.
#### Alpha 3975.0.0
_Changes since **Alpha 3941.0.0**_
#### Security fixes:
- Linux ([CVE-2023-28746](https://nvd.nist.gov/vuln/detail/CVE-2023-28746), [CVE-2023-47233](https://nvd.nist.gov/vuln/detail/CVE-2023-47233), [CVE-2023-52639](https://nvd.nist.gov/vuln/detail/CVE-2023-52639), [CVE-2023-6270](https://nvd.nist.gov/vuln/detail/CVE-2023-6270), [CVE-2023-7042](https://nvd.nist.gov/vuln/detail/CVE-2023-7042), [CVE-2024-22099](https://nvd.nist.gov/vuln/detail/CVE-2024-22099), [CVE-2024-23307](https://nvd.nist.gov/vuln/detail/CVE-2024-23307), [CVE-2024-24861](https://nvd.nist.gov/vuln/detail/CVE-2024-24861), [CVE-2024-26642](https://nvd.nist.gov/vuln/detail/CVE-2024-26642), [CVE-2024-26643](https://nvd.nist.gov/vuln/detail/CVE-2024-26643), [CVE-2024-26651](https://nvd.nist.gov/vuln/detail/CVE-2024-26651), [CVE-2024-26652](https://nvd.nist.gov/vuln/detail/CVE-2024-26652), [CVE-2024-26654](https://nvd.nist.gov/vuln/detail/CVE-2024-26654), [CVE-2024-26656](https://nvd.nist.gov/vuln/detail/CVE-2024-26656), [CVE-2024-26783](https://nvd.nist.gov/vuln/detail/CVE-2024-26783), [CVE-2024-26809](https://nvd.nist.gov/vuln/detail/CVE-2024-26809))
- expat ([CVE-2023-52425](https://nvd.nist.gov/vuln/detail/CVE-2023-52425), [CVE-2024-28757](https://nvd.nist.gov/vuln/detail/CVE-2024-28757))
- glibc ([CVE-2024-2961](https://nvd.nist.gov/vuln/detail/CVE-2024-2961), [CVE-2024-33599](https://nvd.nist.gov/vuln/detail/CVE-2024-33599), [CVE-2024-33600](https://nvd.nist.gov/vuln/detail/CVE-2024-33600), [CVE-2024-33601](https://nvd.nist.gov/vuln/detail/CVE-2024-33601), [CVE-2024-33602](https://nvd.nist.gov/vuln/detail/CVE-2024-33602))
- gnutls ([CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834), [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835))
- intel-microcode ([CVE-2023-22655](https://nvd.nist.gov/vuln/detail/CVE-2023-22655), [CVE-2023-28746](https://nvd.nist.gov/vuln/detail/CVE-2023-28746), [CVE-2023-38575](https://nvd.nist.gov/vuln/detail/CVE-2023-38575), [CVE-2023-39368](https://nvd.nist.gov/vuln/detail/CVE-2023-39368), [CVE-2023-43490](https://nvd.nist.gov/vuln/detail/CVE-2023-43490))
- less ([CVE-2024-32487](https://nvd.nist.gov/vuln/detail/CVE-2024-32487))
- SDK: python ([CVE-2023-6597](https://nvd.nist.gov/vuln/detail/CVE-2023-6597), [CVE-2024-0450](https://nvd.nist.gov/vuln/detail/CVE-2024-0450), [gh-81194](https://github.com/python/cpython/issues/81194), [gh-113659](https://github.com/python/cpython/issues/113659), [gh-102388](https://github.com/python/cpython/issues/102388), [gh-114572](https://github.com/python/cpython/issues/114572), [gh-115243](https://github.com/python/cpython/issues/115243))
#### Bug fixes:
#### Changes:
- Added Hetzner images ([scripts#1880](https://github.com/flatcar/scripts/pull/1880))
- Added KubeVirt qcow2 image for amd64/arm64 ([scripts#1962](https://github.com/flatcar/scripts/pull/1962))
- Added azure-nvme-utils to the image, which is used by udev to create symlinks for NVMe disks on Azure v6 instances under /dev/disk/azure/. ([scripts#1950](https://github.com/flatcar/scripts/pull/1950))
- Backported systemd-sysext mutable overlays functionality from yet-unreleased systemd v256. ([scripts#1753](https://github.com/flatcar/scripts/pull/1753))
- Provided a Podman Flatcar extension as optional systemd-sysext image with the release. Write 'podman' to `/etc/flatcar/enabled-sysext.conf` through Ignition and the sysext will be installed during provisioning ([scripts#1964](https://github.com/flatcar/scripts/pull/1964))
- Scaleway: images are now provided directly as `.qcow2` to ease the import on Scaleway ([scripts#1953](https://github.com/flatcar/scripts/pull/1953))
#### Updates:
- Linux ([6.6.30](https://lwn.net/Articles/972211) (includes [6.6.29](https://lwn.net/Articles/971363), [6.6.28](https://lwn.net/Articles/970172), [6.6.27](https://lwn.net/Articles/969734), [6.6.26](https://lwn.net/Articles/969352), [6.6.25](https://lwn.net/Articles/968470), [6.6.24](https://lwn.net/Articles/968253), [6.6.23](https://lwn.net/Articles/966758), [6.6.22](https://lwn.net/Articles/965606)))
- Linux Firmware ([20240513](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20240513))
- ca-certificates ([3.100](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_100.html))
- containerd ([1.7.17](https://github.com/containerd/containerd/releases/tag/v1.7.17) (includes [1.7.16](https://github.com/containerd/containerd/releases/tag/v1.7.16)))
- expat ([2.6.2](https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes) (includes [2.6.1](https://github.com/libexpat/libexpat/blob/R_2_6_1/expat/Changes) and [2.6.0](https://github.com/libexpat/libexpat/blob/R_2_6_0/expat/Changes)))
- gnutls ([3.8.5](https://lists.gnupg.org/pipermail/gnutls-help/2024-April/004846.html) (includes [3.8.4](https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html)))
- intel-microcode ([20240312](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312))
- libunistring ([1.2](https://savannah.gnu.org/news/?id=10599))
- systemd ([255.4](https://github.com/systemd/systemd-stable/commits/v255.4/))
- SDK: python ([3.11.9](https://www.get-python.org/downloads/release/python-3119/))
- SDK: Rust ([1.77.2](https://github.com/rust-lang/rust/releases/tag/1.77.2))
#### Beta 3941.1.0
_Changes since **Beta 3913.1.0**_
#### Security fixes:
- Linux ([CVE-2023-28746](https://nvd.nist.gov/vuln/detail/CVE-2023-28746), [CVE-2023-47233](https://nvd.nist.gov/vuln/detail/CVE-2023-47233), [CVE-2023-52639](https://nvd.nist.gov/vuln/detail/CVE-2023-52639), [CVE-2023-6270](https://nvd.nist.gov/vuln/detail/CVE-2023-6270), [CVE-2023-7042](https://nvd.nist.gov/vuln/detail/CVE-2023-7042), [CVE-2024-22099](https://nvd.nist.gov/vuln/detail/CVE-2024-22099), [CVE-2024-23307](https://nvd.nist.gov/vuln/detail/CVE-2024-23307), [CVE-2024-24861](https://nvd.nist.gov/vuln/detail/CVE-2024-24861), [CVE-2024-26642](https://nvd.nist.gov/vuln/detail/CVE-2024-26642), [CVE-2024-26643](https://nvd.nist.gov/vuln/detail/CVE-2024-26643), [CVE-2024-26651](https://nvd.nist.gov/vuln/detail/CVE-2024-26651), [CVE-2024-26652](https://nvd.nist.gov/vuln/detail/CVE-2024-26652), [CVE-2024-26654](https://nvd.nist.gov/vuln/detail/CVE-2024-26654), [CVE-2024-26656](https://nvd.nist.gov/vuln/detail/CVE-2024-26656), [CVE-2024-26783](https://nvd.nist.gov/vuln/detail/CVE-2024-26783), [CVE-2024-26809](https://nvd.nist.gov/vuln/detail/CVE-2024-26809))
- c-ares ([CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629))
- coreutils ([coreutils-2024-03-28](https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00006.html))
- curl ([CVE-2024-2004](https://nvd.nist.gov/vuln/detail/CVE-2024-2004), [CVE-2024-2379](https://nvd.nist.gov/vuln/detail/CVE-2024-2379), [CVE-2024-2398](https://nvd.nist.gov/vuln/detail/CVE-2024-2398), [CVE-2024-2466](https://nvd.nist.gov/vuln/detail/CVE-2024-2466))
- glibc ([CVE-2024-2961](https://nvd.nist.gov/vuln/detail/CVE-2024-2961), [CVE-2024-33599](https://nvd.nist.gov/vuln/detail/CVE-2024-33599), [CVE-2024-33600](https://nvd.nist.gov/vuln/detail/CVE-2024-33600), [CVE-2024-33601](https://nvd.nist.gov/vuln/detail/CVE-2024-33601), [CVE-2024-33602](https://nvd.nist.gov/vuln/detail/CVE-2024-33602))
- nghttp2 ([CVE-2024-28182](https://nvd.nist.gov/vuln/detail/CVE-2024-28182))
#### Bug fixes:
#### Changes:
- Added zram-generator package to the image ([scripts#1772](https://github.com/flatcar/scripts/pull/1772))
- Add Intel igc driver to support I225/I226 family NICs. ([scripts#1786](https://github.com/flatcar/scripts/pull/1786))
- Added Hetzner images ([scripts#1880](https://github.com/flatcar/scripts/pull/1880))
- Added Hyper-V VHDX image ([scripts#1791](https://github.com/flatcar/scripts/pull/1791))
- Enabled amd-pstate,amd-pstate-epp cpufreq drivers for some AMD CPUs in the kernel. ([scripts#1770](https://github.com/flatcar/scripts/pull/1770))
- Enabled ntpd by default on AWS & GCP, enabled chronyd by default on Azure. The native time sync source is used on each cloud. ([scripts#1792](https://github.com/flatcar/scripts/pull/1792))
- Enabled the ptp_vmw module in the kernel.
- Hyper-V images, both .vhd and .vhdx files are available as `zip` compressed, switching from `bzip2` to a built-in available Windows compression - `zip` ([scripts#1878](https://github.com/flatcar/scripts/pull/1878))
- OpenStack, Brightbox: Added the `flatcar.autologin` kernel cmdline parameter by default as the hypervisor manages access to the console ([scripts#1866](https://github.com/flatcar/scripts/pull/1866))
- Removed `actool` from the image and `acbuild` from the SDK as these tools are deprecated and not used ([scripts#1817](https://github.com/flatcar/scripts/pull/1817))
- Scaleway: images are now provided directly as `.qcow2` to ease the import on Scaleway ([scripts#1953](https://github.com/flatcar/scripts/pull/1953))
- Switched ptp_kvm from kernel builtin to module.
- The default VM memory was bumped to 2 GB in the Qemu script and for VMware OVFs
#### Updates:
- Linux ([6.6.30](https://lwn.net/Articles/972211) (includes [6.6.29](https://lwn.net/Articles/971363), [6.6.28](https://lwn.net/Articles/970172), [6.6.27](https://lwn.net/Articles/969734), [6.6.26](https://lwn.net/Articles/969352), [6.6.25](https://lwn.net/Articles/968470), [6.6.24](https://lwn.net/Articles/968253), [6.6.23](https://lwn.net/Articles/966758), [6.6.22](https://lwn.net/Articles/965606)))
- acl ([2.3.2](https://lists.nongnu.org/archive/html/acl-devel/2024-01/msg00012.html))
- attr ([2.5.2](https://lists.nongnu.org/archive/html/acl-devel/2024-01/msg00011.html))
- bpftool ([6.7.6](https://kernelnewbies.org/Linux_6.7#Tracing.2C_probing_and_BPF))
- c-ares ([1.27.0](https://github.com/c-ares/c-ares/releases/tag/cares-1_27_0) (includes [1.26.0](https://github.com/c-ares/c-ares/releases/tag/cares-1_26_0)))
- ca-certificates ([3.100](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_100.html) (includes [3.99](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_99.html)))
- containerd ([1.7.15](https://github.com/containerd/containerd/releases/tag/v1.7.15) includes ([1.7.14](https://github.com/containerd/containerd/releases/tag/v1.7.14)))
- coreutils ([9.5](https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00006.html))
- curl ([8.7.1](https://curl.se/changes.html#8_7_1) (includes [8.7.0](https://curl.se/changes.html#8_7_0)))
- ethtool ([6.7](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.7))
- git ([2.43.2](https://github.com/git/git/blob/v2.43.2/Documentation/RelNotes/2.43.2.txt))
- inih ([58](https://github.com/benhoyt/inih/releases/tag/r58))
- ipset ([7.21](https://git.netfilter.org/ipset/tree/ChangeLog?h=v7.21) (includes [7.20](https://git.netfilter.org/ipset/tree/ChangeLog?h=v7.20)))
- iputils ([20240117](https://github.com/iputils/iputils/releases/tag/20240117) (includes [20231222](https://github.com/iputils/iputils/releases/tag/20231222))
- libnvme ([1.8](https://github.com/linux-nvme/libnvme/releases/tag/v1.8))
- nghttp2 ([1.61.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.61.0) (includes [1.58.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.58.0), [1.59.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.59.0) and [1.60.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.60.0)))
- nvme-cli ([2.8](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.8))
- open-vm-tools ([12.4.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.4.0))
- samba ([4.18.9](https://www.samba.org/samba/history/samba-4.18.9.html))
- selinux-refpolicy ([2.20240226](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20240226))
- SDK: libpng ([1.6.43](https://github.com/pnggroup/libpng/blob/v1.6.43/ANNOUNCE) (includes [1.6.42](https://github.com/pnggroup/libpng/blob/v1.6.42/ANNOUNCE) and [1.6.41](https://github.com/pnggroup/libpng/blob/v1.6.41/ANNOUNCE)))
- SDK: Rust ([1.77.1](https://github.com/rust-lang/rust/releases/tag/1.77.1) (includes [1.77.0](https://github.com/rust-lang/rust/releases/tag/1.77.0)))
_Changes since **Alpha 3941.0.0**_
#### Security fixes:
- Linux ([CVE-2023-28746](https://nvd.nist.gov/vuln/detail/CVE-2023-28746), [CVE-2023-47233](https://nvd.nist.gov/vuln/detail/CVE-2023-47233), [CVE-2023-52639](https://nvd.nist.gov/vuln/detail/CVE-2023-52639), [CVE-2023-6270](https://nvd.nist.gov/vuln/detail/CVE-2023-6270), [CVE-2023-7042](https://nvd.nist.gov/vuln/detail/CVE-2023-7042), [CVE-2024-22099](https://nvd.nist.gov/vuln/detail/CVE-2024-22099), [CVE-2024-23307](https://nvd.nist.gov/vuln/detail/CVE-2024-23307), [CVE-2024-24861](https://nvd.nist.gov/vuln/detail/CVE-2024-24861), [CVE-2024-26642](https://nvd.nist.gov/vuln/detail/CVE-2024-26642), [CVE-2024-26643](https://nvd.nist.gov/vuln/detail/CVE-2024-26643), [CVE-2024-26651](https://nvd.nist.gov/vuln/detail/CVE-2024-26651), [CVE-2024-26652](https://nvd.nist.gov/vuln/detail/CVE-2024-26652), [CVE-2024-26654](https://nvd.nist.gov/vuln/detail/CVE-2024-26654), [CVE-2024-26656](https://nvd.nist.gov/vuln/detail/CVE-2024-26656), [CVE-2024-26783](https://nvd.nist.gov/vuln/detail/CVE-2024-26783), [CVE-2024-26809](https://nvd.nist.gov/vuln/detail/CVE-2024-26809))
- glibc ([CVE-2024-2961](https://nvd.nist.gov/vuln/detail/CVE-2024-2961), [CVE-2024-33599](https://nvd.nist.gov/vuln/detail/CVE-2024-33599), [CVE-2024-33600](https://nvd.nist.gov/vuln/detail/CVE-2024-33600), [CVE-2024-33601](https://nvd.nist.gov/vuln/detail/CVE-2024-33601), [CVE-2024-33602](https://nvd.nist.gov/vuln/detail/CVE-2024-33602))
#### Bug fixes:
#### Changes:
- Added Hetzner images ([scripts#1880](https://github.com/flatcar/scripts/pull/1880))
- Scaleway: images are now provided directly as `.qcow2` to ease the import on Scaleway ([scripts#1953](https://github.com/flatcar/scripts/pull/1953))
#### Updates:
- Linux ([6.6.30](https://lwn.net/Articles/972211) (includes [6.6.29](https://lwn.net/Articles/971363), [6.6.28](https://lwn.net/Articles/970172), [6.6.27](https://lwn.net/Articles/969734), [6.6.26](https://lwn.net/Articles/969352), [6.6.25](https://lwn.net/Articles/968470), [6.6.24](https://lwn.net/Articles/968253), [6.6.23](https://lwn.net/Articles/966758), [6.6.22](https://lwn.net/Articles/965606)))
- ca-certificates ([3.100](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_100.html))
#### Stable 3815.2.3
_Changes since **Stable 3815.2.2**_
#### Updates:
- Linux ([6.1.90](https://lwn.net/Articles/972212) (includes [6.1.89](https://lwn.net/Articles/971443), [6.1.88](https://lwn.net/Articles/971364), [6.1.87](https://lwn.net/Articles/970173), [6.1.86](https://lwn.net/Articles/969735)))
- ca-certificates ([3.100](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_100.html))
Best,
The Flatcar Container Linux Maintainers
---
### Communication
#### Go/No-Go message for Matrix/Slack
Go/No-Go Meeting for Alpha 3975.0.0 Beta 3941.1.0 Stable 3815.2.3
Pre-view images are available in https://bincache.flatcar-linux.net/images/amd64/$VERSION/
Tracking issue: https://github.com/flatcar/Flatcar/issues/1450
The Go/No-Go document is in our HackMD @flatcar namespace
Link: https://hackmd.io/yjau44jmRMu0gVJkVt4skg?both
Please give your Go/No-Go vote with π for Go, β for No-Go, and β for Wait.
Contributors & community feel free to put your suggestions, thoughts or comments on the document or here in the chat.
@MAINTAINER @MAINTAINER @MAINTAINER
#### Mastodon
_The toot (from [@flatcar](https://hachyderm.io/@flatcar)) goes out after the changelog update has been published; it includes a link to the web changelog._
New Flatcar Alpha, Beta, Stable releases now available!
π¦ Many package updates: Linux, ca-certificates, glibc
π CVE fixes & security patches: Linux, glibc, curl
:rocket: Podman sysext for Alpha and Hetzner images now available
π Release notes at the usual spot: https://www.flatcar.org/releases/
#### Kubernetes Slack
_This goes in the #flatcar channel_
Please welcome Flatcar releases of this month:
- Alpha 3975.0.0 (new major)
- Beta 3941.1.0 (maintenance release)
- Stable 3815.2.3 (maintenance release)
These releases include:
π¦ Many package updates: Linux, ca-certificates, glibc
π CVE fixes & security patches: Linux, glibc, curl
:rocket: Podman sysext for Alpha and Hetzner images now available
π Release notes at the usual spot: https://www.flatcar.org/releases/
Sign in with Wallet
Connect another wallet