# Flatcar Container Linux Release - December 15th, 2025
## Alpha 4547.0.0
- AMD64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: EM
- ARM64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: EM
## Beta 4515.1.0
- AMD64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: EM
- ARM64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: EM
## Stable 4459.2.2
- AMD64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: EM
- ARM64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: EM
VERDICT: _GO_ / _WAIT_ / _NO-GO_
## Communication
---
#### Guidelines / Things to Remember
- Release notes are used in a PR and will appear on https://www.flatcar.org/releases/
- [Announcement Message](#Announcement-Message) is posted in [Flatcar-Linux-user](https://groups.google.com/g/flatcar-linux-user). Make sure to post as βFlatcar Container Linux Userβ, not with your personal user (this can be selected when drafting the post).
- Make sure the the LTS is referred to as `LTS-2021`, and not `LTS-2605`
---
### Announcement Message
Subject: Announcing new releases Alpha 4547.0.0, Beta 4515.1.0, Stable 4459.2.2
Hello,
We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta and Stable channels.
For Equinix Metal users, from this release Flatcar testing is now stopped on this plaform but Equinix Metal Flatcar images will be produced until June 2026.
#### Alpha 4547.0.0 release
_Changes since **Alpha 4515.0.1**_
#### Security fixes:
- Linux ([CVE-2025-40275](https://nvd.nist.gov/vuln/detail/CVE-2025-40275), [CVE-2025-40274](https://nvd.nist.gov/vuln/detail/CVE-2025-40274), [CVE-2025-40273](https://nvd.nist.gov/vuln/detail/CVE-2025-40273), [CVE-2025-40272](https://nvd.nist.gov/vuln/detail/CVE-2025-40272), [CVE-2025-40271](https://nvd.nist.gov/vuln/detail/CVE-2025-40271), [CVE-2025-40289](https://nvd.nist.gov/vuln/detail/CVE-2025-40289), [CVE-2025-40288](https://nvd.nist.gov/vuln/detail/CVE-2025-40288), [CVE-2025-40287](https://nvd.nist.gov/vuln/detail/CVE-2025-40287), [CVE-2025-40269](https://nvd.nist.gov/vuln/detail/CVE-2025-40269), [CVE-2025-40286](https://nvd.nist.gov/vuln/detail/CVE-2025-40286), [CVE-2025-40285](https://nvd.nist.gov/vuln/detail/CVE-2025-40285), [CVE-2025-40284](https://nvd.nist.gov/vuln/detail/CVE-2025-40284), [CVE-2025-40283](https://nvd.nist.gov/vuln/detail/CVE-2025-40283), [CVE-2025-40282](https://nvd.nist.gov/vuln/detail/CVE-2025-40282), [CVE-2025-40281](https://nvd.nist.gov/vuln/detail/CVE-2025-40281), [CVE-2025-40280](https://nvd.nist.gov/vuln/detail/CVE-2025-40280), [CVE-2025-40279](https://nvd.nist.gov/vuln/detail/CVE-2025-40279), [CVE-2025-40278](https://nvd.nist.gov/vuln/detail/CVE-2025-40278), [CVE-2025-40277](https://nvd.nist.gov/vuln/detail/CVE-2025-40277), [CVE-2025-40268](https://nvd.nist.gov/vuln/detail/CVE-2025-40268), [CVE-2025-40214](https://nvd.nist.gov/vuln/detail/CVE-2025-40214), [CVE-2025-40212](https://nvd.nist.gov/vuln/detail/CVE-2025-40212), [CVE-2024-58087](https://nvd.nist.gov/vuln/detail/CVE-2024-58087), [CVE-2024-57879](https://nvd.nist.gov/vuln/detail/CVE-2024-57879), [CVE-2024-57880](https://nvd.nist.gov/vuln/detail/CVE-2024-57880), [CVE-2024-55642](https://nvd.nist.gov/vuln/detail/CVE-2024-55642), [CVE-2024-55641](https://nvd.nist.gov/vuln/detail/CVE-2024-55641), [CVE-2024-55639](https://nvd.nist.gov/vuln/detail/CVE-2024-55639), [CVE-2024-54683](https://nvd.nist.gov/vuln/detail/CVE-2024-54683), [CVE-2024-54460](https://nvd.nist.gov/vuln/detail/CVE-2024-54460), [CVE-2024-54191](https://nvd.nist.gov/vuln/detail/CVE-2024-54191), [CVE-2024-53689](https://nvd.nist.gov/vuln/detail/CVE-2024-53689), [CVE-2024-53682](https://nvd.nist.gov/vuln/detail/CVE-2024-53682), [CVE-2024-53687](https://nvd.nist.gov/vuln/detail/CVE-2024-53687), [CVE-2024-56770](https://nvd.nist.gov/vuln/detail/CVE-2024-56770), [CVE-2024-56661](https://nvd.nist.gov/vuln/detail/CVE-2024-56661), [CVE-2024-56660](https://nvd.nist.gov/vuln/detail/CVE-2024-56660), [CVE-2024-56659](https://nvd.nist.gov/vuln/detail/CVE-2024-56659), [CVE-2024-56658](https://nvd.nist.gov/vuln/detail/CVE-2024-56658), [CVE-2024-56657](https://nvd.nist.gov/vuln/detail/CVE-2024-56657), [CVE-2024-56656](https://nvd.nist.gov/vuln/detail/CVE-2024-56656), [CVE-2024-56655](https://nvd.nist.gov/vuln/detail/CVE-2024-56655), [CVE-2024-56675](https://nvd.nist.gov/vuln/detail/CVE-2024-56675), [CVE-2024-56674](https://nvd.nist.gov/vuln/detail/CVE-2024-56674), [CVE-2024-56673](https://nvd.nist.gov/vuln/detail/CVE-2024-56673), [CVE-2024-56672](https://nvd.nist.gov/vuln/detail/CVE-2024-56672), [CVE-2024-56654](https://nvd.nist.gov/vuln/detail/CVE-2024-56654), [CVE-2024-56671](https://nvd.nist.gov/vuln/detail/CVE-2024-56671), [CVE-2024-56670](https://nvd.nist.gov/vuln/detail/CVE-2024-56670), [CVE-2024-56669](https://nvd.nist.gov/vuln/detail/CVE-2024-56669), [CVE-2024-56668](https://nvd.nist.gov/vuln/detail/CVE-2024-56668), [CVE-2024-56667](https://nvd.nist.gov/vuln/detail/CVE-2024-56667), [CVE-2024-56666](https://nvd.nist.gov/vuln/detail/CVE-2024-56666), [CVE-2024-56665](https://nvd.nist.gov/vuln/detail/CVE-2024-56665), [CVE-2024-56664](https://nvd.nist.gov/vuln/detail/CVE-2024-56664), [CVE-2024-56663](https://nvd.nist.gov/vuln/detail/CVE-2024-56663), [CVE-2024-56662](https://nvd.nist.gov/vuln/detail/CVE-2024-56662), [CVE-2024-56652](https://nvd.nist.gov/vuln/detail/CVE-2024-56652), [CVE-2024-56653](https://nvd.nist.gov/vuln/detail/CVE-2024-56653), [CVE-2024-53241](https://nvd.nist.gov/vuln/detail/CVE-2024-53241), [CVE-2024-53240](https://nvd.nist.gov/vuln/detail/CVE-2024-53240), [CVE-2025-40261](https://nvd.nist.gov/vuln/detail/CVE-2025-40261), [CVE-2025-40266](https://nvd.nist.gov/vuln/detail/CVE-2025-40266), [CVE-2025-40264](https://nvd.nist.gov/vuln/detail/CVE-2025-40264), [CVE-2025-40263](https://nvd.nist.gov/vuln/detail/CVE-2025-40263), [CVE-2025-40262](https://nvd.nist.gov/vuln/detail/CVE-2025-40262), [CVE-2025-40254](https://nvd.nist.gov/vuln/detail/CVE-2025-40254), [CVE-2025-40253](https://nvd.nist.gov/vuln/detail/CVE-2025-40253), [CVE-2025-40252](https://nvd.nist.gov/vuln/detail/CVE-2025-40252), [CVE-2025-40251](https://nvd.nist.gov/vuln/detail/CVE-2025-40251), [CVE-2025-40250](https://nvd.nist.gov/vuln/detail/CVE-2025-40250), [CVE-2025-40259](https://nvd.nist.gov/vuln/detail/CVE-2025-40259), [CVE-2025-40258](https://nvd.nist.gov/vuln/detail/CVE-2025-40258), [CVE-2025-40257](https://nvd.nist.gov/vuln/detail/CVE-2025-40257), [CVE-2025-40246](https://nvd.nist.gov/vuln/detail/CVE-2025-40246), [CVE-2025-40248](https://nvd.nist.gov/vuln/detail/CVE-2025-40248), [CVE-2025-40345](https://nvd.nist.gov/vuln/detail/CVE-2025-40345))
- coreutils ([CVE-2025-5278](https://www.cve.org/CVERecord?id=CVE-2025-5278))
- go ([CVE-2025-47912](https://www.cve.org/CVERecord?id=CVE-2025-47912), [CVE-2025-58183](https://www.cve.org/CVERecord?id=CVE-2025-58183), [CVE-2025-58185](https://www.cve.org/CVERecord?id=CVE-2025-58185), [CVE-2025-58186](https://www.cve.org/CVERecord?id=CVE-2025-58186), [CVE-2025-58187](https://www.cve.org/CVERecord?id=CVE-2025-58187), [CVE-2025-58188](https://www.cve.org/CVERecord?id=CVE-2025-58188), [CVE-2025-58189](https://www.cve.org/CVERecord?id=CVE-2025-58189), [CVE-2025-61723](https://www.cve.org/CVERecord?id=CVE-2025-61723), [CVE-2025-61724](https://www.cve.org/CVERecord?id=CVE-2025-61724), [CVE-2025-61725](https://www.cve.org/CVERecord?id=CVE-2025-61725))
- pam ([CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365), [CVE-2024-10041](https://nvd.nist.gov/vuln/detail/CVE-2024-10041), [CVE-2024-10963](https://nvd.nist.gov/vuln/detail/CVE-2024-10963), [CVE-2025-6020](https://nvd.nist.gov/vuln/detail/CVE-2025-6020))
#### Bug fixes:
- Dropped debug symbols from containerd, incus, and overlaybd system extensions to reduce download size.
#### Changes:
- `/etc/shadow`, `/etc/gshadow` are now owned by the `shadow` group, `/usr/bin/unix_chkpwd`, `/usr/bin/chage` and `/usr/bin/expiry` are now also owned by the `shadow` group with a sticky bit enabled.
#### Updates:
- Linux ([6.12.61](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.61) (includes [6.12.59](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.59), [6.12.60](https://lwn.net/Articles/1048757)))
- Linux firmware ([20251125](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20251125) (includes [20251111](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20251111)))
- base, dev: btrfs-progs ([6.17](https://github.com/kdave/btrfs-progs/releases/tag/v6.17))
- base, dev: cifs-utils ([7.4](https://lwn.net/Articles/1024956/))
- base, dev: coreutils ([9.8](https://lists.gnu.org/archive/html/info-gnu/2025-09/msg00005.html))
- base, dev: hwdata ([0.400](https://github.com/vcrhonek/hwdata/releases/tag/v0.400) (includes [0.399](https://github.com/vcrhonek/hwdata/releases/tag/v0.399)))
- base, dev: inih ([62](https://github.com/benhoyt/inih/releases/tag/r62) (includes [61](https://github.com/benhoyt/inih/releases/tag/r61)))
- base, dev: intel-microcode ([20251111_p20251112](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20251111))
- base, dev: iproute2 ([6.17.0](https://lore.kernel.org/all/20250929095042.48200315@hermes.local/))
- base, dev: jose ([14](https://github.com/latchset/jose/releases/tag/v14) (includes [13](https://github.com/latchset/jose/releases/tag/v13)))
- base, dev: kbd ([2.9.0](https://github.com/legionus/kbd/releases/tag/v2.9.0))
- base, dev: less ([685](https://greenwoodsoftware.com/less/news.685.html))
- base, dev: libgpg-error ([1.56](https://github.com/gpg/libgpg-error/releases/tag/libgpg-error-1.56))
- base, dev: libtirpc ([1.3.7](https://git.linux-nfs.org/?p=steved/libtirpc.git;a=log;h=refs/tags/libtirpc-1-3-7))
- base, dev: openssl ([3.5.4](https://github.com/openssl/openssl/releases/tag/openssl-3.5.4) (includes [3.5.0](https://github.com/openssl/openssl/releases/tag/openssl-3.5.0), [3.5.1](https://github.com/openssl/openssl/releases/tag/openssl-3.5.1), [3.5.2](https://github.com/openssl/openssl/releases/tag/openssl-3.5.2), [3.5.3](https://github.com/openssl/openssl/releases/tag/openssl-3.5.3)))
- base, dev: pam ([1.7.1](https://github.com/linux-pam/linux-pam/releases/tag/v1.7.1) (includes [1.6.0](https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0), [1.6.1](https://github.com/linux-pam/linux-pam/releases/tag/v1.6.1), [1.7.0](https://github.com/linux-pam/linux-pam/releases/tag/v1.7.0)))
- base, dev: pambase ([20251013](https://gitweb.gentoo.org/proj/pambase.git/log/?h=pambase-20251013))
- base, dev: samba ([4.22.5](https://www.samba.org/samba/history/samba-4.22.5.html) (includes [4.22.4](https://www.samba.org/samba/history/samba-4.22.4.html)))
- base, dev: strace ([6.17](https://github.com/strace/strace/releases/tag/v6.17))
- base, dev: thin-provisioning-tools ([1.3.0](https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.3.0/CHANGES) (includes [1.0.11](https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.0.11/CHANGES), [1.0.12](https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.0.12/CHANGES), [1.0.13](https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.0.13/CHANGES), [1.0.14](https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.0.14/CHANGES), [1.1.0](https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.1.0/CHANGES), [1.2.0](https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.2.0/CHANGES), [1.2.1](https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.2.1/CHANGES), [1.2.2](https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.2.2/CHANGES)))
- base, dev: util-linux ([2.41.2](https://github.com/util-linux/util-linux/blob/v2.41.2/Documentation/releases/v2.41.2-ReleaseNotes))
- ca-certificates ([3.119](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119.html) (includes [3.118.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118_1.html)))
- dev: portage ([3.0.69.3](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.69.3) (includes [3.0.69](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.69), [3.0.69.1](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.69.1), [3.0.69.2](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.69.2)))
- ignition ([2.24.0](https://coreos.github.io/ignition/release-notes/#ignition-2240-2024-10-14))
- sdk: cmake ([4.1.2](https://cmake.org/cmake/help/v4.1/release/4.1.html#id22) (includes [4.0](https://cmake.org/cmake/help/v4.0/release/4.0.html), [4.1](https://cmake.org/cmake/help/v4.1/release/4.1.html), [4.1.1](https://cmake.org/cmake/help/v4.1/release/4.1.html#id21)))
- sdk: go ([1.25.3](https://go.dev/doc/devel/release#go1.25.minor))
- sdk: meson ([1.9.1](https://mesonbuild.com/Release-notes-for-1-9-0.html) (includes [1.8.0](https://mesonbuild.com/Release-notes-for-1-8-0.html)))
- sdk: nasm ([3.01](https://www.nasm.us/docs/3.01/nasmac.html) (includes [3.00](https://www.nasm.us/docs/3.00/nasmac.html)))
- sysext-overlaybd: overlaybd ([1.0.16](https://github.com/containerd/overlaybd/releases/tag/v1.0.16))
- sysext-podman: aardvark-dns ([1.15.0](https://github.com/containers/aardvark-dns/releases/tag/v1.15.0))
- sysext-podman: netavark ([1.16.1](https://github.com/containers/netavark/releases/tag/v1.16.1) (includes [1.16.0](https://github.com/containers/netavark/releases/tag/v1.16.0)))
- sysext-python: more-itertools ([10.8.0](https://github.com/more-itertools/more-itertools/releases/tag/v10.8.0))
- sysext-python: platformdirs ([4.5.0](https://github.com/tox-dev/platformdirs/releases/tag/4.5.0))
- sysext-python: resolvelib ([1.2.1](https://raw.githubusercontent.com/sarugaku/resolvelib/refs/tags/1.2.1/CHANGELOG.rst))
- sysext-python: rich ([14.2.0](https://github.com/Textualize/rich/releases/tag/v14.2.0))
- sysext-python: setuptools-scm ([9.2.0](https://github.com/pypa/setuptools-scm/releases/tag/v9.2.0) (includes [9.0.0](https://github.com/pypa/setuptools-scm/releases/tag/v9.0.0), [9.1.0](https://github.com/pypa/setuptools-scm/releases/tag/v9.1.0)))
- sysext-python: trove-classifiers ([2025.9.11.17](https://github.com/pypa/trove-classifiers/releases/tag/2025.9.11.17) (includes [2025.9.8.13](https://github.com/pypa/trove-classifiers/releases/tag/2025.9.8.13), 2025.9.9.12))
#### Beta 4515.1.0 release
_Changes since **Alpha 4515.0.1**_
#### Security fixes:
- Linux ([CVE-2025-40275](https://nvd.nist.gov/vuln/detail/CVE-2025-40275), [CVE-2025-40274](https://nvd.nist.gov/vuln/detail/CVE-2025-40274), [CVE-2025-40273](https://nvd.nist.gov/vuln/detail/CVE-2025-40273), [CVE-2025-40272](https://nvd.nist.gov/vuln/detail/CVE-2025-40272), [CVE-2025-40271](https://nvd.nist.gov/vuln/detail/CVE-2025-40271), [CVE-2025-40289](https://nvd.nist.gov/vuln/detail/CVE-2025-40289), [CVE-2025-40288](https://nvd.nist.gov/vuln/detail/CVE-2025-40288), [CVE-2025-40287](https://nvd.nist.gov/vuln/detail/CVE-2025-40287), [CVE-2025-40269](https://nvd.nist.gov/vuln/detail/CVE-2025-40269), [CVE-2025-40286](https://nvd.nist.gov/vuln/detail/CVE-2025-40286), [CVE-2025-40285](https://nvd.nist.gov/vuln/detail/CVE-2025-40285), [CVE-2025-40284](https://nvd.nist.gov/vuln/detail/CVE-2025-40284), [CVE-2025-40283](https://nvd.nist.gov/vuln/detail/CVE-2025-40283), [CVE-2025-40282](https://nvd.nist.gov/vuln/detail/CVE-2025-40282), [CVE-2025-40281](https://nvd.nist.gov/vuln/detail/CVE-2025-40281), [CVE-2025-40280](https://nvd.nist.gov/vuln/detail/CVE-2025-40280), [CVE-2025-40279](https://nvd.nist.gov/vuln/detail/CVE-2025-40279), [CVE-2025-40278](https://nvd.nist.gov/vuln/detail/CVE-2025-40278), [CVE-2025-40277](https://nvd.nist.gov/vuln/detail/CVE-2025-40277), [CVE-2025-40268](https://nvd.nist.gov/vuln/detail/CVE-2025-40268), [CVE-2025-40214](https://nvd.nist.gov/vuln/detail/CVE-2025-40214), [CVE-2025-40212](https://nvd.nist.gov/vuln/detail/CVE-2025-40212), [CVE-2024-58087](https://nvd.nist.gov/vuln/detail/CVE-2024-58087), [CVE-2024-57879](https://nvd.nist.gov/vuln/detail/CVE-2024-57879), [CVE-2024-57880](https://nvd.nist.gov/vuln/detail/CVE-2024-57880), [CVE-2024-55642](https://nvd.nist.gov/vuln/detail/CVE-2024-55642), [CVE-2024-55641](https://nvd.nist.gov/vuln/detail/CVE-2024-55641), [CVE-2024-55639](https://nvd.nist.gov/vuln/detail/CVE-2024-55639), [CVE-2024-54683](https://nvd.nist.gov/vuln/detail/CVE-2024-54683), [CVE-2024-54460](https://nvd.nist.gov/vuln/detail/CVE-2024-54460), [CVE-2024-54191](https://nvd.nist.gov/vuln/detail/CVE-2024-54191), [CVE-2024-53689](https://nvd.nist.gov/vuln/detail/CVE-2024-53689), [CVE-2024-53682](https://nvd.nist.gov/vuln/detail/CVE-2024-53682), [CVE-2024-53687](https://nvd.nist.gov/vuln/detail/CVE-2024-53687), [CVE-2024-56770](https://nvd.nist.gov/vuln/detail/CVE-2024-56770), [CVE-2024-56661](https://nvd.nist.gov/vuln/detail/CVE-2024-56661), [CVE-2024-56660](https://nvd.nist.gov/vuln/detail/CVE-2024-56660), [CVE-2024-56659](https://nvd.nist.gov/vuln/detail/CVE-2024-56659), [CVE-2024-56658](https://nvd.nist.gov/vuln/detail/CVE-2024-56658), [CVE-2024-56657](https://nvd.nist.gov/vuln/detail/CVE-2024-56657), [CVE-2024-56656](https://nvd.nist.gov/vuln/detail/CVE-2024-56656), [CVE-2024-56655](https://nvd.nist.gov/vuln/detail/CVE-2024-56655), [CVE-2024-56675](https://nvd.nist.gov/vuln/detail/CVE-2024-56675), [CVE-2024-56674](https://nvd.nist.gov/vuln/detail/CVE-2024-56674), [CVE-2024-56673](https://nvd.nist.gov/vuln/detail/CVE-2024-56673), [CVE-2024-56672](https://nvd.nist.gov/vuln/detail/CVE-2024-56672), [CVE-2024-56654](https://nvd.nist.gov/vuln/detail/CVE-2024-56654), [CVE-2024-56671](https://nvd.nist.gov/vuln/detail/CVE-2024-56671), [CVE-2024-56670](https://nvd.nist.gov/vuln/detail/CVE-2024-56670), [CVE-2024-56669](https://nvd.nist.gov/vuln/detail/CVE-2024-56669), [CVE-2024-56668](https://nvd.nist.gov/vuln/detail/CVE-2024-56668), [CVE-2024-56667](https://nvd.nist.gov/vuln/detail/CVE-2024-56667), [CVE-2024-56666](https://nvd.nist.gov/vuln/detail/CVE-2024-56666), [CVE-2024-56665](https://nvd.nist.gov/vuln/detail/CVE-2024-56665), [CVE-2024-56664](https://nvd.nist.gov/vuln/detail/CVE-2024-56664), [CVE-2024-56663](https://nvd.nist.gov/vuln/detail/CVE-2024-56663), [CVE-2024-56662](https://nvd.nist.gov/vuln/detail/CVE-2024-56662), [CVE-2024-56652](https://nvd.nist.gov/vuln/detail/CVE-2024-56652), [CVE-2024-56653](https://nvd.nist.gov/vuln/detail/CVE-2024-56653), [CVE-2024-53241](https://nvd.nist.gov/vuln/detail/CVE-2024-53241), [CVE-2024-53240](https://nvd.nist.gov/vuln/detail/CVE-2024-53240), [CVE-2025-40261](https://nvd.nist.gov/vuln/detail/CVE-2025-40261), [CVE-2025-40266](https://nvd.nist.gov/vuln/detail/CVE-2025-40266), [CVE-2025-40264](https://nvd.nist.gov/vuln/detail/CVE-2025-40264), [CVE-2025-40263](https://nvd.nist.gov/vuln/detail/CVE-2025-40263), [CVE-2025-40262](https://nvd.nist.gov/vuln/detail/CVE-2025-40262), [CVE-2025-40254](https://nvd.nist.gov/vuln/detail/CVE-2025-40254), [CVE-2025-40253](https://nvd.nist.gov/vuln/detail/CVE-2025-40253), [CVE-2025-40252](https://nvd.nist.gov/vuln/detail/CVE-2025-40252), [CVE-2025-40251](https://nvd.nist.gov/vuln/detail/CVE-2025-40251), [CVE-2025-40250](https://nvd.nist.gov/vuln/detail/CVE-2025-40250), [CVE-2025-40259](https://nvd.nist.gov/vuln/detail/CVE-2025-40259), [CVE-2025-40258](https://nvd.nist.gov/vuln/detail/CVE-2025-40258), [CVE-2025-40257](https://nvd.nist.gov/vuln/detail/CVE-2025-40257), [CVE-2025-40246](https://nvd.nist.gov/vuln/detail/CVE-2025-40246), [CVE-2025-40248](https://nvd.nist.gov/vuln/detail/CVE-2025-40248), [CVE-2025-40345](https://nvd.nist.gov/vuln/detail/CVE-2025-40345))
#### Updates:
- Linux ([6.12.61](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.61) (includes [6.12.59](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.59), [6.12.60](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.60)))
- ca-certificates ([3.119](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119.html) (includes [3.118.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118_1.html)))
_Changes since **Beta 4459.1.2**_
#### Security fixes:
- Linux ([CVE-2025-40275](https://nvd.nist.gov/vuln/detail/CVE-2025-40275), [CVE-2025-40274](https://nvd.nist.gov/vuln/detail/CVE-2025-40274), [CVE-2025-40273](https://nvd.nist.gov/vuln/detail/CVE-2025-40273), [CVE-2025-40272](https://nvd.nist.gov/vuln/detail/CVE-2025-40272), [CVE-2025-40271](https://nvd.nist.gov/vuln/detail/CVE-2025-40271), [CVE-2025-40289](https://nvd.nist.gov/vuln/detail/CVE-2025-40289), [CVE-2025-40288](https://nvd.nist.gov/vuln/detail/CVE-2025-40288), [CVE-2025-40287](https://nvd.nist.gov/vuln/detail/CVE-2025-40287), [CVE-2025-40269](https://nvd.nist.gov/vuln/detail/CVE-2025-40269), [CVE-2025-40286](https://nvd.nist.gov/vuln/detail/CVE-2025-40286), [CVE-2025-40285](https://nvd.nist.gov/vuln/detail/CVE-2025-40285), [CVE-2025-40284](https://nvd.nist.gov/vuln/detail/CVE-2025-40284), [CVE-2025-40283](https://nvd.nist.gov/vuln/detail/CVE-2025-40283), [CVE-2025-40282](https://nvd.nist.gov/vuln/detail/CVE-2025-40282), [CVE-2025-40281](https://nvd.nist.gov/vuln/detail/CVE-2025-40281), [CVE-2025-40280](https://nvd.nist.gov/vuln/detail/CVE-2025-40280), [CVE-2025-40279](https://nvd.nist.gov/vuln/detail/CVE-2025-40279), [CVE-2025-40278](https://nvd.nist.gov/vuln/detail/CVE-2025-40278), [CVE-2025-40277](https://nvd.nist.gov/vuln/detail/CVE-2025-40277), [CVE-2025-40268](https://nvd.nist.gov/vuln/detail/CVE-2025-40268), [CVE-2025-40214](https://nvd.nist.gov/vuln/detail/CVE-2025-40214), [CVE-2025-40212](https://nvd.nist.gov/vuln/detail/CVE-2025-40212), [CVE-2024-58087](https://nvd.nist.gov/vuln/detail/CVE-2024-58087), [CVE-2024-57879](https://nvd.nist.gov/vuln/detail/CVE-2024-57879), [CVE-2024-57880](https://nvd.nist.gov/vuln/detail/CVE-2024-57880), [CVE-2024-55642](https://nvd.nist.gov/vuln/detail/CVE-2024-55642), [CVE-2024-55641](https://nvd.nist.gov/vuln/detail/CVE-2024-55641), [CVE-2024-55639](https://nvd.nist.gov/vuln/detail/CVE-2024-55639), [CVE-2024-54683](https://nvd.nist.gov/vuln/detail/CVE-2024-54683), [CVE-2024-54460](https://nvd.nist.gov/vuln/detail/CVE-2024-54460), [CVE-2024-54191](https://nvd.nist.gov/vuln/detail/CVE-2024-54191), [CVE-2024-53689](https://nvd.nist.gov/vuln/detail/CVE-2024-53689), [CVE-2024-53682](https://nvd.nist.gov/vuln/detail/CVE-2024-53682), [CVE-2024-53687](https://nvd.nist.gov/vuln/detail/CVE-2024-53687), [CVE-2024-56770](https://nvd.nist.gov/vuln/detail/CVE-2024-56770), [CVE-2024-56661](https://nvd.nist.gov/vuln/detail/CVE-2024-56661), [CVE-2024-56660](https://nvd.nist.gov/vuln/detail/CVE-2024-56660), [CVE-2024-56659](https://nvd.nist.gov/vuln/detail/CVE-2024-56659), [CVE-2024-56658](https://nvd.nist.gov/vuln/detail/CVE-2024-56658), [CVE-2024-56657](https://nvd.nist.gov/vuln/detail/CVE-2024-56657), [CVE-2024-56656](https://nvd.nist.gov/vuln/detail/CVE-2024-56656), [CVE-2024-56655](https://nvd.nist.gov/vuln/detail/CVE-2024-56655), [CVE-2024-56675](https://nvd.nist.gov/vuln/detail/CVE-2024-56675), [CVE-2024-56674](https://nvd.nist.gov/vuln/detail/CVE-2024-56674), [CVE-2024-56673](https://nvd.nist.gov/vuln/detail/CVE-2024-56673), [CVE-2024-56672](https://nvd.nist.gov/vuln/detail/CVE-2024-56672), [CVE-2024-56654](https://nvd.nist.gov/vuln/detail/CVE-2024-56654), [CVE-2024-56671](https://nvd.nist.gov/vuln/detail/CVE-2024-56671), [CVE-2024-56670](https://nvd.nist.gov/vuln/detail/CVE-2024-56670), [CVE-2024-56669](https://nvd.nist.gov/vuln/detail/CVE-2024-56669), [CVE-2024-56668](https://nvd.nist.gov/vuln/detail/CVE-2024-56668), [CVE-2024-56667](https://nvd.nist.gov/vuln/detail/CVE-2024-56667), [CVE-2024-56666](https://nvd.nist.gov/vuln/detail/CVE-2024-56666), [CVE-2024-56665](https://nvd.nist.gov/vuln/detail/CVE-2024-56665), [CVE-2024-56664](https://nvd.nist.gov/vuln/detail/CVE-2024-56664), [CVE-2024-56663](https://nvd.nist.gov/vuln/detail/CVE-2024-56663), [CVE-2024-56662](https://nvd.nist.gov/vuln/detail/CVE-2024-56662), [CVE-2024-56652](https://nvd.nist.gov/vuln/detail/CVE-2024-56652), [CVE-2024-56653](https://nvd.nist.gov/vuln/detail/CVE-2024-56653), [CVE-2024-53241](https://nvd.nist.gov/vuln/detail/CVE-2024-53241), [CVE-2024-53240](https://nvd.nist.gov/vuln/detail/CVE-2024-53240), [CVE-2025-40261](https://nvd.nist.gov/vuln/detail/CVE-2025-40261), [CVE-2025-40266](https://nvd.nist.gov/vuln/detail/CVE-2025-40266), [CVE-2025-40264](https://nvd.nist.gov/vuln/detail/CVE-2025-40264), [CVE-2025-40263](https://nvd.nist.gov/vuln/detail/CVE-2025-40263), [CVE-2025-40262](https://nvd.nist.gov/vuln/detail/CVE-2025-40262), [CVE-2025-40254](https://nvd.nist.gov/vuln/detail/CVE-2025-40254), [CVE-2025-40253](https://nvd.nist.gov/vuln/detail/CVE-2025-40253), [CVE-2025-40252](https://nvd.nist.gov/vuln/detail/CVE-2025-40252), [CVE-2025-40251](https://nvd.nist.gov/vuln/detail/CVE-2025-40251), [CVE-2025-40250](https://nvd.nist.gov/vuln/detail/CVE-2025-40250), [CVE-2025-40259](https://nvd.nist.gov/vuln/detail/CVE-2025-40259), [CVE-2025-40258](https://nvd.nist.gov/vuln/detail/CVE-2025-40258), [CVE-2025-40257](https://nvd.nist.gov/vuln/detail/CVE-2025-40257), [CVE-2025-40246](https://nvd.nist.gov/vuln/detail/CVE-2025-40246), [CVE-2025-40248](https://nvd.nist.gov/vuln/detail/CVE-2025-40248), [CVE-2025-40345](https://nvd.nist.gov/vuln/detail/CVE-2025-40345))
- binutils ([CVE-2025-5244](https://www.cve.org/CVERecord?id=CVE-2025-5244), [CVE-2025-5245](https://www.cve.org/CVERecord?id=CVE-2025-5245) [CVE-2025-8225](https://www.cve.org/CVERecord?id=CVE-2025-8225))
- curl ([CVE-2025-9086](https://www.cve.org/CVERecord?id=CVE-2025-9086), [CVE-2025-10148](https://www.cve.org/CVERecord?id=CVE-2025-10148))
- expat ([CVE-2025-59375](https://www.cve.org/CVERecord?id=CVE-2025-59375))
- go ([CVE-2025-47910](https://www.cve.org/CVERecord?id=CVE-2025-47910))
- intel-microcode ([CVE-2024-28956](https://www.cve.org/CVERecord?id=CVE-2024-28956), [CVE-2024-43420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43420), [CVE-2024-45332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45332), [CVE-2025-20012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20012), [CVE-2025-20054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20054), [CVE-2025-20103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20103), [CVE-2025-20623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20623), [CVE-2025-24495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24495), [CVE-2025-20053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20053), [CVE-2025-20109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20109), [CVE-2025-22839](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22839), [CVE-2025-22840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22840), [CVE-2025-22889](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22889), [CVE-2025-26403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26403))
- libpcre2 ([CVE-2025-58050](https://www.cve.org/CVERecord?id=CVE-2025-58050))
- libxml2 ([libxml2-20250908](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9))
- libxslt ([CVE-2025-7424](https://www.cve.org/CVERecord?id=CVE-2025-7424), [CVE-2025-7425](https://www.cve.org/CVERecord?id=CVE-2025-7425))
- net-tools ([CVE-2025-46836](https://www.cve.org/CVERecord?id=CVE-2025-46836))
- nvidia-drivers ([CVE-2025-23280](https://www.cve.org/CVERecord?id=CVE-2025-23280), [CVE-2025-23282](https://www.cve.org/CVERecord?id=CVE-2025-23282), [CVE-2025-23300](https://www.cve.org/CVERecord?id=CVE-2025-23300), [CVE-2025-23330](https://www.cve.org/CVERecord?id=CVE-2025-23330), [CVE-2025-23332](https://www.cve.org/CVERecord?id=CVE-2025-23332), [CVE-2025-23345](https://www.cve.org/CVERecord?id=CVE-2025-23345))
- openssh ([CVE-2025-61984](https://www.cve.org/CVERecord?id=CVE-2025-61984), [CVE-2025-61985](https://www.cve.org/CVERecord?id=CVE-2025-61985))
- openssl ([CVE-2025-9230](https://www.cve.org/CVERecord?id=CVE-2025-9230), [CVE-2025-9231](https://www.cve.org/CVERecord?id=CVE-2025-9231), [CVE-2025-9232](https://www.cve.org/CVERecord?id=CVE-2025-9232))
#### Bug fixes:
- Alpha only: Added Fusion SCSI disk drivers back to the initrd after they got lost in the rework ([Flatcar#1924](https://github.com/flatcar/Flatcar/issues/1924))
- Alpha only: Fixed systemd-sysext payload handling for air-gapped/self-hosted updates which was a known bug for 4487.0.0 ([ue-rs#93](https://github.com/flatcar/ue-rs/pull/93))
- Configured the services in the overlaybd sysext to start automatically like the other sysexts. Note that the sysext must be enabled at boot time for this to happen, otherwise you need to call `systemd-tmpfiles --create` and `systemctl daemon-reload` first.
- Fixed SSSD startup failure by adding back LDB modules into the image, which got lost after a Samba update ([Flatcar#1919](https://github.com/flatcar/Flatcar/issues/1919))
- Fixed a kernel boot warning when loading an explicit list of kernel modules in the minimal first-stage initrd ([Flatcar#1934](https://github.com/flatcar/Flatcar/issues/1934))
#### Changes:
- Added support for the kernel cmdline parameters `flatcar.release_file_server_url` and `flatcar.dev_file_server_url` to specify custom servers where Flatcar extensions should be downloaded on boot ([bootengine#112](https://github.com/flatcar/bootengine/pull/112))
- Alpha only: Reduced Azure image size again to 30 GB as before by shrinking the root partition to compensate for the growth of the other partitions ([scripts#3460](https://github.com/flatcar/scripts/pull/3460))
- Increased all partition sizes: `/boot` to 1 GB, the two `/usr` partitions to 2 GB, `/oem` to 1 GB so that we can use more space in a few years when we can assume that most nodes run the new partition layout - existing nodes can still update for the next years ([scripts#3027](https://github.com/flatcar/scripts/pull/3027))
- Reduced the kernel+initrd size on `/boot` by half. Flatcar now uses a minimal first stage initrd just to access the `/usr` partition and then switches to the full initrd that does the full system preparation as before. Since this means that the set of kernel modules available in the first initrd is reduced, please report any impact.
- The way that files for building custom kernel modules are installed has changed from a Ubuntu-inspired method to the standard upstream kernel method. In the unlikely event that this breaks your module builds, please let the Flatcar team know immediately.
#### Updates:
- Linux ([6.12.61](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.61) (includes [6.12.49](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.49), [6.12.50](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.50), [6.12.59](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.59), [6.12.60](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.60)))
- Linux firmware ([20251021](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20251021) (includes [20250917](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20250917), [20251011](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20251011)))
- Afterburn ([5.10.0](https://coreos.github.io/afterburn/release-notes/#afterburn-5100))
- azure, dev: inotify-tools ([4.25.9.0](https://github.com/inotify-tools/inotify-tools/releases/tag/4.25.9.0))
- azure, stackit: chrony ([4.8](https://gitlab.com/chrony/chrony/-/raw/4.8/NEWS))
- base, dev: bash ([5.3_p3](https://lists.gnu.org/archive/html/bug-bash/2025-07/msg00005.html))
- base, dev: bind ([9.18.38](https://bind9.readthedocs.io/en/v9.18.38/notes.html#notes-for-bind-9-18-38))
- base, dev: bpftool ([7.6.0](https://github.com/libbpf/bpftool/releases/tag/v7.6.0))
- base, dev: btrfs-progs ([6.16.1](https://github.com/kdave/btrfs-progs/releases/tag/v6.16.1) (includes [6.16](https://github.com/kdave/btrfs-progs/releases/tag/v6.16)))
- base, dev: coreutils ([9.7](https://lists.gnu.org/archive/html/info-gnu/2025-04/msg00006.html) (includes [9.6](https://savannah.gnu.org/news/?id=10715)))
- base, dev: cryptsetup ([2.8.1](https://gitlab.com/cryptsetup/cryptsetup/-/raw/v2.8.1/docs/v2.8.1-ReleaseNotes))
- base, dev: curl ([8.16.0](https://curl.se/ch/8.16.0.html))
- base, dev: expat ([2.7.3](https://raw.githubusercontent.com/libexpat/libexpat/refs/tags/R_2_7_3/expat/Changes) (includes [2.7.2](https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes)))
- base, dev: gcc ([14.3.1_p20250801](https://gcc.gnu.org/pipermail/gcc/2025-May/246078.html))
- base, dev: gettext ([0.23.2](https://gitweb.git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob_plain;f=NEWS;h=a5cc8a63eb4f06e4a1171afda862812feb67d693;hb=e8e6cb71aec0de1f5758ac21327bb8cd69e33731) (includes [0.23.0](https://gitweb.git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob_plain;f=NEWS;h=9d87d45408f510d15856a1dda8a9376573f0a9c5;hb=c12b25dc82104691ca80c4da1cbc538fcab42bf5), [0.23.1](https://gitweb.git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob_plain;f=NEWS;h=4aafedf9b10a66891838e1f35c7af020c6124ee0;hb=d9b0432a825bfe3fc72f9a081d295a9528cd8aac)))
- base, dev: git ([2.51.0](https://github.com/git/git/blob/v2.51.0/Documentation/RelNotes/2.51.0.adoc) (includes [2.50.0](https://github.com/git/git/blob/v2.50.0/Documentation/RelNotes/2.50.0.adoc)))
- base, dev: hwdata ([0.398](https://github.com/vcrhonek/hwdata/releases/tag/v0.398))
- base, dev: intel-microcode ([20250812](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812) (includes [20250512](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512)))
- base, dev: libffi ([3.5.2](https://github.com/libffi/libffi/releases/tag/v3.5.2))
- base, dev: libnftnl ([1.3.0](https://lwn.net/Articles/1032725/))
- base, dev: libxml2 ([2.14.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.6) (includes [2.13.9](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9), [2.14.0](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.0), [2.14.1](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.1), [2.14.2](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.2), [2.14.3](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.3), [2.14.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.4), [2.14.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.5)))
- base, dev: ncurses ([6.5_p20250802](https://invisible-island.net/ncurses/NEWS.html#t20250802))
- base, dev: nftables ([1.1.5](https://www.netfilter.org/projects/nftables/files/changes-nftables-1.1.5.txt) (includes [1.1.4](https://www.netfilter.org/projects/nftables/files/changes-nftables-1.1.4.txt)))
- base, dev: nvidia-drivers-service ([570.195.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-570-195-03/index.html) (includes [535.274.02](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-535-274-02/index.html)))
- base, dev: openssh ([10.2_p1](https://www.openssh.com/txt/release-10.2) (includes [10.1](https://www.openssh.com/txt/release-10.1)))
- base, dev: openssl ([3.4.3](https://github.com/openssl/openssl/releases/tag/openssl-3.4.3))
- base, dev: readline ([8.3_p1](https://lists.gnu.org/archive/html/bug-bash/2025-07/msg00005.html))
- base, dev: samba ([4.22.3](https://www.samba.org/samba/history/samba-4.22.3.html) (includes [4.21.0](https://www.samba.org/samba/history/samba-4.21.0.html), [4.22.0](https://www.samba.org/samba/history/samba-4.22.0.html), [4.22.1](https://www.samba.org/samba/history/samba-4.22.1.html), [4.22.2](https://www.samba.org/samba/history/samba-4.22.2.html)))
- base, dev: talloc ([2.4.3](https://gitlab.com/samba-team/samba/-/commit/77229f73c20af69ab0f3c96efbb229ff64a9dfe4))
- base, dev: tdb ([1.4.13](https://gitlab.com/samba-team/samba/-/commit/70a8c7a89a6d62d2ff172d79b5f4e6439300b88d))
- base, dev: tevent ([0.16.2](https://gitlab.com/samba-team/samba/-/commit/8d398acbbb7fdc0ff50fe6ba80433deaf92515c6))
- base, dev: xfsprogs ([6.16.0](https://web.git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.16.0) (includes [6.15.0](https://web.git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.15.0)))
- ca-certificates ([3.119](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119.html) (includes [3.118.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118_1.html)))
- dev, sysext-incus: squashfs-tools ([4.7.2](https://github.com/plougher/squashfs-tools/releases/tag/4.7.2) (includes [4.7.1](https://github.com/plougher/squashfs-tools/releases/tag/4.7.1)))
- dev: binutils ([2.45](https://lists.gnu.org/archive/html/info-gnu/2025-07/msg00009.html))
- sdk: azure-core ([1.16.1](https://github.com/Azure/azure-sdk-for-cpp/releases/tag/azure-core_1.16.1))
- sdk: azure-identity ([1.13.1](https://github.com/Azure/azure-sdk-for-cpp/releases/tag/azure-identity_1.13.1))
- sdk: cmake ([3.31.9](https://cmake.org/cmake/help/v3.31/release/3.31.html#id1))
- sdk: go ([1.25.1](https://go.dev/doc/devel/release#go1.25.minor) (includes [1.24.7](https://go.dev/doc/devel/release#go1.24.minor), [1.25](https://go.dev/doc/go1.25)))
- sdk: pkgcheck ([0.10.37](https://github.com/pkgcore/pkgcheck/releases/tag/v0.10.37))
- sdk: qemu ([10.0.5](https://wiki.qemu.org/ChangeLog/10.0))
- sdk: rust ([1.89.0](https://blog.rust-lang.org/2025/08/07/Rust-1.89.0/))
- sysext-containerd: containerd ([2.1.4](https://github.com/containerd/containerd/releases/tag/v2.1.4))
- sysext-containerd: runc ([1.3.1](https://github.com/opencontainers/runc/releases/tag/v1.3.1))
- sysext-incus, sysext-podman, vmware: fuse ([3.17.4](https://github.com/libfuse/libfuse/releases/tag/fuse-3.17.4))
- sysext-nvidia-drivers-535: nvidia-drivers ([535.274.02](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-535-274-02/index.html))
- sysext-nvidia-drivers-570: nvidia-drivers ([570.195.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-570-195-03/index.html) (includes 570.190))
- sysext-podman: crun ([1.21](https://github.com/containers/crun/releases/tag/1.21))
- sysext-podman: gpgme ([2.0.0](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob_plain;f=NEWS;h=cd0e093bf83fe47b6773fb478fced07d8409fbe0;hb=e17ba578861905857da0a514b4fc9b88a57f7346))
- sysext-podman: netavark ([1.15.2](https://github.com/containers/netavark/releases/tag/v1.15.2) (includes [1.15.0](https://github.com/containers/netavark/releases/tag/v1.15.0), [1.15.1](https://github.com/containers/netavark/releases/tag/v1.15.1)))
- sysext-podman: passt ([2025.06.11](https://archives.passt.top/passt-user/20250611175947.7d540ddc@elisabeth/T/#u))
- sysext-python: charset-normalizer ([3.4.3](https://github.com/jawah/charset_normalizer/releases/tag/3.4.3))
- sysext-python: jaraco-functools ([4.3.0](https://raw.githubusercontent.com/jaraco/jaraco.functools/refs/tags/v4.3.0/NEWS.rst))
- sysext-python: markdown-it-py ([4.0.0](https://github.com/executablebooks/markdown-it-py/releases/tag/v4.0.0))
- sysext-python: pip ([25.2](https://raw.githubusercontent.com/pypa/pip/refs/tags/25.2/NEWS.rst))
- sysext-python: platformdirs ([4.4.0](https://github.com/tox-dev/platformdirs/releases/tag/4.4.0))
- sysext-python: requests ([2.32.5](https://github.com/psf/requests/releases/tag/v2.32.5))
- sysext-python: typing-extensions ([4.15.0](https://raw.githubusercontent.com/python/typing_extensions/refs/tags/4.15.0/CHANGELOG.md))
- systemd (257.9)
- vmware: open-vm-tools ([13.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-13.0.5))
#### Stable 4459.2.2 release
_Changes since **Stable 4459.2.1**_
#### Security fixes:
- Linux ([CVE-2025-40275](https://nvd.nist.gov/vuln/detail/CVE-2025-40275), [CVE-2025-40274](https://nvd.nist.gov/vuln/detail/CVE-2025-40274), [CVE-2025-40273](https://nvd.nist.gov/vuln/detail/CVE-2025-40273), [CVE-2025-40272](https://nvd.nist.gov/vuln/detail/CVE-2025-40272), [CVE-2025-40271](https://nvd.nist.gov/vuln/detail/CVE-2025-40271), [CVE-2025-40289](https://nvd.nist.gov/vuln/detail/CVE-2025-40289), [CVE-2025-40288](https://nvd.nist.gov/vuln/detail/CVE-2025-40288), [CVE-2025-40287](https://nvd.nist.gov/vuln/detail/CVE-2025-40287), [CVE-2025-40269](https://nvd.nist.gov/vuln/detail/CVE-2025-40269), [CVE-2025-40286](https://nvd.nist.gov/vuln/detail/CVE-2025-40286), [CVE-2025-40285](https://nvd.nist.gov/vuln/detail/CVE-2025-40285), [CVE-2025-40284](https://nvd.nist.gov/vuln/detail/CVE-2025-40284), [CVE-2025-40283](https://nvd.nist.gov/vuln/detail/CVE-2025-40283), [CVE-2025-40282](https://nvd.nist.gov/vuln/detail/CVE-2025-40282), [CVE-2025-40281](https://nvd.nist.gov/vuln/detail/CVE-2025-40281), [CVE-2025-40280](https://nvd.nist.gov/vuln/detail/CVE-2025-40280), [CVE-2025-40279](https://nvd.nist.gov/vuln/detail/CVE-2025-40279), [CVE-2025-40278](https://nvd.nist.gov/vuln/detail/CVE-2025-40278), [CVE-2025-40277](https://nvd.nist.gov/vuln/detail/CVE-2025-40277), [CVE-2025-40268](https://nvd.nist.gov/vuln/detail/CVE-2025-40268), [CVE-2025-40214](https://nvd.nist.gov/vuln/detail/CVE-2025-40214), [CVE-2025-40212](https://nvd.nist.gov/vuln/detail/CVE-2025-40212), [CVE-2024-58087](https://nvd.nist.gov/vuln/detail/CVE-2024-58087), [CVE-2024-57879](https://nvd.nist.gov/vuln/detail/CVE-2024-57879), [CVE-2024-57880](https://nvd.nist.gov/vuln/detail/CVE-2024-57880), [CVE-2024-55642](https://nvd.nist.gov/vuln/detail/CVE-2024-55642), [CVE-2024-55641](https://nvd.nist.gov/vuln/detail/CVE-2024-55641), [CVE-2024-55639](https://nvd.nist.gov/vuln/detail/CVE-2024-55639), [CVE-2024-54683](https://nvd.nist.gov/vuln/detail/CVE-2024-54683), [CVE-2024-54460](https://nvd.nist.gov/vuln/detail/CVE-2024-54460), [CVE-2024-54191](https://nvd.nist.gov/vuln/detail/CVE-2024-54191), [CVE-2024-53689](https://nvd.nist.gov/vuln/detail/CVE-2024-53689), [CVE-2024-53682](https://nvd.nist.gov/vuln/detail/CVE-2024-53682), [CVE-2024-53687](https://nvd.nist.gov/vuln/detail/CVE-2024-53687), [CVE-2024-56770](https://nvd.nist.gov/vuln/detail/CVE-2024-56770), [CVE-2024-56661](https://nvd.nist.gov/vuln/detail/CVE-2024-56661), [CVE-2024-56660](https://nvd.nist.gov/vuln/detail/CVE-2024-56660), [CVE-2024-56659](https://nvd.nist.gov/vuln/detail/CVE-2024-56659), [CVE-2024-56658](https://nvd.nist.gov/vuln/detail/CVE-2024-56658), [CVE-2024-56657](https://nvd.nist.gov/vuln/detail/CVE-2024-56657), [CVE-2024-56656](https://nvd.nist.gov/vuln/detail/CVE-2024-56656), [CVE-2024-56655](https://nvd.nist.gov/vuln/detail/CVE-2024-56655), [CVE-2024-56675](https://nvd.nist.gov/vuln/detail/CVE-2024-56675), [CVE-2024-56674](https://nvd.nist.gov/vuln/detail/CVE-2024-56674), [CVE-2024-56673](https://nvd.nist.gov/vuln/detail/CVE-2024-56673), [CVE-2024-56672](https://nvd.nist.gov/vuln/detail/CVE-2024-56672), [CVE-2024-56654](https://nvd.nist.gov/vuln/detail/CVE-2024-56654), [CVE-2024-56671](https://nvd.nist.gov/vuln/detail/CVE-2024-56671), [CVE-2024-56670](https://nvd.nist.gov/vuln/detail/CVE-2024-56670), [CVE-2024-56669](https://nvd.nist.gov/vuln/detail/CVE-2024-56669), [CVE-2024-56668](https://nvd.nist.gov/vuln/detail/CVE-2024-56668), [CVE-2024-56667](https://nvd.nist.gov/vuln/detail/CVE-2024-56667), [CVE-2024-56666](https://nvd.nist.gov/vuln/detail/CVE-2024-56666), [CVE-2024-56665](https://nvd.nist.gov/vuln/detail/CVE-2024-56665), [CVE-2024-56664](https://nvd.nist.gov/vuln/detail/CVE-2024-56664), [CVE-2024-56663](https://nvd.nist.gov/vuln/detail/CVE-2024-56663), [CVE-2024-56662](https://nvd.nist.gov/vuln/detail/CVE-2024-56662), [CVE-2024-56652](https://nvd.nist.gov/vuln/detail/CVE-2024-56652), [CVE-2024-56653](https://nvd.nist.gov/vuln/detail/CVE-2024-56653), [CVE-2024-53241](https://nvd.nist.gov/vuln/detail/CVE-2024-53241), [CVE-2024-53240](https://nvd.nist.gov/vuln/detail/CVE-2024-53240), [CVE-2025-40261](https://nvd.nist.gov/vuln/detail/CVE-2025-40261), [CVE-2025-40266](https://nvd.nist.gov/vuln/detail/CVE-2025-40266), [CVE-2025-40264](https://nvd.nist.gov/vuln/detail/CVE-2025-40264), [CVE-2025-40263](https://nvd.nist.gov/vuln/detail/CVE-2025-40263), [CVE-2025-40262](https://nvd.nist.gov/vuln/detail/CVE-2025-40262), [CVE-2025-40254](https://nvd.nist.gov/vuln/detail/CVE-2025-40254), [CVE-2025-40253](https://nvd.nist.gov/vuln/detail/CVE-2025-40253), [CVE-2025-40252](https://nvd.nist.gov/vuln/detail/CVE-2025-40252), [CVE-2025-40251](https://nvd.nist.gov/vuln/detail/CVE-2025-40251), [CVE-2025-40250](https://nvd.nist.gov/vuln/detail/CVE-2025-40250), [CVE-2025-40259](https://nvd.nist.gov/vuln/detail/CVE-2025-40259), [CVE-2025-40258](https://nvd.nist.gov/vuln/detail/CVE-2025-40258), [CVE-2025-40257](https://nvd.nist.gov/vuln/detail/CVE-2025-40257), [CVE-2025-40246](https://nvd.nist.gov/vuln/detail/CVE-2025-40246), [CVE-2025-40248](https://nvd.nist.gov/vuln/detail/CVE-2025-40248), [CVE-2025-40345](https://nvd.nist.gov/vuln/detail/CVE-2025-40345))
#### Updates:
- Linux ([6.12.61](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.61) (includes ([6.12.59](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.59), [6.12.60](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.60))))
- ca-certificates ([3.119](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119.html) (includes [3.118.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118_1.html)))
Best,
The Flatcar Container Linux Maintainers
---
### Communication
#### Go/No-Go message for Matrix/Slack
## Go/No-Go
Go/No-Go Meeting for Alpha 4547.0.0, Beta 4515.1.0, Stable 4459.2.2
Pre-view images are available in https://bincache.flatcar-linux.net/images/amd64/$VERSION/
Tracking issue: https://github.com/flatcar/Flatcar/issues/1973
The Go/No-Go document is in our HackMD @flatcar namespace
Link: https://hackmd.io/@flatcar/rkenwPFGZx?view
Please give your Go/No-Go vote with π for Go, β for No-Go, and β for Wait.
Contributors & community feel free to put your suggestions, thoughts or comments on the document or here in the chat.
@yudocaa.3p:matrix.org @jerseychewi:matrix.org @tormath1:matrix.org @ader1990:matrix.org @thilofm:matrix.org @pothos:matrix.org @dongsupark:matrix.org @krnowak:matrix.org @gabriel-samfira:matrix.org @jan_bronicki:matrix.org @ervin.racz:matrix.org @dzatovic:matrix.org @jepio:matrix.org
#### Mastodon
### Alpha channel
π **Flatcar Alpha 4547.0.0 released!**
π¦ Big updates: Linux **6.12.61**, Ignition **2.24.0**, Go **1.25.3**, OpenSSL **3.5.4**
π Extensive kernel CVE fixes + coreutils, Go & PAM security updates
β¨ Smaller downloads & improved security defaults
π Full Alpha changelog π https://www.flatcar.org/releases/
---
### Beta channel
π§ͺ **Flatcar Beta 4515.1.0 is out!**
π¦ Updated to Linux **6.12.61** + refreshed ca-certificates
π Major Linux kernel CVE rollup and multiple userspace security fixes
β¨ New minimal first-stage initrd & larger partitions (from Alpha)
π Dive into the Beta release notes π https://www.flatcar.org/releases/
---
### Stable channel
β
**Flatcar Stable 4459.2.2 available now!**
π¦ Linux updated to **6.12.61** with latest ca-certificates
π Security-focused release with a large Linux kernel CVE fix set
π‘οΈ Recommended update for all Stable users
π See whatβs new in Stable π https://www.flatcar.org/releases/
#### Kubernetes Slack / Matrix (#flatcar)
Please welcome this monthβs **Flatcar Container Linux releases** π
β’ **Alpha 4547.0.0** β new major release
β’ **Beta 4515.1.0** β new major release
β’ **Stable 4459.2.2** β maintenance & security update
These releases include:
π **New features & improvements**: minimal first-stage initrd (Alpha/Beta), larger default partitions for future growth, improved extension handling
π©Ή **Bug fixes**: restored missing initrd drivers, fixed SSSD startup issues, improved sysext behavior, reduced download sizes
π¦ **Many package updates**: Linux **6.12.61**, updated firmware, refreshed ca-certificates, plus toolchain and userspace updates (Go, OpenSSL, systemd, and more β channel-dependent)
π **Security**: large Linux kernel CVE rollups across all channels, plus additional userspace security fixes
π **Full release notes**: https://www.flatcar.org/releases/
Sign in with Wallet
Connect another wallet