Skip to content

Latest commit

 

History

History
211 lines (160 loc) · 23.2 KB

openshift_versions_changelog.md

File metadata and controls

211 lines (160 loc) · 23.2 KB
Raw
copyright lastupdated keywords subcollection
years
2014, 2019
2019-10-31
openshift, roks, rhoks, rhos, update, upgrade, BOM, bill of materials, versions, patch
openshift

{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:pre: .pre} {:table: .aria-labeledby="caption"} {:codeblock: .codeblock} {:tip: .tip} {:note: .note} {:download: .download} {:preview: .preview} {:external: target="_blank" .external}

Version changelog

{: #openshift_changelog}

View information of version changes for major, minor, and patch updates that are available for your {{site.data.keyword.openshiftlong}} clusters. Changes include updates to OpenShift, Kubernetes, and {{site.data.keyword.cloud_notm}} Provider components. {:shortdesc}

Unless otherwise noted in the changelogs, the {{site.data.keyword.containerlong_notm}} provider version enables Kubernetes APIs and features that are at beta. Kubernetes alpha features, which are subject to change, are disabled.

Check the Security Bulletins on {{site.data.keyword.cloud_notm}} Status for security vulnerabilities that affect Red Hat OpenShift on IBM Cloud. You can filter the results to view only Kubernetes Cluster security bulletins that are relevant to Red Hat OpenShift on IBM Cloud. Changelog entries that address other security vulnerabilities but do not also refer to an IBM security bulletin are for vulnerabilities that are not known to affect Red Hat OpenShift on IBM Cloud in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.

Master patch updates are applied automatically. Worker node patch updates can be applied by reloading or updating the worker nodes. For more information about major, minor, and patch versions and preparation actions between minor versions, see OpenShift versions. {: tip}

Version 3.11 changelog

Review the changelogs for Red Hat OpenShift on IBM Cloud version 3.11 patch updates. {: shortdesc}

Changelog for worker node fix pack 3.11.153_1529_openshift, released 28 October 2019

{: #311153_1529}

The following table shows the changes that are included in the worker node fix pack 3.11.153_1529_openshift. {: shortdesc}

Component Previous Current Description
OpenShift node 3.11.146 3.11.153 See the OpenShift release notes{: external}.
RHEL 7 packages and kernel 3.10.0-1062.1.2.el7 3.10.0-1062.4.1.el7 Updated worker node images with kernel and package updates for CVE-2019-14835{: external}, CVE-2019-14287{: external}, CVE-2019-3846 CVE-2019-10126{: external}, CVE-2019-9506{: external}, and CVE-2018-20856{: external}.
{: caption="Changes since version 3.11.146_1528" caption-side="top"}

Changelog for master fix pack 3.11.146_1528_openshift, released 22 October 2019

{: #311146_1528}

The following table shows the changes that are included in the master fix pack 3.11.146_1528_openshift. {: shortdesc}

Component Previous Current Description
etcd v3.3.15 v3.3.17 See the etcd release notes{: external}. Update resolves CVE-2019-1547{: external}, CVE-2019-1549{: external}, and CVE-2019-1563{: external}.
{{site.data.keyword.cloud_notm}} Block Storage driver and plug-in N/A N/A Fixed a bug so that the driver and plug-in components can be updated.
{{site.data.keyword.cloud_notm}} Controller Manager v1.15.3-112 v1.15.5-119 Updated to support the Kubernetes 1.15.5 release. Update resolves CVE-2019-16276{: external}.
{{site.data.keyword.cloud_notm}} File Storage plug-in and monitor 349 350 Updated image for CVE-2019-1547{: external}, CVE-2019-1549{: external}, and CVE-2019-1563{: external}.
Key Management Service provider 221 237 Updated image for CVE-2019-16276{: external}.
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} provider 153 159 Updated image for CVE-2019-1547{: external}, CVE-2019-1549{: external}, CVE-2019-1563{: external}, and CVE-2019-16276{: external}.
{: caption="Changes since version 3.11.146_1527" caption-side="top"}

Changelog for worker node fix pack 3.11.146_1527_openshift, released 14 October 2019

{: #311146_1527}

The following table shows the changes that are included in the worker node fix pack 3.11.146_1527_openshift. {: shortdesc}

Component Previous Current Description
RHEL 7 packages and kernel N/A N/A Updated worker node images with package updates.
{: caption="Changes since version 3.11.146_1525" caption-side="top"}

Changelog for master fix pack 3.11.146_1526_openshift, released 4 October 2019

{: #311146_1526}

The following table shows the changes that are included in the master fix pack 3.11.146_1526_openshift. {: shortdesc}

Component Previous Current Description
Default IBM security context constraints N/A N/A To support IBM Cloud Paks{: external}, the seLinuxContext setting is changed from MustRunAs to RunAsAny for the following default IBM security context constraints: ibm-anyuid-hostaccess-scc, ibm-anyuid-hostpath-scc, and ibm-anyuid-scc.
{: caption="Changes since version 3.11.146_1525" caption-side="top"}

Changelog for 3.11.146_1525_openshift, released 3 October 2019

{: #311146_1525}

The following table shows the changes that are included in the patch 3.11.146_1525_openshift. {: shortdesc}

Component Previous Current Description
Calico v3.6.4 v3.6.4 See the Calico release notes{: external}.
{{site.data.keyword.cloud_notm}} Block Storage driver and plug-in 1.15.1 1.15.2 Fixed an issue that might cause worker nodes to fail in a NotReady status or pods not to start because of networking errors.
{{site.data.keyword.cloud_notm}} Controller Manager v1.11.10-286 v1.15.3-112 Updated to support the Kubernetes 1.15.3 release.
OpenShift 3.11.141 3.11.146 See the OpenShift release notes{: external}. Update resolves CVE-2019-11247{: external} (see the IBM security bulletin{: external}) and CVE-2019-11249{: external} (see the IBM security bulletin{: external}).
OpenVPN server 2.4.6-r3-IKS-115 2.4.6-r3-IKS-121 Image updated for CVE-2019-1547{: external} and CVE-2019-1563{: external}.
RHEL 7 packages and kernel 3.10.0-1062.1.1 3.10.0-1062.1.2 Updated worker node images with kernel and package updates for CVE-2019-1125{: external}.
{: caption="Changes since version 3.11.141_1524" caption-side="top"}

Changelog for 3.11.141_1524_openshift, released 16 September 2019

{: #311141_1524}

The following table shows the changes that are included in the patch 3.11.141_1524_openshift. {: shortdesc}

Component Previous Current Description
Key Management Service provider 212 216 Improved Kubernetes key management service provider caching of {{site.data.keyword.cloud_notm}} IAM tokens. In addition, fixed a problem with Kubernetes secret decryption when the cluster's root key is rotated.
OpenShift 3.11.135 3.11.141 See the OpenShift release notes{: external}.
RHEL 7 packages and kernel 3.10.0-1062 3.10.0-1062.1.1 Updated worker node images with kernel and package updates for CVE-2019-1125{: external} and CVE-2019-9500{: external}.
{: caption="Changes since version 3.11.135_1523" caption-side="top"}

Changelog for worker node fix pack 3.11.135_1523_openshift, released 3 September 2019

{: #311135_1523_worker}

The following table shows the changes that are included in the worker node fix pack 3.11.135_1523_openshift. {: shortdesc}

Component Previous Current Description
RHEL 7 packages N/A N/A Updated worker node images with package updates.
{: caption="Changes since version 3.11.135_1521" caption-side="top"}

Changelog for master fix pack 3.11.135_1522_openshift, released 28 August 2019

{: #311135_1522}

The following table shows the changes that are included in the master fix pack 3.11.135_1522_openshift. {: shortdesc}

Component Previous Current Description
Default IBM security context constraints N/A N/A Added ibm-restricted-scc to Default IBM security context constraints.
etcd v3.3.13 v3.3.15 See the etcd release notes{: external}. Update resolves CVE-2019-9512{: external}, CVE-2019-9514{: external}, and CVE-2019-14809{: external}.
{{site.data.keyword.cloud_notm}} File Storage plug-in 348 349 Image updated for CVE-2019-9512{: external}, CVE-2019-9514{: external}, and CVE-2019-14809{: external}.
Key Management Service provider 207 212 Image updated for CVE-2019-9512{: external}, CVE-2019-9514{: external}, and CVE-2019-14809{: external}.
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 147 148 Image updated for CVE-2019-9512{: external}, CVE-2019-9514{: external}, and CVE-2019-14809{: external}.
{: caption="Changes since version 3.11.135_1521" caption-side="top"}

Changelog for worker node fix pack 3.11.135_1521_openshift, released 19 August 2019

{: #311135_1521_worker}

The following table shows the changes that are included in the worker node fix pack 3.11.135_1521_openshift. {: shortdesc}

Component Previous Current Description
Cluster master HA Proxy 2.0.1-alpine 1.8.21-alpine Moved to HA Proxy 1.8 to fix socket leak in haproxy{: external}. Added a liveliness check to monitor the health of HA Proxy. For more information about other changes, see release notes{: external}.
OpenShift node 3.11.129 3.11.135 For more information, see the OpenShift release notes{: external}.
RHEL 7 kernel 3.10.0-957.21.3.el7 3.10.0-1062.el7 Updated worker node images with kernel and package updates for CVE-2018-16881{: external}, CVE-2019-6470{: external}, CVE-2018-14618{: external}, CVE-2018-16062{: external}, CVE-2018-16402{: external}, CVE-2018-16403{: external}, CVE-2018-18310{: external}, CVE-2018-18520{: external}, CVE-2018-18521{: external}, CVE-2019-7149{: external}, CVE-2019-7150{: external}, CVE-2019-7664{: external}, CVE-2019-7665{: external}, CVE-2016-10739{: external}, CVE-2018-16871{: external}, CVE-2018-16884{: external}, CVE-2019-11085{: external}, CVE-2019-11811{: external}, CVE-2018-15686{: external}, CVE-2018-16866{: external}, CVE-2018-16888{: external}, CVE-2018-12327{: external}, CVE-2018-12641{: external}, CVE-2018-12697{: external}, CVE-2018-1000876{: external}, CVE-2018-16842{: external}, CVE-2018-5741{: external}, CVE-2018-0495{: external}, CVE-2018-12404{: external}, CVE-2018-1122{: external}, CVE-2018-7755{: external}, CVE-2018-8087{: external}, CVE-2018-9363{: external}, CVE-2018-9516{: external}, CVE-2018-9517{: external}, CVE-2018-10853{: external}, CVE-2018-13053{: external}, CVE-2018-13093{: external}, CVE-2018-13094{: external}, CVE-2018-13095{: external}, CVE-2018-14625{: external}, CVE-2018-14734{: external}, CVE-2018-15594{: external}, CVE-2018-16658{: external}, CVE-2018-16885{: external}, CVE-2018-18281{: external}, CVE-2019-3459{: external}, CVE-2019-3460{: external}, CVE-2019-3882{: external}, CVE-2019-3900{: external}, CVE-2019-5489{: external}, CVE-2018-18074{: external}, CVE-2019-3858{: external}, CVE-2019-3861{: external}, CVE-2019-3862{: external}, CVE-2018-14647{: external}, CVE-2019-5010{: external}, CVE-2019-9740{: external}, CVE-2019-9947{: external}, CVE-2019-9948{: external}, CVE-2017-14503{: external}, CVE-2018-1000877{: external}, CVE-2018-1000878{: external}, CVE-2019-1000019{: external}, CVE-2019-1000020{: external}, CVE-2018-3058{: external}, CVE-2018-3063{: external}, CVE-2018-3066{: external}, CVE-2018-3081{: external}, CVE-2018-3282{: external}, CVE-2019-2503{: external}, CVE-2019-2529{: external}, CVE-2019-2614{: external}, CVE-2019-2627{: external}, CVE-2018-14348{: external}, CVE-2018-15473{: external}, CVE-2018-5383{: external}, CVE-2018-19788{: external}, CVE-2018-0734{: external}, CVE-2019-1559{: external}, CVE-2018-20060{: external}, and CVE-2019-11236{: external}.
{: caption="Changes since version 3.11.129_1518" caption-side="top"}

Changelog for master fix pack 3.11.135_1521_openshift, released 17 August 2019

{: #311135_1521_master}

The following table shows the changes that are included in the master fix pack 3.11.135_1521_openshift. {: shortdesc}

Component Previous Current Description
Key Management Service provider 167 207 Fixed an issue that causes the Kubernetes key management service (KMS) provider to fail to manage Kubernetes secrets.
{: caption="Changes since version 3.11.135_1520" caption-side="top"}

Changelog for master fix pack 3.11.135_1520_openshift, released 15 August 2019

{: #311135_1520_master}

The following table shows the changes that are included in the master fix pack 3.11.135_1520_openshift. {: shortdesc}

Component Previous Current Description
Calico configuration N/A N/A Calico calico-kube-controllers deployment in the kube-system namespace sets a memory limit on the calico-kube-controllers container.
{{site.data.keyword.cloud_notm}} Block Storage driver and plug-in 1.15 1.15.1 Image updated for CVE-2019-14697{: external}.
{{site.data.keyword.cloud_notm}} File Storage plug-in 347 348 Image updated for CVE-2019-14697{: external}.
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 146 147 Image updated for CVE-2019-14697{: external}.
OpenShift 3.11.129 3.11.135 See the OpenShift release notes{: external}.
OpenVPN client 2.4.6-r3-IKS-90 2.4.6-r3-IKS-116 Image updated for CVE-2019-14697{: external}.
OpenVPN server 2.4.6-r3-IKS-25 2.4.6-r3-IKS-115 Image updated for CVE-2019-14697{: external}.
{: caption="Changes since version 3.11.129_1517" caption-side="top"}

Changelog for worker node patch 3.11.129_1518_openshift, released 5 August 2019

{: #311129_1518_worker}

The following table shows the changes that are included in the worker node patch 3.11.129_1518_openshift. {: shortdesc}

Component Previous Current Description
RHEL 7 packages N/A N/A Updated base packages in the worker node Red Hat Enterprise Linux image.
{: caption="Changes since version 3.11.129_1517" caption-side="top"}

Changelog for 3.11.129_1517_openshift, released 2 August 2019

{: #311129_1517}

The following table shows the changes that are included in the patch 3.11.129_1517_openshift. {: shortdesc}

Component Previous Current Description
Cluster DNS configuration N/A N/A For security reasons, enhanced local dnsmasq cache to listen on only localhost. Changed the DNS targetPort for the kubernetes cluster service from 8053 to 53.
Cluster master HA proxy 1.9.7-alpine 2.0.1-alpine See the HAProxy release notes{: external}.
Cluster router configuration N/A N/A Fixed bugs that might cause cluster master operations, such as refresh or update, to fail when the router configuration is updated. These fixes also improve master availability during such operations.
{: caption="Changes since version 3.11.129_1515" caption-side="top"}