Skip to content

Latest commit

 

History

History
8270 lines (7631 loc) · 389 KB

cs_versions_changelog.md

File metadata and controls

8270 lines (7631 loc) · 389 KB
copyright lastupdated keywords subcollection
years
2014, 2019
2019-10-01
kubernetes, iks, versions, update
containers

{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:pre: .pre} {:table: .aria-labeledby="caption"} {:codeblock: .codeblock} {:tip: .tip} {:note: .note} {:important: .important} {:deprecated: .deprecated} {:download: .download} {:preview: .preview} {:external: target="_blank" .external}

Version changelog

{: #changelog}

View information of version changes for major, minor, and patch updates that are available for your {{site.data.keyword.containerlong}} Kubernetes clusters. Changes include updates to Kubernetes and {{site.data.keyword.cloud_notm}} Provider components. {:shortdesc}

Overview

{: #changelog_overview}

Unless otherwise noted in the changelogs, the {{site.data.keyword.containerlong_notm}} provider version enables Kubernetes APIs and features that are at beta. Kubernetes alpha features, which are subject to change, are disabled.

For more information about major, minor, and patch versions and preparation actions between minor versions, see Kubernetes versions. {: tip}

Check the Security Bulletins on {{site.data.keyword.cloud_notm}} Status for security vulnerabilities that affect {{site.data.keyword.containerlong_notm}}. You can filter the results to view only Kubernetes Cluster security bulletins that are relevant to {{site.data.keyword.containerlong_notm}}. Changelog entries that address other security vulnerabilities but do not also refer to an IBM security bulletin are for vulnerabilities that are not known to affect {{site.data.keyword.containerlong_notm}} in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.

Some changelogs are for worker node fix packs, and apply only to worker nodes. You must apply these patches to ensure security compliance for your worker nodes. These worker node fix packs can be at a higher version than the master because some build fix packs are specific to worker nodes. Other changelogs are for master fix packs, and apply only to the cluster master. Master fix packs might not be automatically applied. You can choose to apply them manually. For more information about patch types, see Update types. {: note}


Version 1.15 changelog

{: #115_changelog}

Changelog for 1.15.4_1518, released 1 October 2019

{: #1154_1518}

The following table shows the changes that are included in the patch 1.15.4_1518. {: shortdesc}

Changes since version 1.15.3_1517
Component Previous Current Description
Calico v3.8.1 v3.8.2 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.8/release-notes/).
Cluster master HA configuration N/A N/A Updated configuration to improve performance of master update operations.
containerd v1.2.9 v1.2.10 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.10). Update resolves [CVE-2019-16884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884) and [CVE-2019-16276 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16276).
Default IBM file storage class N/A N/A Fixed a bug that might cause cluster master operations such as patch updates to clear the default IBM file storage class.
Gateway-enabled cluster controller N/A 844 New! For [classic clusters with a gateway enabled](/docs/containers?topic=containers-clusters#gateway_cluster_cli), a `DaemonSet` is installed to configure settings for routing network traffic to worker nodes.
{{site.data.keyword.cloud_notm}} Provider v1.15.3-112 v1.15.4-136 Updated to support the Kubernetes 1.15.4 release. In addition, version 1.0 and 2.0 network load balancers (NLBs) were updated to support [classic clusters with a gateway enabled](/docs/containers?topic=containers-clusters#gateway_cluster_cli).
Key Management Service provider 212 221 Improved Kubernetes [key management service provider](/docs/containers?topic=containers-encryption#keyprotect) caching of {{site.data.keyword.cloud_notm}} IAM tokens. In addition, fixed a problem with Kubernetes secret decryption when the cluster's root key is rotated.
Kubernetes v1.15.3 v1.15.4 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.15.4).
Kubernetes Metrics Server v0.3.3 v0.3.4 See the [Kubernetes Metrics Server release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/metrics-server/releases/tag/v0.3.4).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} provider 148 153 Fixed issues with version 2.0 network load balancers (NLBs) that might cause all network traffic to drop or to be sent only to pods on one worker node.
OpenVPN server 2.4.6-r3-IKS-115 2.4.6-r3-IKS-121 Updated images for [CVE-2019-1547 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547) and [CVE-2019-1563 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563).
Ubuntu 18.04 kernel and packages 4.15.0-62-generic 4.15.0-64-generic Updated worker node images with kernel and package updates for [CVE-2019-15031 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15031), [CVE-2019-15030 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15030), and [CVE-2019-14835 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14835).
Ubuntu 16.04 kernel and packages 4.4.0-161-generic 4.4.0-164-generic Updated worker node images with kernel and package updates for [CVE-2019-14835 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14835).

Changelog for worker node fix pack 1.15.3_1517, released 16 September 2019

{: #1153_1517_worker}

The following table shows the changes that are included in the worker node fix pack 1.15.3_1517. {: shortdesc}

Changes since version 1.15.3_1516
Component Previous Current Description
containerd v1.2.8 v1.2.9 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.9). Update resolves [CVE-2019-9515 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515).
Ubuntu 16.04 packages and kernel 4.4.0-159-generic 4.4.0-161-generic Updated worker node images with kernel and package updates for [CVE-2019-5481 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5481), [CVE-2019-5482 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5482), [CVE-2019-15903 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15903), [CVE-2015-9383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-9383), [CVE-2019-10638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10638), [CVE-2019-3900 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3900), [CVE-2019-13648 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13648), [CVE-2018-20856 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20856), [CVE-2019-14283 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14283), [CVE-2019-14284 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14284), [CVE-2019-5010 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5010), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-9740 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9740), [CVE-2019-9947 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9947), [CVE-2019-9948 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9948), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2018-20852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20852), [CVE-2018-20406 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20406), and [CVE-2019-10160 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10160).
Ubuntu 18.04 packages and kernel 4.15.0-58-generic 4.15.0-62-generic Updated worker node images with kernel and package updates for [CVE-2019-5481 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5481), [CVE-2019-5482 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5482), [CVE-2019-15903 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15903), [CVE-2019-14283 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14283), [CVE-2019-14284 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14284), [CVE-2018-20852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20852), [CVE-2019-5010 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5010), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-9740 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9740), [CVE-2019-9947 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9947), [CVE-2019-9948 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9948), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-10160 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10160), and [CVE-2019-15718 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15718).

Changelog for worker node fix pack 1.15.3_1516, released 3 September 2019

{: #1153_1516_worker}

The following table shows the changes that are included in the worker node fix pack 1.15.3_1516. {: shortdesc}

Changes since version 1.15.2_1514
Component Previous Current Description
containerd v1.2.7 v1.2.8 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.8). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Kubernetes v1.15.2 v1.15.3 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.15.3). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Ubuntu 16.04 packages N/A N/A Updated worker node images with package updates.
Ubuntu 18.04 packages N/A N/A Updated worker node images with package updates for [CVE-2019-10222 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10222) and [CVE-2019-11922 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11922).

Changelog for master fix pack 1.15.3_1515, released 28 August 2019

{: #1153_1515}

The following table shows the changes that are included in the master fix pack 1.15.3_1515. {: shortdesc}

Changes since version 1.15.2_1514
Component Previous Current Description
`etcd` v3.3.13 v3.3.15 See the [`etcd` release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.15). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
GPU device plug-in and installer 07c9b67 de13f2a Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809). Updated the GPU drivers to [430.40 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/Download/driverResults.aspx/149138/).
{{site.data.keyword.cloud_notm}} File Storage plug-in 348 349 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
{{site.data.keyword.cloud_notm}} Provider v1.15.2-94 v1.15.3-112 Updated to support the Kubernetes 1.15.3 release.
Key Management Service provider 207 212 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Kubernetes v1.15.2 v1.15.3 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.15.3). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 147 148 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).

Changelog for worker node fix pack 1.15.2_1514, released 19 August 2019

{: #1152_1514_worker}

The following table shows the changes that are included in the worker node fix pack 1.15.2_1514. {: shortdesc}

Changes since version 1.15.1_1511
Component Previous Current Description
Cluster master HA Proxy 2.0.1-alpine 1.8.21-alpine Moved to HA Proxy 1.8 to fix [socket leak in HA proxy ![External link icon](../icons/launch-glyph.svg "External link icon")](haproxy/haproxy#136). Also added a liveliness check to monitor the health of HA Proxy. For more information, see [HA Proxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.8/src/CHANGELOG).
Kubernetes v1.15.1 v1.15.2 For more information, see the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.15.2).
Ubuntu 16.04 kernel and packages 4.4.0-157-generic 4.4.0-159-generic Updated worker node images with package updates for [CVE-2019-13012 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13012), [CVE-2019-1125 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-1125), [CVE-2018-5383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-5383), [CVE-2019-12614 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12614), [CVE-2019-10126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10126), and [CVE-2019-3846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3846).
Ubuntu 18.04 kernel and packages 4.15.0-55-generic 4.15.0-58-generic Updated worker node images with package updates for [CVE-2019-1125 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-1125), [CVE-2019-2101 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-2101), [CVE-2018-5383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-5383), [CVE-2019-13233 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13233), [CVE-2019-13272 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13272), [CVE-2000-1134 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2000-1134), [CVE-2007-3852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2007-3852), [CVE-2008-0525 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2008-0525), [CVE-2009-0416 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2009-0416), [CVE-2011-4834 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2011-4834), [CVE-2015-1838 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-1838), [CVE-2015-7442 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-7442), [CVE-2016-7489 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2016-7489), [CVE-2019-12614 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12614), [CVE-2019-10126](https://nvd.nist.gov/vuln/detail/CVE-2019-10126), [CVE-2019-3846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3846), [CVE-2019-12818 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12818), [CVE-2019-12984 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12984), and [CVE-2019-12819 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12819).

Changelog for master fix pack 1.15.2_1514, released 17 August 2019

{: #1152_1514}

The following table shows the changes that are included in the master fix pack 1.15.2_1514. {: shortdesc}

Changes since version 1.15.1_1513
Component Previous Current Description
Key Management Service provider 167 207 Fixed an issue that causes the Kubernetes [key management service (KMS) provider](/docs/containers?topic=containers-encryption#keyprotect) to fail to manage Kubernetes secrets.

Changelog for master fix pack 1.15.2_1513, released 15 August 2019

{: #1152_1513}

The following table shows the changes that are included in the master fix pack 1.15.2_1513. {: shortdesc}

Changes since version 1.15.1_1511
Component Previous Current Description
Calico configuration N/A N/A Calico `calico-kube-controllers` deployment in the `kube-system` namespace sets a memory limit on the `calico-kube-controllers` container. In addition, the `calico-node` deployment in the `kube-system` namespace no longer includes the `flexvol-driver` init container.
Cluster health N/A N/A Cluster health shows `Warning` state if a cluster control plane operation failed or was cancelled. For more information, see [Debugging clusters](/docs/containers?topic=containers-cs_troubleshoot#debug_clusters).
GPU device plug-in and installer d91d200 07c9b67 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
{{site.data.keyword.cloud_notm}} Provider v1.15.1-86 v1.15.2-94 Updated to support the Kubernetes 1.15.2 release.
{{site.data.keyword.cloud_notm}} File Storage plug-in 347 348 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
Kubernetes v1.15.1 v1.15.2 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.15.2). Updates resolves [CVE-2019-11247 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11247) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10967115)) and [CVE-2019-11249 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11249) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10967123)).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 146 147 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
OpenVPN client 2.4.6-r3-IKS-90 2.4.6-r3-IKS-116 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
OpenVPN server 2.4.6-r3-IKS-25 2.4.6-r3-IKS-115 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).

Changelog for 1.15.1_1511, released 5 August 2019

{: #1151_1511}

The following table shows the changes that are included in the patch 1.15.1_1511. {: shortdesc}

Changes since version 1.14.4_1526
Component Previous Current Description
Calico v3.6.4 v3.8.1 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.8/release-notes/). In addition, Kubernetes version 1.15 clusters now have a new `allow-all-private-default` global network policy to allow all ingress and egress network traffic on private interface. For more information, see [Isolating clusters on the private network](/docs/containers?topic=containers-network_policies#isolate_workers).
{{site.data.keyword.cloud_notm}} Provider v1.14.4-139 v1.15.1-86
  • Updated to support the Kubernetes 1.15.1 release.
  • `calicoctl` version is updated to 3.8.1.
  • Virtual Private Cloud (VPC) load balancer support is added for VPC clusters.
.
Kubernetes v1.14.4 v1.15.1 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.15.1) and [Kubernetes 1.15 blog ![External link icon](../icons/launch-glyph.svg "External link icon")](https://kubernetes.io/blog/2019/06/19/kubernetes-1-15-release-announcement/). Update resolves [CVE-2019-11248 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11248) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www-01.ibm.com/support/docview.wss?uid=ibm10967113)).
Kubernetes configuration N/A N/A Updated Kubernetes API server default toleration seconds to 600 for the Kubernetes default `node.kubernetes.io/not-ready` and `node.kubernetes.io/unreachable` pod tolerations. For more information about tolerations, see [Taints and Tolerations ![External link icon](../icons/launch-glyph.svg "External link icon")](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/).
Kubernetes add-on resizer 1.8.4 1.8.5 For more information, see the [Kubernetes addon resizer release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/autoscaler/releases/tag/addon-resizer-1.8.5).
Kubernetes DNS autoscaler 1.4.0 1.6.0 For more information, see the [Kubernetes DNS autoscaler release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/releases/tag/1.6.0).
Kubernetes nodelocal DNS cache N/A 1.15.4 For more information, see the [Kubernetes nodelocal DNS cache release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dns/releases/tag/1.15.4). For more information about this new beta feature, see [Setting up Nodelocal DNS Cache (beta)](/docs/containers?topic=containers-cluster_dns#dns_enablecache).
Cluster master HA proxy 1.9.7-alpine 2.0.1-alpine See the [HAProxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/2.0/src/CHANGELOG).
GPU device plug-in and installer a7e8ece d91d200 Updated image for [CVE-2019-9924 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924).
Ubuntu 18.04 kernel and packages 4.15.0-54-generic 4.15.0-55-generic Updated worker node images with package updates for [CVE-2019-11815 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11815), [CVE-2019-11833 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11833), [CVE-2019-11884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11884), [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12126), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12127), [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12130), [CVE-2019-11091 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11091), [CVE-2019-13057 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13057), [CVE-2019-13565 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13565), [CVE-2019-13636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13636), [CVE-2019-13638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13638), and [CVE-2019-2054 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-2054).
Ubuntu 16.04 kernel and packages 4.4.0-154-generic 4.4.0-157-generic Updated worker node images with package updates for [CVE-2019-11815 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11815), [CVE-2019-11833 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11833), [CVE-2019-11884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11884), [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12126), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12127), [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12130), [CVE-2019-11091 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11091), [CVE-2019-13057 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13057), [CVE-2019-13565 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13565), [CVE-2019-13636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13636), and [CVE-2019-13638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13638).

Version 1.14 changelog

{: #114_changelog}

Changelog for 1.14.7_1534, released 1 October 2019

{: #1147_1534}

The following table shows the changes that are included in the patch 1.14.7_1534. {: shortdesc}

Changes since version 1.14.6_1533
Component Previous Current Description
Calico v3.6.4 v3.6.5 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.6/release-notes/).
Cluster master HA configuration N/A N/A Updated configuration to improve performance of master update operations.
containerd v1.2.9 v1.2.10 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.10). Update resolves [CVE-2019-16884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884) and [CVE-2019-16276 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16276).
Default IBM file storage class N/A N/A Fixed a bug that might cause cluster master operations such as patch updates to clear the default IBM file storage class.
{{site.data.keyword.cloud_notm}} Provider v1.14.6-172 v1.14.7-199 Updated to support the Kubernetes 1.14.7 release.
Key Management Service provider 212 221 Improved Kubernetes [key management service provider](/docs/containers?topic=containers-encryption#keyprotect) caching of {{site.data.keyword.cloud_notm}} IAM tokens. In addition, fixed a problem with Kubernetes secret decryption when the cluster's root key is rotated.
Kubernetes v1.14.6 v1.14.7 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.7).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} provider 148 153 Fixed issues with version 2.0 network load balancers (NLBs) that might cause all network traffic to drop or to be sent only to pods on one worker node.
OpenVPN server 2.4.6-r3-IKS-115 2.4.6-r3-IKS-121 Updated images for [CVE-2019-1547 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547) and [CVE-2019-1563 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563).
Ubuntu 18.04 kernel and packages 4.15.0-62-generic 4.15.0-64-generic Updated worker node images with kernel and package updates for [CVE-2019-15031 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15031), [CVE-2019-15030 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15030), and [CVE-2019-14835 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14835).
Ubuntu 16.04 kernel and packages 4.4.0-161-generic 4.4.0-164-generic Updated worker node images with kernel and package updates for [CVE-2019-14835 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14835).

Changelog for worker node fix pack 1.14.6_1533, released 16 September 2019

{: #1146_1533_worker}

The following table shows the changes that are included in the worker node fix pack 1.14.6_1533. {: shortdesc}

Changes since version 1.14.6_1532
Component Previous Current Description
containerd v1.2.8 v1.2.9 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.9). Update resolves [CVE-2019-9515 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515).
Ubuntu 16.04 packages and kernel 4.4.0-159-generic 4.4.0-161-generic Updated worker node images with kernel and package updates for [CVE-2019-5481 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5481), [CVE-2019-5482 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5482), [CVE-2019-15903 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15903), [CVE-2015-9383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-9383), [CVE-2019-10638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10638), [CVE-2019-3900 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3900), [CVE-2019-13648 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13648), [CVE-2018-20856 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20856), [CVE-2019-14283 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14283), [CVE-2019-14284 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14284), [CVE-2019-5010 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5010), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-9740 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9740), [CVE-2019-9947 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9947), [CVE-2019-9948 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9948), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2018-20852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20852), [CVE-2018-20406 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20406), and [CVE-2019-10160 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10160).
Ubuntu 18.04 packages and kernel 4.15.0-58-generic 4.15.0-62-generic Updated worker node images with kernel and package updates for [CVE-2019-5481 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5481), [CVE-2019-5482 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5482), [CVE-2019-15903 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15903), [CVE-2019-14283 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14283), [CVE-2019-14284 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14284), [CVE-2018-20852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20852), [CVE-2019-5010 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5010), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-9740 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9740), [CVE-2019-9947 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9947), [CVE-2019-9948 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9948), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-10160 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10160), and [CVE-2019-15718 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15718).

Changelog for worker node fix pack 1.14.6_1532, released 3 September 2019

{: #1146_1532_worker}

The following table shows the changes that are included in the worker node fix pack 1.14.6_1532. {: shortdesc}

Changes since version 1.14.5_1530
Component Previous Current Description
containerd v1.2.7 v1.2.8 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.8). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Kubernetes v1.14.5 v1.14.6 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.6). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Ubuntu 16.04 packages N/A N/A Updated worker node images with package updates.
Ubuntu 18.04 packages N/A N/A Updated worker node images with package updates for [CVE-2019-10222 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10222) and [CVE-2019-11922 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11922).

Changelog for master fix pack 1.14.6_1531, released 28 August 2019

{: #1146_1531}

The following table shows the changes that are included in the master fix pack 1.14.6_1531. {: shortdesc}

Changes since version 1.14.5_1530
Component Previous Current Description
`etcd` v3.3.13 v3.3.15 See the [`etcd` release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.15). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
GPU device plug-in and installer 07c9b67 de13f2a Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809). Updated the GPU drivers to [430.40 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/Download/driverResults.aspx/149138/).
{{site.data.keyword.cloud_notm}} File Storage plug-in 348 349 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
{{site.data.keyword.cloud_notm}} Provider v1.14.5-160 v1.14.6-172 Updated to support the Kubernetes 1.14.6 release.
Key Management Service provider 207 212 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Kubernetes v1.14.5 v1.14.6 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.6). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 147 148 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).

Changelog for worker node fix pack 1.14.5_1530, released 19 August 2019

{: #1145_1530_worker}

The following table shows the changes that are included in the worker node fix pack 1.14.5_1530. {: shortdesc}

Changes since version 1.14.4_1527
Component Previous Current Description
Cluster master HA proxy 2.0.1-alpine 1.8.21-alpine Moved to HA proxy 1.8 to fix [socket leak in HA proxy ![External link icon](../icons/launch-glyph.svg "External link icon")](haproxy/haproxy#136). Also added a liveliness check to monitor the health of HA proxy. For more information, see [HA proxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.8/src/CHANGELOG).
Kubernetes v1.14.4 v1.14.5 For more information, see the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.5).
Ubuntu 16.04 kernel and packages 4.4.0-157-generic 4.4.0-159-generic Updated worker node images with package updates for [CVE-2019-13012 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13012), [CVE-2019-1125 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-1125), [CVE-2018-5383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-5383), [CVE-2019-12614 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12614), [CVE-2019-10126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10126), and [CVE-2019-3846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3846).
Ubuntu 18.04 kernel and packages 4.15.0-55-generic 4.15.0-58-generic Updated worker node images with package updates for [CVE-2019-1125 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-1125), [CVE-2019-2101 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-2101), [CVE-2018-5383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-5383), [CVE-2019-13233 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13233), [CVE-2019-13272 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13272), [CVE-2000-1134 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2000-1134), [CVE-2007-3852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2007-3852), [CVE-2008-0525 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2008-0525), [CVE-2009-0416 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2009-0416), [CVE-2011-4834 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2011-4834), [CVE-2015-1838 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-1838), [CVE-2015-7442 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-7442), [CVE-2016-7489 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2016-7489), [CVE-2019-12614 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12614), [CVE-2019-10126](https://nvd.nist.gov/vuln/detail/CVE-2019-10126), [CVE-2019-3846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3846), [CVE-2019-12818 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12818), [CVE-2019-12984 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12984), and [CVE-2019-12819 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12819).

Changelog for master fix pack 1.14.5_1530, released 17 August 2019

{: #1145_1530}

The following table shows the changes that are included in the master fix pack 1.14.5_1530. {: shortdesc}

Changes since version 1.14.5_1529
Component Previous Current Description
Key Management Service provider 167 207 Fixed an issue that causes the Kubernetes [key management service (KMS) provider](/docs/containers?topic=containers-encryption#keyprotect) to fail to manage Kubernetes secrets.

Changelog for master fix pack 1.14.5_1529, released 15 August 2019

{: #1145_1529}

The following table shows the changes that are included in the master fix pack 1.14.5_1529. {: shortdesc}

Changes since version 1.14.4_1527
Component Previous Current Description
Calico configuration N/A N/A Calico `calico-kube-controllers` deployment in the `kube-system` namespace sets a memory limit on the `calico-kube-controllers` container.
Cluster health N/A N/A Cluster health shows `Warning` state if a cluster control plane operation failed or was cancelled. For more information, see [Debugging clusters](/docs/containers?topic=containers-cs_troubleshoot#debug_clusters).
GPU device plug-in and installer a7e8ece 07c9b67 Image updated for [CVE-2019-9924 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924) and [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
{{site.data.keyword.cloud_notm}} File Storage plug-in 347 348 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
{{site.data.keyword.cloud_notm}} Provider v1.14.4-139 v1.14.5-160 Updated to support the Kubernetes 1.14.5 release.
Kubernetes v1.14.4 v1.14.5 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.5). Updates resolves [CVE-2019-11247 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11247) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10967115)) and [CVE-2019-11249 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11249) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10967123)).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 146 147 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
OpenVPN client 2.4.6-r3-IKS-13 2.4.6-r3-IKS-116 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
OpenVPN server 2.4.6-r3-IKS-25 2.4.6-r3-IKS-115 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).

Changelog for worker node fix pack 1.14.4_1527, released 5 August 2019

{: #1144_1527_worker}

The following table shows the changes that are included in the worker node fix pack 1.14.4_1527. {: shortdesc}

Changes since version 1.14.4_1526
Component Previous Current Description
Ubuntu 18.04 kernel and packages 4.15.0-54-generic 4.15.0-55-generic Updated worker node images with package updates for [CVE-2019-11815 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11815), [CVE-2019-11833 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11833), [CVE-2019-11884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11884), [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12126), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12127), [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12130), [CVE-2019-11091 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11091), [CVE-2019-13057 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13057), [CVE-2019-13565 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13565), [CVE-2019-13636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13636), [CVE-2019-13638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13638), and [CVE-2019-2054 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-2054).
Ubuntu 16.04 kernel and packages 4.4.0-154-generic 4.4.0-157-generic Updated worker node images with package updates for [CVE-2019-11815 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11815), [CVE-2019-11833 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11833), [CVE-2019-11884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11884), [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12126), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12127), [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12130), [CVE-2019-11091 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11091), [CVE-2019-13057 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13057), [CVE-2019-13565 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13565), [CVE-2019-13636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13636), and [CVE-2019-13638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13638).

Changelog for worker node fix pack 1.14.4_1526, released 22 July 2019

{: #1144_1526_worker}

The following table shows the changes that are included in the worker node fix pack 1.14.4_1526. {: shortdesc}

Changes since version 1.14.3_1525
Component Previous Current Description
Kubernetes v1.14.3 v1.14.4 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.4). Update resolves [CVE-2019-11248 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11248). For more information, see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10967113)).
Ubuntu packages N/A N/A Updated worker node images with package updates for [CVE-2019-13012 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13012) and [CVE-2019-7307 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html).

Changelog for master fix pack 1.14.4_1526, released 15 July 2019

{: #1144_1526}

The following table shows the changes that are included in the master fix pack 1.14.4_1526. {: shortdesc}

Changes since version 1.14.3_1525
Component Previous Current Description
Calico v3.6.1 v3.6.4 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.6/release-notes/). Update resolves [TTA-2019-001 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.projectcalico.org/security-bulletins/#TTA-2019-001). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10959551).
CoreDNS configuration N/A N/A Changed the default CoreDNS configuration from a 5 to 30 second TTL for DNS records in the `kubernetes` zone. This change aligns with the default KubeDNS configuration. Existing CoreDNS configurations are unchanged. For more information about changing your CoreDNS configuration, see [Customizing the cluster DNS provider](/docs/containers?topic=containers-cluster_dns#dns_customize).
GPU device plug-in and installer 5d34347 a7e8ece Updated base image packages.
Kubernetes v1.14.3 v1.14.4 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.4).
{{site.data.keyword.cloud_notm}} Provider v1.14.3-113 v1.14.4-139 Updated to support the Kubernetes 1.14.4 release. Additionally, `calicoctl` version is updated to 3.6.4.

Changelog for worker node fix pack 1.14.3_1525, released 8 July 2019

{: #1143_1525}

The following table shows the changes that are included in the worker node patch 1.14.3_1525. {: shortdesc}

Changes since version 1.14.3_1524
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-151-generic 4.4.0-154-generic Updated worker node images with kernel and package updates for [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html) and [CVE-2019-11479 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11479.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).
Ubuntu 18.04 kernel 4.15.0-52-generic 4.15.0-54-generic Updated worker node images with kernel and package updates for [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html) and [CVE-2019-11479 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11479.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).

Changelog for worker node fix pack 1.14.3_1524, released 24 June 2019

{: #1143_1524}

The following table shows the changes that are included in the worker node patch 1.14.3_1524. {: shortdesc}

Changes since version 1.14.3_1523
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-150-generic 4.4.0-151-generic Updated worker node images with kernel and package updates for [CVE-2019-11477 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html) and [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).
Ubuntu 18.04 kernel 4.15.0-51-generic 4.15.0-52-generic Updated worker node images with kernel and package updates for [CVE-2019-11477 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html) and [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).
containerd 1.2.6 1.2.7 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.7).
Max pods N/A N/A Increased the limit of maximum number of pods for worker nodes with more than 11 CPU cores to be 10 pods per core, up to a maximum of 250 pods per worker node.

Changelog for 1.14.3_1523, released 17 June 2019

{: #1143_1523}

The following table shows the changes that are included in the patch 1.14.3_1523. {: shortdesc}

Changes since version 1.14.2_1521
Component Previous Current Description
GPU device plug-in and installer 32257d3 5d34347 Updated image for [CVE-2019-8457 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457). Updated the GPU drivers to [430.14 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/Download/driverResults.aspx/147582/).
{{site.data.keyword.cloud_notm}} File Storage plug-in 346 347 Updated so that the IAM API key can be either encrypted or unencrypted.
{{site.data.keyword.cloud_notm}} Provider v1.14.2-100 v1.14.3-113 Updated to support the Kubernetes 1.14.3 release.
Kubernetes v1.14.2 v1.14.3 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.3).
Kubernetes feature gates configuration N/A N/A Added the `SupportNodePidsLimit=true` configuration to reserve process IDs (PIDs) for use by the operating system and Kubernetes components. Added the `CustomCPUCFSQuotaPeriod=true` configuration to mitigate CPU throttling problems.
Public service endpoint for Kubernetes master N/A N/A Fixed an issue to [enable the public service endpoint](/docs/containers?topic=containers-cs_network_cluster#set-up-public-se).
Ubuntu 16.04 kernel 4.4.0-148-generic 4.4.0-150-generic Updated worker node images with kernel and package updates for [CVE-2019-10906 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10906.html?_ga=2.184456110.929090212.1560547312-1880639276.1557078470).
Ubuntu 18.04 kernel 4.15.0-50-generic 4.15.0-51-generic Updated worker node images with kernel and package updates for [CVE-2019-10906 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10906.html?_ga=2.184456110.929090212.1560547312-1880639276.1557078470).

Changelog for 1.14.2_1521, released 4 June 2019

{: #1142_1521}

The following table shows the changes that are included in the patch 1.14.2_1521. {: shortdesc}

Changes since version 1.14.1_1519
Component Previous Current Description
Cluster DNS configuration N/A N/A Fixed a bug that might leave both Kubernetes DNS and CoreDNS pods running after cluster `create` or `update` operations.
Cluster master HA configuration N/A N/A Updated configuration to minimize intermittent master network connectivity failures during a master update.
etcd v3.3.11 v3.3.13 See the [etcd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.13).
GPU device plug-in and installer 55c1f66 32257d3 Updated image for [CVE-2018-10844 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844), [CVE-2018-10845 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845), [CVE-2018-10846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846), [CVE-2019-3829 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829), [CVE-2019-3836 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836), [CVE-2019-9893 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893), [CVE-2019-5435 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435), and [CVE-2019-5436 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436).
{{site.data.keyword.cloud_notm}} Provider v1.14.1-71 v1.14.2-100 Updated to support the Kubernetes 1.14.2 release.
Kubernetes v1.14.1 v1.14.2 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.2).
Kubernetes Metrics Server v0.3.1 v0.3.3 See the [Kubernetes Metrics Server release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/metrics-server/releases/tag/v0.3.3).
Trusted compute agent 13c7ef0 e8c6d72 Updated image for [CVE-2018-10844 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844), [CVE-2018-10845 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845), [CVE-2018-10846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846), [CVE-2019-3829 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829), [CVE-2019-3836 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836), [CVE-2019-9893 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893), [CVE-2019-5435 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435), and [CVE-2019-5436 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436).

Changelog for worker node fix pack 1.14.1_1519, released 20 May 2019

{: #1141_1519}

The following table shows the changes that are included in the patch 1.14.1_1519. {: shortdesc}

Changes since version 1.14.1_1518
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-145-generic 4.4.0-148-generic Updated worker node images with kernel update for [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html), and [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html).
Ubuntu 18.04 kernel 4.15.0-47-generic 4.15.0-50-generic Updated worker node images with kernel update for [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html), and [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html).

Changelog for 1.14.1_1518, released 13 May 2019

{: #1141_1518}

The following table shows the changes that are included in the patch 1.14.1_1518. {: shortdesc}

Changes since version 1.14.1_1516
Component Previous Current Description
Cluster master HA proxy 1.9.6-alpine 1.9.7-alpine See the [HAProxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.9/src/CHANGELOG). Update resolves [CVE-2019-6706 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6706).
Kubernetes configuration N/A N/A The Kubernetes API server audit policy configuration is updated to not log the `/openapi/v2*` read-only URL. In addition, the Kubernetes controller manager configuration increased the validity duration of signed `kubelet` certificates from 1 to 3 years.
OpenVPN client configuration N/A N/A The OpenVPN client `vpn-*` pod in the `kube-system` namespace now sets `dnsPolicy` to `Default` to prevent the pod from failing when cluster DNS is down.
Trusted compute agent e7182c7 13c7ef0 Updated image for [CVE-2016-7076 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076) and [CVE-2017-1000368 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000368).

Changelog for 1.14.1_1516, released 7 May 2019

{: #1141_1516}

The following table shows the changes that are included in the patch 1.14.1_1516. {: shortdesc}

Changes since version 1.13.5_1519
Component Previous Current Description
Calico v3.4.4 v3.6.1 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.6/release-notes/).
CoreDNS 1.2.6 1.3.1 See the [CoreDNS release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://coredns.io/2019/01/13/coredns-1.3.1-release/). The update includes the addition of a [metrics port ![External link icon](../icons/launch-glyph.svg "External link icon")](https://coredns.io/plugins/metrics/) on the cluster DNS service.

CoreDNS is now the only supported cluster DNS provider. If you update a cluster to Kubernetes version 1.14 from an earlier version and used KubeDNS, KubeDNS is automatically migrated to CoreDNS during the cluster update. For more information or to test out CoreDNS before you update, see [Configure the cluster DNS provider](https://cloud.ibm.com/docs/containers?topic=containers-cluster_dns#cluster_dns).
GPU device plug-in and installer 9ff3fda ed0dafc Updated image for [CVE-2019-1543 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543).
{{site.data.keyword.cloud_notm}} Provider v1.13.5-107 v1.14.1-71 Updated to support the Kubernetes 1.14.1 release. Additionally, `calicoctl` version is updated to 3.6.1. Fixed updates to version 2.0 network load balancers (NLBs) with only one available worker node for the load balancer pods. Private load balancers now support running on [private edge workers nodes](/docs/containers?topic=containers-edge#edge).
IBM pod security policies N/A N/A [IBM pod security policies](/docs/containers?topic=containers-psp#ibm_psp) are updated to support the Kubernetes [RunAsGroup ![External link icon](../icons/launch-glyph.svg "External link icon")](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#users-and-groups) feature.
`kubelet` configuration N/A N/A Set the `--pod-max-pids` option to `14336` to prevent a single pod from consuming all process IDs on a worker node.
Kubernetes v1.13.5 v1.14.1 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.14.1) and [Kubernetes 1.14 blog ![External link icon](../icons/launch-glyph.svg "External link icon")](https://kubernetes.io/blog/2019/03/25/kubernetes-1-14-release-announcement/).

The Kubernetes default role-based access control (RBAC) policies no longer grant access to [discovery and permission-checking APIs to unauthenticated users ![External link icon](../icons/launch-glyph.svg "External link icon")](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#discovery-roles). This change applies only to new version 1.14 clusters. If you update a cluster from a prior version, unauthenticated users still have access to the discovery and permission-checking APIs.
Kubernetes admission controllers configuration N/A N/A
  • Added `NodeRestriction` to the `--enable-admission-plugins` option for the cluster's Kubernetes API server and configured the related cluster resources to support this security enhancement.
  • Removed `Initializers` from the `--enable-admission-plugins` option and `admissionregistration.k8s.io/v1alpha1=true` from the `--runtime-config` option for the cluster's Kubernetes API server because these APIs are no longer supported. Instead, you can use [Kubernetes admission webhooks ![External link icon](../icons/launch-glyph.svg "External link icon")](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/).
Kubernetes DNS autoscaler 1.3.0 1.4.0 See the [Kubernetes DNS autoscaler release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/releases/tag/1.4.0).
Kubernetes feature gates configuration N/A N/A
  • Added `RuntimeClass=false` to disable selection of the container runtime configuration.
  • Removed `ExperimentalCriticalPodAnnotation=true` because the `scheduler.alpha.kubernetes.io/critical-pod` pod annotation is no longer supported. Instead, you can use [Kubernetes pod priority ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cloud.ibm.com/docs/containers?topic=containers-pod_priority#pod_priority).
Trusted compute agent e132aa4 e7182c7 Updated image for [CVE-2019-11068 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068).

Version 1.13 changelog

{: #113_changelog}

Review the version 1.13 changelog. {: shortdesc}

Changelog for 1.13.11_1537, released 1 October 2019

{: #11311_1537}

The following table shows the changes that are included in the patch 1.13.11_1537. {: shortdesc}

Changes since version 1.13.10_1536
Component Previous Current Description
Calico v3.6.4 v3.6.5 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.6/release-notes/).
Cluster master HA configuration N/A N/A Updated configuration to improve performance of master update operations.
containerd v1.2.9 v1.2.10 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.10). Update resolves [CVE-2019-16884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884) and [CVE-2019-16276 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16276).
Default IBM file storage class N/A N/A Fixed a bug that might cause cluster master operations such as patch updates to clear the default IBM file storage class.
{{site.data.keyword.cloud_notm}} Provider v1.13.10-221 v1.13.11-248 Updated to support the Kubernetes 1.13.11 release.
Key Management Service provider 212 221 Improved Kubernetes [key management service provider](/docs/containers?topic=containers-encryption#keyprotect) caching of {{site.data.keyword.cloud_notm}} IAM tokens. In addition, fixed a problem with Kubernetes secret decryption when the cluster's root key is rotated.
Kubernetes v1.13.10 v1.13.11 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.11).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} provider 148 153 Fixed issues with version 2.0 network load balancers (NLBs) that might cause all network traffic to drop or to be sent only to pods on one worker node.
OpenVPN server 2.4.6-r3-IKS-115 2.4.6-r3-IKS-121 Updated images for [CVE-2019-1547 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547) and [CVE-2019-1563 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563).
Ubuntu 18.04 kernel and packages 4.15.0-62-generic 4.15.0-64-generic Updated worker node images with kernel and package updates for [CVE-2019-15031 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15031), [CVE-2019-15030 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15030), and [CVE-2019-14835 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14835).
Ubuntu 16.04 kernel and packages 4.4.0-161-generic 4.4.0-164-generic Updated worker node images with kernel and package updates for [CVE-2019-14835 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14835).

Changelog for worker node fix pack 1.13.10_1536, released 16 September 2019

{: #11310_1536_worker}

The following table shows the changes that are included in the worker node fix pack 1.13.10_1536. {: shortdesc}

Changes since version 1.13.10_1535
Component Previous Current Description
containerd v1.2.8 v1.2.9 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.9). Update resolves [CVE-2019-9515 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515).
Ubuntu 16.04 packages and kernel 4.4.0-159-generic 4.4.0-161-generic Updated worker node images with kernel and package updates for [CVE-2019-5481 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5481), [CVE-2019-5482 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5482), [CVE-2019-15903 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15903), [CVE-2015-9383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-9383), [CVE-2019-10638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10638), [CVE-2019-3900 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3900), [CVE-2019-13648 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13648), [CVE-2018-20856 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20856), [CVE-2019-14283 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14283), [CVE-2019-14284 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14284), [CVE-2019-5010 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5010), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-9740 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9740), [CVE-2019-9947 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9947), [CVE-2019-9948 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9948), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2018-20852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20852), [CVE-2018-20406 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20406), and [CVE-2019-10160 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10160).
Ubuntu 18.04 packages and kernel 4.15.0-58-generic 4.15.0-62-generic Updated worker node images with kernel and package updates for [CVE-2019-5481 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5481), [CVE-2019-5482 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5482), [CVE-2019-15903 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15903), [CVE-2019-14283 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14283), [CVE-2019-14284 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14284), [CVE-2018-20852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20852), [CVE-2019-5010 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5010), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-9740 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9740), [CVE-2019-9947 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9947), [CVE-2019-9948 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9948), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-10160 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10160), and [CVE-2019-15718 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15718).

Changelog for worker node fix pack 1.13.10_1535, released 3 September 2019

{: #11310_1535_worker}

The following table shows the changes that are included in the worker node fix pack 1.13.10_1535. {: shortdesc}

Changes since version 1.13.9_1533
Component Previous Current Description
containerd v1.2.7 v1.2.8 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.8). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Kubernetes v1.13.9 v1.13.10 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.10). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Ubuntu 16.04 packages N/A N/A Updated worker node images with package updates.
Ubuntu 18.04 packages N/A N/A Updated worker node images with package updates for [CVE-2019-10222 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10222) and [CVE-2019-11922 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11922).

Changelog for master fix pack 1.13.10_1534, released 28 August 2019

{: #11310_1534}

The following table shows the changes that are included in the master fix pack 1.13.10_1534. {: shortdesc}

Changes since version 1.13.9_1533
Component Previous Current Description
`etcd` v3.3.13 v3.3.15 See the [`etcd` release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.15). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
GPU device plug-in and installer 07c9b67 de13f2a Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809). Updated the GPU drivers to [430.40 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/Download/driverResults.aspx/149138/).
{{site.data.keyword.cloud_notm}} File Storage plug-in 348 349 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
{{site.data.keyword.cloud_notm}} Provider v1.13.9-209 v1.13.10-221 Updated to support the Kubernetes 1.13.10 release.
Key Management Service provider 207 212 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Kubernetes v1.13.9 v1.13.10 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.10). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/pages/security-bulletin-ibm-cloud-kubernetes-service-affected-kubernetes-security-vulnerabilities-cve-2019-9512-cve-2019-9514)), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 147 148 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).

Changelog for worker node fix pack 1.13.9_1533, released 19 August 2019

{: #1139_1533_worker}

The following table shows the changes that are included in the worker node fix pack 1.13.9_1533. {: shortdesc}

Changes since version 1.13.8_1530
Component Previous Current Description
Cluster master HA proxy 2.0.1-alpine 1.8.21-alpine Moved to HA proxy 1.8 to fix [socket leak in HA proxy ![External link icon](../icons/launch-glyph.svg "External link icon")](haproxy/haproxy#136). Also added a liveliness check to monitor the health of HA proxy. For more information, see [HA proxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.8/src/CHANGELOG).
Kubernetes v1.13.8 v1.13.9 For more information, see the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.9).
Ubuntu 16.04 kernel and packages 4.4.0-157-generic 4.4.0-159-generic Updated worker node images with package updates for [CVE-2019-13012 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13012), [CVE-2019-1125 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-1125), [CVE-2018-5383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-5383), [CVE-2019-12614 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12614), [CVE-2019-10126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10126), and [CVE-2019-3846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3846).
Ubuntu 18.04 kernel and packages 4.15.0-55-generic 4.15.0-58-generic Updated worker node images with package updates for [CVE-2019-1125 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-1125), [CVE-2019-2101 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-2101), [CVE-2018-5383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-5383), [CVE-2019-13233 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13233), [CVE-2019-13272 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13272), [CVE-2000-1134 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2000-1134), [CVE-2007-3852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2007-3852), [CVE-2008-0525 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2008-0525), [CVE-2009-0416 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2009-0416), [CVE-2011-4834 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2011-4834), [CVE-2015-1838 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-1838), [CVE-2015-7442 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-7442), [CVE-2016-7489 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2016-7489), [CVE-2019-12614 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12614), [CVE-2019-10126](https://nvd.nist.gov/vuln/detail/CVE-2019-10126), [CVE-2019-3846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3846), [CVE-2019-12818 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12818), [CVE-2019-12984 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12984), and [CVE-2019-12819 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12819).

Changelog for master fix pack 1.13.9_1533, released 17 August 2019

{: #1139_1533}

The following table shows the changes that are included in the master fix pack 1.13.9_1533. {: shortdesc}

Changes since version 1.13.9_1532
Component Previous Current Description
Key Management Service provider 167 207 Fixed an issue that causes the Kubernetes [key management service (KMS) provider](/docs/containers?topic=containers-encryption#keyprotect) to fail to manage Kubernetes secrets.

Changelog for master fix pack 1.13.9_1532, released 15 August 2019

{: #1139_1532}

The following table shows the changes that are included in the master fix pack 1.13.9_1532. {: shortdesc}

Changes since version 1.13.8_1530
Component Previous Current Description
Calico configuration N/A N/A Calico `calico-kube-controllers` deployment in the `kube-system` namespace sets a memory limit on the `calico-kube-controllers` container.
GPU device plug-in and installer a7e8ece 07c9b67 Image updated for [CVE-2019-9924 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924) and [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
{{site.data.keyword.filestorage_full_notm}} plug-in 347 348 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
{{site.data.keyword.cloud_notm}} Provider v1.13.8-188 v1.13.9-209 Updated to support the Kubernetes 1.13.9 release.
Kubernetes v1.13.8 v1.13.9 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.9). Updates resolves [CVE-2019-11247 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11247) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10967115)) and [CVE-2019-11249 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11249) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10967123)).
Kubernetes DNS 1.14.13 1.15.4 See the [Kubernetes DNS release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dns/releases/tag/1.15.4). Image update resolves [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 146 147 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
OpenVPN client 2.4.6-r3-IKS-13 2.4.6-r3-IKS-116 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
OpenVPN server 2.4.6-r3-IKS-25 2.4.6-r3-IKS-115 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).

Changelog for worker node fix pack 1.13.8_1530, released 5 August 2019

{: #1138_1530_worker}

The following table shows the changes that are included in the worker node fix pack 1.13.8_1530. {: shortdesc}

Changes since version 1.13.8_1529
Component Previous Current Description
Ubuntu 18.04 kernel and packages 4.15.0-54-generic 4.15.0-55-generic Updated worker node images with package updates for [CVE-2019-11815 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11815), [CVE-2019-11833 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11833), [CVE-2019-11884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11884), [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12126), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12127), [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12130), [CVE-2019-11091 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11091), [CVE-2019-13057 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13057), [CVE-2019-13565 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13565), [CVE-2019-13636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13636), [CVE-2019-13638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13638), and [CVE-2019-2054 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-2054).
Ubuntu 16.04 kernel and packages 4.4.0-154-generic 4.4.0-157-generic Updated worker node images with package updates for [CVE-2019-11815 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11815), [CVE-2019-11833 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11833), [CVE-2019-11884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11884), [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12126), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12127), [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12130), [CVE-2019-11091 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11091), [CVE-2019-13057 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13057), [CVE-2019-13565 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13565), [CVE-2019-13636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13636), and [CVE-2019-13638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13638).

Changelog for worker node fix pack 1.13.8_1529, released 22 July 2019

{: #1138_1529_worker}

The following table shows the changes that are included in the worker node fix pack 1.13.8_1529. {: shortdesc}

Changes since version 1.13.7_1528
Component Previous Current Description
Kubernetes v1.13.7 v1.13.8 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.8). Update resolves [CVE-2019-11248 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11248) (see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10967113)).
Ubuntu packages N/A N/A Updated worker node images with package updates for [CVE-2019-13012 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13012) and [CVE-2019-7307 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html).

Changelog for master fix pack 1.13.8_1529, released 15 July 2019

{: #1138_1529}

The following table shows the changes that are included in the master fix pack 1.13.8_1529. {: shortdesc}

Changes since version 1.13.7_1528
Component Previous Current Description
Calico v3.4.4 v3.6.4 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.6/release-notes/). Update resolves [TTA-2019-001 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.projectcalico.org/security-bulletins/#TTA-2019-001). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10959551).
CoreDNS configuration N/A N/A Changed the default CoreDNS configuration from a 5 to 30 second TTL for DNS records in the `kubernetes` zone. This change aligns with the default KubeDNS configuration. Existing CoreDNS configurations are unchanged. For more information about changing your CoreDNS configuration, see [Customizing the cluster DNS provider](/docs/containers?topic=containers-cluster_dns#dns_customize).
GPU device plug-in and installer 5d34347 a7e8ece Updated base image packages.
Kubernetes v1.13.7 v1.13.8 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.8).
{{site.data.keyword.cloud_notm}} Provider v1.13.7-162 v1.13.8-188 Updated to support the Kubernetes 1.13.8 release. Additionally, `calicoctl` version is updated to 3.6.4.

Changelog for worker node fix pack 1.13.7_1528, released 8 July 2019

{: #1137_1528}

The following table shows the changes that are included in the worker node patch 1.13.7_1528. {: shortdesc}

Changes since version 1.13.7_1527
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-151-generic 4.4.0-154-generic Updated worker node images with kernel and package updates for [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html) and [CVE-2019-11479 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11479.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).
Ubuntu 18.04 kernel 4.15.0-52-generic 4.15.0-54-generic Updated worker node images with kernel and package updates for [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html) and [CVE-2019-11479 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11479.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).

Changelog for worker node fix pack 1.13.7_1527, released 24 June 2019

{: #1137_1527}

The following table shows the changes that are included in the worker node patch 1.13.7_1527. {: shortdesc}

Changes since version 1.13.7_1526
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-150-generic 4.4.0-151-generic Updated worker node images with kernel and package updates for [CVE-2019-11477 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html) and [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).
Ubuntu 18.04 kernel 4.15.0-51-generic 4.15.0-52-generic Updated worker node images with kernel and package updates for [CVE-2019-11477 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html) and [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).
containerd 1.2.6 1.2.7 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.7).
Max pods N/A N/A Increased the limit of maximum number of pods for worker nodes with more than 11 CPU cores to be 10 pods per core, up to a maximum of 250 pods per worker node.

Changelog for 1.13.7_1526, released 17 June 2019

{: #1137_1526}

The following table shows the changes that are included in the patch 1.13.7_1526. {: shortdesc}

Changes since version 1.13.6_1524
Component Previous Current Description
GPU device plug-in and installer 32257d3 5d34347 Updated image for [CVE-2019-8457 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457). Updated the GPU drivers to [430.14 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/Download/driverResults.aspx/147582/).
{{site.data.keyword.cloud_notm}} File Storage plug-in 346 347 Updated so that the IAM API key can be either encrypted or unencrypted.
{{site.data.keyword.cloud_notm}} Provider v1.13.6-139 v1.13.7-162 Updated to support the Kubernetes 1.13.7 release.
Kubernetes v1.13.6 v1.13.7 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.7).
Public service endpoint for Kubernetes master N/A N/A Fixed an issue to [enable the public service endpoint](/docs/containers?topic=containers-cs_network_cluster#set-up-public-se).
Ubuntu 16.04 kernel 4.4.0-148-generic 4.4.0-150-generic Updated worker node images with kernel and package updates for [CVE-2019-10906 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10906.html?_ga=2.184456110.929090212.1560547312-1880639276.1557078470).
Ubuntu 18.04 kernel 4.15.0-50-generic 4.15.0-51-generic Updated worker node images with kernel and package updates for [CVE-2019-10906 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10906.html?_ga=2.184456110.929090212.1560547312-1880639276.1557078470).

Changelog for 1.13.6_1524, released 4 June 2019

{: #1136_1524}

The following table shows the changes that are included in the patch 1.13.6_1524. {: shortdesc}

Changes since version 1.13.6_1522
Component Previous Current Description
Cluster DNS configuration N/A N/A Fixed a bug that might leave both Kubernetes DNS and CoreDNS pods running after cluster `create` or `update` operations.
Cluster master HA configuration N/A N/A Updated configuration to minimize intermittent master network connectivity failures during a master update.
etcd v3.3.11 v3.3.13 See the [etcd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.13).
GPU device plug-in and installer 55c1f66 32257d3 Updated image for [CVE-2018-10844 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844), [CVE-2018-10845 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845), [CVE-2018-10846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846), [CVE-2019-3829 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829), [CVE-2019-3836 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836), [CVE-2019-9893 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893), [CVE-2019-5435 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435), and [CVE-2019-5436 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436).
Kubernetes Metrics Server v0.3.1 v0.3.3 See the [Kubernetes Metrics Server release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/metrics-server/releases/tag/v0.3.3).
Trusted compute agent 13c7ef0 e8c6d72 Updated image for [CVE-2018-10844 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844), [CVE-2018-10845 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845), [CVE-2018-10846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846), [CVE-2019-3829 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829), [CVE-2019-3836 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836), [CVE-2019-9893 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893), [CVE-2019-5435 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435), and [CVE-2019-5436 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436).

Changelog for worker node fix pack 1.13.6_1522, released 20 May 2019

{: #1136_1522}

The following table shows the changes that are included in the patch 1.13.6_1522. {: shortdesc}

Changes since version 1.13.6_1521
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-145-generic 4.4.0-148-generic Updated worker node images with kernel update for [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html), and [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html).
Ubuntu 18.04 kernel 4.15.0-47-generic 4.15.0-50-generic Updated worker node images with kernel update for [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html), and [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html).

Changelog for 1.13.6_1521, released 13 May 2019

{: #1136_1521}

The following table shows the changes that are included in the patch 1.13.6_1521. {: shortdesc}

Changes since version 1.13.5_1519
Component Previous Current Description
Cluster master HA proxy 1.9.6-alpine 1.9.7-alpine See the [HAProxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.9/src/CHANGELOG). Update resolves [CVE-2019-6706 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6706).
GPU device plug-in and installer 9ff3fda 55c1f66 Updated image for [CVE-2019-1543 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543).
{{site.data.keyword.cloud_notm}} Provider v1.13.5-107 v1.13.6-139 Updated to support the Kubernetes 1.13.6 release. Also, fixed the update process for version 2.0 network load balancer that have only one available worker node for the load balancer pods.
Kubernetes v1.13.5 v1.13.6 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.6).
Kubernetes configuration N/A N/A The Kubernetes API server audit policy configuration is updated to not log the `/openapi/v2*` read-only URL. In addition, the Kubernetes controller manager configuration increased the validity duration of signed `kubelet` certificates from 1 to 3 years.
OpenVPN client configuration N/A N/A The OpenVPN client `vpn-*` pod in the `kube-system` namespace now sets `dnsPolicy` to `Default` to prevent the pod from failing when cluster DNS is down.
Trusted compute agent e132aa4 13c7ef0 Updated image for [CVE-2016-7076 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076), [CVE-2017-1000368 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000368), and [CVE-2019-11068 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068).

Changelog for worker node fix pack 1.13.5_1519, released 29 April 2019

{: #1135_1519}

The following table shows the changes that are included in the worker node fix pack 1.13.5_1519. {: shortdesc}

Changes since version 1.13.5_1518
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.
containerd 1.2.5 1.2.6 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.6).

Changelog for worker node fix pack 1.13.5_1518, released 15 April 2019

{: #1135_1518}

The following table shows the changes that are included in the worker node fix pack 1.13.5_1518. {: shortdesc}

Changes since version 1.13.5_1517
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages including `systemd` for [CVE-2019-3842 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3842.html).

Changelog for 1.13.5_1517, released 8 April 2019

{: #1135_1517}

The following table shows the changes that are included in the patch 1.13.5_1517. {: shortdesc}

Changes since version 1.13.4_1516
Component Previous Current Description
Calico v3.4.0 v3.4.4 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.4/releases/#v344). Update resolves [CVE-2019-9946 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9946). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10879585).
Cluster master HA proxy 1.8.12-alpine 1.9.6-alpine See the [HAProxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.9/src/CHANGELOG). Update resolves [CVE-2018-0732 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732), [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734), [CVE-2018-0737 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737), [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407), [CVE-2019-1543 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543), and [CVE-2019-1559 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559).
{{site.data.keyword.cloud_notm}} Provider v1.13.4-86 v1.13.5-107 Updated to support the Kubernetes 1.13.5 and Calico 3.4.4 releases.
Kubernetes v1.13.4 v1.13.5 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.5).
Trusted compute agent a02f765 e132aa4 Updated image for [CVE-2017-12447 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12447).
Ubuntu 16.04 kernel 4.4.0-143-generic 4.4.0-145-generic Updated worker node images with kernel update for [CVE-2019-9213 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html).
Ubuntu 18.04 kernel 4.15.0-46-generic 4.15.0-47-generic Updated worker node images with kernel update for [CVE-2019-9213 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html).

Changelog for worker node fix pack 1.13.4_1516, released 1 April 2019

{: #1134_1516}

The following table shows the changes that are included in the worker node fix pack 1.13.4_1516. {: shortdesc}

Changes since version 1.13.4_1515
Component Previous Current Description
Worker node resource utilization N/A N/A Increased memory reservations for the kubelet and containerd to prevent these components from running out of resources. For more information, see [Worker node resource reserves](/docs/containers?topic=containers-planning_worker_nodes#resource_limit_node).

Changelog for master fix pack 1.13.4_1515, released 26 March 2019

{: #1134_1515}

The following table shows the changes that are included in the master fix pack 1.13.4_1515. {: shortdesc}

Changes since version 1.13.4_1513
Component Previous Current Description
Cluster DNS configuration N/A N/A Fixed the update process from Kubernetes version 1.11 to prevent the update from switching the cluster DNS provider to CoreDNS. You can still [set up CoreDNS as the cluster DNS provider](/docs/containers?topic=containers-cluster_dns#set_coredns) after the update.
{{site.data.keyword.cloud_notm}} File Storage plug-in 345 346 Updated image for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).
Key Management Service provider 166 167 Fixes intermittent `context deadline exceeded` and `timeout` errors for managing Kubernetes secrets. In addition, fixes updates to the key management service that might leave existing Kubernetes secrets unencrypted. Update includes fix for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 143 146 Updated image for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).

Changelog for 1.13.4_1513, released 20 March 2019

{: #1134_1513}

The following table shows the changes that are included in the patch 1.13.4_1513. {: shortdesc}

Changes since version 1.13.4_1510
Component Previous Current Description
Cluster DNS configuration N/A N/A Fixed a bug that might cause cluster master operations, such as `refresh` or `update`, to fail when the unused cluster DNS must be scaled down.
Cluster master HA proxy configuration N/A N/A Updated configuration to better handle intermittent connection failures to the cluster master.
CoreDNS configuration N/A N/A Updated the CoreDNS configuration to support [multiple Corefiles ![External link icon](../icons/launch-glyph.svg "External link icon")](https://coredns.io/2017/07/23/corefile-explained/) after updating the cluster Kubernetes version from 1.12.
containerd 1.2.4 1.2.5 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.5). Update includes improved fix for [CVE-2019-5736 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10871600).
GPU device plug-in and installer e32d51c 9ff3fda Updated the GPU drivers to [418.43 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/object/unix.html). Update includes fix for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9741.html).
{{site.data.keyword.cloud_notm}} File Storage plug-in 344 345 Added support for [private service endpoints](/docs/containers?topic=containers-cs_network_cluster#set-up-private-se).
Kernel 4.4.0-141 4.4.0-143 Updated worker node images with kernel update for [CVE-2019-6133 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6133.html).
Key Management Service provider 136 166 Updated image for [CVE-2018-16890 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890), [CVE-2019-3822 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822), and [CVE-2019-3823 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823).
Trusted compute agent 5f3d092 a02f765 Updated image for [CVE-2018-10779 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10779), [CVE-2018-12900 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900), [CVE-2018-17000 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000), [CVE-2018-19210 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210), [CVE-2019-6128 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128), and [CVE-2019-7663 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663).

Changelog for 1.13.4_1510, released 4 March 2019

{: #1134_1510}

The following table shows the changes that are included in the patch 1.13.4_1510. {: shortdesc}

Changes since version 1.13.2_1509
Component Previous Current Description
Cluster DNS provider N/A N/A Increased Kubernetes DNS and CoreDNS pod memory limit from `170Mi` to `400Mi` in order to handle more cluster services.
GPU device plug-in and installer eb3a259 e32d51c Updated images for [CVE-2019-6454 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454).
{{site.data.keyword.cloud_notm}} Provider v1.13.2-62 v1.13.4-86 Updated to support the Kubernetes 1.13.4 release. Fixed periodic connectivity problems for version 1.0 load balancers that set `externalTrafficPolicy` to `local`. Updated load balancer version 1.0 and 2.0 events to use the latest {{site.data.keyword.cloud_notm}} documentation links.
{{site.data.keyword.cloud_notm}} File Storage plug-in 342 344 Changed the base operating system for the image from Fedora to Alpine. Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
Key Management Service provider 122 136 Increased client timeout to {{site.data.keyword.keymanagementservicefull_notm}}. Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
Kubernetes v1.13.2 v1.13.4 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.4). Update resolves [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486) and [CVE-2019-1002100 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1002100). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10873324).
Kubernetes configuration N/A N/A Added `ExperimentalCriticalPodAnnotation=true` to the `--feature-gates` option. This setting helps migrate pods from the deprecated `scheduler.alpha.kubernetes.io/critical-pod` annotation to [Kubernetes pod priority support](/docs/containers?topic=containers-pod_priority#pod_priority).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 132 143 Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
OpenVPN client and server 2.4.6-r3-IKS-13 2.4.6-r3-IKS-25 Updated image for [CVE-2019-1559 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559).
Trusted compute agent 1ea5ad3 5f3d092 Updated image for [CVE-2019-6454 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454).

Changelog for worker node fix pack 1.13.2_1509, released 27 February 2019

{: #1132_1509}

The following table shows the changes that are included in the worker node fix pack 1.13.2_1509. {: shortdesc}

Changes since version 1.13.2_1508
Component Previous Current Description
Kernel 4.4.0-141 4.4.0-142 Updated worker node images with kernel update for [CVE-2018-19407 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-142.168/changelog).

Changelog for worker node fix pack 1.13.2_1508, released 15 February 2019

{: #1132_1508}

The following table shows the changes that are included in the worker node fix pack 1.13.2_1508. {: shortdesc}

Changes since version 1.13.2_1507
Component Previous Current Description
Cluster master HA proxy configuration N/A N/A Changed the pod configuration `spec.priorityClassName` value to `system-node-critical` and set the `spec.priority` value to `2000001000`.
containerd 1.2.2 1.2.4 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.4). Update resolves [CVE-2019-5736 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10871600).
Kubernetes `kubelet` configuration N/A N/A Enabled the `ExperimentalCriticalPodAnnotation` feature gate to prevent critical static pod eviction. Set the `event-qps` option to `0` to prevent rate limiting event creation.

Changelog for 1.13.2_1507, released 5 February 2019

{: #1132_1507}

The following table shows the changes that are included in the patch 1.13.2_1507. {: shortdesc}

Changes since version 1.12.4_1535
Component Previous Current Description
Calico v3.3.1 v3.4.0 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.4/releases/#v340).
Cluster DNS provider N/A N/A CoreDNS is now the default cluster DNS provider for new clusters. If you update an existing cluster to 1.13 that uses KubeDNS as the cluster DNS provider, KubeDNS continues to be the cluster DNS provider. However, you can choose to [use CoreDNS instead](/docs/containers?topic=containers-cluster_dns#dns_set).
containerd 1.1.5 1.2.2 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.2).
CoreDNS 1.2.2 1.2.6 See the [CoreDNS release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/coredns/coredns/releases/tag/v1.2.6). Additionally, the CoreDNS configuration is updated to [support multiple Corefiles ![External link icon](../icons/launch-glyph.svg "External link icon")](https://coredns.io/2017/07/23/corefile-explained/).
etcd v3.3.1 v3.3.11 See the [etcd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.11). Additionally, the supported cipher suites to etcd are now restricted to a subset with high strength encryption (128 bits or more).
GPU device plug-in and installer 13fdc0d eb3a259 Updated images for [CVE-2019-3462 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462) and [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
{{site.data.keyword.cloud_notm}} Provider v1.12.4-118 v1.13.2-62 Updated to support the Kubernetes 1.13.2 release. Additionally, `calicoctl` version is updated to 3.4.0. Fixed unnecessary configuration updates to version 2.0 network load balancers on worker node status changes.
{{site.data.keyword.cloud_notm}} File Storage plug-in 338 342 The file storage plug-in is updated as follows:
  • Supports dynamic provisioning with [volume topology-aware scheduling](/docs/containers?topic=containers-file_storage#file-topology).
  • Ignores persistent volume claim (PVC) delete errors if the storage is already deleted.
  • Adds a failure message annotation to failed PVCs.
  • Optimizes the storage provisioner controller's leader election and resync period settings, and increases the provisioning timeout from 30 minutes to 1 hour.
  • Checks user permissions before starting the provisioning.
  • Adds a `CriticalAddonsOnly` toleration to the `ibm-file-plugin` and `ibm-storage-watcher` deployments in the `kube-system` namespace.
Key Management Service provider 111 122 Added retry logic to avoid temporary failures when Kubernetes secrets are managed by {{site.data.keyword.keymanagementservicefull_notm}}.
Kubernetes v1.12.4 v1.13.2 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.13.2).
Kubernetes configuration N/A N/A The Kubernetes API server audit policy configuration is updated to include logging metadata for `cluster-admin` requests and logging the request body of workload `create`, `update`, and `patch` requests.
Kubernetes DNS autoscaler 1.2.0 1.3.0 See the [Kubernetes DNS autoscaler release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/releases/tag/1.3.0).
OpenVPN client 2.4.6-r3-IKS-8 2.4.6-r3-IKS-13 Updated image for [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734) and [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407). Added `CriticalAddonsOnly` toleration to the `vpn` deployment in the `kube-system` namespace. Additionally, the pod configuration is now obtained from a secret instead of from a configmap.
OpenVPN server 2.4.6-r3-IKS-8 2.4.6-r3-IKS-13 Updated image for [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734) and [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407).
systemd 230 229 Security patch for [CVE-2018-16864 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16864).

Deprecated: Version 1.12 changelog

{: #112_changelog}

Review the version 1.12 changelog. {: shortdesc}

Changelog for worker node fix pack 1.12.10_1568, released 1 October 2019

{: #11210_1568_worker}

The following table shows the changes that are included in the patch 1.12.10_1568. {: shortdesc}

Changes since version 1.12.10_1567
Component Previous Current Description
Ubuntu 18.04 kernel and packages 4.15.0-62-generic 4.15.0-64-generic Updated worker node images with kernel and package updates for [CVE-2019-15031 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15031), [CVE-2019-15030 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15030), and [CVE-2019-14835 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14835).
Ubuntu 16.04 kernel and packages 4.4.0-161-generic 4.4.0-164-generic Updated worker node images with kernel and package updates for [CVE-2019-14835 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14835).

Changelog for worker node fix pack 1.12.10_1567, released 16 September 2019

{: #11210_1567_worker}

The following table shows the changes that are included in the worker node fix pack 1.12.10_1567. {: shortdesc}

Changes since version 1.12.10_1566
Component Previous Current Description
Ubuntu 16.04 packages and kernel 4.4.0-159-generic 4.4.0-161-generic Updated worker node images with kernel and package updates for [CVE-2019-5481 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5481), [CVE-2019-5482 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5482), [CVE-2019-15903 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15903), [CVE-2015-9383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-9383), [CVE-2019-10638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10638), [CVE-2019-3900 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3900), [CVE-2019-13648 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13648), [CVE-2018-20856 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20856), [CVE-2019-14283 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14283), [CVE-2019-14284 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14284), [CVE-2019-5010 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5010), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-9740 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9740), [CVE-2019-9947 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9947), [CVE-2019-9948 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9948), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2018-20852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20852), [CVE-2018-20406 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20406), and [CVE-2019-10160 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10160).
Ubuntu 18.04 packages and kernel 4.15.0-58-generic 4.15.0-62-generic Updated worker node images with kernel and package updates for [CVE-2019-5481 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5481), [CVE-2019-5482 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5482), [CVE-2019-15903 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15903), [CVE-2019-14283 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14283), [CVE-2019-14284 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-14284), [CVE-2018-20852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-20852), [CVE-2019-5010 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-5010), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-9740 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9740), [CVE-2019-9947 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9947), [CVE-2019-9948 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9948), [CVE-2019-9636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-10160 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10160), and [CVE-2019-15718 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-15718).

Changelog for worker node fix pack 1.12.10_1566, released 3 September 2019

{: #11210_1566_worker}

The following table shows the changes that are included in the worker node fix pack 1.12.10_1566. {: shortdesc}

Changes since version 1.12.10_1564
Component Previous Current Description
Ubuntu 16.04 packages N/A N/A Updated worker node images with package updates.
Ubuntu 18.04 packages N/A N/A Updated worker node images with package updates for [CVE-2019-10222 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10222) and [CVE-2019-11922 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11922).

Changelog for master fix pack 1.12.10_1565, released 28 August 2019

{: #11210_1565}

The following table shows the changes that are included in the master fix pack 1.12.10_1565. {: shortdesc}

Changes since version 1.12.10_1564
Component Previous Current Description
`etcd` v3.3.13 v3.3.15 See the [`etcd` release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.15). Update resolves [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
GPU device plug-in and installer 07c9b67 de13f2a Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809). Updated the GPU drivers to [430.40 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/Download/driverResults.aspx/149138/).
{{site.data.keyword.cloud_notm}} File Storage plug-in 348 349 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Key Management Service provider 207 212 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 147 148 Image updated for [CVE-2019-9512 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512), [CVE-2019-9514 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514), and [CVE-2019-14809 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809).

Changelog for worker node fix pack 1.12.10_1564, released 19 August 2019

{: #11210_1564_worker}

The following table shows the changes that are included in the worker node fix pack 1.12.10_1564. {: shortdesc}

Changes since version 1.12.10_1561
Component Previous Current Description
Cluster master HA proxy 2.0.1-alpine 1.8.21-alpine Moved to HA proxy 1.8 to fix [socket leak in HA proxy ![External link icon](../icons/launch-glyph.svg "External link icon")](haproxy/haproxy#136). Also added a liveliness check to monitor the health of HA proxy. For more information, see [HA proxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.8/src/CHANGELOG).
Ubuntu 16.04 kernel and packages 4.4.0-157-generic 4.4.0-159-generic Updated worker node images with package updates for [CVE-2019-13012 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13012), [CVE-2019-1125 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-1125), [CVE-2018-5383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-5383), [CVE-2019-12614 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12614), [CVE-2019-10126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-10126), and [CVE-2019-3846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3846).
Ubuntu 18.04 kernel and packages 4.15.0-55-generic 4.15.0-58-generic Updated worker node images with package updates for [CVE-2019-1125 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-1125), [CVE-2019-2101 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-2101), [CVE-2018-5383 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-5383), [CVE-2019-13233 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13233), [CVE-2019-13272 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13272), [CVE-2000-1134 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2000-1134), [CVE-2007-3852 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2007-3852), [CVE-2008-0525 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2008-0525), [CVE-2009-0416 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2009-0416), [CVE-2011-4834 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2011-4834), [CVE-2015-1838 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-1838), [CVE-2015-7442 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2015-7442), [CVE-2016-7489 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2016-7489), [CVE-2019-12614 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12614), [CVE-2019-10126](https://nvd.nist.gov/vuln/detail/CVE-2019-10126), [CVE-2019-3846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-3846), [CVE-2019-12818 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12818), [CVE-2019-12984 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12984), and [CVE-2019-12819 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-12819).

Changelog for master fix pack 1.12.10_1564, released 17 August 2019

{: #11210_1564}

The following table shows the changes that are included in the master fix pack 1.12.10_1564. {: shortdesc}

Changes since version 1.12.10_1563
Component Previous Current Description
Key Management Service provider 167 207 Fixed an issue that causes the Kubernetes [key management service (KMS) provider](/docs/containers?topic=containers-encryption#keyprotect) to fail to manage Kubernetes secrets.

Changelog for master fix pack 1.12.10_1563, released 15 August 2019

{: #11210_1563}

The following table shows the changes that are included in the master fix pack 1.12.10_1563. {: shortdesc}

Changes since version 1.12.10_1561
Component Previous Current Description
Calico configuration N/A N/A Calico `calico-kube-controllers` deployment in the `kube-system` namespace sets a memory limit on the `calico-kube-controllers` container.
GPU device plug-in and installer a7e8ece 07c9b67 Image updated for [CVE-2019-9924 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924) and [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
{{site.data.keyword.cloud_notm}} File Storage plug-in 347 348 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
Kubernetes DNS 1.14.13 1.15.4 See the [Kubernetes DNS release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dns/releases/tag/1.15.4). Image update resolves [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
Kubernetes DNS autoscaler 1.2.0 1.3.0 See the [Kubernetes DNS autoscaler release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/releases/tag/1.3.0). Image update resolves [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 146 147 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
OpenVPN client 2.4.6-r3-IKS-13 2.4.6-r3-IKS-116 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).
OpenVPN server 2.4.6-r3-IKS-25 2.4.6-r3-IKS-115 Image updated for [CVE-2019-14697 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697).

Changelog for worker node fix pack 1.12.10_1561, released 5 August 2019

{: #11210_1561_worker}

The following table shows the changes that are included in the worker node fix pack 1.12.10_1561. {: shortdesc}

Changes since version 1.12.10_1560
Component Previous Current Description
Ubuntu 18.04 kernel and packages 4.15.0-54-generic 4.15.0-55-generic Updated worker node images with package updates for [CVE-2019-11815 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11815), [CVE-2019-11833 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11833), [CVE-2019-11884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11884), [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12126), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12127), [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12130), [CVE-2019-11091 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11091), [CVE-2019-13057 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13057), [CVE-2019-13565 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13565), [CVE-2019-13636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13636), [CVE-2019-13638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13638), and [CVE-2019-2054 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-2054).
Ubuntu 16.04 kernel and packages 4.4.0-154-generic 4.4.0-157-generic Updated worker node images with package updates for [CVE-2019-11815 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11815), [CVE-2019-11833 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11833), [CVE-2019-11884 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11884), [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12126), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12127), [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2018-12130), [CVE-2019-11091 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-11091), [CVE-2019-13057 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13057), [CVE-2019-13565 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13565), [CVE-2019-13636 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13636), and [CVE-2019-13638 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://nvd.nist.gov/vuln/detail/CVE-2019-13638).

Changelog for worker node fix pack 1.12.10_1560, released 22 July 2019

{: #11210_1560_worker}

The following table shows the changes that are included in the worker node fix pack 1.12.10_1560. {: shortdesc}

Changes since version 1.12.9_1559
Component Previous Current Description
Kubernetes v1.12.9 v1.12.10 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.12.10). Update resolves [CVE-2019-11248 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11248). For more information, see [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10967113)).
Ubuntu packages N/A N/A Updated worker node images with package updates for [CVE-2019-13012 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13012) and [CVE-2019-7307 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html).

Changelog for master fix pack 1.12.10_1560, released 15 July 2019

{: #11210_1560}

The following table shows the changes that are included in the master fix pack 1.12.10_1560. {: shortdesc}

Changes since version 1.12.9_1559
Component Previous Current Description
Calico v3.3.6 v3.6.4 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.6/release-notes/). Update resolves [TTA-2019-001 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.projectcalico.org/security-bulletins/#TTA-2019-001). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10959551).
CoreDNS configuration N/A N/A Changed the default CoreDNS configuration from a 5 to 30 second TTL for DNS records in the `kubernetes` zone. This change aligns with the default KubeDNS configuration. Existing CoreDNS configurations are unchanged. For more information about changing your CoreDNS configuration, see [Customizing the cluster DNS provider](/docs/containers?topic=containers-cluster_dns#dns_customize).
GPU device plug-in and installer 5d34347 a7e8ece Updated base image packages.
Kubernetes v1.12.9 v1.12.10 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.12.10).
{{site.data.keyword.cloud_notm}} Provider v1.12.9-227 v1.12.10-259 Updated to support the Kubernetes 1.12.10 release. Additionally, `calicoctl` version is updated to 3.6.4.

Changelog for worker node fix pack 1.12.9_1559, released 8 July 2019

{: #1129_1559}

The following table shows the changes that are included in the worker node patch 1.12.9_1559. {: shortdesc}

Changes since version 1.12.9_1558
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-151-generic 4.4.0-154-generic Updated worker node images with kernel and package updates for [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html) and [CVE-2019-11479 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11479.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).
Ubuntu 18.04 kernel 4.15.0-52-generic 4.15.0-54-generic Updated worker node images with kernel and package updates for [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html) and [CVE-2019-11479 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11479.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).

Changelog for worker node fix pack 1.12.9_1558, released 24 June 2019

{: #1129_1558}

The following table shows the changes that are included in the worker node patch 1.12.9_1558. {: shortdesc}

Changes since version 1.12.9_1557
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-150-generic 4.4.0-151-generic Updated worker node images with kernel and package updates for [CVE-2019-11477 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html) and [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).
Ubuntu 18.04 kernel 4.15.0-51-generic 4.15.0-52-generic Updated worker node images with kernel and package updates for [CVE-2019-11477 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html) and [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10958863).
containerd 1.2.6 1.2.7 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.7).

Changelog for 1.12.9_1557, released 17 June 2019

{: #1129_1557}

The following table shows the changes that are included in the patch 1.12.9_1557. {: shortdesc}

Changes since version 1.12.9_1555
Component Previous Current Description
GPU device plug-in and installer 32257d3 5d34347 Updated image for [CVE-2019-8457 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457). Updated the GPU drivers to [430.14 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/Download/driverResults.aspx/147582/).
{{site.data.keyword.cloud_notm}} File Storage plug-in 346 347 Updated so that the IAM API key can be either encrypted or unencrypted.
Public service endpoint for Kubernetes master N/A N/A Fixed an issue to [enable the public service endpoint](/docs/containers?topic=containers-cs_network_cluster#set-up-public-se).
Ubuntu 16.04 kernel 4.4.0-148-generic 4.4.0-150-generic Updated worker node images with kernel and package updates for [CVE-2019-10906 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10906.html?_ga=2.184456110.929090212.1560547312-1880639276.1557078470).
Ubuntu 18.04 kernel 4.15.0-50-generic 4.15.0-51-generic Updated worker node images with kernel and package updates for [CVE-2019-10906 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10906.html?_ga=2.184456110.929090212.1560547312-1880639276.1557078470).

Changelog for 1.12.9_1555, released 4 June 2019

{: #1129_1555}

The following table shows the changes that are included in the patch 1.12.9_1555. {: shortdesc}

Changes since version 1.12.8_1553
Component Previous Current Description
Cluster DNS configuration N/A N/A Fixed a bug that might leave both Kubernetes DNS and CoreDNS pods running after cluster `create` or `update` operations.
Cluster master HA configuration N/A N/A Updated configuration to minimize intermittent master network connectivity failures during a master update.
etcd v3.3.11 v3.3.13 See the [etcd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.13).
GPU device plug-in and installer 55c1f66 32257d3 Updated image for [CVE-2018-10844 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844), [CVE-2018-10845 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845), [CVE-2018-10846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846), [CVE-2019-3829 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829), [CVE-2019-3836 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836), [CVE-2019-9893 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893), [CVE-2019-5435 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435), and [CVE-2019-5436 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436).
{{site.data.keyword.cloud_notm}} Provider v1.12.8-210 v1.12.9-227 Updated to support the Kubernetes 1.12.9 release.
Kubernetes v1.12.8 v1.12.9 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.12.9).
Kubernetes Metrics Server v0.3.1 v0.3.3 See the [Kubernetes Metrics Server release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/metrics-server/releases/tag/v0.3.3).
Trusted compute agent 13c7ef0 e8c6d72 Updated image for [CVE-2018-10844 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844), [CVE-2018-10845 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845), [CVE-2018-10846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846), [CVE-2019-3829 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829), [CVE-2019-3836 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836), [CVE-2019-9893 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893), [CVE-2019-5435 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435), and [CVE-2019-5436 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436).

Changelog for worker node fix pack 1.12.8_1553, released 20 May 2019

{: #1128_1533}

The following table shows the changes that are included in the patch 1.12.8_1553. {: shortdesc}

Changes since version 1.12.8_1553
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-145-generic 4.4.0-148-generic Updated worker node images with kernel update for [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html), and [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html).
Ubuntu 18.04 kernel 4.15.0-47-generic 4.15.0-50-generic Updated worker node images with kernel update for [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html), and [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html).

Changelog for 1.12.8_1552, released 13 May 2019

{: #1128_1552}

The following table shows the changes that are included in the patch 1.12.8_1552. {: shortdesc}

Changes since version 1.12.7_1550
Component Previous Current Description
Cluster master HA proxy 1.9.6-alpine 1.9.7-alpine See the [HAProxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.9/src/CHANGELOG). Update resolves [CVE-2019-6706 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6706).
GPU device plug-in and installer 9ff3fda 55c1f66 Updated image for [CVE-2019-1543 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543).
{{site.data.keyword.cloud_notm}} Provider v1.12.7-180 v1.12.8-210 Updated to support the Kubernetes 1.12.8 release. Also, fixed the update process for version 2.0 network load balancer that have only one available worker node for the load balancer pods.
Kubernetes v1.12.7 v1.12.8 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.12.8).
Kubernetes configuration N/A N/A The Kubernetes API server audit policy configuration is updated to not log the `/openapi/v2*` read-only URL. In addition, the Kubernetes controller manager configuration increased the validity duration of signed `kubelet` certificates from 1 to 3 years.
OpenVPN client configuration N/A N/A The OpenVPN client `vpn-*` pod in the `kube-system` namespace now sets `dnsPolicy` to `Default` to prevent the pod from failing when cluster DNS is down.
Trusted compute agent e132aa4 13c7ef0 Updated image for [CVE-2016-7076 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076), [CVE-2017-1000368 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000368), and [CVE-2019-11068 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068).

Changelog for worker node fix pack 1.12.7_1550, released 29 April 2019

{: #1127_1550}

The following table shows the changes that are included in the worker node fix pack 1.12.7_1550. {: shortdesc}

Changes since version 1.12.7_1549
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.
containerd 1.1.6 1.1.7 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.1.7).

Changelog for worker node fix pack 1.12.7_1549, released 15 April 2019

{: #1127_1549}

The following table shows the changes that are included in the worker node fix pack 1.12.7_1549. {: shortdesc}

Changes since version 1.12.7_1548
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages including `systemd` for [CVE-2019-3842 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3842.html).

Changelog for 1.12.7_1548, released 8 April 2019

{: #1127_1548}

The following table shows the changes that are included in the patch 1.12.7_1548. {: shortdesc}

Changes since version 1.12.6_1547
Component Previous Current Description
Calico v3.3.1 v3.3.6 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.3/releases/#v336). Update resolves [CVE-2019-9946 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9946). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10879585).
Cluster master HA proxy 1.8.12-alpine 1.9.6-alpine See the [HAProxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.9/src/CHANGELOG). Update resolves [CVE-2018-0732 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732), [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734), [CVE-2018-0737 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737), [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407), [CVE-2019-1543 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543), and [CVE-2019-1559 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559).
{{site.data.keyword.cloud_notm}} Provider v1.12.6-157 v1.12.7-180 Updated to support the Kubernetes 1.12.7 and Calico 3.3.6 releases.
Kubernetes v1.12.6 v1.12.7 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.12.7).
Trusted compute agent a02f765 e132aa4 Updated image for [CVE-2017-12447 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12447).
Ubuntu 16.04 kernel 4.4.0-143-generic 4.4.0-145-generic Updated worker node images with kernel update for [CVE-2019-9213 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html).
Ubuntu 18.04 kernel 4.15.0-46-generic 4.15.0-47-generic Updated worker node images with kernel update for [CVE-2019-9213 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html).

Changelog for worker node fix pack 1.12.6_1547, released 1 April 2019

{: #1126_1547}

The following table shows the changes that are included in the worker node fix pack 1.12.6_1547. {: shortdesc}

Changes since version 1.12.6_1546
Component Previous Current Description
Worker node resource utilization N/A N/A Increased memory reservations for the kubelet and containerd to prevent these components from running out of resources. For more information, see [Worker node resource reserves](/docs/containers?topic=containers-planning_worker_nodes#resource_limit_node).

Changelog for master fix pack 1.12.6_1546, released 26 March 2019

{: #1126_1546}

The following table shows the changes that are included in the master fix pack 1.12.6_1546. {: shortdesc}

Changes since version 1.12.6_1544
Component Previous Current Description
{{site.data.keyword.cloud_notm}} File Storage plug-in 345 346 Updated image for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).
Key Management Service provider 166 167 Fixes intermittent `context deadline exceeded` and `timeout` errors for managing Kubernetes secrets. In addition, fixes updates to the key management service that might leave existing Kubernetes secrets unencrypted. Update includes fix for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 143 146 Updated image for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).

Changelog for 1.12.6_1544, released 20 March 2019

{: #1126_1544}

The following table shows the changes that are included in the patch 1.12.6_1544. {: shortdesc}

Changes since version 1.12.6_1541
Component Previous Current Description
Cluster DNS configuration N/A N/A Fixed a bug that might cause cluster master operations, such as `refresh` or `update`, to fail when the unused cluster DNS must be scaled down.
Cluster master HA proxy configuration N/A N/A Updated configuration to better handle intermittent connection failures to the cluster master.
CoreDNS configuration N/A N/A Updated the CoreDNS configuration to support [multiple Corefiles ![External link icon](../icons/launch-glyph.svg "External link icon")](https://coredns.io/2017/07/23/corefile-explained/).
GPU device plug-in and installer e32d51c 9ff3fda Updated the GPU drivers to [418.43 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/object/unix.html). Update includes fix for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9741.html).
{{site.data.keyword.cloud_notm}} File Storage plug-in 344 345 Added support for [private service endpoints](/docs/containers?topic=containers-cs_network_cluster#set-up-private-se).
Kernel 4.4.0-141 4.4.0-143 Updated worker node images with kernel update for [CVE-2019-6133 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6133.html).
Key Management Service provider 136 166 Updated image for [CVE-2018-16890 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890), [CVE-2019-3822 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822), and [CVE-2019-3823 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823).
Trusted compute agent 5f3d092 a02f765 Updated image for [CVE-2018-10779 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10779), [CVE-2018-12900 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900), [CVE-2018-17000 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000), [CVE-2018-19210 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210), [CVE-2019-6128 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128), and [CVE-2019-7663 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663).

Changelog for 1.12.6_1541, released 4 March 2019

{: #1126_1541}

The following table shows the changes that are included in the patch 1.12.6_1541. {: shortdesc}

Changes since version 1.12.5_1540
Component Previous Current Description
Cluster DNS provider N/A N/A Increased Kubernetes DNS and CoreDNS pod memory limit from `170Mi` to `400Mi` in order to handle more cluster services.
GPU device plug-in and installer eb3a259 e32d51c Updated images for [CVE-2019-6454 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454).
{{site.data.keyword.cloud_notm}} Provider v1.12.5-137 v1.12.6-157 Updated to support the Kubernetes 1.12.6 release. Fixed periodic connectivity problems for version 1.0 load balancers that set `externalTrafficPolicy` to `local`. Updated load balancer version 1.0 and 2.0 events to use the latest {{site.data.keyword.cloud_notm}} documentation links.
{{site.data.keyword.cloud_notm}} File Storage plug-in 342 344 Changed the base operating system for the image from Fedora to Alpine. Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
Key Management Service provider 122 136 Increased client timeout to {{site.data.keyword.keymanagementservicefull_notm}}. Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
Kubernetes v1.12.5 v1.12.6 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.12.6). Update resolves [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486) and [CVE-2019-1002100 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1002100). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10873324).
Kubernetes configuration N/A N/A Added `ExperimentalCriticalPodAnnotation=true` to the `--feature-gates` option. This setting helps migrate pods from the deprecated `scheduler.alpha.kubernetes.io/critical-pod` annotation to [Kubernetes pod priority support](/docs/containers?topic=containers-pod_priority#pod_priority).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 132 143 Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
OpenVPN client and server 2.4.6-r3-IKS-13 2.4.6-r3-IKS-25 Updated image for [CVE-2019-1559 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559).
Trusted compute agent 1ea5ad3 5f3d092 Updated image for [CVE-2019-6454 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454).

Changelog for worker node fix pack 1.12.5_1540, released 27 February 2019

{: #1125_1540}

The following table shows the changes that are included in the worker node fix pack 1.12.5_1540. {: shortdesc}

Changes since version 1.12.5_1538
Component Previous Current Description
Kernel 4.4.0-141 4.4.0-142 Updated worker node images with kernel update for [CVE-2018-19407 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-142.168/changelog).

Changelog for worker node fix pack 1.12.5_1538, released 15 February 2019

{: #1125_1538}

The following table shows the changes that are included in the worker node fix pack 1.12.5_1538. {: shortdesc}

Changes since version 1.12.5_1537
Component Previous Current Description
Cluster master HA proxy configuration N/A N/A Changed the pod configuration `spec.priorityClassName` value to `system-node-critical` and set the `spec.priority` value to `2000001000`.
containerd 1.1.5 1.1.6 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.1.6). Update resolves [CVE-2019-5736 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10871600).
Kubernetes `kubelet` configuration N/A N/A Enabled the `ExperimentalCriticalPodAnnotation` feature gate to prevent critical static pod eviction.

Changelog for 1.12.5_1537, released 5 February 2019

{: #1125_1537}

The following table shows the changes that are included in the patch 1.12.5_1537. {: shortdesc}

Changes since version 1.12.4_1535
Component Previous Current Description
etcd v3.3.1 v3.3.11 See the [etcd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.11). Additionally, the supported cipher suites to etcd are now restricted to a subset with high strength encryption (128 bits or more).
GPU device plug-in and installer 13fdc0d eb3a259 Updated images for [CVE-2019-3462 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462) and [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
{{site.data.keyword.cloud_notm}} Provider v1.12.4-118 v1.12.5-137 Updated to support the Kubernetes 1.12.5 release. Additionally, `calicoctl` version is updated to 3.3.1. Fixed unnecessary configuration updates to version 2.0 network load balancers on worker node status changes.
{{site.data.keyword.cloud_notm}} File Storage plug-in 338 342 The file storage plug-in is updated as follows:
  • Supports dynamic provisioning with [volume topology-aware scheduling](/docs/containers?topic=containers-file_storage#file-topology).
  • Ignores persistent volume claim (PVC) delete errors if the storage is already deleted.
  • Adds a failure message annotation to failed PVCs.
  • Optimizes the storage provisioner controller's leader election and resync period settings, and increases the provisioning timeout from 30 minutes to 1 hour.
  • Checks user permissions before starting the provisioning.
Key Management Service provider 111 122 Added retry logic to avoid temporary failures when Kubernetes secrets are managed by {{site.data.keyword.keymanagementservicefull_notm}}.
Kubernetes v1.12.4 v1.12.5 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.12.5).
Kubernetes configuration N/A N/A The Kubernetes API server audit policy configuration is updated to include logging metadata for `cluster-admin` requests and logging the request body of workload `create`, `update`, and `patch` requests.
OpenVPN client 2.4.6-r3-IKS-8 2.4.6-r3-IKS-13 Updated image for [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734) and [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407). Additionally, the pod configuration is now obtained from a secret instead of from a configmap.
OpenVPN server 2.4.6-r3-IKS-8 2.4.6-r3-IKS-13 Updated image for [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734) and [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407).
systemd 230 229 Security patch for [CVE-2018-16864 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16864).

Changelog for worker node fix pack 1.12.4_1535, released 28 January 2019

{: #1124_1535}

The following table shows the changes that are included in the worker node fix pack 1.12.4_1535. {: shortdesc}

Changes since version 1.12.4_1534
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages including `apt` for [CVE-2019-3462 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462) and [USN-3863-1 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://usn.ubuntu.com/3863-1).

Changelog for 1.12.4_1534, released 21 January 2019

{: #1124_1534}

The following table shows the changes that are included in the patch 1.12.3_1534. {: shortdesc}

Changes since version 1.12.3_1533
Component Previous Current Description
{{site.data.keyword.cloud_notm}} Provider v1.12.3-91 v1.12.4-118 Updated to support the Kubernetes 1.12.4 release.
Kubernetes v1.12.3 v1.12.4 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.12.4).
Kubernetes add-on resizer 1.8.1 1.8.4 See the [Kubernetes add-on resizer release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/autoscaler/releases/tag/addon-resizer-1.8.4).
Kubernetes dashboard v1.8.3 v1.10.1 See the [Kubernetes dashboard release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dashboard/releases/tag/v1.10.1). Update resolves [CVE-2018-18264 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18264).
GPU installer 390.12 410.79 Updated the installed GPU drivers to 410.79.

Changelog for worker node fix pack 1.12.3_1533, released 7 January 2019

{: #1123_1533}

The following table shows the changes that are included in the worker node fix pack 1.12.3_1533. {: shortdesc}

Changes since version 1.12.3_1532
Component Previous Current Description
Kernel 4.4.0-139 4.4.0-141 Updated worker node images with kernel update for [CVE-2017-5753, CVE-2018-18690 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-141.167/changelog).

Changelog for worker node fix pack 1.12.3_1532, released 17 December 2018

{: #1123_1532}

The following table shows the changes that are included in the worker node fix pack 1.12.2_1532. {: shortdesc}

Changes since version 1.12.3_1531
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.

Changelog for 1.12.3_1531, released 5 December 2018

{: #1123_1531}

The following table shows the changes that are included in the patch 1.12.3_1531. {: shortdesc}

Changes since version 1.12.2_1530
Component Previous Current Description
{{site.data.keyword.cloud_notm}} Provider v1.12.2-68 v1.12.3-91 Updated to support the Kubernetes 1.12.3 release.
Kubernetes v1.12.2 v1.12.3 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.12.3). Update resolves [CVE-2018-1002105 ![External link icon](../icons/launch-glyph.svg "External link icon")](kubernetes/kubernetes#71411). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10743917).

Changelog for worker node fix pack 1.12.2_1530, released 4 December 2018

{: #1122_1530}

The following table shows the changes that are included in the worker node fix pack 1.12.2_1530. {: shortdesc}

Changes since version 1.12.2_1529
Component Previous Current Description
Worker node resource utilization N/A N/A Added dedicated cgroups for the kubelet and containerd to prevent these components from running out of resources. For more information, see [Worker node resource reserves](/docs/containers?topic=containers-planning_worker_nodes#resource_limit_node).

Changelog for 1.12.2_1529, released 27 November 2018

{: #1122_1529}

The following table shows the changes that are included in patch 1.12.2_1529. {: shortdesc}

Changes since version 1.12.2_1528
Component Previous Current Description
Calico v3.2.1 v3.3.1 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.3/releases/#v331). Update resolves [Tigera Technical Advisory TTA-2018-001 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.projectcalico.org/security-bulletins/). For more information, see the [IBM security bulletin ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.ibm.com/support/docview.wss?uid=ibm10740799).
Cluster DNS configuration N/A N/A Fixed a bug that could result in both Kubernetes DNS and CoreDNS pods to run after cluster creation or update operations.
containerd v1.2.0 v1.1.5 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.1.5). Updated containerd to fix a deadlock that can [stop pods from terminating ![External link icon](../icons/launch-glyph.svg "External link icon")](containerd/containerd#2744).
OpenVPN client and server 2.4.4-r1-6 2.4.6-r3-IKS-8 Updated image for [CVE-2018-0732 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732) and [CVE-2018-0737 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737).

Changelog for worker node fix pack 1.12.2_1528, released 19 November 2018

{: #1122_1528}

The following table shows the changes that are included in the worker node fix pack 1.12.2_1528. {: shortdesc}

Changes since version 1.12.2_1527
Component Previous Current Description
Kernel 4.4.0-137 4.4.0-139 Updated worker node images with kernel update for [CVE-2018-7755 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-139.165/changelog).

Changelog for 1.12.2_1527, released 7 November 2018

{: #1122_1527}

The following table shows the changes that are included in patch 1.12.2_1527. {: shortdesc}

Changes since version 1.11.3_1533
Component Previous Current Description
Calico configuration N/A N/A Calico `calico-*` pods in the `kube-system` namespace now set CPU and memory resource requests for all containers.
Cluster DNS provider N/A N/A Kubernetes DNS (KubeDNS) remains the default cluster DNS provider. However, you now have the option to [change the cluster DNS provide to CoreDNS](/docs/containers?topic=containers-cluster_dns#dns_set).
Cluster metrics provider N/A N/A Kubernetes Metrics Server replaces Kubernetes Heapster (deprecated since Kubernetes version 1.8) as the cluster metrics provider. For action items, see [the `metrics-server` preparation action](/docs/containers?topic=containers-cs_versions#metrics-server).
containerd 1.1.4 1.2.0 See the [containerd release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.2.0).
CoreDNS N/A 1.2.2 See the [CoreDNS release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/coredns/coredns/releases/tag/v1.2.2).
Kubernetes v1.11.3 v1.12.2 See the [Kubernetes release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.12.2).
Kubernetes configuration N/A N/A Added three new IBM pod security policies and their associated cluster roles. For more information, see [Understanding default resources for IBM cluster management](/docs/containers?topic=containers-psp#ibm_psp).
Kubernetes Dashboard v1.8.3 v1.10.0 See the [Kubernetes Dashboard release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dashboard/releases/tag/v1.10.0).

If you access the dashboard via `kubectl proxy`, the **SKIP** button on the login page is removed. Instead, [use a **Token** to log in](/docs/containers?topic=containers-app#cli_dashboard). Additionally, you can now scale up the number of Kubernetes Dashboard pods by running `kubectl -n kube-system scale deploy kubernetes-dashboard --replicas=3`.
Kubernetes DNS 1.14.10 1.14.13 See the [Kubernetes DNS release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dns/releases/tag/1.14.13).
Kubernetes Metrics Server N/A v0.3.1 See the [Kubernetes Metrics Server release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/metrics-server/releases/tag/v0.3.1).
{{site.data.keyword.cloud_notm}} Provider v1.11.3-118 v1.12.2-68 Updated to support the Kubernetes 1.12 release. Additional changes include the following:
  • Load balancer pods (`ibm-cloud-provider-ip-*` in `ibm-system` namespace) now set CPU and memory resource requests.
  • The `service.kubernetes.io/ibm-load-balancer-cloud-provider-vlan` annotation is added to specify the VLAN that the load balancer service deploys to. To see available VLANs in your cluster, run `ibmcloud ks vlan ls --zone `.
  • A new [load balancer 2.0](/docs/containers?topic=containers-loadbalancer-about#planning_ipvs) is available as a beta.
OpenVPN client configuration N/A N/A OpenVPN client `vpn-* pod` in the `kube-system` namespace now sets CPU and memory resource requests.

Archive

{: #changelog_archive}

Unsupported Kubernetes versions:

Version 1.11 changelog (unsupported as of 20 July 2019)

{: #111_changelog}

Review the version 1.11 changelog. {: shortdesc}

Changelog for worker node fix pack 1.11.10_1564, released 8 July 2019

{: #11110_1564}

The following table shows the changes that are included in the worker node patch 1.11.10_1564. {: shortdesc}

Changes since version 1.11.10_1563
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-151-generic 4.4.0-154-generic Updated worker node images with kernel and package updates for [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html) and [CVE-2019-11479 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11479.html).
Ubuntu 18.04 kernel 4.15.0-52-generic 4.15.0-54-generic Updated worker node images with kernel and package updates for [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html) and [CVE-2019-11479 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11479.html).

Changelog for worker node fix pack 1.11.10_1563, released 24 June 2019

{: #11110_1563}

The following table shows the changes that are included in the worker node patch 1.11.10_1563. {: shortdesc}

Changes since version 1.11.10_1562
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-150-generic 4.4.0-151-generic Updated worker node images with kernel and package updates for [CVE-2019-11477 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html) and [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html).
Ubuntu 18.04 kernel 4.15.0-51-generic 4.15.0-52-generic Updated worker node images with kernel and package updates for [CVE-2019-11477 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html) and [CVE-2019-11478 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html).

Changelog for worker node fix pack 1.11.10_1562, released 17 June 2019

{: #11110_1562}

The following table shows the changes that are included in the worker node patch 1.11.10_1562. {: shortdesc}

Changes since version 1.11.10_1561
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-148-generic 4.4.0-150-generic Updated worker node images with kernel and package updates for [CVE-2019-10906 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10906.html?_ga=2.184456110.929090212.1560547312-1880639276.1557078470).
Ubuntu 18.04 kernel 4.15.0-50-generic 4.15.0-51-generic Updated worker node images with kernel and package updates for [CVE-2019-10906 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10906.html?_ga=2.184456110.929090212.1560547312-1880639276.1557078470).

Changelog for 1.11.10_1561, released 4 June 2019

{: #11110_1561}

The following table shows the changes that are included in the patch 1.11.10_1561. {: shortdesc}

Changes since version 1.11.10_1559
Component Previous Current Description
Cluster master HA configuration N/A N/A Updated configuration to minimize intermittent master network connectivity failures during a master update.
etcd v3.3.11 v3.3.13 See the [etcd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.13).
GPU device plug-in and installer 55c1f66 32257d3 Updated image for [CVE-2018-10844 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844), [CVE-2018-10845 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845), [CVE-2018-10846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846), [CVE-2019-3829 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829), [CVE-2019-3836 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836), [CVE-2019-9893 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893), [CVE-2019-5435 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435), and [CVE-2019-5436 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436).
Trusted compute agent 13c7ef0 e8c6d72 Updated image for [CVE-2018-10844 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844), [CVE-2018-10845 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845), [CVE-2018-10846 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846), [CVE-2019-3829 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829), [CVE-2019-3836 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836), [CVE-2019-9893 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893), [CVE-2019-5435 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435), and [CVE-2019-5436 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436).

Changelog for worker node fix pack 1.11.10_1559, released 20 May 2019

{: #11110_1559}

The following table shows the changes that are included in the patch pack 1.11.10_1559. {: shortdesc}

Changes since version 1.11.10_1558
Component Previous Current Description
Ubuntu 16.04 kernel 4.4.0-145-generic 4.4.0-148-generic Updated worker node images with kernel update for [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html), and [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html).
Ubuntu 18.04 kernel 4.15.0-47-generic 4.15.0-50-generic Updated worker node images with kernel update for [CVE-2018-12126 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html), [CVE-2018-12127 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html), and [CVE-2018-12130 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html).

Changelog for 1.11.10_1558, released 13 May 2019

{: #11110_1558}

The following table shows the changes that are included in the patch 1.11.10_1558. {: shortdesc}

Changes since version 1.11.9_1556
Component Previous Current Description
Cluster master HA proxy 1.9.6-alpine 1.9.7-alpine See the [HAProxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.9/src/CHANGELOG). Update resolves [CVE-2019-6706 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6706).
GPU device plug-in and installer 9ff3fda 55c1f66 Updated image for [CVE-2019-1543 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543).
{{site.data.keyword.cloud_notm}} Provider v1.11.9-241 v1.11.10-270 Updated to support the Kubernetes 1.11.10 release.
Kubernetes v1.11.9 v1.11.10 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.10).
Kubernetes configuration N/A N/A The Kubernetes API server audit policy configuration is updated to not log the `/openapi/v2*` read-only URL. In addition, the Kubernetes controller manager configuration increased the validity duration of signed `kubelet` certificates from 1 to 3 years.
OpenVPN client configuration N/A N/A The OpenVPN client `vpn-*` pod in the `kube-system` namespace now sets `dnsPolicy` to `Default` to prevent the pod from failing when cluster DNS is down.
Trusted compute agent e132aa4 13c7ef0 Updated image for [CVE-2016-7076 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076), [CVE-2017-1000368 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000368), and [CVE-2019-11068 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068).

Changelog for worker node fix pack 1.11.9_1556, released 29 April 2019

{: #1119_1556}

The following table shows the changes that are included in the worker node fix pack 1.11.9_1556. {: shortdesc}

Changes since version 1.11.9_1555
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.
containerd 1.1.6 1.1.7 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.1.7).

Changelog for worker node fix pack 1.11.9_1555, released 15 April 2019

{: #1119_1555}

The following table shows the changes that are included in the worker node fix pack 1.11.9_1555. {: shortdesc}

Changes since 1.11.9_1554
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages including `systemd` for [CVE-2019-3842 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3842.html).

Changelog for 1.11.9_1554, released 8 April 2019

{: #1119_1554}

The following table shows the changes that are included in the patch 1.11.9_1554. {: shortdesc}

Changes since version 1.11.8_1553
Component Previous Current Description
Calico v3.3.1 v3.3.6 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.3/releases/#v336). Update resolves [CVE-2019-9946 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9946).
Cluster master HA proxy 1.8.12-alpine 1.9.6-alpine See the [HAProxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.9/src/CHANGELOG). Update resolves [CVE-2018-0732 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732), [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734), [CVE-2018-0737 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737), [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407), [CVE-2019-1543 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543), and [CVE-2019-1559 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559).
{{site.data.keyword.cloud_notm}} Provider v1.11.8-219 v1.11.9-241 Updated to support the Kubernetes 1.11.9 and Calico 3.3.6 releases.
Kubernetes v1.11.8 v1.11.9 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.9).
Kubernetes DNS 1.14.10 1.14.13 See the [Kubernetes DNS release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dns/releases/tag/1.14.13).
Trusted compute agent a02f765 e132aa4 Updated image for [CVE-2017-12447 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12447).
Ubuntu 16.04 kernel 4.4.0-143-generic 4.4.0-145-generic Updated worker node images with kernel update for [CVE-2019-9213 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html).
Ubuntu 18.04 kernel 4.15.0-46-generic 4.15.0-47-generic Updated worker node images with kernel update for [CVE-2019-9213 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html).

Changelog for worker node fix pack 1.11.8_1553, released 1 April 2019

{: #1118_1553}

The following table shows the changes that are included in the worker node fix 1.11.8_1553. {: shortdesc}

Changes since version 1.11.8_1552
Component Previous Current Description
Worker node resource utilization N/A N/A Increased memory reservations for the kubelet and containerd to prevent these components from running out of resources. For more information, see [Worker node resource reserves](/docs/containers?topic=containers-planning_worker_nodes#resource_limit_node).

Changelog for master fix pack 1.11.8_1552, released 26 March 2019

{: #1118_1552}

The following table shows the changes that are included in the master fix pack 1.11.8_1552. {: shortdesc}

Changes since version 1.11.8_1550
Component Previous Current Description
{{site.data.keyword.cloud_notm}} File Storage plug-in 345 346 Updated image for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).
Key Management Service provider 166 167 Fixes intermittent `context deadline exceeded` and `timeout` errors for managing Kubernetes secrets. In addition, fixes updates to the key management service that might leave existing Kubernetes secrets unencrypted. Update includes fix for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 143 146 Updated image for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).

Changelog for 1.11.8_1550, released 20 March 2019

{: #1118_1550}

The following table shows the changes that are included in the patch 1.11.8_1550. {: shortdesc}

Changes since version 1.11.8_1547
Component Previous Current Description
Cluster master HA proxy configuration N/A N/A Updated configuration to better handle intermittent connection failures to the cluster master.
GPU device plug-in and installer e32d51c 9ff3fda Updated the GPU drivers to [418.43 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/object/unix.html). Update includes fix for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9741.html).
{{site.data.keyword.cloud_notm}} File Storage plug-in 344 345 Added support for [private service endpoints](/docs/containers?topic=containers-cs_network_cluster#set-up-private-se).
Kernel 4.4.0-141 4.4.0-143 Updated worker node images with kernel update for [CVE-2019-6133 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6133.html).
Key Management Service provider 136 166 Updated image for [CVE-2018-16890 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890), [CVE-2019-3822 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822), and [CVE-2019-3823 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823).
Trusted compute agent 5f3d092 a02f765 Updated image for [CVE-2018-10779 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10779), [CVE-2018-12900 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900), [CVE-2018-17000 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000), [CVE-2018-19210 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210), [CVE-2019-6128 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128), and [CVE-2019-7663 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663).

Changelog for 1.11.8_1547, released 4 March 2019

{: #1118_1547}

The following table shows the changes that are included in the patch 1.11.8_1547. {: shortdesc}

Changes since version 1.11.7_1546
Component Previous Current Description
GPU device plug-in and installer eb3a259 e32d51c Updated images for [CVE-2019-6454 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454).
{{site.data.keyword.cloud_notm}} Provider v1.11.7-198 v1.11.8-219 Updated to support the Kubernetes 1.11.8 release. Fixed periodic connectivity problems for load balancers that set `externalTrafficPolicy` to `local`. Updated load balancer events to use the latest {{site.data.keyword.cloud_notm}} documentation links.
{{site.data.keyword.cloud_notm}} File Storage plug-in 342 344 Changed the base operating system for the image from Fedora to Alpine. Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
Key Management Service provider 122 136 Increased client timeout to {{site.data.keyword.keymanagementservicefull_notm}}. Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
Kubernetes v1.11.7 v1.11.8 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.8). Update resolves [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486) and [CVE-2019-1002100 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1002100).
Kubernetes configuration N/A N/A Added `ExperimentalCriticalPodAnnotation=true` to the `--feature-gates` option. This setting helps migrate pods from the deprecated `scheduler.alpha.kubernetes.io/critical-pod` annotation to [Kubernetes pod priority support](/docs/containers?topic=containers-pod_priority#pod_priority).
Kubernetes DNS N/A N/A Increased Kubernetes DNS pod memory limit from `170Mi` to `400Mi` in order to handle more cluster services.
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 132 143 Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
OpenVPN client and server 2.4.6-r3-IKS-13 2.4.6-r3-IKS-25 Updated image for [CVE-2019-1559 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559).
Trusted compute agent 1ea5ad3 5f3d092 Updated image for [CVE-2019-6454 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454).

Changelog for worker node fix pack 1.11.7_1546, released 27 February 2019

{: #1117_1546}

The following table shows the changes that are included in the worker node fix pack 1.11.7_1546. {: shortdesc}

Changes since version 1.11.7_1546
Component Previous Current Description
Kernel 4.4.0-141 4.4.0-142 Updated worker node images with kernel update for [CVE-2018-19407 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-142.168/changelog).

Changelog for worker node fix pack 1.11.7_1544, released 15 February 2019

{: #1117_1544}

The following table shows the changes that are included in the worker node fix pack 1.11.7_1544. {: shortdesc}

Changes since version 1.11.7_1543
Component Previous Current Description
Cluster master HA proxy configuration N/A N/A Changed the pod configuration `spec.priorityClassName` value to `system-node-critical` and set the `spec.priority` value to `2000001000`.
containerd 1.1.5 1.1.6 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.1.6). Update resolves [CVE-2019-5736 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736).
Kubernetes `kubelet` configuration N/A N/A Enabled the `ExperimentalCriticalPodAnnotation` feature gate to prevent critical static pod eviction.

Changelog for 1.11.7_1543, released 5 February 2019

{: #1117_1543}

The following table shows the changes that are included in the patch 1.11.7_1543. {: shortdesc}

Changes since version 1.11.6_1541
Component Previous Current Description
etcd v3.3.1 v3.3.11 See the [etcd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.11). Additionally, the supported cipher suites to etcd are now restricted to a subset with high strength encryption (128 bits or more).
GPU device plug-in and installer 13fdc0d eb3a259 Updated images for [CVE-2019-3462 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462) and [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
{{site.data.keyword.cloud_notm}} Provider v1.11.6-180 v1.11.7-198 Updated to support the Kubernetes 1.11.7 release. Additionally, `calicoctl` version is updated to 3.3.1. Fixed unnecessary configuration updates to version 2.0 network load balancers on worker node status changes.
{{site.data.keyword.cloud_notm}} File Storage plug-in 338 342 The file storage plug-in is updated as follows:
  • Supports dynamic provisioning with [volume topology-aware scheduling](/docs/containers?topic=containers-file_storage#file-topology).
  • Ignores persistent volume claim (PVC) delete errors if the storage is already deleted.
  • Adds a failure message annotation to failed PVCs.
  • Optimizes the storage provisioner controller's leader election and resync period settings, and increases the provisioning timeout from 30 minutes to 1 hour.
  • Checks user permissions before starting the provisioning.
Key Management Service provider 111 122 Added retry logic to avoid temporary failures when Kubernetes secrets are managed by {{site.data.keyword.keymanagementservicefull_notm}}.
Kubernetes v1.11.6 v1.11.7 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.7).
Kubernetes configuration N/A N/A The Kubernetes API server audit policy configuration is updated to include logging metadata for `cluster-admin` requests and logging the request body of workload `create`, `update`, and `patch` requests.
OpenVPN client 2.4.6-r3-IKS-8 2.4.6-r3-IKS-13 Updated image for [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734) and [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407). Additionally, the pod configuration is now obtained from a secret instead of from a configmap.
OpenVPN server 2.4.6-r3-IKS-8 2.4.6-r3-IKS-13 Updated image for [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734) and [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407).
systemd 230 229 Security patch for [CVE-2018-16864 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16864).

Changelog for worker node fix pack 1.11.6_1541, released 28 January 2019

{: #1116_1541}

The following table shows the changes that are included in the worker node fix pack 1.11.6_1541. {: shortdesc}

Changes since version 1.11.6_1540
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages including `apt` for [CVE-2019-3462 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462) / [USN-3863-1 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://usn.ubuntu.com/3863-1).

Changelog for 1.11.6_1540, released 21 January 2019

{: #1116_1540}

The following table shows the changes that are included in the patch 1.11.6_1540. {: shortdesc}

Changes since version 1.11.5_1539
Component Previous Current Description
{{site.data.keyword.cloud_notm}} Provider v1.11.5-152 v1.11.6-180 Updated to support the Kubernetes 1.11.6 release.
Kubernetes v1.11.5 v1.11.6 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.6).
Kubernetes add-on resizer 1.8.1 1.8.4 See the [Kubernetes add-on resizer release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/autoscaler/releases/tag/addon-resizer-1.8.4).
Kubernetes dashboard v1.8.3 v1.10.1 See the [Kubernetes dashboard release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dashboard/releases/tag/v1.10.1). Update resolves [CVE-2018-18264 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18264).

If you access the dashboard via `kubectl proxy`, the **SKIP** button on the login page is removed. Instead, [use a **Token** to log in](/docs/containers?topic=containers-app#cli_dashboard).
GPU installer 390.12 410.79 Updated the installed GPU drivers to 410.79.

Changelog for worker node fix pack 1.11.5_1539, released 7 January 2019

{: #1115_1539}

The following table shows the changes that are included in the worker node fix pack 1.11.5_1539. {: shortdesc}

Changes since version 1.11.5_1538
Component Previous Current Description
Kernel 4.4.0-139 4.4.0-141 Updated worker node images with kernel update for [CVE-2017-5753, CVE-2018-18690 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-141.167/changelog).

Changelog for worker node fix pack 1.11.5_1538, released 17 December 2018

{: #1115_1538}

The following table shows the changes that are included in the worker node fix pack 1.11.5_1538. {: shortdesc}

Changes since version 1.11.5_1537
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.

Changelog for 1.11.5_1537, released 5 December 2018

{: #1115_1537}

The following table shows the changes that are included in the patch 1.11.5_1537. {: shortdesc}

Changes since version 1.11.4_1536
Component Previous Current Description
{{site.data.keyword.cloud_notm}} Provider v1.11.4-142 v1.11.5-152 Updated to support the Kubernetes 1.11.5 release.
Kubernetes v1.11.4 v1.11.5 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.5). Update resolves [CVE-2018-1002105 ![External link icon](../icons/launch-glyph.svg "External link icon")](kubernetes/kubernetes#71411).

Changelog for worker node fix pack 1.11.4_1536, released 4 December 2018

{: #1114_1536}

The following table shows the changes that are included in the worker node fix pack 1.11.4_1536. {: shortdesc}

Changes since version 1.11.4_1535
Component Previous Current Description
Worker node resource utilization N/A N/A Added dedicated cgroups for the kubelet and containerd to prevent these components from running out of resources. For more information, see [Worker node resource reserves](/docs/containers?topic=containers-planning_worker_nodes#resource_limit_node).

Changelog for 1.11.4_1535, released 27 November 2018

{: #1114_1535}

The following table shows the changes that are included in patch 1.11.4_1535. {: shortdesc}

Changes since version 1.11.3_1534
Component Previous Current Description
Calico v3.2.1 v3.3.1 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.3/releases/#v331). Update resolves [Tigera Technical Advisory TTA-2018-001 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.projectcalico.org/security-bulletins/).
containerd v1.1.4 v1.1.5 See the [containerd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.1.5). Updated containerd to fix a deadlock that can [stop pods from terminating ![External link icon](../icons/launch-glyph.svg "External link icon")](containerd/containerd#2744).
{{site.data.keyword.cloud_notm}} Provider v1.11.3-127 v1.11.4-142 Updated to support the Kubernetes 1.11.4 release.
Kubernetes v1.11.3 v1.11.4 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.4).
OpenVPN client and server 2.4.4-r1-6 2.4.6-r3-IKS-8 Updated image for [CVE-2018-0732 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732) and [CVE-2018-0737 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737).

Changelog for worker node fix pack 1.11.3_1534, released 19 November 2018

{: #1113_1534}

The following table shows the changes that are included in the worker node fix pack 1.11.3_1534. {: shortdesc}

Changes since version 1.11.3_1533
Component Previous Current Description
Kernel 4.4.0-137 4.4.0-139 Updated worker node images with kernel update for [CVE-2018-7755 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-139.165/changelog).

Changelog for 1.11.3_1533, released 7 November 2018

{: #1113_1533}

The following table shows the changes that are included in patch 1.11.3_1533. {: shortdesc}

Changes since version 1.11.3_1531
Component Previous Current Description
Cluster master HA update N/A N/A Fixed the update to highly available (HA) masters for clusters that use admission webhooks such as `initializerconfigurations`, `mutatingwebhookconfigurations`, or `validatingwebhookconfigurations`. You might use these webhooks with Helm charts such as for [Container Image Security Enforcement](/docs/services/Registry?topic=registry-security_enforce#security_enforce).
{{site.data.keyword.cloud_notm}} Provider v1.11.3-100 v1.11.3-127 Added the `service.kubernetes.io/ibm-load-balancer-cloud-provider-vlan` annotation to specify the VLAN that the load balancer service deploys to. To see available VLANs in your cluster, run `ibmcloud ks vlan ls --zone `.
TPM-enabled kernel N/A N/A Bare metal worker nodes with TPM chips for Trusted Compute use the default Ubuntu kernel until trust is enabled. If you [enable trust](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_cluster_feature_enable) on an existing cluster, you need to [reload](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) any existing bare metal worker nodes with TPM chips. To check if a bare metal worker node has a TPM chip, review the **Trustable** field after running the `ibmcloud ks flavors --zone` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_machine_types).

Changelog for master fix pack 1.11.3_1531, released 1 November 2018

{: #1113_1531_ha-master}

The following table shows the changes that are included in the master fix pack 1.11.3_1531. {: shortdesc}

Changes since version 1.11.3_1527
Component Previous Current Description
Cluster master N/A N/A Updated the cluster master configuration to increase high availability (HA). Clusters now have three Kubernetes master replicas that are set up with a highly available (HA) configuration, with each master deployed on separate physical hosts.
Cluster master HA proxy N/A 1.8.12-alpine Added an `ibm-master-proxy-*` pod for client-side load balancing on all worker nodes, so that each worker node client can route requests to an available HA master replica.
etcd v3.2.18 v3.3.1 See the [etcd release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.1).
Encrypting data in etcd N/A N/A Previously, etcd data was stored on a master’s NFS file storage instance that is encrypted at rest. Now, etcd data is stored on the master’s local disk and backed up to {{site.data.keyword.cos_full_notm}}. Data is encrypted during transit to {{site.data.keyword.cos_full_notm}} and at rest. However, the etcd data on the master’s local disk is not encrypted. If you want your master’s local etcd data to be encrypted, [enable {{site.data.keyword.keymanagementservicelong_notm}} in your cluster](/docs/containers?topic=containers-encryption#keyprotect).

Changelog for worker node fix pack 1.11.3_1531, released 26 October 2018

{: #1113_1531}

The following table shows the changes that are included in the worker node fix pack 1.11.3_1531. {: shortdesc}

Changes since version 1.11.3_1525
Component Previous Current Description
OS interrupt handling N/A N/A Replaced the interrupt request (IRQ) system daemon with a more performant interrupt handler.

Changelog for master fix pack 1.11.3_1527, released 15 October 2018

{: #1113_1527}

The following table shows the changes that are included in the master fix pack 1.11.3_1527. {: shortdesc}

Changes since version 1.11.3_1524
Component Previous Current Description
Calico configuration N/A N/A Fixed `calico-node` container readiness probe to better handle node failures.
Cluster update N/A N/A Fixed problem with updating cluster add-ons when the master is updated from an unsupported version.

Changelog for worker node fix pack 1.11.3_1525, released 10 October 2018

{: #1113_1525}

The following table shows the changes that are included in the worker node fix pack 1.11.3_1525. {: shortdesc}

Changes since version 1.11.3_1524
Component Previous Current Description
Kernel 4.4.0-133 4.4.0-137 Updated worker node images with kernel update for [CVE-2018-14633, CVE-2018-17182 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-137.163/changelog).
Inactive session timeout N/A N/A Set the inactive session timeout to 5 minutes for compliance reasons.

Changelog for 1.11.3_1524, released 2 October 2018

{: #1113_1524}

The following table shows the changes that are included in patch 1.11.3_1524. {: shortdesc}

Changes since version 1.11.3_1521
Component Previous Current Description
containerd 1.1.3 1.1.4 See the [containerd release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.1.4).
{{site.data.keyword.cloud_notm}} Provider v1.11.3-91 v1.11.3-100 Updated the documentation link in load balancer error messages.
IBM file storage classes N/A N/A Removed duplicate `reclaimPolicy` parameter in the IBM file storage classes.

Also, now when you update the cluster master, the default IBM file storage class remains unchanged. If you want to change the default storage class, run `kubectl patch storageclass -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'` and replace `` with the name of the storage class.

Changelog for 1.11.3_1521, released 20 September 2018

{: #1113_1521}

The following table shows the changes that are included in patch 1.11.3_1521. {: shortdesc}

Changes since version 1.11.2_1516
Component Previous Current Description
{{site.data.keyword.cloud_notm}} Provider v1.11.2-71 v1.11.3-91 Updated to support Kubernetes 1.11.3 release.
IBM file storage classes N/A N/A Removed `mountOptions` in the IBM file storage classes to use the default that is provided by the worker node.

Also, now when you update the cluster master, the default IBM file storage class remains `ibmc-file-bronze`. If you want to change the default storage class, run `kubectl patch storageclass -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'` and replace `` with the name of the storage class.
Key Management Service Provider N/A N/A Added the ability to use the Kubernetes [key management service (KMS) provider](/docs/containers?topic=containers-encryption#keyprotect) in the cluster, to support {{site.data.keyword.keymanagementservicefull}}. When you [enable {{site.data.keyword.keymanagementserviceshort}} in your cluster](/docs/containers?topic=containers-encryption#keyprotect), all your Kubernetes secrets are encrypted.
Kubernetes v1.11.2 v1.11.3 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.3).
Kubernetes DNS autoscaler 1.1.2-r2 1.2.0 See the [Kubernetes DNS autoscaler release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/releases/tag/1.2.0).
Log rotate N/A N/A Switched to use `systemd` timers instead of `cronjobs` to prevent `logrotate` from failing on worker nodes that are not reloaded or updated within 90 days. **Note**: In all earlier versions for this minor release, the primary disk fills up after the cron job fails because the logs are not rotated. The cron job fails after the worker node is active for 90 days without being updated or reloaded. If the logs fill up the entire primary disk, the worker node enters a failed state. The worker node can be fixed by using the `ibmcloud ks worker reload` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) or the `ibmcloud ks worker update` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_update).
Root password expiration N/A N/A Root passwords for the worker nodes expire after 90 days for compliance reasons. If your automation tooling needs to log in to the worker node as root or relies on cron jobs that run as root, you can disable the password expiration by logging into the worker node and running `chage -M -1 root`. **Note**: If you have security compliance requirements that prevent running as root or removing password expiration, do not disable the expiration. Instead, you can [update](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_update) or [reload](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) your worker nodes at least every 90 days.
Worker node runtime components (`kubelet`, `kube-proxy`, `containerd`) N/A N/A Removed dependencies of runtime components on the primary disk. This enhancement prevents worker nodes from failing when the primary disk is filled up.
systemd N/A N/A Periodically clean transient mount units to prevent them from becoming unbounded. This action addresses [Kubernetes issue 57345 ![External link icon](../icons/launch-glyph.svg "External link icon")](kubernetes/kubernetes#57345).

Changelog for 1.11.2_1516, released 4 September 2018

{: #1112_1516}

The following table shows the changes that are included in patch 1.11.2_1516. {: shortdesc}

Changes since version 1.11.2_1514
Component Previous Current Description
Calico v3.1.3 v3.2.1 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.2/releases/#v321).
containerd 1.1.2 1.1.3 See the [`containerd` release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.1.3).
{{site.data.keyword.cloud_notm}} Provider v1.11.2-60 v1.11.2-71 Changed the cloud provider configuration to better handle updates for load balancer services with `externalTrafficPolicy` set to `local`.
{{site.data.keyword.cloud_notm}} File Storage plug-in configuration N/A N/A Removed the default NFS version from the mount options in the IBM-provided file storage classes. The host's operating system now negotiates the NFS version with the IBM Cloud infrastructure NFS server. To manually set a specific NFS version, or to change the NFS version of your PV that was negotiated by the host's operating system, see [Changing the default NFS version](/docs/containers?topic=containers-file_storage#nfs_version_class).

Changelog for worker node fix pack 1.11.2_1514, released 23 August 2018

{: #1112_1514}

The following table shows the changes that are included in the worker node fix pack 1.11.2_1514. {: shortdesc}

Changes since version 1.11.2_1513
Component Previous Current Description
`systemd` 229 230 Updated `systemd` to fix `cgroup` leak.
Kernel 4.4.0-127 4.4.0-133 Updated worker node images with kernel update for [CVE-2018-3620,CVE-2018-3646 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://usn.ubuntu.com/3741-1/).

Changelog for 1.11.2_1513, released 14 August 2018

{: #1112_1513}

The following table shows the changes that are included in patch 1.11.2_1513. {: shortdesc}

Changes since version 1.10.5_1518
Component Previous Current Description
containerd N/A 1.1.2 `containerd` replaces Docker as the new container runtime for Kubernetes. See the [`containerd` release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/containerd/containerd/releases/tag/v1.1.2).
Docker N/A N/A `containerd` replaces Docker as the new container runtime for Kubernetes, to enhance performance.
etcd v3.2.14 v3.2.18 See the [etcd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.2.18).
{{site.data.keyword.cloud_notm}} Provider v1.10.5-118 v1.11.2-60 Updated to support Kubernetes 1.11 release. In addition, load balancer pods now use the new `ibm-app-cluster-critical` pod priority class.
{{site.data.keyword.cloud_notm}} File Storage plug-in 334 338 Updated `incubator` version to 1.8. File storage is provisioned to the specific zone that you select. You cannot update an existing (static) PV instance labels.
Kubernetes v1.10.5 v1.11.2 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.2).
Kubernetes configuration N/A N/A Updated the OpenID Connect configuration for the cluster's Kubernetes API server to support {{site.data.keyword.cloud_notm}} Identity Access and Management (IAM) access groups. Added `Priority` to the `--enable-admission-plugins` option for the cluster's Kubernetes API server and configured the cluster to support pod priority. For more information, see:
  • [{{site.data.keyword.cloud_notm}} IAM access groups](/docs/containers?topic=containers-users#rbac)
  • [Configuring pod priority](/docs/containers?topic=containers-pod_priority#pod_priority)
Kubernetes Heapster v1.5.2 v.1.5.4 Increased resource limits for the `heapster-nanny` container. See the [Kubernetes Heapster release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/heapster/releases/tag/v1.5.4).
Logging configuration N/A N/A The container log directory is now `/var/log/pods/` instead of the previous `/var/lib/docker/containers/`.

Version 1.10 changelog (unsupported as of 16 May 2019)

{: #110_changelog}

Review the version 1.10 changelogs. {: shortdesc}

Changelog for worker node fix pack 1.10.13_1558, released 13 May 2019

{: #11013_1558}

The following table shows the changes that are included in the worker node fix pack 1.10.13_1558. {: shortdesc}

Changes since version 1.10.13_1557
Component Previous Current Description
Cluster master HA proxy 1.9.6-alpine 1.9.7-alpine See the [HAProxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.9/src/CHANGELOG). Update resolves [CVE-2019-6706 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6706).

Changelog for worker node fix pack 1.10.13_1557, released 29 April 2019

{: #11013_1557}

The following table shows the changes that are included in the worker node fix pack 1.10.13_1557. {: shortdesc}

Changes since 1.10.13_1556
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.

Changelog for worker node fix pack 1.10.13_1556, released 15 April 2019

{: #11013_1556}

The following table shows the changes that are included in the worker node fix pack 1.10.13_1556. {: shortdesc}

Changes since 1.10.13_1555
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages including `systemd` for [CVE-2019-3842 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3842.html).

Changelog for 1.10.13_1555, released 8 April 2019

{: #11013_1555}

The following table shows the changes that are included in the patch 1.10.13_1555. {: shortdesc}

Changes since version 1.10.13_1554
Component Previous Current Description
Cluster master HA proxy 1.8.12-alpine 1.9.6-alpine See the [HAProxy release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.haproxy.org/download/1.9/src/CHANGELOG). Update resolves [CVE-2018-0732 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732), [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734), [CVE-2018-0737 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737), [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407), [CVE-2019-1543 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543), and [CVE-2019-1559 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559).
Kubernetes DNS 1.14.10 1.14.13 See the [Kubernetes DNS release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dns/releases/tag/1.14.13).
Trusted compute agent a02f765 e132aa4 Updated image for [CVE-2017-12447 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12447).
Ubuntu 16.04 kernel 4.4.0-143-generic 4.4.0-145-generic Updated worker node images with kernel update for [CVE-2019-9213 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html).
Ubuntu 18.04 kernel 4.15.0-46-generic 4.15.0-47-generic Updated worker node images with kernel update for [CVE-2019-9213 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html).

Changelog for worker node fix pack 1.10.13_1554, released 1 April 2019

{: #11013_1554}

The following table shows the changes that are included in the worker node fix 1.10.13_1554. {: shortdesc}

Changes since version 1.10.13_1553
Component Previous Current Description
Worker node resource utilization N/A N/A Increased memory reservations for the kubelet and containerd to prevent these components from running out of resources. For more information, see [Worker node resource reserves](/docs/containers?topic=containers-planning_worker_nodes#resource_limit_node).

Changelog for master fix pack 1.10.13_1553, released 26 March 2019

{: #11118_1553}

The following table shows the changes that are included in the master fix pack 1.10.13_1553. {: shortdesc}

Changes since version 1.10.13_1551
Component Previous Current Description
{{site.data.keyword.cloud_notm}} File Storage plug-in 345 346 Updated image for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).
Key Management Service provider 166 167 Fixes intermittent `context deadline exceeded` and `timeout` errors for managing Kubernetes secrets. In addition, fixes updates to the key management service that might leave existing Kubernetes secrets unencrypted. Update includes fix for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 143 146 Updated image for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741).

Changelog for 1.10.13_1551, released 20 March 2019

{: #11013_1551}

The following table shows the changes that are included in the patch 1.10.13_1551. {: shortdesc}

Changes since version 1.10.13_1548
Component Previous Current Description
Cluster master HA proxy configuration N/A N/A Updated configuration to better handle intermittent connection failures to the cluster master.
GPU device plug-in and installer e32d51c 9ff3fda Updated the GPU drivers to [418.43 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.nvidia.com/object/unix.html). Update includes fix for [CVE-2019-9741 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9741.html).
{{site.data.keyword.cloud_notm}} File Storage plug-in 344 345 Added support for [private service endpoints](/docs/containers?topic=containers-cs_network_cluster#set-up-private-se).
Kernel 4.4.0-141 4.4.0-143 Updated worker node images with kernel update for [CVE-2019-6133 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6133.html).
Key Management Service provider 136 166 Updated image for [CVE-2018-16890 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890), [CVE-2019-3822 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822), and [CVE-2019-3823 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823).
Trusted compute agent 5f3d092 a02f765 Updated image for [CVE-2018-10779 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10779), [CVE-2018-12900 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900), [CVE-2018-17000 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000), [CVE-2018-19210 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210), [CVE-2019-6128 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128), and [CVE-2019-7663 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663).

Changelog for 1.10.13_1548, released 4 March 2019

{: #11013_1548}

The following table shows the changes that are included in the patch 1.10.13_1548. {: shortdesc}

Changes since version 1.10.12_1546
Component Previous Current Description
GPU device plug-in and installer eb3a259 e32d51c Updated images for [CVE-2019-6454 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454).
{{site.data.keyword.cloud_notm}} Provider v1.10.12-252 v1.10.13-288 Updated to support the Kubernetes 1.10.13 release. Fixed periodic connectivity problems for load balancers that set `externalTrafficPolicy` to `local`. Updated load balancer events to use the latest {{site.data.keyword.cloud_notm}} documentation links.
{{site.data.keyword.cloud_notm}} File Storage plug-in 342 344 Changed the base operating system for the image from Fedora to Alpine. Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
Key Management Service provider 122 136 Increased client timeout to {{site.data.keyword.keymanagementservicefull_notm}}. Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
Kubernetes v1.10.12 v1.10.13 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.13).
Kubernetes DNS N/A N/A Increased Kubernetes DNS pod memory limit from `170Mi` to `400Mi` in order to handle more cluster services.
Load balancer and load balancer monitor for {{site.data.keyword.cloud_notm}} Provider 132 143 Updated image for [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
OpenVPN client and server 2.4.6-r3-IKS-13 2.4.6-r3-IKS-25 Updated image for [CVE-2019-1559 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559).
Trusted compute agent 1ea5ad3 5f3d092 Updated image for [CVE-2019-6454 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454).

Changelog for worker node fix pack 1.10.12_1546, released 27 February 2019

{: #11012_1546}

The following table shows the changes that are included in the worker node fix pack 1.10.12_1546. {: shortdesc}

Changes since version 1.10.12_1544
Component Previous Current Description
Kernel 4.4.0-141 4.4.0-142 Updated worker node images with kernel update for [CVE-2018-19407 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-142.168/changelog).

Changelog for worker node fix pack 1.10.12_1544, released 15 February 2019

{: #11012_1544}

The following table shows the changes that are included in the worker node fix pack 1.10.12_1544. {: shortdesc}

Changes since version 1.10.12_1543
Component Previous Current Description
Docker 18.06.1-ce 18.06.2-ce See the [Docker Community Edition release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/docker/docker-ce/releases/tag/v18.06.2-ce). Update resolves [CVE-2019-5736 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736).
Kubernetes `kubelet` configuration N/A N/A Enabled the `ExperimentalCriticalPodAnnotation` feature gate to prevent critical static pod eviction.

Changelog for 1.10.12_1543, released 5 February 2019

{: #11012_1543}

The following table shows the changes that are included in the patch 1.10.12_1543. {: shortdesc}

Changes since version 1.10.12_1541
Component Previous Current Description
etcd v3.3.1 v3.3.11 See the [etcd release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.11). Additionally, the supported cipher suites to etcd are now restricted to a subset with high strength encryption (128 bits or more).
GPU device plug-in and installer 13fdc0d eb3a259 Updated images for [CVE-2019-3462 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462) and [CVE-2019-6486 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486).
{{site.data.keyword.cloud_notm}} File Storage plug-in 338 342 The file storage plug-in is updated as follows:
  • Supports dynamic provisioning with [volume topology-aware scheduling](/docs/containers?topic=containers-file_storage#file-topology).
  • Ignores persistent volume claim (PVC) delete errors if the storage is already deleted.
  • Adds a failure message annotation to failed PVCs.
  • Optimizes the storage provisioner controller's leader election and resync period settings, and increases the provisioning timeout from 30 minutes to 1 hour.
  • Checks user permissions before starting the provisioning.
Key Management Service provider 111 122 Added retry logic to avoid temporary failures when Kubernetes secrets are managed by {{site.data.keyword.keymanagementservicefull_notm}}.
Kubernetes configuration N/A N/A The Kubernetes API server audit policy configuration is updated to include logging metadata for `cluster-admin` requests and logging the request body of workload `create`, `update`, and `patch` requests.
OpenVPN client 2.4.6-r3-IKS-8 2.4.6-r3-IKS-13 Updated image for [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734) and [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407). Additionally, the pod configuration is now obtained from a secret instead of from a configmap.
OpenVPN server 2.4.6-r3-IKS-8 2.4.6-r3-IKS-13 Updated image for [CVE-2018-0734 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734) and [CVE-2018-5407 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407).
systemd 230 229 Security patch for [CVE-2018-16864 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16864).

Changelog for worker node fix pack 1.10.12_1541, released 28 January 2019

{: #11012_1541}

The following table shows the changes that are included in the worker node fix pack 1.10.12_1541. {: shortdesc}

Changes since version 1.10.12_1540
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages including `apt` for [CVE-2019-3462 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462) and [USN-3863-1 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://usn.ubuntu.com/3863-1).

Changelog for 1.10.12_1540, released 21 January 2019

{: #11012_1540}

The following table shows the changes that are included in the patch 1.10.12_1540. {: shortdesc}

Changes since version 1.10.11_1538
Component Previous Current Description
{{site.data.keyword.cloud_notm}} Provider v1.10.11-219 v1.10.12-252 Updated to support the Kubernetes 1.10.12 release.
Kubernetes v1.10.11 v1.10.12 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.12).
Kubernetes add-on resizer 1.8.1 1.8.4 See the [Kubernetes add-on resizer release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/autoscaler/releases/tag/addon-resizer-1.8.4).
Kubernetes dashboard v1.8.3 v1.10.1 See the [Kubernetes dashboard release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dashboard/releases/tag/v1.10.1). Update resolves [CVE-2018-18264 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18264).

If you access the dashboard via `kubectl proxy`, the **SKIP** button on the login page is removed. Instead, [use a **Token** to log in](/docs/containers?topic=containers-app#cli_dashboard).
GPU installer 390.12 410.79 Updated the installed GPU drivers to 410.79.

Changelog for worker node fix pack 1.10.11_1538, released 7 January 2019

{: #11011_1538}

The following table shows the changes that are included in the worker node fix pack 1.10.11_1538. {: shortdesc}

Changes since version 1.10.11_1537
Component Previous Current Description
Kernel 4.4.0-139 4.4.0-141 Updated worker node images with kernel update for [CVE-2017-5753, CVE-2018-18690 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-141.167/changelog).

Changelog for worker node fix pack 1.10.11_1537, released 17 December 2018

{: #11011_1537}

The following table shows the changes that are included in the worker node fix pack 1.10.11_1537. {: shortdesc}

Changes since version 1.10.11_1536
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.

Changelog for 1.10.11_1536, released 4 December 2018

{: #11011_1536}

The following table shows the changes that are included in patch 1.10.11_1536. {: shortdesc}

Changes since version 1.10.8_1532
Component Previous Current Description
Calico v3.2.1 v3.3.1 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.3/releases/#v331). Update resolves [Tigera Technical Advisory TTA-2018-001 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.projectcalico.org/security-bulletins/).
{{site.data.keyword.cloud_notm}} Provider v1.10.8-197 v1.10.11-219 Updated to support the Kubernetes 1.10.11 release.
Kubernetes v1.10.8 v1.10.11 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.11). Update resolves [CVE-2018-1002105 ![External link icon](../icons/launch-glyph.svg "External link icon")](kubernetes/kubernetes#71411).
OpenVPN client and server 2.4.4-r1-6 2.4.6-r3-IKS-8 Updated image for [CVE-2018-0732 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732) and [CVE-2018-0737 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737).
Worker node resource utilization N/A N/A Added dedicated cgroups for the kubelet and docker to prevent these components from running out of resources. For more information, see [Worker node resource reserves](/docs/containers?topic=containers-planning_worker_nodes#resource_limit_node).

Changelog for worker node fix pack 1.10.8_1532, released 27 November 2018

{: #1108_1532}

The following table shows the changes that are included in the worker node fix pack 1.10.8_1532. {: shortdesc}

Changes since version 1.10.8_1531
Component Previous Current Description
Docker 17.06.2 18.06.1 See the [Docker release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.docker.com/engine/release-notes/#18061-ce).

Changelog for worker node fix pack 1.10.8_1531, released 19 November 2018

{: #1108_1531}

The following table shows the changes that are included in the worker node fix pack 1.10.8_1531. {: shortdesc}

Changes since version 1.10.8_1530
Component Previous Current Description
Kernel 4.4.0-137 4.4.0-139 Updated worker node images with kernel update for [CVE-2018-7755 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-139.165/changelog).

Changelog for 1.10.8_1530, released 7 November 2018

{: #1108_1530_ha-master}

The following table shows the changes that are included in patch 1.10.8_1530. {: shortdesc}

Changes since version 1.10.8_1528
Component Previous Current Description
Cluster master N/A N/A Updated the cluster master configuration to increase high availability (HA). Clusters now have three Kubernetes master replicas that are set up with a highly available (HA) configuration, with each master deployed on separate physical hosts. Further, if your cluster is in a multizone-capable zone, the masters are spread across zones.
Cluster master HA proxy N/A 1.8.12-alpine Added an `ibm-master-proxy-*` pod for client-side load balancing on all worker nodes, so that each worker node client can route requests to an available HA master replica.
etcd v3.2.18 v3.3.1 See the [etcd release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/etcd-io/etcd/releases/v3.3.1).
Encrypting data in etcd N/A N/A Previously, etcd data was stored on a master’s NFS file storage instance that is encrypted at rest. Now, etcd data is stored on the master’s local disk and backed up to {{site.data.keyword.cos_full_notm}}. Data is encrypted during transit to {{site.data.keyword.cos_full_notm}} and at rest. However, the etcd data on the master’s local disk is not encrypted. If you want your master’s local etcd data to be encrypted, [enable {{site.data.keyword.keymanagementservicelong_notm}} in your cluster](/docs/containers?topic=containers-encryption#keyprotect).
{{site.data.keyword.cloud_notm}} Provider v1.10.8-172 v1.10.8-197 Added the `service.kubernetes.io/ibm-load-balancer-cloud-provider-vlan` annotation to specify the VLAN that the load balancer service deploys to. To see available VLANs in your cluster, run `ibmcloud ks vlan ls --zone `.
TPM-enabled kernel N/A N/A Bare metal worker nodes with TPM chips for Trusted Compute use the default Ubuntu kernel until trust is enabled. If you [enable trust](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_cluster_feature_enable) on an existing cluster, you need to [reload](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) any existing bare metal worker nodes with TPM chips. To check if a bare metal worker node has a TPM chip, review the **Trustable** field after running the `ibmcloud ks flavors --zone` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_machine_types).

Changelog for worker node fix pack 1.10.8_1528, released 26 October 2018

{: #1108_1528}

The following table shows the changes that are included in the worker node fix pack 1.10.8_1528. {: shortdesc}

Changes since version 1.10.8_1527
Component Previous Current Description
OS interrupt handling N/A N/A Replaced the interrupt request (IRQ) system daemon with a more performant interrupt handler.

Changelog for master fix pack 1.10.8_1527, released 15 October 2018

{: #1108_1527}

The following table shows the changes that are included in the master fix pack 1.10.8_1527. {: shortdesc}

Changes since version 1.10.8_1524
Component Previous Current Description
Calico configuration N/A N/A Fixed `calico-node` container readiness probe to better handle node failures.
Cluster update N/A N/A Fixed problem with updating cluster add-ons when the master is updated from an unsupported version.

Changelog for worker node fix pack 1.10.8_1525, released 10 October 2018

{: #1108_1525}

The following table shows the changes that are included in the worker node fix pack 1.10.8_1525. {: shortdesc}

Changes since version 1.10.8_1524
Component Previous Current Description
Kernel 4.4.0-133 4.4.0-137 Updated worker node images with kernel update for [CVE-2018-14633, CVE-2018-17182 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-137.163/changelog).
Inactive session timeout N/A N/A Set the inactive session timeout to 5 minutes for compliance reasons.

Changelog for 1.10.8_1524, released 2 October 2018

{: #1108_1524}

The following table shows the changes that are included in patch 1.10.8_1524. {: shortdesc}

Changes since version 1.10.7_1520
Component Previous Current Description
Key Management Service Provider N/A N/A Added the ability to use the Kubernetes [key management service (KMS) provider](/docs/containers?topic=containers-encryption#keyprotect) in the cluster, to support {{site.data.keyword.keymanagementservicefull}}. When you [enable {{site.data.keyword.keymanagementserviceshort}} in your cluster](/docs/containers?topic=containers-encryption#keyprotect), all your Kubernetes secrets are encrypted.
Kubernetes v1.10.7 v1.10.8 See the [Kubernetes release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.8).
Kubernetes DNS autoscaler 1.1.2-r2 1.2.0 See the [Kubernetes DNS autoscaler release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/releases/tag/1.2.0).
{{site.data.keyword.cloud_notm}} Provider v1.10.7-146 v1.10.8-172 Updated to support Kubernetes 1.10.8 release. Also, updated the documentation link in load balancer error messages.
IBM file storage classes N/A N/A Removed `mountOptions` in the IBM file storage classes to use the default that is provided by the worker node. Removed duplicate `reclaimPolicy` parameter in the IBM file storage classes.

Also, now when you update the cluster master, the default IBM file storage class remains unchanged. If you want to change the default storage class, run `kubectl patch storageclass -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'` and replace `` with the name of the storage class.

Changelog for worker node fix pack 1.10.7_1521, released 20 September 2018

{: #1107_1521}

The following table shows the changes that are included in the worker node fix pack 1.10.7_1521. {: shortdesc}

Changes since version 1.10.7_1520
Component Previous Current Description
Log rotate N/A N/A Switched to use `systemd` timers instead of `cronjobs` to prevent `logrotate` from failing on worker nodes that are not reloaded or updated within 90 days. **Note**: In all earlier versions for this minor release, the primary disk fills up after the cron job fails because the logs are not rotated. The cron job fails after the worker node is active for 90 days without being updated or reloaded. If the logs fill up the entire primary disk, the worker node enters a failed state. The worker node can be fixed by using the `ibmcloud ks worker reload` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) or the `ibmcloud ks worker update` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_update).
Worker node runtime components (`kubelet`, `kube-proxy`, `docker`) N/A N/A Removed dependencies of runtime components on the primary disk. This enhancement prevents worker nodes from failing when the primary disk is filled up.
Root password expiration N/A N/A Root passwords for the worker nodes expire after 90 days for compliance reasons. If your automation tooling needs to log in to the worker node as root or relies on cron jobs that run as root, you can disable the password expiration by logging into the worker node and running `chage -M -1 root`. **Note**: If you have security compliance requirements that prevent running as root or removing password expiration, do not disable the expiration. Instead, you can [update](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_update) or [reload](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) your worker nodes at least every 90 days.
systemd N/A N/A Periodically clean transient mount units to prevent them from becoming unbounded. This action addresses [Kubernetes issue 57345 ![External link icon](../icons/launch-glyph.svg "External link icon")](kubernetes/kubernetes#57345).
Docker N/A N/A Disabled the default Docker bridge so that the `172.17.0.0/16` IP range is now used for private routes. If you rely on building Docker containers in worker nodes by executing `docker` commands on the host directly or by using a pod that mounts the Docker socket, choose from the following options.
  • To ensure external network connectivity when you build the container, run `docker build . --network host`.
  • To explicitly create a network to use when you build the container, run `docker network create` and then use this network.
**Note**: Have dependencies on the Docker socket or Docker directly? Update to `containerd` instead of `docker` as the container runtime so that your clusters are prepared to run Kubernetes version 1.11 or later.

Changelog for 1.10.7_1520, released 4 September 2018

{: #1107_1520}

The following table shows the changes that are included in patch 1.10.7_1520. {: shortdesc}

Changes since version 1.10.5_1519
Component Previous Current Description
Calico v3.1.3 v3.2.1 See the Calico [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.2/releases/#v321).
{{site.data.keyword.cloud_notm}} Provider v1.10.5-118 v1.10.7-146 Updated to support Kubernetes 1.10.7 release. In addition, changed the cloud provider configuration to better handle updates for load balancer services with `externalTrafficPolicy` set to `local`.
{{site.data.keyword.cloud_notm}} File Storage plug-in 334 338 Updated incubator version to 1.8. File storage is provisioned to the specific zone that you select. You cannot update an existing (static) PV instance's labels, unless you are using a multizone cluster and need to add the region and zone labels.

Removed the default NFS version from the mount options in the IBM-provided file storage classes. The host's operating system now negotiates the NFS version with the IBM Cloud infrastructure NFS server. To manually set a specific NFS version, or to change the NFS version of your PV that was negotiated by the host's operating system, see [Changing the default NFS version](/docs/containers?topic=containers-file_storage#nfs_version_class).
Kubernetes v1.10.5 v1.10.7 See the Kubernetes [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.7).
Kubernetes Heapster configuration N/A N/A Increased resource limits for the `heapster-nanny` container.

Changelog for worker node fix pack 1.10.5_1519, released 23 August 2018

{: #1105_1519}

The following table shows the changes that are included in the worker node fix pack 1.10.5_1519. {: shortdesc}

Changes since version 1.10.5_1518
Component Previous Current Description
`systemd` 229 230 Updated `systemd` to fix `cgroup` leak.
Kernel 4.4.0-127 4.4.0-133 Updated worker node images with kernel update for [CVE-2018-3620,CVE-2018-3646 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://usn.ubuntu.com/3741-1/).

Changelog for worker node fix pack 1.10.5_1518, released 13 August 2018

{: #1105_1518}

The following table shows the changes that are included in the worker node fix pack 1.10.5_1518. {: shortdesc}

Changes since version 1.10.5_1517
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.

Changelog for 1.10.5_1517, released 27 July 2018

{: #1105_1517}

The following table shows the changes that are included in patch 1.10.5_1517. {: shortdesc}

Changes since version 1.10.3_1514
Component Previous Current Description
Calico v3.1.1 v3.1.3 See the Calico [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.1/releases/#v313).
{{site.data.keyword.cloud_notm}} Provider v1.10.3-85 v1.10.5-118 Updated to support Kubernetes 1.10.5 release. In addition, LoadBalancer service `create failure` events now include any portable subnet errors.
{{site.data.keyword.cloud_notm}} File Storage plug-in 320 334 Increased the timeout for persistent volume creation from 15 to 30 minutes. Changed the default billing type to `hourly`. Added mount options to the pre-defined storage classes. In the NFS file storage instance in your IBM Cloud infrastructure account, changed the **Notes** field to JSON format and added the Kubernetes namespace that the PV is deployed to. To support multizone clusters, added zone and region labels to persistent volumes.
Kubernetes v1.10.3 v1.10.5 See the Kubernetes [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.5).
Kernel N/A N/A Minor improvements to worker node network settings for high performance networking workloads.
OpenVPN client N/A N/A The OpenVPN client `vpn` deployment that runs in the `kube-system` namespace is now managed by the Kubernetes `addon-manager`.

Changelog for worker node fix pack 1.10.3_1514, released 3 July 2018

{: #1103_1514}

The following table shows the changes that are included in the worker node fix pack 1.10.3_1514. {: shortdesc}

Changes since version 1.10.3_1513
Component Previous Current Description
Kernel N/A N/A Optimized `sysctl` for high performance networking workloads.

Changelog for worker node fix pack 1.10.3_1513, released 21 June 2018

{: #1103_1513}

The following table shows the changes that are included in the worker node fix pack 1.10.3_1513. {: shortdesc}

Changes since version 1.10.3_1512
Component Previous Current Description
Docker N/A N/A For non-encrypted flavors, the secondary disk is cleaned by getting a fresh file system when you reload or update the worker node.

Changelog for 1.10.3_1512, released 12 June 2018

{: #1103_1512}

The following table shows the changes that are included in patch 1.10.3_1512. {: shortdesc}

Changes since version 1.10.1_1510
Component Previous Current Description
Kubernetes v1.10.1 v1.10.3 See the Kubernetes [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.3).
Kubernetes Configuration N/A N/A Added `PodSecurityPolicy` to the `--enable-admission-plugins` option for the cluster's Kubernetes API server and configured the cluster to support pod security policies. For more information, see [Configuring pod security policies](/docs/containers?topic=containers-psp).
Kubelet Configuration N/A N/A Enabled the `--authentication-token-webhook` option to support API bearer and service account tokens for authenticating to the `kubelet` HTTPS endpoint.
{{site.data.keyword.cloud_notm}} Provider v1.10.1-52 v1.10.3-85 Updated to support Kubernetes 1.10.3 release.
OpenVPN client N/A N/A Added `livenessProbe` to the OpenVPN client `vpn` deployment that runs in the `kube-system` namespace.
Kernel update 4.4.0-116 4.4.0-127 New worker node images with kernel update for [CVE-2018-3639 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639).

Changelog for worker node fix pack 1.10.1_1510, released 18 May 2018

{: #1101_1510}

The following table shows the changes that are included in the worker node fix pack 1.10.1_1510. {: shortdesc}

Changes since version 1.10.1_1509
Component Previous Current Description
Kubelet N/A N/A Fix to address a bug that occurred if you used the block storage plug-in.

Changelog for worker node fix pack 1.10.1_1509, released 16 May 2018

{: #1101_1509}

The following table shows the changes that are included in the worker node fix pack 1.10.1_1509. {: shortdesc}

Changes since version 1.10.1_1508
Component Previous Current Description
Kubelet N/A N/A The data that you store in the `kubelet` root directory is now saved on the larger, secondary disk of your worker node machine.

Changelog for 1.10.1_1508, released 01 May 2018

{: #1101_1508}

The following table shows the changes that are included in patch 1.10.1_1508. {: shortdesc}

Changes since version 1.9.7_1510
Component Previous Current Description
Calico v2.6.5 v3.1.1 See the Calico [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v3.1/releases/#v311).
Kubernetes Heapster v1.5.0 v1.5.2 See the Kubernetes Heapster [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes-retired/heapster/releases/tag/v1.5.2).
Kubernetes v1.9.7 v1.10.1 See the Kubernetes [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.1).
Kubernetes Configuration N/A N/A Added StorageObjectInUseProtection to the --enable-admission-plugins option for the cluster's Kubernetes API server.
Kubernetes DNS 1.14.8 1.14.10 See the Kubernetes DNS [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/dns/releases/tag/1.14.10).
{{site.data.keyword.cloud_notm}} Provider v1.9.7-102 v1.10.1-52 Updated to support Kubernetes 1.10 release.
GPU support N/A N/A Support for [graphics processing unit (GPU) container workloads](/docs/containers?topic=containers-app#gpu_app) is now available for scheduling and execution. For a list of available GPU flavors, see [Hardware for worker nodes](/docs/containers?topic=containers-planning_worker_nodes#planning_worker_nodes). For more information, see the Kubernetes documentation to [Schedule GPUs ![External link icon](../icons/launch-glyph.svg "External link icon")](https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/).

Version 1.9 changelog (unsupported as of 27 December 2018)

{: #19_changelog}

Review the version 1.9 changelogs. {: shortdesc}

Changelog for worker node fix pack 1.9.11_1539, released 17 December 2018

{: #1911_1539}

The following table shows the changes that are included in the worker node fix pack 1.9.11_1539. {: shortdesc}

Changes since version 1.9.11_1538
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.

Changelog for worker node fix pack 1.9.11_1538, released 4 December 2018

{: #1911_1538}

The following table shows the changes that are included in the worker node fix pack 1.9.11_1538. {: shortdesc}

Changes since version 1.9.11_1537
Component Previous Current Description
Worker node resource utilization N/A N/A Added dedicated cgroups for the kubelet and docker to prevent these components from running out of resources. For more information, see [Worker node resource reserves](/docs/containers?topic=containers-planning_worker_nodes#resource_limit_node).

Changelog for worker node fix pack 1.9.11_1537, released 27 November 2018

{: #1911_1537}

The following table shows the changes that are included in the worker node fix pack 1.9.11_1537. {: shortdesc}

Changes since version 1.9.11_1536
Component Previous Current Description
Docker 17.06.2 18.06.1 See the [Docker release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.docker.com/engine/release-notes/#18061-ce).

Changelog for 1.9.11_1536, released 19 November 2018

{: #1911_1536}

The following table shows the changes that are included in patch 1.9.11_1536. {: shortdesc}

Changes since version 1.9.10_1532
Component Previous Current Description
Calico v2.6.5 v2.6.12 See the [Calico release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://docs.projectcalico.org/v2.6/releases/#v2612). Update resolves [Tigera Technical Advisory TTA-2018-001 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://www.projectcalico.org/security-bulletins/).
Kernel 4.4.0-137 4.4.0-139 Updated worker node images with kernel update for [CVE-2018-7755 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-139.165/changelog).
Kubernetes v1.9.10 v1.9.11 See the [Kubernetes release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.9.11).
{{site.data.keyword.cloud_notm}} v1.9.10-219 v1.9.11-249 Updated to support the Kubernetes 1.9.11 release.
OpenVPN client and server 2.4.4-r2 2.4.6-r3-IKS-8 Updated image for [CVE-2018-0732 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732) and [CVE-2018-0737 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737).

Changelog for worker node fix 1.9.10_1532, released 7 November 2018

{: #1910_1532}

The following table shows the changes that are included in the worker node fix pack 1.9.11_1532. {: shortdesc}

Changes since version 1.9.10_1531
Component Previous Current Description
TPM-enabled kernel N/A N/A Bare metal worker nodes with TPM chips for Trusted Compute use the default Ubuntu kernel until trust is enabled. If you [enable trust](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_cluster_feature_enable) on an existing cluster, you need to [reload](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) any existing bare metal worker nodes with TPM chips. To check if a bare metal worker node has a TPM chip, review the **Trustable** field after running the `ibmcloud ks flavors --zone` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_machine_types).

Changelog for worker node fix pack 1.9.10_1531, released 26 October 2018

{: #1910_1531}

The following table shows the changes that are included in the worker node fix pack 1.9.10_1531. {: shortdesc}

Changes since version 1.9.10_1530
Component Previous Current Description
OS interrupt handling N/A N/A Replaced the interrupt request (IRQ) system daemon with a more performant interrupt handler.

Changelog for master fix pack 1.9.10_1530 released 15 October 2018

{: #1910_1530}

The following table shows the changes that are included in the worker node fix pack 1.9.10_1530. {: shortdesc}

Changes since version 1.9.10_1527
Component Previous Current Description
Cluster update N/A N/A Fixed problem with updating cluster add-ons when the master is updated from an unsupported version.

Changelog for worker node fix pack 1.9.10_1528, released 10 October 2018

{: #1910_1528}

The following table shows the changes that are included in the worker node fix pack 1.9.10_1528. {: shortdesc}

Changes since version 1.9.10_1527
Component Previous Current Description
Kernel 4.4.0-133 4.4.0-137 Updated worker node images with kernel update for [CVE-2018-14633, CVE-2018-17182 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.4.0-137.163/changelog).
Inactive session timeout N/A N/A Set the inactive session timeout to 5 minutes for compliance reasons.

Changelog for 1.9.10_1527, released 2 October 2018

{: #1910_1527}

The following table shows the changes that are included in patch 1.9.10_1527. {: shortdesc}

Changes since version 1.9.10_1523
Component Previous Current Description
{{site.data.keyword.cloud_notm}} Provider v1.9.10-192 v1.9.10-219 Updated the documentation link in load balancer error messages.
IBM file storage classes N/A N/A Removed `mountOptions` in the IBM file storage classes to use the default that is provided by the worker node. Removed duplicate `reclaimPolicy` parameter in the IBM file storage classes.

Also, now when you update the cluster master, the default IBM file storage class remains unchanged. If you want to change the default storage class, run `kubectl patch storageclass -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'` and replace `` with the name of the storage class.

Changelog for worker node fix pack 1.9.10_1524, released 20 September 2018

{: #1910_1524}

The following table shows the changes that are included in the worker node fix pack 1.9.10_1524. {: shortdesc}

Changes since version 1.9.10_1523
Component Previous Current Description
Log rotate N/A N/A Switched to use `systemd` timers instead of `cronjobs` to prevent `logrotate` from failing on worker nodes that are not reloaded or updated within 90 days. **Note**: In all earlier versions for this minor release, the primary disk fills up after the cron job fails because the logs are not rotated. The cron job fails after the worker node is active for 90 days without being updated or reloaded. If the logs fill up the entire primary disk, the worker node enters a failed state. The worker node can be fixed by using the `ibmcloud ks worker reload` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) or the `ibmcloud ks worker update` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_update).
Worker node runtime components (`kubelet`, `kube-proxy`, `docker`) N/A N/A Removed dependencies of runtime components on the primary disk. This enhancement prevents worker nodes from failing when the primary disk is filled up.
Root password expiration N/A N/A Root passwords for the worker nodes expire after 90 days for compliance reasons. If your automation tooling needs to log in to the worker node as root or relies on cron jobs that run as root, you can disable the password expiration by logging into the worker node and running `chage -M -1 root`. **Note**: If you have security compliance requirements that prevent running as root or removing password expiration, do not disable the expiration. Instead, you can [update](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_update) or [reload](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) your worker nodes at least every 90 days.
systemd N/A N/A Periodically clean transient mount units to prevent them from becoming unbounded. This action addresses [Kubernetes issue 57345 ![External link icon](../icons/launch-glyph.svg "External link icon")](kubernetes/kubernetes#57345).
Docker N/A N/A Disabled the default Docker bridge so that the `172.17.0.0/16` IP range is now used for private routes. If you rely on building Docker containers in worker nodes by executing `docker` commands on the host directly or by using a pod that mounts the Docker socket, choose from the following options.
  • To ensure external network connectivity when you build the container, run `docker build . --network host`.
  • To explicitly create a network to use when you build the container, run `docker network create` and then use this network.
**Note**: Have dependencies on the Docker socket or Docker directly? Update to `containerd` instead of `docker` as the container runtime so that your clusters are prepared to run Kubernetes version 1.11 or later.

Changelog for 1.9.10_1523, released 4 September 2018

{: #1910_1523}

The following table shows the changes that are included in patch 1.9.10_1523. {: shortdesc}

Changes since version 1.9.9_1522
Component Previous Current Description
{{site.data.keyword.cloud_notm}} Provider v1.9.9-167 v1.9.10-192 Updated to support Kubernetes 1.9.10 release. In addition, changed the cloud provider configuration to better handle updates for load balancer services with `externalTrafficPolicy` set to `local`.
{{site.data.keyword.cloud_notm}} File Storage plug-in 334 338 Updated incubator version to 1.8. File storage is provisioned to the specific zone that you select. You cannot update an existing (static) PV instance's labels, unless you are using a multizone cluster and need to add the region and zone labels.

Removed the default NFS version from the mount options in the IBM-provided file storage classes. The host's operating system now negotiates the NFS version with the IBM Cloud infrastructure NFS server. To manually set a specific NFS version, or to change the NFS version of your PV that was negotiated by the host's operating system, see [Changing the default NFS version](/docs/containers?topic=containers-file_storage#nfs_version_class).
Kubernetes v1.9.9 v1.9.10 See the Kubernetes [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.9.10).
Kubernetes Heapster configuration N/A N/A Increased resource limits for the `heapster-nanny` container.

Changelog for worker node fix pack 1.9.9_1522, released 23 August 2018

{: #199_1522}

The following table shows the changes that are included in the worker node fix pack 1.9.9_1522. {: shortdesc}

Changes since version 1.9.9_1521
Component Previous Current Description
`systemd` 229 230 Updated `systemd` to fix `cgroup` leak.
Kernel 4.4.0-127 4.4.0-133 Updated worker node images with kernel update for [CVE-2018-3620,CVE-2018-3646 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://usn.ubuntu.com/3741-1/).

Changelog for worker node fix pack 1.9.9_1521, released 13 August 2018

{: #199_1521}

The following table shows the changes that are included in the worker node fix pack 1.9.9_1521. {: shortdesc}

Changes since version 1.9.9_1520
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.

Changelog for 1.9.9_1520, released 27 July 2018

{: #199_1520}

The following table shows the changes that are included in patch 1.9.9_1520. {: shortdesc}

Changes since version 1.9.8_1517
Component Previous Current Description
{{site.data.keyword.cloud_notm}} Provider v1.9.8-141 v1.9.9-167 Updated to support Kubernetes 1.9.9 release. In addition, LoadBalancer service `create failure` events now include any portable subnet errors.
{{site.data.keyword.cloud_notm}} File Storage plug-in 320 334 Increased the timeout for persistent volume creation from 15 to 30 minutes. Changed the default billing type to `hourly`. Added mount options to the pre-defined storage classes. In the NFS file storage instance in your IBM Cloud infrastructure account, changed the **Notes** field to JSON format and added the Kubernetes namespace that the PV is deployed to. To support multizone clusters, added zone and region labels to persistent volumes.
Kubernetes v1.9.8 v1.9.9 See the Kubernetes [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.9.9).
Kernel N/A N/A Minor improvements to worker node network settings for high performance networking workloads.
OpenVPN client N/A N/A The OpenVPN client `vpn` deployment that runs in the `kube-system` namespace is now managed by the Kubernetes `addon-manager`.

Changelog for worker node fix pack 1.9.8_1517, released 3 July 2018

{: #198_1517}

The following table shows the changes that are included in the worker node fix pack 1.9.8_1517. {: shortdesc}

Changes since version 1.9.8_1516
Component Previous Current Description
Kernel N/A N/A Optimized `sysctl` for high performance networking workloads.

Changelog for worker node fix pack 1.9.8_1516, released 21 June 2018

{: #198_1516}

The following table shows the changes that are included in the worker node fix pack 1.9.8_1516. {: shortdesc}

Changes since version 1.9.8_1515
Component Previous Current Description
Docker N/A N/A For non-encrypted flavors, the secondary disk is cleaned by getting a fresh file system when you reload or update the worker node.

Changelog for 1.9.8_1515, released 19 June 2018

{: #198_1515}

The following table shows the changes that are included in patch 1.9.8_1515. {: shortdesc}

Changes since version 1.9.7_1513
Component Previous Current Description
Kubernetes v1.9.7 v1.9.8 See the [Kubernetes release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.9.8).
Kubernetes Configuration N/A N/A Added `PodSecurityPolicy` to the `--admission-control` option for the cluster's Kubernetes API server and configured the cluster to support pod security policies. For more information, see [Configuring pod security policies](/docs/containers?topic=containers-psp).
IBM Cloud Provider v1.9.7-102 v1.9.8-141 Updated to support Kubernetes 1.9.8 release.
OpenVPN client N/A N/A Added livenessProbe to the OpenVPN client vpn deployment that runs in the kube-system namespace.

Changelog for worker node fix pack 1.9.7_1513, released 11 June 2018

{: #197_1513}

The following table shows the changes that are included in the worker node fix pack 1.9.7_1513. {: shortdesc}

Changes since version 1.9.7_1512
Component Previous Current Description
Kernel update 4.4.0-116 4.4.0-127 New worker node images with kernel update for [CVE-2018-3639 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639).

Changelog for worker node fix pack 1.9.7_1512, released 18 May 2018

{: #197_1512}

The following table shows the changes that are included in the worker node fix pack 1.9.7_1512. {: shortdesc}

Changes since version 1.9.7_1511
Component Previous Current Description
Kubelet N/A N/A Fix to address a bug that occurred if you used the block storage plug-in.

Changelog for worker node fix pack 1.9.7_1511, released 16 May 2018

{: #197_1511}

The following table shows the changes that are included in the worker node fix pack 1.9.7_1511. {: shortdesc}

Changes since version 1.9.7_1510
Component Previous Current Description
Kubelet N/A N/A The data that you store in the `kubelet` root directory is now saved on the larger, secondary disk of your worker node machine.

Changelog for 1.9.7_1510, released 30 April 2018

{: #197_1510}

The following table shows the changes that are included in patch 1.9.7_1510. {: shortdesc}

Changes since version 1.9.3_1506
Component Previous Current Description
Kubernetes v1.9.3 v1.9.7

See the [Kubernetes release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.9.7). This release addresses [CVE-2017-1002101 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002101) and [CVE-2017-1002102 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002102) vulnerabilities.

Note: Now `secret`, `configMap`, `downwardAPI`, and projected volumes are mounted as read-only. Previously, apps could write data to these volumes, but the system could automatically revert the data. If your apps rely on the previous insecure behavior, modify them accordingly.

Kubernetes configuration N/A N/A Added `admissionregistration.k8s.io/v1alpha1=true` to the `--runtime-config` option for the cluster's Kubernetes API server.
{{site.data.keyword.cloud_notm}} Provider v1.9.3-71 v1.9.7-102 `NodePort` and `LoadBalancer` services now support [preserving the client source IP](/docs/containers?topic=containers-loadbalancer#node_affinity_tolerations) by setting `service.spec.externalTrafficPolicy` to `Local`.
Fix [edge node](/docs/containers?topic=containers-edge#edge) toleration setup for older clusters.

Version 1.8 changelog (Unsupported)

{: #18_changelog}

Review the version 1.8 changelogs. {: shortdesc}

Changelog for worker node fix pack 1.8.15_1521, released 20 September 2018

{: #1815_1521}

Changes since version 1.8.15_1520
Component Previous Current Description
Log rotate N/A N/A Switched to use `systemd` timers instead of `cronjobs` to prevent `logrotate` from failing on worker nodes that are not reloaded or updated within 90 days. **Note**: In all earlier versions for this minor release, the primary disk fills up after the cron job fails because the logs are not rotated. The cron job fails after the worker node is active for 90 days without being updated or reloaded. If the logs fill up the entire primary disk, the worker node enters a failed state. The worker node can be fixed by using the `ibmcloud ks worker reload` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) or the `ibmcloud ks worker update` [command](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_update).
Worker node runtime components (`kubelet`, `kube-proxy`, `docker`) N/A N/A Removed dependencies of runtime components on the primary disk. This enhancement prevents worker nodes from failing when the primary disk is filled up.
Root password expiration N/A N/A Root passwords for the worker nodes expire after 90 days for compliance reasons. If your automation tooling needs to log in to the worker node as root or relies on cron jobs that run as root, you can disable the password expiration by logging into the worker node and running `chage -M -1 root`. **Note**: If you have security compliance requirements that prevent running as root or removing password expiration, do not disable the expiration. Instead, you can [update](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_update) or [reload](/docs/containers?topic=containers-cli-plugin-kubernetes-service-cli#cs_worker_reload) your worker nodes at least every 90 days.
systemd N/A N/A Periodically clean transient mount units to prevent them from becoming unbounded. This action addresses [Kubernetes issue 57345 ![External link icon](../icons/launch-glyph.svg "External link icon")](kubernetes/kubernetes#57345).

Changelog for worker node fix pack 1.8.15_1520, released 23 August 2018

{: #1815_1520}

Changes since version 1.8.15_1519
Component Previous Current Description
`systemd` 229 230 Updated `systemd` to fix `cgroup` leak.
Kernel 4.4.0-127 4.4.0-133 Updated worker node images with kernel update for [CVE-2018-3620,CVE-2018-3646 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://usn.ubuntu.com/3741-1/).

Changelog for worker node fix pack 1.8.15_1519, released 13 August 2018

{: #1815_1519}

Changes since version 1.8.15_1518
Component Previous Current Description
Ubuntu packages N/A N/A Updates to installed Ubuntu packages.

Changelog for 1.8.15_1518, released 27 July 2018

{: #1815_1518}

Changes since version 1.8.13_1516
Component Previous Current Description
{{site.data.keyword.cloud_notm}} Provider v1.8.13-176 v1.8.15-204 Updated to support Kubernetes 1.8.15 release. In addition, LoadBalancer service `create failure` events now include any portable subnet errors.
{{site.data.keyword.cloud_notm}} File Storage plug-in 320 334 Increased the timeout for persistent volume creation from 15 to 30 minutes. Changed the default billing type to `hourly`. Added mount options to the pre-defined storage classes. In the NFS file storage instance in your IBM Cloud infrastructure account, changed the **Notes** field to JSON format and added the Kubernetes namespace that the PV is deployed to. To support multizone clusters, added zone and region labels to persistent volumes.
Kubernetes v1.8.13 v1.8.15 See the Kubernetes [release notes ![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.8.15).
Kernel N/A N/A Minor improvements to worker node network settings for high performance networking workloads.
OpenVPN client N/A N/A The OpenVPN client `vpn` deployment that runs in the `kube-system` namespace is now managed by the Kubernetes `addon-manager`.

Changelog for worker node fix pack 1.8.13_1516, released 3 July 2018

{: #1813_1516}

Changes since version 1.8.13_1515
Component Previous Current Description
Kernel N/A N/A Optimized `sysctl` for high performance networking workloads.

Changelog for worker node fix pack 1.8.13_1515, released 21 June 2018

{: #1813_1515}

Changes since version 1.8.13_1514
Component Previous Current Description
Docker N/A N/A For non-encrypted flavors, the secondary disk is cleaned by getting a fresh file system when you reload or update the worker node.

Changelog 1.8.13_1514, released 19 June 2018

{: #1813_1514}

Changes since version 1.8.11_1512
Component Previous Current Description
Kubernetes v1.8.11 v1.8.13 See the [Kubernetes release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.8.13).
Kubernetes Configuration N/A N/A Added `PodSecurityPolicy` to the `--admission-control` option for the cluster's Kubernetes API server and configured the cluster to support pod security policies. For more information, see [Configuring pod security policies](/docs/containers?topic=containers-psp).
IBM Cloud Provider v1.8.11-126 v1.8.13-176 Updated to support Kubernetes 1.8.13 release.
OpenVPN client N/A N/A Added livenessProbe to the OpenVPN client vpn deployment that runs in the kube-system namespace.

Changelog for worker node fix pack 1.8.11_1512, released 11 June 2018

{: #1811_1512}

Changes since version 1.8.11_1511
Component Previous Current Description
Kernel update 4.4.0-116 4.4.0-127 New worker node images with kernel update for [CVE-2018-3639 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639).

Changelog for worker node fix pack 1.8.11_1511, released 18 May 2018

{: #1811_1511}

Changes since version 1.8.11_1510
Component Previous Current Description
Kubelet N/A N/A Fix to address a bug that occurred if you used the block storage plug-in.

Changelog for worker node fix pack 1.8.11_1510, released 16 May 2018

{: #1811_1510}

Changes since version 1.8.11_1509
Component Previous Current Description
Kubelet N/A N/A The data that you store in the `kubelet` root directory is now saved on the larger, secondary disk of your worker node machine.

Changelog for 1.8.11_1509, released 19 April 2018

{: #1811_1509}

Changes since version 1.8.8_1507
Component Previous Current Description
Kubernetes v1.8.8 v1.8.11

See the [Kubernetes release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.8.11). This release addresses [CVE-2017-1002101 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002101) and [CVE-2017-1002102 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002102) vulnerabilities.

Now `secret`, `configMap`, `downwardAPI`, and projected volumes are mounted as read-only. Previously, apps could write data to these volumes, but the system could automatically revert the data. If your apps rely on the previous insecure behavior, modify them accordingly.

Pause container image 3.0 3.1 Removes inherited orphaned zombie processes.
{{site.data.keyword.cloud_notm}} Provider v1.8.8-86 v1.8.11-126 `NodePort` and `LoadBalancer` services now support [preserving the client source IP](/docs/containers?topic=containers-loadbalancer#node_affinity_tolerations) by setting `service.spec.externalTrafficPolicy` to `Local`.
Fix [edge node](/docs/containers?topic=containers-edge#edge) toleration setup for older clusters.

Version 1.7 changelog (Unsupported)

{: #17_changelog}

Review the version 1.7 changelogs. {: shortdesc}

Changelog for worker node fix pack 1.7.16_1514, released 11 June 2018

{: #1716_1514}

Changes since version 1.7.16_1513
Component Previous Current Description
Kernel update 4.4.0-116 4.4.0-127 New worker node images with kernel update for [CVE-2018-3639 ![External link icon](../icons/launch-glyph.svg "External link icon")](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639).

Changelog for worker node fix pack 1.7.16_1513, released 18 May 2018

{: #1716_1513}

Changes since version 1.7.16_1512
Component Previous Current Description
Kubelet N/A N/A Fix to address a bug that occurred if you used the block storage plug-in.

Changelog for worker node fix pack 1.7.16_1512, released 16 May 2018

{: #1716_1512}

Changes since version 1.7.16_1511
Component Previous Current Description
Kubelet N/A N/A The data that you store in the `kubelet` root directory is now saved on the larger, secondary disk of your worker node machine.

Changelog for 1.7.16_1511, released 19 April 2018

{: #1716_1511}

Changes since version 1.7.4_1509
Component Previous Current Description
Kubernetes v1.7.4 v1.7.16

See the [Kubernetes release notes![External link icon](../icons/launch-glyph.svg "External link icon")](https://github.com/kubernetes/kubernetes/releases/tag/v1.7.16). This release addresses [CVE-2017-1002101 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002101) and [CVE-2017-1002102 ![External link icon](../icons/launch-glyph.svg "External link icon")](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002102) vulnerabilities.

Now `secret`, `configMap`, `downwardAPI`, and projected volumes are mounted as read-only. Previously, apps could write data to these volumes, but the system could automatically revert the data. If your apps rely on the previous insecure behavior, modify them accordingly.

{{site.data.keyword.cloud_notm}} Provider v1.7.4-133 v1.7.16-17 `NodePort` and `LoadBalancer` services now support [preserving the client source IP](/docs/containers?topic=containers-loadbalancer#node_affinity_tolerations) by setting `service.spec.externalTrafficPolicy` to `Local`.
Fix [edge node](/docs/containers?topic=containers-edge#edge) toleration setup for older clusters.