[ELSA-2024-12189] conmon security update

conmon
[2.1.3-8]
- address CVE-2023-39326

[2.1.3-7]
- Resolve CVE-2023-39325

[2.1.3-6]
- Add ol8_baseos_latest, and ol9_baseos_latest, to Jenkinsfile

[2.1.3-5]
- Add systemd-devel as build requirement

[2.1.3-4]
- Add support ARM build

[2.1.3.3]
- Add OL9 support

[2.1.3.2]
- Update inline with Linux team building conmon for all but OL7.

[2.1.3-1]
- Added build scripts

cri-o
[1.25.5-1]
- Added Oracle Specifile Files for cri-o

cri-tools
[1.25.0-3]
- Resolve CVE-2023-39326

[1.25.0-2]
- Resolve CVE-2023-39325

[1.25.0-1]
- Added Oracle Specific Build Files for cri-tools

flannel-cni-plugin
[1.0.1-4]
- Resolve CVE-2023-39326

[1.0.1-3]
- Resolve CVE-2023-44487 and CVE-2023-39325

[1.0.1-2]
- Add support for Oracle Linux 9

[1.0.1-1]
- Added Oracle specific build files for Flannel CNI Plugins

helm
[3.11.1-3]
- address CVE-2023-39326

[3.11.1-2]
- address CVE-2023-44487 and CVE-2023-39325

[3.11.1-1]
- Added Oracle Specific build Files

istio
[1.16.7-3]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326

[1.16.7-1]
- Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944.

kata
[1.12.1-17]
- Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview)

[1.12.1-16]
- Rebuild with golang 1.20.12

[1.12.1-15]
- Updated for kubernetes 1.27 and 1.28

[1.12.1-14]
- Updated to address CVE-2023-44487 and CVE-2023-39325

[1.12.1-13]
- Rebuild kata to fix timestamp issue

[1.12.1-12]
- Add support for ARM build

[1.12.1-11]
- Add OL9 support

[1.12.1-10]
- Updated kata-runtime version to work with more versions of kvm_utils

[1.21.1-9]
- updated cri-o and cri-tools versions to support olcne-1.6.0

[1.12.1-7]
- Updated kernel_uek_max and kernel_uek_container_max to 5.16 to support UEKR7 host and guest kernel.
Note: installed kernel < 5.16.

[1.12.1-6]
- updated cri-o and cri-tools versions to support olcne-1.5.0

[1.12.1-5]
- updated cri-o and cri-tools versions to support kubernetes-1.23

[1.12.1-4]
- update kata-image versions
- update kernel-uek-container version to kernel-uek-container-5.4.17-2136.306.1.3

[1.21.1-3]
- Support k8s 1.21.6
- updated kernel-uek-container version
- updated kata-image versions
- added buildhost variable

[1.12.1-2]
- Golang 1.15.9

[1.12.1-1]
- Updated to kata 1.12.1
- Updated guest kernel (kernel-uek-container) minimum version to UEK6U2 (5.4.17-2102.200.7)

kata-agent
[1.12.1-11]
- Rebuild with -11 tag

[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326

[1.12.1-9]
- Updated to address CVE-2023-44487 and CVE-2023-39325

[1.12.1-8]
- Remove build_date global variable in kata-image specfile

[1.12.1-7]
- Add support for ARM build

[1.12.1-6]
- Add OL9 support

[1.12.1-4]
- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper

[1.12.1-3]
- updated golang version
- added buildhost variable

[1.12.1-2]
- Golang 1.15.9

[1.12.1-1]
- Added Oracle Specific Build Files for kata-agent

kata-image
[1.12.1-11]
- Rebuild with -11 tag

[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326

[1.12.1-9]
- Updated to address CVE-2023-44487 and CVE-2023-39325

[1.12.1-8]
- Remove build_date global variable in specfile

[1.12.1-7]
- Add support for ARM build

[1.12.1-6]
- Restore OL7 and bump release

[1.12.1-5]
- Add support for Oracle Linux 9

[1.12.1-4]
- build for kata-agent-1.12.1-4

[1.12.1-3]
- updated golang version
- added buildhost variable

[1.12.1-2]
- Golang 1.15.9

[1.12.1-1]
- Added Oracle Specific Build Files for kata-image

kata-ksm-throttler
[1.12.1-11]
- Rebuild with -11 tag

[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326

[1.12.1-9]
- Updated to address CVE-2023-44487 and CVE-2023-39325

[1.12.1-8]
- Bump release inline with other kata packages for fixing timestamp issue

[1.12.1-7]
- Add support for ARM build

[1.12.1-6]
- Bump releaase inline with others for reversion of removal of OL7.

[1.12.1-5]
- Add support for Oracle Linux 9

[1.12.1-4]
- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper

[1.12.1-3]
- updated golang version
- added buildhost variable

[1.12.1-2]
- Golang 1.15.9

[1.12.1-1]
- Added Oracle Specific Build Files for kata-ksm-throttler

kata-proxy
[1.12.1-11]
- Rebuild with -11 tag

[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326

[1.12.1-9]
- Updated to address CVE-2023-44487 and CVE-2023-39325

[1.12.1-8]
- Bump release inline with other kata packages for fixing timestamp issue

[1.12.1-7]
- Add support for ARM build

[1.12.1-6]
- Revert OL7 removal

[1.12.1-5]
- Add support for Oracle Linux 9

[1.12.1-4]
- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper

[1.12.1-3]
- updated golang version
- added buildhost variable

[1.12.1-2]
- Golang 1.15.9

[1.12.1-1]
- Added Oracle Specific Build Files for kata-proxy

kata-runtime
[1.12.1-11]
- Rebuild with -11 tag

[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326

[1.12.1-9]
- Updated to address CVE-2023-44487 and CVE-2023-39325

[1.12.1-8]
- Bump release inline with other kata packages for fixing timestamp issue

[1.12.1-7]
- Add support for ARM build

[1.12.1-6]
- Add OL9 support

[1.12.1-5]
- Updated qemu-kvm machine options to work with more versions of kvm_utils

[1.12.1-4]
- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper

[1.12.1-3]
- updated golang version
- added buildhost variable

[1.12.1-2]
- Golang 1.15.9

[1.12.1-1]
- Added Oracle Specific Files For kata-runtime

kata-shim
[1.12.1-11]
- Rebuild with -11 tag

[1.12.1-10]
- Updated Golang to 1.20.12 to address CVE CVE-2023-39326

[1.12.1-9]
- Updated to address CVE-2023-44487 and CVE-2023-39325

[1.12.1-8]
- Bump release inline with other kata packages for fixing timestamp issue

[1.12.1-7]
- Add support for ARM build

[1.12.1-6]
- Bump releaase inline with others for reversion of removal of OL7.

[1.12.1-5]
- Add support for Oracle Linux 9

[1.12.1-4]
- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper

[1.12.1-3]
- updated golang version
- added buildhost variable

[1.12.1-2]
- Golang 1.15.9

[1.12.1-1]
- Added Oracle Specific Build Files for kata-shim

kubernetes
[1.25.15-2]
- Address CVE-2023-39326 by upgrading golang to 1.20.12

[1.25.15-1]
- Added Oracle specific build files for Kubernetes

kubernetes-cni
[1.0.1-4]
- address CVE-2023-39326

[1.0.1-3]
- Resolve CVE-2023-44487 and CVE-2023-39325

[1.0.1-2]
- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper

[1.0.1-1]
- Added Oracle specific build files for Kubernetes CNI

kubernetes-cni-plugins
[1.0.1-5]
- address CVE-2023-39326

[1.0.1-3]
- Resolve CVE-2023-44487 and CVE-2023-39325

[1.0.1-3]
- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper

[1.0.1-2]
- Add flannel-cni-plugins as a dependency

[1.0.1-1]
- Added Oracle specific build files for Kubernetes CNI Plugins

olcne
[1.6.6-3]
- Fixed pod-network:calico update

[1.6.6-2]
- Added conmon resource to kubernetes module

[1.6.6-1]
- Rebuilt modules, and components, with golang 1.20.12 to address CVE-2023-39326
- Updated CRI-O to v1.25.5

[1.6.5-9]
- Mark container-registry as updatable

[1.6.5-9]
- update metallb 0.12.1 to address CVE-2023-44487 and CVE-2023-39325

[1.6.5-8]
- Update externalip-webhook 1.0.0-3 to address CVE-2023-44487, CVE-2023-39325

[1.6.5-7]
- Update multus-cni 3.9.3 to address CVE-2023-44487 and CVE-2023-39325

[ - 1.6.5-6]
- Update rook-1.10.9 to address CVE-2023-44487, CVE-2023-39325

[1.6.5-5]
- Update Istio, Grafana, Prometheus, and Kubernetes-dashboard to address CVE's
- CVE-2023-44487
- CVE-2023-39325

[1.6.5-4]
- Update kubernetes and components to address golang CVE-2023-44487, CVE-2023-39325

[1.6.5-3]
- update configmap-registry to 1.28.0 to address CVE-2023-44487 and CVE-2023-39325

[1.6.5-2]
- Update kubevirt 0.58.0 to address CVE-2023-44487 and CVE-2023-39325

[1.6.5-1]
- Update calico image versions to address golang CVE-2023-44487, CVE-2023-39325

[1.6.4-1]
- Fix GetNodeByAddr string comparison
- hostnames case insensitve comparison

[1.6.3-1]
- Add Istio-1.16.7 to address CVE's
- CVE-2023-35941
- CVE-2023-35942
- CVE-2023-35943
- CVE-2023-35944

[1.6.2-1]
- CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11
- Add all modules to registry-image-helper
- update yq to 4.x

[1.6.1-9]
- Updated the CVE ID's in Istio-1.16.4 changelog entry

[1.6.1-8]
- Update Istio config to include 1.15.7 to support upgrade from 1.5.x to 1.6.x

[1.6.1-7]
- Bugfix:Append a slash in oci-instance-metada query url

[1.6.1-6]
- Fixed helm installation in OLCNE upgrade

[1.6.1-5]
- Deprecate oci-private-key <path-on-control-plane-nodes> in favour of oci-private-key-file <path-on-operatpr-node>
- Updated olcne_version argument in olcnectl provision to support <major.minor.patch>

[1.6.1-4]
- Update Istio version to 1.16.4 to address CVE's
- CVE-2023-27496
- CVE-2023-27488
- CVE-2023-27493
- CVE-2023-27492
- CVE-2023-27491
- CVE-2023-27487

[1.6.1-3]
- Resolved the issue to install multiple network cards using multus

[1.6.1-2]
- Update kubelet for upstream runc misc cgroups patch

[1.6.1-1]
- Fix the bug olcnectl provision fails if ol8_developer does not exist

[1.6.0-4]
- Removed PodSecurityPolicy from the Grafana Helm chart due to the removal of the API in Kubernetes 1.25
- Fixed an issue where creating an instance of the Istio module without Helm already installed would fail

[1.6.0-3]
- Move template to olcne-api-server and provide default calico config

[1.6.0-2]
- Update KubeVirt version to 0.58.0

[1.6.0-1]
- Update Kubernetes version to 1.25.7
- Update Helm version to 3.11.1
- Update Istio version to 1.16.2
- Add Calico CNI 3.25
- Add Multus CNI 3.9.3
- Technical preview for KubeVirt 0.52.0
- Technical preview for Rook 1.10.9
- Add subcommand to olcnectl that lists version information for modules
- Add support for --control-plane-nodes argument to the Kubernetes module for specifying control plane nodes
- olcnectl provision can now update existing module instances
- Deprecate Helm module in favor of automatically installing Helm with Kubernetes
- Deprecate --master-nodes argument to the Kubernetes module
- Deprecate Kata container runtime
- Deprecate Flannel CNI
- Deprecate GlusterFS CSI Driver

[1.5.11-1]
- Expose metrics endpoints for kube-system services
- Support installation with or without firewalld running
- Open port 9100 on nodes when installing Kubernetes module
- Make disable swap persist after reboot of control plane node

[1.5.10-2]
- Update istio to 1.15.3 to address Istio CVE-2022-392787

[1.5.9-1]
- Fix a regression during provisioning where arguments for the externalip restriction webhook are handled incorrectly

[1.5.8-4]
- Fix 1.21 kubernetes version to align with last upstream release

[1.5.8-3]
- Increase timeout value for update module

[1.5.8-2]
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.22
- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21

[1.5.8-1]
- Improve error reporting and logging when using olcnectl provision
- Environment creation is now idempotent

[1.5.7-6]
- Unpinned podman for OL7

[1.5.7-5]
- Updated the kubernetes-dashboard version to v2.5.1 in the registry-image-helper.sh script for kubernetes-1.24.5

[1.5.7-4]
- Upgraded helm-3.7.1 to 3.9.4

[1.5.7-3]
- Resolved kubernetes-1.22.14 upgrade issue

[1.5.7-1]
- Upgrade Kubernetes to 1.24.5
- Upgrade Istio to 1.14.3
- Update OCI-CCM to 1.24.0 for kubernetes 1.24
- Update kubernetes-dashboard to v2.5.1
- Added support for custom profiles to the Istio module
- Added support for multiple instances of the Istio module with independent profiles
- Implemented automation within olcnectl for provisioning of Platform components
and modules for existing compute resources

[1.5.6-1]
- Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14
- Resolve Kubernetes CVE-2022-3172 for version 1.21
- Resolve Kubernetes CVE-2022-3172 for version 1.22
- Resolve Kubernetes CVE-2022-3172 for version 1.23

[1.5.5-1]
- Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045

[1.5.4-3]
- Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over

[1.5.4-2]
- Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227

[1.5.4-1]
- Upgrade Kubernetes to 1.23.7

[1.5.3-1]
- Address qemu CVE-2022-26353, CVE-2021-3748

[1.5.2-1]
- Excluded unnecessary directories from k8s backup files

[1.5.1-1]
- Fixed the bug in fetching node metadata for non-cloud nodes

[1.5.0-2]
- Upgrade Helm to 3.7.1-2

[1.5.0-2]
- fix null pointer exception in systemd service state validation

[1.5.0-1]
- Introduce support for compact Kubernetes clusters
- Introduce MetalLB
- Introduce Oracle Cloud Infrastructure Cloud Controller Manager
- Improved log messages in Platform API Server and Platform Agent
- Upgrade Kubernetes to 1.22.8
- Upgrade Istio to 1.13.2
- Renamed the oci-csi module to oci-ccm

[1.5.0-20.alpha]
- Update istio-1.13.2 grafana to 7.5.15

[1.5.0-14.alpha]
- Metallb fix

[1.5.0-11.alpha]
- Remove module directories when olcne rpm is uninstalled

[1.5.0-10.alpha]
- OCI CCM 0.13.0

[1.5.0-9.alpha]
- Reworked log messages

[1.5.0-8.alpha]
- Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6)

[1.5.0-7.alpha]
- Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15)

[1.5.0-6.alpha]
- Update to k8s 1.22 with golang 1.17

[1.5.0-5.alpha]
- Update internal docs for oci-ccm module

[1.5.0-4.alpha]
- Extend oci-ccm module to support load balancer

[1.5.0-3.alpha]
- Firewall pre-req

[1.5.0-2.alpha]
- Ensure that config map settings needed by metallb is preserved during k8s upgrade

[1.5.0-1.alpha]
- Metallb module

[1.4.1-14]
- Added 1.4 extra images to registry-image-helper.sh script

[1.4.1-13]
- Update sudoers file and changed its permissions to '0440'

[1.4.1-12]
- Update olcne-kubernetes.md file for 'compact' flag

[1.4.1-11]
- Ensure that the order of items in an upgraded config file is stable with respect to the original file

[1.4.1-10]
- Ensure that old olcnectl config files are upgraded

[1.4.1-9]
- Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation

[1.4.1-8]
- Make 'compact' flag updatable

[1.4.1-7]
- Introduce 'compact' that enables control-plane nodes to run any workloads

[1.4.1-6]
- Ability to label 1 or more kubernetes nodes

[1.4.1-5]
- Fixed a bug where specifying a port in the container-registry argument
to the Kubernetes module would result in pods not being able to start.

[1.4.1-4]
- Update helm to 3.7.1

[1.4.1-3]
- Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11

[1.4.1-2]
- Allow loadbalancer to be configured regardless of security list mode

[1.4.0-4]
- Fix bug in initialising certs manager when environment name not mentioned

[1.4.0-3]
- Fix bug in fetching report for multi-environment

[1.4.0-2]
- Pause image is 3.4.1

[1.4.0-1]
- CSI plugin
- Reports feature
- Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade
- Istio-1.9.4 to Istio-1.11.4 upgrade
- Component upgrades
- Config file feature

[1.3.0-13]
- Fix iptables issue when running on OL7 host using OL8 image

[1.3.0-12]
- Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007

[1.3.0-11]
- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]

[1.3.0-10]
- Fixed missing double semicolon in registry image helper

[1.3.0-9]
yq
[4.34.1-4]
- Update Golang to 1.20.12 to address CVE-2023-39326

[4.34.1-3]
- address CVE-2023-44487 and CVE-2023-3932A

[4.34.1-2]
- Add support for ARM build

[4.34.1-1]
- Added Oracle specific build files