Dhalada 1.15.0 mar hore ayaa la sii daayay kuwana waa sifooyinkeeda cusub

Dhalo gantaal

Dhalada waa il xor ah oo furan nidaamka hawlgalka Linux ku salaysan ee loogu talagalay martigelinta weelasha.

The Soo saarista nooca cusub ee dhalo-dhalatada 1.15.0, Nooc kaas oo isbeddello kala duwan, horumarin iyo, dhammaan ka sarreeya, cusbooneysiinta xirmooyinka nidaamka kala duwan ayaa la hirgeliyay, marka lagu daro xaqiiqda ah in laga bilaabo noocaan, taageerada kabaha aaminka ah ayaa hadda lagu bixiyaa goobaha isticmaala boot UEFI, oo ay ka mid yihiin. waxyaabo kale.

Kuwa aan aqoon u lahayn dhalada, waa inaad taas ogaataa waa qaybin bixisa muuqaal nidaamka aan la qaybin atomic ah oo si toos ah loo cusboonaysiiyay oo ay ku jiraan kernel Linux iyo jawi nidaam yar oo ay ku jiraan kaliya qaybaha lagama maarmaanka u ah in lagu socodsiiyo weelasha.

Deegaanka adeegsada maamulaha nidaamka habaysan, maktabadda Glibc, Qalabka dhismaha ee Buildroot, bootloader GRUB, wakhtiga weelka go'doonsan weelka, goobta orchestration weelka Kubernetes, aws-iam auhenticator, iyo wakiilka Amazon ECS.

Farqiga ugu muhiimsan ee qaybinta la midka ah sida Fedora CoreOS, CentOS / Red Hat Atomic Host waa diiradda ugu weyn ee bixinta amniga ugu badan marka la eego xoojinta ilaalinta nidaamka ka hortagga khataraha suurtagalka ah, taas oo adkeynaysa ka faa'iidaysiga dayacanka ee qaybaha nidaamka hawlgalka iyo kordhinta go'doominta weelka.

Astaamaha ugu muhiimsan ee cusub ee Bottlerocket 1.15.0

Noocan cusub ee dhalada 1.15.0 ee la soo bandhigay, tiro badan oo cusub ayaa la hirgeliyay, kuwaas oo ka mid ah Kernel Linux, kaas oo la cusboonaysiiyay nooca 6.1, systemd kaas oo la cusbooneysiiyay nooca 252, NVIDIA-container-toolkit ilaa 1.13.5, konteenar ilaa nooca 1.6.23, glibc ilaa nooca 2.38, iyo kuwo kale.

Marka la eego isbeddelada gudaha ee noocaan dhalada 1.15.0 uu bixiyo, taageero boot sugan gudaha dhufto ee isticmaalaya U bootEFI, habaysan-shabakad iyo habaysan-xallinta ee shabakadaha martida loo yahay iyo XFS sida nidaamka faylalka kaydinta maxalliga ah rakibaadda cusub. Waxaa mudan in la xuso in sifooyinkan ay si toos ah ugu suurtagelinayaan rakibaadda cusub iyo in rakibaadda hadda jirta ay sii wadi doonaan isticmaalka kernels duug ah, sharka leh shabakadaha martida loo yahay, iyo EXT4 sida nidaamka faylka kaydinta maxaliga ah.

Taas waxa dheer, doorashooyin qaybin cusub ayaa la soo jeediyay Taageerada Kubernetes 1.28, kuwaas oo adeegsada UEFI Secure Boot, systemd-networkd iyo XFS, taas oo hadda ah taageerada duugowday ee noocyada ku saleysan Kubernetes hore 1.27.

Isbeddellada kale ee ka muuqda nooca cusub ayaa ah kuwaas lagu daray amarka "warbixinta habboon" si loo soo saaro warbixinta CIS (Xarunta Badbaadada Internetka) oo qiimaysa amniga qaabaynta. Wakiil ayaa sidoo kale lagu daray si loo xaqiijiyo u hoggaansanaanta nidaamka ee shuruudaha CIS.

Isbeddelada kale oo ka dhex muuqda noocyadan cusub:

  • Dejinta SeccompDefault ayaa lagu daray noocyo kala duwanaansho ah oo ku salaysan Kubernetes 1.25 iyo ka cusub.
  • Lagu daray aws-iam-authenticator k8s kala duwanaanshiyaha
  • Waxa ku jira kontaroolada iyo haamaha maamulka waa la cusboonaysiiyay.
  • Dejinta xadka kheyraadka ayaa lagu daray qaabka caadiga ah ee weelasha OCI.
  • Darawalka Intel VMD waa la furay
  • Kala duwanaanshiyaha qaybinta cusub "aws-ecs-2" ayaa loo soo jeediyay Adeegga Kontaynarrada Elastic ee Amazon (Amazon ECS), kaas oo adeegsada UEFI Secure Boot, systemd-networkd, iyo XFS.
  • Dhammaan qaybinta Amazon ECS hadda waxaa ku jira taageerada AppMesh.
  • Noocyada qaybinta "birta-*" (Birta Bare, si loogu shaqeeyo qalabka caadiga ah) waxaa ka mid ah darawalka Intel VMD oo ku dara xirmooyinka linux-firmware iyo aws-iam-authenticator.
  • Dhalada SDK v0.34.1 Cusbooneysii
  • Twoliter waxa loo isticmaalaa in lagu ogolaado in laga shaqeeyo meel ka baxsan geedka. Aalado badankoodu waxay u guureen Twoliter
  • Xaddid oo kaliya isdhaafsiga marka la abuurayo RPM

Ugu dambeyntii, laakiin ugu yaraan, waxaa sidoo kale la xusay in shaqeynta si loogu dabaqo balastar loogu talagalay log4j (CVE-2021-44228) laga saaray taas oo qaabeynta u dhiganta, settings.oci-hooks.log4j-hotpatch-enabled ay wali diyaar u tahay dib u noqoshada. waafaqid. Si kastaba ha ahaatee, wax saamayn ah kuma yeelanayso in lagu daabaco digniinta joojinta nidaamka diiwaanka.

ugu danbeyn hadii aad tahay xiisaynaya in aan wax badan ka ogaado, waxaad ka eegi kartaa faahfaahinta xiriirka soo socda.


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Ka mas'uul ah xogta: AB Internet Networks 2008 SL
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.