v1.12.0

OS Changes

• Disable strict aliasing for c-utf-8 library strict aliasing in dbus-broker (#2730)
• Add /sys/firmware to privileged mounts in host-ctr (#2714)
• Use user-provided registry credentials for public.ecr.aws in host-ctr (#2676)
• Build masked paths list dynamically in host-ctr (#2637)
• Enable EFI option in systemd (#2714)
• Allow simple enums as map keys in datastore (#2687)
• Improve reliability of settings.network.hostname generator (#2647)
• Add support for bonding and VLANS in net.toml (#2596)
• Keep only one intermediate datastore during migration (#2589)
• Widen access to filesystem relabel in SELinux policy (#2738)
• Update hotdog to 1.05 (#2728)
• Update systemd to 250.9 (#2718)
• Update third party packages and dependencies (#2588, #2717)
• Update host containers (#2739)
• Update eksd (#2690, #2693, #2694, thanks @rcrozean)

Orchestrator Changes

Kubernetes

• Add support for Kubernetes 1.25 variants (#2699)
• Allow access to public kubelet certificates (#2639)
• During kubelet prestart, skip pause image pull if image exists (#2587)
• Delay kubelet.service until after warm-pool-wait service runs (#2562)
• Add OCI default spec and settings to containerd (#2697)

Platform Changes

VMware

• Downgrade iopl warning when fetching guestinfo in early-boot-config (#2732)

Build Changes

• Treat alias warning as errors (#2730)
• Suppress "missing changelog" warning in build (#2730)
• Update Bottlerocket SDK version to 0.29.0 (#2730)
• Improve error messages for publish-ami command (#2695)
• Disallow private AMIs in public SSM parameters (#2680)
• Rework start-local-vm image selection to use latest symlink (#2696)
• Improve integration testing through cargo make test (#2560, #2592, #2618, #2646, #2653, #2683, #2674, #2723, #2724, #2725)

v1.11.1

Security Fixes

• Update NVIDIA driver for 5.10 and 5.15 to include recent security fixes (74d2c5c, 64f3967)
• Apply patch to systemd for CVE-2022-3821 (#2611)

v1.11.0

OS Changes

• Prevent a panic in early-boot-config when there is no IMDS region (#2493)
• Update grub to 2.06-42 (#2503)
• Bring back wicked support for matching interfaces via hardware address (#2519)
• Allow bootstrap containers to manage swap (#2537)
• Add systemd-analyze commands to troubleshooting log collection tool (#2550)
• Allow bootstrap containers to manage network configuration (#2558)
• Serialize bootconfig values correctly when the value is empty (#2565)
• Update zlib, libexpat, libdbus, docker-cli (#2583)
• Update host containers (#2574)
• Unmask /sys/firmware from host containers (#2573)

Orchestrator Changes

ECS

• Add additional ECS API configurations (#2527)
  • ECS_CONTAINER_STOP_TIMEOUT
  • ECS_ENGINE_TASK_CLEANUP_WAIT_DURATION
  • ECS_TASK_METADATA_RPS_LIMIT
  • ECS_RESERVED_MEMORY

Kubernetes

• Add a timeout when calling EKS for configuration values (#2566)
• Enable IAM Roles Anywhere with the k8s ecr-credential-provider plugin (#2377, #2553)
• Kubernetes EKS-D updates
  • v1.24.6 (#2582)
  • v1.23.13 (#2578)
  • v1.22.15 (#2580, #2490)

Platform Changes

AWS

• Add driver support for AWS variants in hybrid environments (#2554)

Build Changes

• Add support for publishing to AWS organizations (#2484)
• Remove unnecessary dependencies when building grub (#2495)
• Switch to the latest Dockerfile frontend for builds (#2496)
• Prepare foundations for Secure Boot and image re-signing (#2505)
• Fix EFI file system to fit partition size (#2528)
• Add ShellCheck to check-lints for build scripts (#2532)
• Update the SDK to v0.28.0 (#2543)
• Use rustls-native-certs instead of webpki-roots (#2551)
• Handle absolute paths for output directory in kernel build script (#2563)

Documentation Changes

• Add a Roadmap markdown file (#2549)

v1.10.1

OS Changes

• Support container runtime settings: enable-unprivileged-icmp, enable-unprivileged-ports, max-concurrent-downloads, max-container-log-line-size (#2494)
• Update EKS-D to 1.22-11 (#2490)
• Update EKS-D to 1.23-6 (#2488)

v1.10.0

OS Changes

• Add optional settings to reboot into new kernel command line parameters (#2375)
• Support for static IP addressing (#2204, #2330, #2445)
• Add support for NVIDIA driver version 515 (#2455)
• Set mode for tmpfs mounts (#2473)
• Increase inotify default limits (#2335)
• Align vm.max_map_count with the EKS Optimized AMI (#2344)
• Add support for configuring DNS settings (#2353)
• Migrate netdog from serde_xml_rs to quick-xml (#2311)
• Support versioning for net.toml (#2281)
• Update admin and control container (#2471, #2472)

Orchestrator Changes

ECS

• Add cargo make tasks for testing ECS variants (#2348)

Kubernetes

• Add support for Kubernetes 1.24 variants (#2437)
• Remove Kubernetes aws-k8s-1.19 variants (#2316)
• Increase the kube-api-server QPS from 5/10 to 10/20 (#2436, thanks @tzneal)
• Update eni-max-pods with new instance types (#2416)
• Add setting to change kubelet's log level (#2460, #2470)
• Add cargo make tasks to perform migration testing for Kubernetes variants in AWS (#2273)

Platform Changes

AWS

• Disable drivers for USB-attached network interfaces (#2328)

Metal

• Add driver support for Solarflare, Pensando, Myricom, Huawei, Emulex, Chelsio, Broadcom, AMD and Intel 10G+ network cards (#2379)

Build Changes

• Extend external-files to vendor go modules (#2378, #2403, #2430)
• Make net_config unit tests reusable across versions (#2385)
• Add diff-kernel-config to identify kernel config changes (#2368)
• Extended support for variants in buildsys (#2339)
• Clarify crossbeam license (#2447)
• Honor BUILDSYS_ARCH and BUILDSYS_VARIANT env variables when set (#2425)
• Use architecture specific json payloads in unit tests (#2367, #2363)
• Add unified check target in Makefile.toml for review readiness (#2384)
• Update Go dependencies of first-party go projects (#2424, #2440, #2450, #2452, #2456)
• Update Rust dependencies (#2458, #2476)
• Update third-party packages (#2397, #2398, #2464, #2465, thanks @kschumy)
• Update Bottlerocket SDK to 0.27.0 (#2428)
• Migrate pubsys and infrasys to the AWS SDK for Rust (#2414, #2415, #2454)
• Update testsys dependencies (#2392)
• Fix hotdog's spec URL to the correct upstream link (#2326)
• Fix clippy warnings and enable lints on pull requests (#2337, #2346, #2443)
• Format issue field in PR template (#2314)

Documentation Changes

• Update checksum for new root.json (#2405)
• Mention that boot settings are available in Kubernetes 1.23 variants (#2358)
• Mention the need for AWS credentials in BUILDING.md and PUBLISHING-AWS.md (#2334)
• Add China to supported regions lists (#2315)
• Add community section to README.md (#2305, #2383)
• Standardize userdata.toml as the filename used in different docs (#2446)
• Remove commit from image name in PROVISIONING-METAL.md (#2312)
• Add note to CONTRIBUTING.md that outlines filenames' casing (#2306)
• Fix typos in Makefile.toml, QUICKSTART-ECS.md, QUICKSTART-EKS.md, netdog and prairiedog (#2318, thanks @kianmeng)
• Fix casing for GitHub and VMware in CHANGELOG.md (#2329)
• Fix typo in test setup command (#2477)
• Fix TESTING.md link typo (#2438)
• Fix positional fetch-license argument (#2457)

v1.9.2

Build Changes

• Archive old migrations (#2357)
• Update runc to version 1.1.4 (#2380)

v1.9.1

OS Changes

• Change kernel module compression from zstd to xz (#2323)
• Update ECR registry map for new AWS regions (#2336)
• Add new regions to pause registry map (#2349)
• Update tough to v0.8.1 (#2338)

v1.9.0

OS Changes

• SELinux policy now suppresses audit for tmpfs relabels (#2222)
• Restrict permissions for /boot and System.map (#2223)
• Remove unused crates growpart and servicedog (#2238)
• New mount in host containers for system logs (#2295)
• Apply strict mount options and enforce execution rules (#2239)
• Switch to a more commonly used syntax for disabling kernel config settings (#2290)
• Respect proxy settings when running setting generators (#2227)
• Add NET_CAP_ADMIN to bootstrap containers (#2266)
• Reduce log output for DHCP services (#2260)
• Fix invalid kernel config options (#2269)
• Improve support for container storage mounts (#2240)
• Disable uncommon filesystems and network protocols (#2255)
• Add support for blocking kernel modules (#2274)
• Fix ntp service restart when settings change (#2270)
• Add kernel 5.15 sources (#2226)
• Defer squashfs mounts to later in the boot process (#2276)
• Improve boot speed and rootfs size (#2296)
• Add "quiet" kernel parameter for some variants (#2277)

Orchestrator Changes

Kubernetes

• Make new instance types available (#2221 , thanks @cablespaghetti)
• Update Kubernetes versions (#2230, #2232, #2262, #2263, thanks @kschumy)
• Add kubelet image GC threshold settings (#2219)

ECS

• Add iptables rules for ECS introspection server (#2267)

Platform Changes

AWS

• Add support for AWS China regions (#2224, #2242, #2247, #2285)
• Migrate to using aws-sdk-rust for first-party OS Rust packages (#2300)

VMWare

• Remove console=ttyS0 from kernel params (#2248)

Metal

• Enable Mellanox modules in 5.10 kernel (#2241)
• Add bnxt module for Broadcom 10/25Gb network adapters in 5.10 kernel (#2243)
• Split out baremetal specific config options (#2264)
• Add driver support for Cisco UCS platforms (#2271)
• Only build baremetal variant specific drivers for baremetal variants (#2279)
• Enable the metal-dev build for the ARM architecture (#2272)

Build Changes

• Add Makefile targets to create and validate Boot Configuration (#2189)
• Create symlinks to images with friendly names (#2215)
• Add start-local-vm script (#2194)
• Add the testsys CLI and new cargo make tasks for testing aws-k8s variants (#2165)
• Update Rust and Go dependencies (#2303, #2299)
• Update third-party packages (#2309)

Documentation Changes

• Add NVIDIA ECS variant to README (#2244)
• Add documentation for metal variants (#2205)
• Add missing step in building packages guide (#2259)
• Add quickstart for running Bottlerocket in QEMU/KVM VMs (#2280)
• Address lints in README markdown caught by markdownlint (#2283)

v1.8.0

OS Changes

General

• Update admin and control containers (#2191)
• Update to containerd 1.6.x (#2158)
• Restart container runtimes when certificates store changes (#2076)
• Add support for providing kernel parameters via Boot Configuration (#1980)
• Restart long-running systemd services on exit (#2162)
• Ignore zero blocks on dm-verity root (#2169)
• Add support for static DNS mappings in /etc/hosts (#2129)
• Enable network configuration generation via netdog (#2066)
• Add support for non-eth0 default interfaces (#2144)
• Update to IMDS schema 2021-07-15 (#2190)

Kubernetes

• Add support for Kubernetes 1.23 variants (#2188)
• Improve Kubernetes pod start times by unsetting configMapAndSecretChangeDetectionStrategy in kubelet config (#2166)
• Add new setting for configuring kubelet's provider-id configuration (#2192)
• Add new setting for configuring kubelet's podPidsLimit configuration (#2138)
• Allow a list of IP addresses in settings.kubernetes.cluster-dns-ip (#2176)
• Set the default for settings.kubernetes.cloud-provider on metal variants to an empty string (#2188)
• Add c7g instance data for max pods calculation in AWS variants (#2107, thanks, @lizthegrey!)

ECS

• Add aws-ecs-1-nvidia variant with Nvidia driver support (#2128, #2100, #2098, #2167, #2097, #2090, #2099)
• Add support for ECS ImagePullBehavior and WarmPoolsSupport (#2063, thanks, @mello7tre!)

Hardware

• Build smartpqi driver for Microchip Smart Storage devices into 5.10 kernel (#2184)
• Add support for Broadcom ethernet cards in 5.10 kernel (#2143)
• Add support for MegaRAID SAS in 5.10 kernel (#2133)

Build Changes

• Remove aws-k8s-1.18 variant (#2044, #2092)
• Update third-party packages (#2178, #2187, #2145)
• Update Rust and Go dependencies (#2183, #2181, #2180, #2085, #2110, #2068, #2075, #2074, #2048, #2059, #2049, #2036, #2033)
• Update Bottlerocket SDK to 0.26.0 (#2157)
• Speed up kernel builds by installing headers and modules in parallel (#2185)
• Removed unused patch from Docker CLI (#2030, thanks, @thaJeztah!)

Documentation Changes

• Standardize README generation in buildsys (#2134)
• Clarify migration README (#2141)
• Fix typos in BUILDING.md and QUICKSTART-VMWARE.md (#2159, thanks, @ryanrussell!)
• Add additional documentation for using GPUs with Kubernetes variants (#2078)
• Document examples for using enter-admin-container (#2028)

v1.7.2

Security Fixes

• Update kernel-5.4 to patch CVE-2022-1015, CVE-2022-1016, CVE-2022-25636, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356 (a3b4674f7108)
• Update kernel-5.10 to patch CVE-2022-1015, CVE-2022-1016, CVE-2022-25636, CVE-2022-1048, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356 (37095415bab6)

OS Changes

• Update eni-max-pods with new instance types (#2079)
• Add support for AWS region ap-southeast-3: Jakarta (#2080)