Release 2022_015 (2022-06-07)

Impact

  • [NixOS 21.11] Most services will be restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

NixOS 21.11 platform

  • antivirus: make database updates and monitoring more reliable. We now use our own clamav mirror now to avoid issues with rate-limiting by the official mirrors. For new installations, the initial database fetch is done immediately now so clamav should work right from the start (#PL-130648).

  • Monitoring: adjust disk check limits when an elasticsearch role is enabled to warn when Elasticsearch reaches it watermark levels (#PL-111220).

  • Pull upstream NixOS changes that include security fixes and other updates (#PL-130662):

    • clamav: 0.103.5 -> 0.103.6

    • curl: add patches for CVE-2022-27781 & CVE-2022-27782

    • grafana: fix CVE-2022-29170

    • imagemagick: 7.1.0-33 -> 7.1.0-35

    • linux: 5.10.115 -> 5.10.118

    • logrotate: fix CVE-2022-1348

    • matrix-synapse: 1.57.0 -> 1.59.1

    • podman: add patch for CVE-2022-27649

    • postgresql_10: 10.20 -> 10.21

    • postgresql_11: 11.15 -> 11.16

    • postgresql_12: 12.10 -> 12.11

    • postgresql_13: 13.6 -> 13.7

    • postgresql_14: 14.2 -> 14.3

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/164566/download/1/nixexprs.tar.xz

NixOS 21.05 platform

  • Elasticsearch: add dummy option services.elasticsearch.single_node which does nothing on 21.05 but is required on 21.11. On 21.11, the option has true as default which breaks multi-node clusters on upgrade. Make sure to set the option to false on 21.05 before upgrading such clusters! (#PL-130608).

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/164448/download/1/nixexprs.tar.xz

Detailed Changes