Release 2023_012 (2023-06-05)

Impact

  • [NixOS 22.11] Most services will be restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

NixOS 23.05 platform

  • The new platform version is now available for non-production use. We will roll out the upgrade to most customer staging systems on Thursday, 2023-06-01. See Platform Upgrades & What’s New for things to consider before upgrading, significant changes and new package versions (PL-131334).

  • docker: restrict access to forwarded container ports so that they are only accessible to hosts within the same resource group, and not accessible over the public internet (PL-131042).

  • mailserver: fix permission setup for postfix queue monitoring (PL-129873).

NixOS 22.11 platform

  • Pull upstream NixOS changes, security fixes and package updates (PL-131517):

    • cacert: 3.86 -> 3.89.1

    • curl: backport 8.1.0 security fixes (CVE-2023-28320, CVE-2023-28321, CVE-2023-28322)

    • git: 2.38.4 -> 2.38.5 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)

    • gitlab: 15.11.5 -> 15.11.6

    • imagemagick: 7.1.1-8 -> 7.1.1-10

    • keycloak: 20.0.5 -> 21.1.1

    • libcap: backport 2.69 security fixes (CVE-2023-2602, CVE-2023-2603)

    • libmodsecurity: 3.0.8 -> 3.0.9

    • linux: 5.15.110 -> 5.15.113

    • matrix-synapse: 1.82.0 -> 1.84.1

    • php81: 8.1.18 -> 8.1.19

    • postgresql_11: 11.19 -> 11.20 (for all postgresql packages: CVE-2023-2454, CVE-2023-2455)

    • postgresql_12: 12.14 -> 12.15

    • postgresql_13: 13.10 -> 13.11

    • postgresql_14: 14.7 -> 14.8

    • postgresql_15: 15.2 -> 15.3

    • systemd: 251.15 -> 251.16

    • wget: 1.21.3 -> 1.21.4

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/263886/download/1/nixexprs.tar.xz

NixOS 21.05 platform

Detailed Changes