Release 2023_012 (2023-06-05)

Impact

• [NixOS 22.11] Most services will be restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

NixOS 23.05 platform

• The new platform version is now available for non-production use. We will roll out the upgrade to most customer staging systems on Thursday, 2023-06-01. See Platform Upgrades & What’s New for things to consider before upgrading, significant changes and new package versions (PL-131334).

• docker: restrict access to forwarded container ports so that they are only accessible to hosts within the same resource group, and not accessible over the public internet (PL-131042).

• mailserver: fix permission setup for postfix queue monitoring (PL-129873).

NixOS 22.11 platform

• Pull upstream NixOS changes, security fixes and package updates (PL-131517):

  • cacert: 3.86 -> 3.89.1

  • curl: backport 8.1.0 security fixes (CVE-2023-28320, CVE-2023-28321, CVE-2023-28322)

  • git: 2.38.4 -> 2.38.5 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)

  • gitlab: 15.11.5 -> 15.11.6

  • imagemagick: 7.1.1-8 -> 7.1.1-10

  • keycloak: 20.0.5 -> 21.1.1

  • libcap: backport 2.69 security fixes (CVE-2023-2602, CVE-2023-2603)

  • libmodsecurity: 3.0.8 -> 3.0.9

  • linux: 5.15.110 -> 5.15.113

  • matrix-synapse: 1.82.0 -> 1.84.1

  • php81: 8.1.18 -> 8.1.19

  • postgresql_11: 11.19 -> 11.20 (for all postgresql packages: CVE-2023-2454, CVE-2023-2455)

  • postgresql_12: 12.14 -> 12.15

  • postgresql_13: 13.10 -> 13.11

  • postgresql_14: 14.7 -> 14.8

  • postgresql_15: 15.2 -> 15.3

  • systemd: 251.15 -> 251.16

  • wget: 1.21.3 -> 1.21.4

• Production channel URL for this release: https://hydra.flyingcircus.io/build/263886/download/1/nixexprs.tar.xz

NixOS 21.05 platform

• internal changes only

• Production channel URL for this release: https://hydra.flyingcircus.io/build/263769/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 22.11: platform code, upstream changes

• NixOS 21.05: platform code