Release 2023_016 (2023-07-03)¶

Impact¶

[23.05] PostgreSQL, Opensearch Dashboards and Apache HTTPD (LAMP) will be restarted. Machines will schedule a reboot to activate the changed kernel.
[22.11] Most services will be restarted due to a core dependency change. Machines will schedule a reboot to activate the changed kernel.

postgresql: document an important schema privilege change for PostgreSQL 15 (PL-131589).
opensearch-dashboards: make sure that restarting the service works properly (PL-131484).
Pull upstream NixOS changes, security fixes and package updates (PL-131594):
- consul: 1.15.2 -> 1.15.3
- github-runner: 2.304.0 -> 2.305.0
- gitlab: 16.0.2 -> 16.0.5
- grafana: 9.5.3 -> 9.5.5, fix CVE-2023-3128
- linux: 6.1.31 -> 6.1.35
- matrix-synapse: 1.85.1 -> 1.86.0
- nodejs_16: 16.20.0 -> 16.20.1 (CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590)
- nodejs_18: 18.16.0 -> 18.16.1 (CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590)
- nodejs_20: 20.2.0 -> 20.3.1 (CVE-2023-30581, CVE-2023-30584, CVE-2023-30587, CVE-2023-30582, CVE-2023-30583, CVE-2023-30585, CVE-2023-30586, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590
- nss: 3.89.1 -> 3.90
- nss_latest: remove curve25519 support
- prometheus: 2.42.0 -> 2.44.0
Production channel URL for this release: https://hydra.flyingcircus.io/build/274351/download/1/nixexprs.tar.xz

Pull upstream NixOS changes, security fixes and package updates (PL-131594):
- cacert: 3.89.1 -> 3.90
- ffmpeg: 4.4.2 -> 4.4.4
- gitlab: 15.11.7 -> 15.11.9
- grafana: 9.4.12 -> 9.4.13, fix CVE-2023-3128
- linux: 5.15.114 -> 5.15.118
- matrix-synapse: 1.85.1 -> 1.86.0
- nss: 3.89.1 -> 3.90
- nss_latest: remove curve25519 support
- openssl: 3.0.8 -> 3.0.9
- xorg.libX11: patch CVE-2023-3138
Production channel URL for this release: https://hydra.flyingcircus.io/build/274147/download/1/nixexprs.tar.xz