Release 2023_020 (2023-08-15)

Impact

• [NixOS 23.05] This is the first update using the new maintenance code introduced with the last release. Machines will reboot to activate the changed kernel shortly after the update maintenance activity has finished, without announcing the reboot separately. In the future, we will only explicitly mention service restarts here when there’s no reboot planned. See our new automated maintenance documentation for more details about how this works.

NixOS 23.05 platform

• Pull upstream NixOS changes, security fixes and package updates (PL-131682):

  • curl: apply patch for CVE-2023-32001

  • docker-compose: cherry-pick patches to fix starting containers using a local socket

  • github-runner: 2.306.0 -> 2.307.1

  • gitlab: 16.1.2 -> 16.1.3

  • grafana: 9.5.6 -> 9.5.7

  • imagemagick: 7.1.1-14 -> 7.1.1-15

  • linux: 6.1.41 -> 6.1.43

  • mastodon: 4.1.4 -> 4.1.6

  • matrix-synapse: 1.88.0 -> 1.89.0

  • nss_latest: 3.91 -> 3.92

  • openssl_3: apply patch for CVE-2023-2975

  • systemd: 253.5 -> 253.6

• gitlab-runner: go back to previous runner version 16.1.0 which fixes the docker executor (PL-131694).

• kubernetes/k3s: fix creation of auth token for monitoring purposes (PL-131681).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/288489/download/1/nixexprs.tar.xz

NixOS 21.05 platform

• Update CPU microcode for virtualization hosts to fix CVE-2023-20593 “Zenbleed”. This was a part of the last release and is already rolled out (PL-131656).

Detailed Changes

• NixOS 23.05: platform code, upstream changes