Release 2024_004 (2024-02-05)#

Impact#

  • [NixOS 23.11] Machines will reboot after the update to activate the changed kernel.

NixOS 23.11 platform#

  • mailserver: protect against SMTP smuggling attacks by setting smtpd_forbid_bare_newline = normalize as recommended by the Postfix docs (PL-132051).

  • mongodb: fix telegraf metrics collection when 3.2 or 3.4 roles are enabled.

  • mongodb: allow upgrades from versions before 23.11 without the need for disabling the role during the upgrade.

  • mysql/percona: fix monitoring on secondary databases when using replication (PL-132034).

  • slurm: use task/cgroup to enforce memory limits on jobs (PL-132161, FC-35724).

  • Pull upstream NixOS changes, security fixes and package updates (PL-131814):

    • chromium: 120.0.6099.216 -> 121.0.6167.85

    • curl: apply 8.5.0 security fixes (CVE-2023-46218, CVE-2023-46219)

    • github-runner: 2.311.0 -> 2.312.0

    • gitlab-runner: 16.6.0 -> 16.7.0

    • gitlab: 16.7.3 -> 16.7.4 (CVE-2024-0402, CVE-2023-6159, CVE-2023-5933, CVE-2023-5612)

    • go: 1.21.4 -> 1.21.5

    • go_1_20: 1.20.11 -> 1.20.12

    • inetutils: 2.4 -> 2.5 (CVE-2022-39028, CVE-2019-0053)

    • jq: 1.7 -> 1.7.1

    • linux_5_15: 5.15.146 -> 5.15.148

    • mastodon: 4.2.3 -> 4.2.4

    • nss_latest: 3.96.1 -> 3.97

    • postfix: 3.8.4 -> 3.8.5

    • prometheus: 2.48.0 -> 2.49.0

    • python3Packages.pip: add patches for CVE-2023-5752

    • qemu: 8.1.3 -> 8.1.4

    • roundcube: 1.6.5 -> 1.6.6

    • vim: 9.0.2048 -> 9.0.2116

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/367651/download/1/nixexprs.tar.xz

Detailed Changes#