Release 2024_010 (2024-03-19)

Impact

• NixOS 23.11: Machines will reboot after the update to activate the changed kernel.

NixOS 23.11 platform

• lamp/httpd: Fix a regression that log files from /var/log/httpd are periodically deleted (PL-132312) This was released on 2024-03-14 as hotfix to staging/production.

• libmodsecurity: update to the latest upstream version 3.0.12 (PL-132307).

• gitlab: Increase default max-age validity period of HTTP Strict Transport Security to 2 years. This functionality has proven to be unproblematic during its initial rollout phase with a much shorter period (PL-132203).

• Pull upstream NixOS changes, security fixes and package updates (PL-132298):

  • cacert: 3.95 -> 3.98

  • chromedriver: 122.0.6261.69 -> 122.0.6261.94

  • chromium: 122.0.6261.69 -> 122.0.6261.111

  • dnsmasq: 2.89 -> 2.90 (CVE-2023-50387, CVE-2023-50868)

  • element-web: 1.11.58 -> 1.11.59

  • firefox: 123.0 -> 123.0.1

  • go: 1.21.5 -> 1.21.6

  • imagemagick: 7.1.1-27 -> 7.1.1-29

  • linux_5_15: 5.15.149 -> 5.15.151

  • matrix-synapse: 1.101.0 -> 1.102.0

  • nix: patch CVE-2024-27297

  • nodejs_18: 18.18.2 -> 18.19.1

  • nodejs_20: 20.10.0 -> 20.11.1

  • nodejs_20: 20.9.0 -> 20.10.0

  • nodejs_21: 21.2.0 -> 21.6.2

  • openjpeg: 2.5.0 -> 2.5.2

  • phpPackages.composer: 2.6.6 -> 2.7.1 (CVE-2024-24821)

  • percona80: 8.0.35-27 -> 8.0.36-28

  • postfix: 3.8.5 -> 3.8.6

  • python311: 3.11.6 -> 3.11.8

  • python312: 3.12.1 -> 3.12.2

• Production channel URL for this release: https://hydra.flyingcircus.io/build/396897/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 23.11: platform code, nixpkgs/upstream changes