Release 2024_013 (2024-04-23)

Impact

• [NixOS 23.11] Machines will reboot after the update to activate the changed kernel.

NixOS 23.11 platform

• lamp role: support for php-8.3. Introduces new package lamp_php83.

• mysql/percona: add percona81 role.

• tideways_module: 5.5.14 -> 5.7.4 (for php-8.3 support)

• Clean up the location-specific nameservers: instead of using multiple machine-specific addresses, we now only select a single IP which corresponds to a highly available virtual IP on our routers. This reduces the potential for inconsistent settings that may result in sub-optimal performance on some applications, like nginx resolvers (PL-132394).

• Pull upstream NixOS changes, security fixes and package updates (PL-132372):

  • apacheHttpd: 2.4.58 -> 2.4.59 (CVE-2024-27316, CVE-2024-27316 and CVE-2023-38709)

  • chromedriver: 123.0.6312.86 -> 123.0.6312.122

  • coreutils: apply patch for CVE-2024-0684

  • curl: apply patches for CVE-2024-2398 and CVE-2024-2004

  • element-web: 1.11.61 -> 1.11.64

  • firefox: 124.0.1 -> 124.0.2

  • gitlab-container-registry: 3.90.0 -> 3.92.0

  • gitlab-runner: 16.9.1 -> 16.10.0

  • gitlab: 16.9.3 -> 16.10.2

  • go: 1.21.8 -> 1.21.9

  • libressl: 3.8.2 -> 3.8.4

  • linux_5_15: 5.15.152 -> 5.15.155

  • matrix-synapse: 1.103.0 -> 1.104.0

  • nodejs_21: 21.6.2 -> 21.7.2

  • openjpeg: 2.5.0 -> 2.5.2

  • php81: 8.1.27 -> 8.1.28 (CVE-2024-2756, CVE-2024-3096)

  • php82: 8.2.17 -> 8.2.18 (CVE-2024-2756, CVE-2024-3096)

  • php83: 8.3.4 -> 8.3.6 (CVE-2024-2756, CVE-2024-2757, CVE-2024-3096)

  • podman: add patch for CVE-2024-1753

  • python310: 3.10.13 -> 3.10.14

  • systemd: 254.6 -> 254.10

  • webkitgtk: 2.42.5 → 2.44.0

• Production channel URL for this release: https://hydra.flyingcircus.io/build/410766/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 23.11: platform code, nixpkgs/upstream changes