Release 2024_024 (2024-08-05)

Impact

• [NixOS 24.05] Machines will reboot after the update to activate the changed kernel.

NixOS 24.05 platform

• antivirus: the Sensu monitoring check now only warns about stale ClamAV data files after 26 hours, to prevent spurious warnings from machines which have a delayed update job for load spreading purposes (PL-132844).

• flyingcircus.roles.mailserver now works in the devhost environment (PL-132682).

• opensearch: single-node clusters will now enter maintenance without checking if the cluster health is in the green state (PL-132797).

• Pull upstream NixOS changes, security fixes and package updates (PL-132838):

  • apacheHttpd: 2.4.61 -> 2.4.62

  • bind: 9.18.27 -> 9.18.28 (CVE-2024-1975, CVE-2024-4076, CVE-2024-1737, CVE-2024-0760)

  • chromedriver: 126.0.6478.126 -> 126.0.6478.182

  • chromium: 126.0.6478.126 -> 126.0.6478.182

  • consul: 1.18.2 -> 1.18.3

  • discourse: 3.2.3 -> 3.2.4 (CVE-2024-38360)

  • element-web: 1.11.70 -> 1.11.71

  • go: 1.22.4 -> 1.22.5

  • grafana: 10.4.5 -> 10.4.6

  • imagemagick: 7.1.1-32 -> 7.1.1-35

  • linux_5_15: 5.15.162 -> 5.15.163

  • mariadb: 10.5.25, 10.6.18, 10.11.8, 11.0.6

  • matrix-synapse: 1.110.0 -> 1.111.0

  • nix: 2.18.4 -> 2.18.5

  • nodejs_18: 18.20.3 -> 18.20.4

  • nodejs_20: 20.12.2 -> 20.15.1

  • nodejs_22: 22.3.0 -> 22.4.1

  • nss_latest: 3.101.1 -> 3.102

  • openssl: fix CVE-2024-5535

  • qemu: 8.2.5 -> 8.2.6 (CVE-2024-4467)

  • strace: 6.9 -> 6.10

• Production channel URL for this release: https://hydra.flyingcircus.io/build/468815/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 24.05: platform code, nixpkgs/upstream changes