Release 2024_029 (unreleased)¶
Impact¶
24.05:
most core services will be restarted
some machines receive a new kernel and will schedule a maintenance reboot
NixOS 24.05 platform¶
postgresql: the script for verifying/updating collation versions on service start now works correctly with special database names that need “quoting” in SQL statements (PL-133030).
webproxy: The
default.vcl
configuration mechanism for varnish is here to stay. We decided to un-deprecate this as it is useful and we will be integrating it with the newer mechanism in the near future (PL-132174).This platform release includes a very new Linux kernel release (6.11) that gets activated in our DEV and WHQ locations as well as on all non-production VMs. Selected production VMs will be updated as well . However, customers affected by this on a production VM will be notified individually with an in-depth briefing. This Linux release includes a fix for a bug that has been stopping us from updating past the 5.15 LTS branch since last year – but 5.15 is considered ancient by now. The upstream developers are confident that this release fixes the bug and will provide a backport to an LTS release at a later point. However, due to the shy nature of the bug our part in fixing it is to help gather evidence that this bug does not reappear. We expect to be running this for at least 4-8 weeks for valid evidence (PL-132972).
Pull upstream NixOS changes, security fixes and package updates (PL-133043):
asterisk: 20.9.2 -> 20.9.3
cacert: 3.101 -> 3.104
calibre: add patches for CVE-2024-6781, CVE-2024-6782, CVE-2024-7008, CVE-2024-7009
chromedriver: 129.0.6668.58 -> 129.0.6668.70
clamav: 1.3.1 -> 1.3.2
curl: apply patch for CVE-2024-8096
element-web: 1.11.77 -> 1.11.79
grafana: 10.4.8 -> 10.4.9 (CVE-2024-8118)
k3s_1_28: 1.28.12+k3s1 -> 1.28.13+k3s1
k3s_1_29: 1.29.7+k3s2 -> 1.29.8+k3s1
k3s_1_30: 1.30.3+k3s1 -> 1.30.4+k3s1
k3s_1_31: init 1.31.0+k3s1
mastodon: 4.2.12 -> 4.2.13
matrix-synapse: 1.114.0 -> 1.116.0
nss_latest: 3.104 -> 3.105
php81: 8.1.29 -> 8.1.30 (CVE-2024-8927, CVE-2024-9026, CVE-2024-8925)
php82: 8.2.23 -> 8.2.24 (CVE-2024-8927, CVE-2024-9026, CVE-2024-8925)
php83: 8.3.11 -> 8.3.12 (CVE-2024-8927, CVE-2024-9026, CVE-2024-8925)
python39: 3.9.19 -> 3.9.20
python310: 3.10.14 -> 3.10.15
python312: 3.12.4 -> 3.12.5
python3Packages.urllib3: 2.2.1 -> 2.2.2
ruby: 3.3.4 -> 3.3.5
runc: 1.1.12 -> 1.1.14
slurm: 23.11.9.1 -> 23.11.10.1
strace: 6.10 -> 6.11
tcpdump: 4.99.4 -> 4.99.5
unifi7: mark insecure due to CVE-2024-42025
unifi8: 8.1.127 -> 8.4.62
vim: 9.1.0377 -> 9.1.0707
The default.vcl configuration mechanism for varnish is here to stay. We decided to un-deprecate this as it is useful and we will be integrating it with the newer mechanism in the near future. (PL-132174)
NixOS 23.11 platform¶
nothing yet
NixOS 23.05 platform¶
nothing yet
NixOS 22.11 platform¶
nothing yet
NixOS 22.05 platform¶
nothing yet
NixOS 21.11 platform¶
nothing yet
NixOS 21.05 platform¶
nothing yet
NixOS 20.09 platform¶
nothing yet
NixOS 15.09 platform¶
nothing yet
Gentoo platform¶
nothing yet
Documentation¶
nothing yet