Release 2022_015 (2022-06-07)

Impact

• [NixOS 21.11] Most services will be restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

NixOS 21.11 platform

• antivirus: make database updates and monitoring more reliable. We now use our own clamav mirror now to avoid issues with rate-limiting by the official mirrors. For new installations, the initial database fetch is done immediately now so clamav should work right from the start (#PL-130648).

• Monitoring: adjust disk check limits when an elasticsearch role is enabled to warn when Elasticsearch reaches it watermark levels (#PL-111220).

• Pull upstream NixOS changes that include security fixes and other updates (#PL-130662):

  • clamav: 0.103.5 -> 0.103.6

  • curl: add patches for CVE-2022-27781 & CVE-2022-27782

  • grafana: fix CVE-2022-29170

  • imagemagick: 7.1.0-33 -> 7.1.0-35

  • linux: 5.10.115 -> 5.10.118

  • logrotate: fix CVE-2022-1348

  • matrix-synapse: 1.57.0 -> 1.59.1

  • podman: add patch for CVE-2022-27649

  • postgresql_10: 10.20 -> 10.21

  • postgresql_11: 11.15 -> 11.16

  • postgresql_12: 12.10 -> 12.11

  • postgresql_13: 13.6 -> 13.7

  • postgresql_14: 14.2 -> 14.3

• Production channel URL for this release: https://hydra.flyingcircus.io/build/164566/download/1/nixexprs.tar.xz

NixOS 21.05 platform

• Elasticsearch: add dummy option services.elasticsearch.single_node which does nothing on 21.05 but is required on 21.11. On 21.11, the option has true as default which breaks multi-node clusters on upgrade. Make sure to set the option to false on 21.05 before upgrading such clusters! (#PL-130608).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/164448/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 21.11: platform code, upstream changes

• NixOS 21.05: platform code