diff --git a/docs/releases/1.16-NOTES.md b/docs/releases/1.16-NOTES.md index 28669e8b9b3d2..5b7727660988b 100644 --- a/docs/releases/1.16-NOTES.md +++ b/docs/releases/1.16-NOTES.md @@ -1,5 +1,20 @@ ## Release notes for kops 1.16 series +# Significant changes + +* To address the [issue](https://github.com/kubernetes/kubernetes/issues/91507) of IPv4 only clusters being susceptible to MitM attacks via IPv6 rogue router advertisements, the affected components have been upgraded as follows: + * Docker version 19.03.11 - [CVE-2020-13401](https://github.com/docker/docker-ce/releases/v19.03.11) (optional) + * CNI plugins 0.8.6 - [CVE-2020-10749](https://github.com/containernetworking/plugins/releases/tag/v0.8.6) + * Calico 3.9.6 - [CVE-2020-13597](https://docs.projectcalico.org/archive/v3.9/release-notes/) + * Weave Net 2.6.5 + +* If upgrading from 1.11 or earlier, please see the notes in previous releases + about upgrading through kubernetes 1.12, with the etcd3 upgrade. + +* A new component runs on the master nodes now: kops-controller. + kops-controller currently labels nodes, but will likely perform additional + functionality in future releases. + # Breaking changes * Support for Docker versions 1.11, 1.12 and 1.13 has been removed because of the [dockerproject.org shut down](https://www.docker.com/blog/changes-dockerproject-org-apt-yum-repositories/). Those affected must upgrade to a newer Docker version. @@ -11,15 +26,6 @@ GCE or OpenStack your (non-master) nodes may not have labels applied correctly. -# Significant changes - -* If upgrading from 1.11 or earlier, please see the notes in previous releases - about upgrading through kubernetes 1.12, with the etcd3 upgrade. - -* A new component runs on the master nodes now: kops-controller. - kops-controller currently labels nodes, but will likely perform additional - functionality in future releases. - # Required Actions * If either a Kops 1.16 alpha release or a custom Kops build was used on a cluster, diff --git a/docs/releases/1.17-NOTES.md b/docs/releases/1.17-NOTES.md index 22fe3749c0f39..12bef2207d000 100644 --- a/docs/releases/1.17-NOTES.md +++ b/docs/releases/1.17-NOTES.md @@ -2,7 +2,11 @@ # Significant changes -* The default Docker version has been changed to 19.03.4. Optional support for Docker 19.03.8 has been added and will be the default in future versions. Enable by setting `spec.docker.version: 19.03.8`. +* To address the [issue](https://github.com/kubernetes/kubernetes/issues/91507) of IPv4 only clusters being susceptible to MitM attacks via IPv6 rogue router advertisements, the affected components have been upgraded as follows: + * Docker version 19.03.11 - [CVE-2020-13401](https://github.com/docker/docker-ce/releases/v19.03.11) + * CNI plugins 0.8.6 - [CVE-2020-10749](https://github.com/containernetworking/plugins/releases/tag/v0.8.6) + * Calico 3.13.4 - [CVE-2020-13597](https://docs.projectcalico.org/archive/v3.13/release-notes/) + * Weave Net 2.6.5 * The default instance type for AWS has been changed to t3.medium. This should provide better performance and reduced costs in clusters where the average CPU usage is low. diff --git a/docs/releases/1.18-NOTES.md b/docs/releases/1.18-NOTES.md index 1eebc020f039e..48cd9d4100201 100644 --- a/docs/releases/1.18-NOTES.md +++ b/docs/releases/1.18-NOTES.md @@ -4,7 +4,11 @@ # Significant changes -* The default Docker version has been changed to 19.03.11. +* To address the [issue](https://github.com/kubernetes/kubernetes/issues/91507) of IPv4 only clusters being susceptible to MitM attacks via IPv6 rogue router advertisements, the affected components have been upgraded as follows: + * Docker version 19.03.11 - [CVE-2020-13401](https://github.com/docker/docker-ce/releases/v19.03.11) + * CNI plugins 0.8.6 - [CVE-2020-10749](https://github.com/containernetworking/plugins/releases/tag/v0.8.6) + * Calico 3.13.4 - [CVE-2020-13597](https://www.projectcalico.org/security-bulletins/) + * Weave Net 2.6.5 * Support for [RHEL 8](../operations/images.md#rhel-8) and [CentOS 8](../operations/images.md#centos-8) has been added.