Version 1.16 change log (unsupported as of 31 January 2021)

Version 1.16 is unsupported. You can review the following archive of 1.16 change logs.

Change log for master fix pack 1.16.15_1557, released 19 January 2021

The following table shows the changes that are in the master fix pack patch update 1.16.15_1557. Master patch updates are applied automatically.

Changes since version 1.16.15_1556
Component	Previous	Current	Description
Cluster health image	v1.1.13	v1.1.16	Updated image to implement additional IBM security controls.
Gateway-enabled cluster controller	1184	1195	Updated image for CVE-2020-1971.
GPU device plug-in and installer	adcae42	4d3b934f	Updated image for CVE-2020-27350, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-1971, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286.
IBM Calico extension	556	567	Updated image for CVE-2020-1971 and CVE-2020-24659.
IBM Cloud File Storage for Classic plug-in and monitor	384	385	Updated image for CVE-2020-1971 and CVE-2020-24659.
Key Management Service provider	v1.0.5	v1.0.7	Fixed bug to ignore conflict errors during KMS secret re-encryption. Updated to use `Go` version 1.15.5. Updated image for CVE-2020-1971.
Kubernetes	N/A	N/A	Updated to implement additional IBM security controls.
Load balancer and load balancer monitor for IBM Cloud Provider	1004	1078	Updated image for CVE-2020-1971.

Change log for worker node fix pack 1.16.15_1557, released 18 January 2021

The following table shows the changes that are in the worker node fix pack 1.16.15_1557. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.15_1555
Component	Previous	Current	Description
Ubuntu 16.04 packages	4.4.0-197-generic	4.4.0-200-generic	Updated worker node image with kernel and package updates for CVE-2018-20482, CVE-2019-9923, CVE-2020-28374, CVE-2020-29361 external}, and CVE-2020-29362 external}.
Ubuntu 18.04 packages	4.15.0-128-generic	4.15.0-132-generic	Updated worker node image with kernel and package updates for CVE-2018-20482, CVE-2019-9923, CVE-2020-28374, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2021-1052, CVE-2021-1053, and CVE-2019-19770.

Change log for master fix pack 1.16.15_1556, released 6 January 2021

The following table shows the changes that are in the master fix pack patch update 1.16.15_1556. Master patch updates are applied automatically.

Changes since version 1.16.15_1554
Component	Previous	Current	Description
IBM Calico extension	544	556	Updated image to include the `ip` command.
IBM Cloud File Storage for Classic plug-in	N/A	N/A	Updated to run with a privileged security context.
Operator Lifecycle Manager	0.14.1-IKS-1	0.14.1-IKS-2	Updated image for CVE-2020-1971 and CVE-2020-28928.

Change log for worker node fix pack 1.16.15_1555, released 21 December 2020

The following table shows the changes that are in the worker node fix pack 1.16.15_1555. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.15_1554
Component	Previous	Current	Description
Ubuntu 16.04 packages	N/A	N/A	Updated worker node image with package updates for: CVE-2020-1971, CVE-2020-27350, CVE-2020-27351, CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286.
Ubuntu 18.04 packages	4.15.0-126-generic	4.15.0-128-generic	Updated worker node image with kernel and package updates for: CVE-2020-1971, CVE-2020-27350, CVE-2020-27351, CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286.
Ephemeral storage reservations	N/A	N/A	Reserve local ephemeral storage to prevent workload evictions.
HAProxy	db4e6d	9b2dca	Image update for CVE-2020-1971 and CVE-2020-24659.

Change log for master fix pack 1.16.15_1554, released 14 December 2020

The following table shows the changes that are in the master fix pack patch update 1.16.15_1554. Master patch updates are applied automatically.

Changes since version 1.16.15_1552
Component	Previous	Current	Description
Gateway-enabled cluster controller	1105	1184	Updated to use `Go` version 1.15.5. Updated image to implement additional IBM security controls.
GPU device plug-in and installer	c7a8cf7	adcae42	Updated the GPU drivers to version 450.80.02. Updated image for CVE-2020-28367, CVE-2020-28366, and CVE-2020-28362. Updated image to implement additional IBM security controls.
IBM Calico extension	378	544	Updated to use the universal base image (UBI) and to use `Go` version 1.15.5. Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic monitor	379	384	Updated to use `Go` version 1.15.5 and to run as a non-root user. Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic plug-in	379	384	Updated to use `Go` version 1.15.5 and to run with a least privileged security context. Updated image to implement additional IBM security controls.
IBM Cloud Provider	v1.16.15-382	v1.16.15-394	Updated image to implement additional IBM security controls.
Key management service (KMS) provider	v1.0.4	v1.0.5	Updated image to implement additional IBM security controls.
Load balancer and load balancer monitor for IBM Cloud Provider	208	1004	Updated Alpine base image to version 3.12 and to use `Go` version 1.15.5. Updated image for CVE-2020-8037 and CVE-2020-28928. Updated image to implement additional IBM security controls.
OpenVPN client	2.4.6-r3-IKS-116	2.4.6-r3-IKS-301	Updated image to implement additional IBM security controls.
OpenVPN server	2.4.6-r3-IKS-131	2.4.6-r3-IKS-301	Updated image to implement additional IBM security controls.

Change log for worker node fix pack 1.16.15_1554, released 11 December 2020

The following table shows the changes that are in the worker node fix pack 1.16.15_1554. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.15_1553
Component	Previous	Current	Description
Ubuntu 18.04 bare metal kernel	4.15.0-126-generic	4.15.0-123-generic	Bare metal worker nodes: Reverted the kernel version for bare metal worker nodes while Canonical addresses issues with the previous version that prevented worker nodes from being reloaded or updated.

Change log for worker node fix pack 1.16.15_1553, released 7 December 2020

The following table shows the changes that are in the worker node fix pack 1.16.15_1553. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.15_1552
Component	Previous	Current	Description
Containerd	v1.3.4	1.3.9	See the containerd release notes. The update resolves CVE-2020–15257 (see the IBM security bulletin).
HAProxy	1.8.26-384f42	db4e6d	Added provenance labels for source tracking.
Ubuntu 18.04 packages	4.15.0-123-generic	4.15.0-126-generic	Updated worker node image with kernel and package updates for CVE-2020-14351 and CVE-2020-4788.
Ubuntu 16.04 packages	4.4.0-194-generic	4.4.0-197-generic	Updated worker node image with kernel and package updates for CVE-2020-0427, CVE-2020-12352, CVE-2020-14351, CVE-2020-25645, and CVE-2020-4788.

Change log for worker node fix pack 1.16.15_1552, released 23 November 2020

The following table shows the changes that are in the worker node fix pack 1.16.15_1552. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.15_1551
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-122-generic	4.15.0-123-generic	Updated worker node image with kernel and package updates for CVE-2020-25692, CVE-2020-25709, CVE-2020-25710, CVE-2020-28196, and CVE-2020-8694.
Ubuntu 16.04 packages	4.4.0-193-generic	4.4.0-194-generic	Updated worker node image with kernel and package updates for CVE-2020-25692, CVE-2020-25709, CVE-2020-25710, CVE-2020-28196, and CVE-2020-8694.

Change log for master fix pack 1.16.15_1552, released 16 November 2020

The following table shows the changes that are in the master fix pack patch update 1.16.15_1552. Master patch updates are applied automatically.

Changes since version 1.16.15_1550
Component	Previous	Current	Description
Cluster health image	v1.1.12	v1.1.13	Updated image for DLA-2424-1.
GPU device plug-in and installer	edd26a4	c7a8cf7	Updated image for CVE-2019-20386, CVE-2019-13050, CVE-2020-8177, CVE-2019-14889, CVE-2020-1730, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2019-16168, CVE-2019-20218, CVE-2019-5018, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-6405, CVE-2020-9327, CVE-2019-1551, CVE-2019-19221, CVE-2019-16935, CVE-2019-20907, CVE-2020-14422, CVE-2020-8492, CVE-2019-19906, CVE-2019-20454, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2019-13627, CVE-2018-20843, CVE-2019-15903, and CVE-2019-20387.
IBM Cloud File Storage for Classic plug-in and monitor	378	379	Updated to use the universal base image (UBI) and to use `Go` version 1.15.2.
IBM Cloud Provider	v1.16.15-331	v1.16.15-382	Updated image for DLA-2424-1.
Key Management Service provider	v1.0.3	v1.0.4	Updated image for DLA-2424-1.

Change log for worker node fix pack 1.16.15_1551, released 9 November 2020

The following table shows the changes that are in the worker node fix pack 1.16.15_1551. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.15_1550
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Updated worker node image with kernel and package updates for CVE-2018-14036, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-16126, CVE-2020-25659, and CVE-2017-18269.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node image with package updates for CVE-2018-14036, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-16126, and CVE-2020-25659.

Change log for worker node fix pack 1.16.15_1550, released 26 October 2020

The following table shows the changes that are in the worker node fix pack 1.16.15_1550. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.15_1549
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-118-generic	4.15.0-122-generic	Updated worker node images with kernel and package updates for CVE-2018-10322, CVE-2019-20807, CVE-2019-20916, CVE-2020-12351, CVE-2020-12352, CVE-2020-15999, CVE-2020-16119, CVE-2020-16120, CVE-2020-24490, and CVE-2020-26116.
Ubuntu 16.04 packages	4.4.0-190-generic	4.4.0-193-generic	Updated worker node images with kernel and package updates for CVE-2017-17087, CVE-2018-10322, CVE-2019-20807, CVE-2020-15999, CVE-2020-16119, and CVE-2020-26116.

Change log for master fix pack 1.16.15_1550, released 26 October 2020

The following table shows the changes that are in the master fix pack patch update 1.16.15_1550. Master patch updates are applied automatically.

Changes since version 1.16.15_1547
Component	Previous	Current	Description
Calico configuration	N/A	N/A	Updated the `calico-node` daemon set in the `kube-system` namespace to set the `spec.updateStrategy.rollingUpdate.maxUnavailable` parameter to `10%` for clusters with more than 50 worker nodes.
Cluster health image	v1.1.11	v1.1.12	Updated to use `Go` version 1.15.2.
Gateway-enabled cluster controller	1082	1105	Updated to use `Go` version 1.15.2.
Kubernetes `NodeLocal` DNS cache	1.15.13	1.15.14	See the Kubernetes `NodeLocal` DNS cache release notes.

Change log for worker node fix pack 1.16.15_1549, released 12 October 2020

The following table shows the changes that are in the worker node fix pack 1.16.15_1549. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.15_1548
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Updated worker node image with package updates for CVE-2019-8936, CVE-2020-26137, and CVE-2020-14365.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node image with package updates for CVE-2020-14365 and CVE-2020-26137.

Change log for worker node fix pack 1.16.15_1548, released 28 September 2020

The following table shows the changes that are in the worker node fix pack 1.16.15_1548. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.14_1546
Component	Previous	Current	Description
Kubernetes	v1.16.14	v1.16.15	See the Kubernetes release notes.
Ubuntu 18.04 packages	4.15.0-117-generic	4.15.0-118-generic	Updated worker node image with kernel and package updates for CVE-2018-1000500, CVE-2018-7738, CVE-2019-14855, CVE-2019-1547, CVE-2019-1551, CVE-2019-1563, CVE-2020-10753, CVE-2020-12059, CVE-2020-12888, CVE-2020-1760, and CVE-2020-1968.
Ubuntu 16.04 packages	4.4.0-189-generic	4.4.0-190-generic	Updated worker node image with kernel and package updates for CVE-2019-20811, CVE-2019-9453, CVE-2020-0067, and CVE-2020-1968.

Change log for master fix pack 1.16.15_1547, released 21 September 2020

The following table shows the changes that are in the master fix pack patch update 1.16.15_1547. Master patch updates are applied automatically.

Changes since version 1.16.14_1546
Component	Previous	Current	Description
Cluster health image	v1.1.9	v1.1.11	Updated `Go` version for CVE-2020-16845 and CVE-2020-24553.
etcd	v3.3.22	v3.3.25	See the etcd release notes.
GPU device plug-in and installer	bacb9e1	edd26a4	Updated `Go` version for CVE-2020-16845 and CVE-2020-24553. Updated the GPU drivers to version 450.51.06.
IBM Cloud File Storage for Classic plug-in and monitor	377	378	Updated `Go` version for CVE-2020-16845.
IBM Cloud Provider	v1.16.14-311	v1.16.15-331	Updated to support the Kubernetes 1.16.15 release.
Key Management Service provider	v1.0.1	v1.0.3	Updated `Go` version for CVE-2020-16845 and CVE-2020-24553.
Kubernetes	v1.16.14	v1.16.15	See the Kubernetes release notes.
Kubernetes Dashboard	v2.0.3	v2.0.4	See the Kubernetes Dashboard release notes.

Change log for worker node fix pack 1.16.14_1546, released 14 September 2020

The following table shows the changes that are in the worker node fix pack 1.16.14_1546. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.14_1545
Component	Previous	Current	Description
HAProxy	1.8.25-384f42	1.8.26-561f1a	See the HAProxy change log.
Ubuntu 18.04 packages	4.15.0-112-generic	4.15.0-117-generic	Updated worker node image with kernel and package updates for CVE-2020-14344, CVE-2020-14363, and CVE-2020-14386.
Ubuntu 16.04 packages	4.4.0-187-generic	4.4.0-189-generic	Updated worker node image with kernel and package updates for CVE-2020-14344 and CVE-2020-14363.

Change log for worker node fix pack 1.16.14_1545, released 31 August 2020

The following table shows the changes that are in the worker node fix pack 1.16.14_1545. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.14_1544
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Updated worker node image with package updates for CVE-2020-12403, CVE-2020-8231, CVE-2020-8622, CVE-2020-8623, and CVE-2020-8624.
Ubuntu 16.04 packages	4.4.0-186-generic	4.4.0-187-generic	Updated worker node image with kernel and package updates for CVE-2020-8231, CVE-2020-8622, and CVE-2020-8623.

Change log for master fix pack 1.16.14_1544, released 18 August 2020

The following table shows the changes that are in the master fix pack patch update 1.16.14_1544. Master patch updates are applied automatically.

Changes since version 1.16.13_1542
Component	Previous	Current	Description
Cluster health image	v1.1.8	v1.1.9	Updated to use `Go` version 1.13.13.
GPU device plug-in and installer	8c24345	bacb9e1	Updated image for CVE-2020-14039 and CVE-2020-15586.
IBM Cloud Provider	v1.16.13-289	v1.16.14-311	Updated to support the Kubernetes 1.16.14 release and to use `Go` version 1.13.15.
IBM Cloud File Storage for Classic plug-in and monitor	376	377	Fixed a bug that prevents persistent volume claim (PVC) creation failures from being retried.
Key Management Service provider	v1.0.0	v1.0.1	Updated image for CVE-2020-15586.
Kubernetes	v1.16.13	v1.16.14	See the Kubernetes release notes.
Kubernetes add-on resizer	1.8.5	1.8.11	See the Kubernetes add-on resizer release notes.
Kubernetes configuration	N/A	N/A	The Kubernetes API server audit policy configuration is updated to include auditing of all API groups except `apiregistration.k8s.io` and `coordination.k8s.io`.
Kubernetes Metrics Server	v0.3.6	v0.3.7	See the Kubernetes Metrics Server release notes.
Kubernetes `NodeLocal` DNS cache configuration	N/A	N/A	Increased the pod termination grace period.

Change log for worker node fix pack 1.16.14_1544, released 17 August 2020

The following table shows the changes that are in the worker node fix pack 1.16.14_1544. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.13_1542
Component	Previous	Current	Description
Kubernetes	v1.16.13	v1.16.14	See the Kubernetes change logs.
Ubuntu 18.04 packages	N/A	N/A	Updated worker node image with package updates for CVE-2020-11936, CVE-2020-12400, CVE-2020-12401, CVE-2020-15701, CVE-2020-15702, CVE-2020-15709, and CVE-2020-6829.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node image with package updates for CVE-2020-11936, CVE-2020-15701, CVE-2020-15702, and CVE-2020-15709.

Change log for worker node fix pack 1.16.13_1542, released 3 August 2020

The following table shows the changes that are in the worker node fix pack 1.16.13_1542. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.13_1539
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-111-generic	4.15.0-112-generic	Updated worker node images with kernel and package updates for CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-10713, CVE-2020-10757, CVE-2020-11935, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-14422, CVE-2020-15705, CVE-2020-15706, and CVE-2020-15707.
Ubuntu 16.04 packages	4.4.0-185-generic	4.4.0-186-generic	Updated worker node images with package updates for CVE-2019-12380, CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-10713, CVE-2020-11935, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-14422, CVE-2020-15705, CVE-2020-15706, and CVE-2020-15707.

Change log for master fix pack 1.16.13_1541, released 24 July 2020

The following table shows the changes that are in the master fix pack patch update 1.16.13_1541. Master patch updates are applied automatically.

Changes since version 1.16.13_1540
Component	Previous	Current	Description
Cluster master operations	N/A	N/A	Fixed a problem that might cause pods to fail authentication to the Kubernetes API server after a cluster master operation.
IBM Cloud File Storage for Classic plug-in and monitor	375	376	Updated to use `Go` version 1.13.8.

Change log for master fix pack 1.16.13_1540, released 20 July 2020

The following table shows the changes that are in the master fix pack patch update 1.16.13_1540. Master patch updates are applied automatically.

Changes since version 1.16.11_1537
Component	Previous	Current	Description
GPU device plug-in and installer	31d4bb6	8c24345	Updated image for CVE-2017-12133, CVE-2017-18269, CVE-2018-11236, CVE-2018-11237, CVE-2018-19591, CVE-2018-6485, CVE-2019-19126, CVE-2019-9169, CVE-2020-10029, CVE-2020-1751, and CVE-2020-1752.
IBM Calico extension	353	378	Updated to handle any `ens` network interface.
IBM Cloud File Storage for Classic plug-in and monitor configuration	N/A	N/A	Added a pod memory limit.
IBM Cloud Provider	v1.16.11-267	v1.16.13-289	Updated to support the Kubernetes 1.16.13 release.
Kubernetes	v1.16.11	v1.16.13	See the Kubernetes release notes. The update resolves CVE-2020-8559 (see the IBM security bulletin).
Kubernetes configuration	N/A	N/A	The Kubernetes API server audit policy configuration is updated to include auditing the `scheduling.k8s.io` API group and the `tokenreviews` resource.
Kubernetes Dashboard	v2.0.1	v2.0.3	See the Kubernetes Dashboard release notes.
Operator Lifecycle Manager	0.14.1	0.14.1-IKS-1	Updated image for CVE-2020-1967.

Change log for worker node fix pack 1.16.13_1539, released 20 July 2020

The following table shows the changes that are in the worker node fix pack 1.16.13_1539. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.11_1537
Component	Previous	Current	Description
HAProxy	2.0.15-afe432	1.8.25-384f42	See the HAProxy change log. Fixes a connection leak that happens when HAProxy is under high load.
Kubernetes	v1.16.11	v1.16.13	See the Kubernetes change logs. The update resolves CVE-2020-8557 (see the IBM security bulletin).
Ubuntu 18.04 packages	4.15.0-109-generic	4.15.0-111-generic	Updated worker node images with kernel and package updates for CVE-2018-11236, CVE-2018-11237, CVE-2018-19591, CVE-2019-19126, CVE-2019-9169, CVE-2020-10029, CVE-2020-12402, CVE-2020-1751, and CVE-2020-1752.
Ubuntu 16.04 packages	4.4.0-184-generic	4.4.0-185-generic	Updated worker node images with package updates for CVE-2017-12133, CVE-2017-18269, CVE-2018-11236, CVE-2018-11237, CVE-2018-6485, CVE-2019-19126, CVE-2019-9169, CVE-2020-0543, CVE-2020-10029, CVE-2020-10711, CVE-2020-13143, CVE-2020-1751, and CVE-2020-1752.

Change log for worker node fix pack 1.16.11_1537, released 6 July 2020

The following table shows the changes that are in the worker node fix pack 1.16.11_1537. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.11_1536
Component	Previous	Current	Description
HAProxy	1.8.25-30b675	2.0.15-afe432	See the HAProxy change log.
Ubuntu 18.04 packages	4.15.0-106-generic	4.15.0-109-generic	Updated worker node images with kernel and package updates for CVE-2019-12380, CVE-2019-16089, CVE-2019-19036, CVE-2019-19039, CVE-2019-19318, CVE-2019-19642, CVE-2019-19813, CVE-2019-3689, CVE-2020-0543, CVE-2020-10711, CVE-2020-13143, CVE-2020-8177, CVE-2019-19377, and CVE-2019-19816.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2019-3689 and CVE-2020-8177.
Worker node `drain` automation	N/A	N/A	Fixes a race condition that can cause worker node `drain` automation to fail.

Change log for 1.16.11_1536, released 22 June 2020

The following table shows the changes that are in the master and worker node update 1.16.11_1536. Master patch updates are applied automatically. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node. For more information, see Update types.

Changes since version 1.16.10_1534
Component	Location	Previous	Current	Description
Calico	Master	v3.9.5	v3.9.6	See the Calico release notes. The master update resolves CVE-2020-13597 (see the IBM security bulletin).
Cluster health image	Master	v1.1.5	v1.1.8	Additional status information is included when an add-on health state is `critical`. Improved performance when handling cluster status updates.
Cluster master operations	Master	N/A	N/A	Cluster master operations such as `refresh` or `update` are now canceled if a broken Kubernetes admission webhook is detected.
etcd	Master	v3.3.20	v3.3.22	See the etcd release notes.
GPU device plug-in and installer	Master	8b02302	31d4bb6	Updated image for CVE-2020-3810.
IBM Cloud File Storage for Classic plug-in	Master	373	375	Fixed a bug that might cause error handling to create additional persistent volumes.
IBM Cloud Provider	Master	v1.16.10-243	v1.16.11-267	Updated to support the Kubernetes 1.16.11 release. Updated the version 2.0 private network load balancers (NLBs) to manage Calico global network policies. Updated `calicoctl` version to 3.9.6.
Kubernetes	Both	v1.16.10	v1.16.11	See the Kubernetes release notes. The master update resolves CVE-2020-8558 (see the IBM security bulletin).
Kubernetes configuration	Master	N/A	N/A	The Kubernetes API server audit policy configuration is updated to include auditing the `apiextensions.k8s.io` API group and the `persistentvolumeclaims` and `persistentvolumes` resources. Additionally, the `http2-max-streams-per-connection` option is set to `1000` to mitigate network disruption impacts on the `kubelet` connection to the API server.
Kubernetes Dashboard	Master	v2.0.0	v2.0.1	See the Kubernetes Dashboard release notes.
Ubuntu 18.04 packages	Worker	4.15.0-101-generic	4.15.0-106-generic	Updated worker node images with kernel and package updates for CVE-2018-8740, CVE-2019-17023, CVE-2020-0543, CVE-2020-12049, CVE-2020-12399, CVE-2020-13434, CVE-2020-13630, and CVE-2020-13632.
Ubuntu 16.04 packages	Worker	4.4.0-179-generic	4.4.0-184-generic	Updated worker node images with package and kernel updates for CVE-2020-12049, CVE-2020-0543, CVE-2020-12769, CVE-2020-1749, CVE-2020-13434, CVE-2020-13630, andCVE-2020-13632.

Change log for worker node fix pack 1.16.10_1534, released 8 June 2020

The following table shows the changes that are in the worker node fix pack 1.16.10_1534. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.10_1533
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2019-1547, CVE-2019-1549, CVE-2019-1551, CVE-2019-1563, and CVE-2020-12762.
Ubuntu 16.04 packages	4.4.0-178-generic	4.4.0-179-generic	Updated worker node images with package and kernel updates for CVE-2019-1547, CVE-2019-1551, CVE-2019-1563, and CVE-2020-12762.

Change log for 1.16.10_1533, released 26 May 2020

The following table shows the changes that are in the master and worker node update 1.16.10_1533. Master patch updates are applied automatically. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node. For more information, see Update types.

Changes since version 1.16.9_1531
Component	Location	Previous	Current	Description
Cluster health image	Master	v1.1.1	v1.1.4	When cluster add-ons don't support the current cluster version, a warning is now returned in the cluster health state.
etcd	Master	v3.3.18	v3.3.20	See the etcd release notes.
Gateway-enabled cluster controller	Master	1045	1082	Updated image for CVE-2020-1967.
GPU device plug-in and installer	Master	8c6538f	8b02302	Updated image for CVE-2020-1967.
IBM Calico extension	Master	320	353	Skips creating a Calico host endpoint when no endpoint is needed. Updated image for CVE-2020-1967.
IBM Cloud File Storage for Classic plug-in and monitor	Master	358	373	Updated image for CVE-2020-1967 and CVE-2020-11655.
IBM Cloud Provider	Master	v1.16.9-219	v1.16.10-243	Updated to support the Kubernetes 1.16.10 release. Updated network load balancer (NLB) events to use the latest IBM Cloud troubleshooting documentation.
Kubernetes	Both	v1.16.9	v1.16.10	See the Kubernetes release notes.
Kubernetes Dashboard	Master	v2.0.0-rc7	v2.0.0	See the Kubernetes Dashboard release notes.
Kubernetes Metrics Server	Master	N/A	N/A	Increased the CPU per node for the `metrics-server` container to improve availability of the metrics server API service for large clusters.
Kubernetes `NodeLocal` DNS cache	Master	1.15.4	1.15.13	See the Kubernetes `NodeLocal` DNS cache release notes Now, when you apply the label to set up node local DNS caching, the requests are handled immediately and you don't need to reload the worker nodes. The `NodeLocal` DNS cache configuration now allows customization of stub domains and upstream DNS servers. The `node-local-dns` daemon set is updated to include the `prometheus.io/port` and `prometheus.io/scrape` annotations on the pods.
Load balancer and load balancer monitor for IBM Cloud Provider	Master	177	208	Updated the version 2.0 network load balancers (NLB) to clean up unnecessary IPVS rules. Improved application logging. Updated image for CVE-2020-1967.
Ubuntu 18.04 packages	Worker	4.15.0-99-generic	4.15.0-101-generic	Updated worker node images with kernel and package updates for CVE-2019-20795, CVE-2020-11494, CVE-2020-12762, CVE-2020-3810, CVE-2020-8616, and CVE-2020-8617.
Ubuntu 16.04 packages	Worker	4.4.0-178-generic	4.4.0-179-generic	Updated worker node images with package and kernel updates for CVE-2019-19060, CVE-2020-11494, CVE-2020-11608, CVE-2020-12762, CVE-2020-3810, CVE-2020-8616, and CVE-2020-8617.

Change log for worker node fix pack 1.16.9_1531, released 11 May 2020

The following table shows the changes that are in the worker node fix pack 1.16.9_1531. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.9_1530
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-96-generic	4.15.0-99-generic	Updated worker node images with kernel and package updates for CVE-2019-19768, CVE-2020-11884, and CVE-2020-12243.
Ubuntu 16.04 packages	4.4.0-177-generic	4.4.0-178-generic	Updated worker node images with package and kernel updates for CVE-2019-19768 and CVE-2020-12243.

Change log for worker node fix pack 1.16.9_1530, released 27 April 2020

The following table shows the changes that are in the worker node fix pack 1.16.9_1530. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.8_1528
Component	Previous	Current	Description
containerd	v1.3.3	v1.3.4	See the containerd release notes.
HA proxy	1.8.25-30b675	1.8.25-adb65d	The update addresses CVE-2020-1967.
Kubernetes	v1.16.8	v1.16.9	See the Kubernetes release notes.
Ubuntu 18.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2018-1000876, CVE-2018-10372, CVE-2018-10373, CVE-2018-10534, CVE-2018-10535, CVE-2018-12641, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, CVE-2018-12700, CVE-2018-12934, CVE-2018-13033, CVE-2018-17358, CVE-2018-17359, CVE-2018-17360, CVE-2018-17794, CVE-2018-17985, CVE-2018-18309, CVE-2018-18483, CVE-2018-18484, CVE-2018-18605, CVE-2018-18606, CVE-2018-18607, CVE-2018-18700, CVE-2018-18701, CVE-2018-19931, CVE-2018-19932, CVE-2018-20002, CVE-2018-20623, CVE-2018-20651, CVE-2018-20671, CVE-2018-8945, CVE-2018-9138, CVE-2019-12972, CVE-2019-14250, CVE-2019-14444, CVE-2019-17450, CVE-2019-17451, CVE-2019-18348, CVE-2019-9070, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077, CVE-2020-11008, CVE-2020-5260, and CVE-2020-8492.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2019-18348, CVE-2020-11008, CVE-2020-5260, and CVE-2020-8492.

Change log for master fix pack 1.16.9_1529, released 23 April 2020

The following table shows the changes that are in the master fix pack patch update 1.16.9_1529. Master patch updates are applied automatically.

Changes since version 1.16.8_1528
Component	Previous	Current	Description
Calico configuration	N/A	N/A	Updated to allow egress from the worker nodes via the `allow-vrrp` `GlobalNetworkPolicy`.
Cluster health	N/A	v1.1.1	Cluster health now includes more add-on status information.
CoreDNS	1.6.7	1.6.9	See the CoreDNS release notes. Fixed a bug during Corefile migration that might generate invalid data that makes CoreDNS pods fail.
GPU device plug-in and installer	49979f5	8c6538f	Updated the GPU drivers to version 440.33.01.
IBM Cloud Provider	v1.16.8-192	v1.16.9-219	Updated to support the Kubernetes 1.16.9 release and to use `Go` version 1.13.9.
Key Management Service provider	277	v1.0.0	Updated the IBM Key Protect `Go` client.
Kubernetes	v1.16.8	v1.16.9	See the Kubernetes release notes. The update resolves CVE-2020-8555 (see the IBM security bulletin).
Kubernetes Dashboard	v2.0.0-rc5	v2.0.0-rc7	See the Kubernetes Dashboard release notes. Added a readiness probe to the Kubernetes Dashboard configuration.
Kubernetes Dashboard metrics scraper	v1.0.3	v1.0.4	See the Kubernetes Dashboard metrics scraper release notes.
OpenVPN client	N/A	N/A	Fixed a problem that might cause the `vpn-config` secret in the `kube-system` namespace to be deleted during cluster master operations.
Operator Lifecycle Manager Catalog	v1.5.11	v1.6.1	See the Operator Lifecycle Manager Catalog release notes.

Change log for worker node fix pack 1.16.8_1528, released 13 April 2020

The following table shows the changes that are in the worker node fix pack 1.16.8_1528. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.8_1527
Component	Previous	Current	Description
HA proxy	1.8.23	1.8.25	See the HA proxy change logs. The update addresses CVE-2020-11100.
Ubuntu 18.04 packages	4.15.0-91-generic	4.15.0-96-generic	Updated worker node images with package and kernel updates for CVE-2020-8831, CVE-2020-8833, CVE-2020-11100, and CVE-2020-8834.
Ubuntu 16.04 packages	4.4.0-176-generic	4.4.0-177-generic	Updated worker node images with package and kernel updates for CVE-2020-8831, CVE-2020-8833, and CVE-2020-8428.

Change log for worker node fix pack 1.16.8_1527, released 30 March 2020

The following table shows the changes that are in the worker node fix pack 1.16.8_1527. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.8_1526
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-88-generic	4.15.0-91-generic	Updated worker node images with package and kernel updates for CVE-2020-1700, CVE-2020-10531, CVE-2020-2732, CVE-2020-8832, CVE-2019-12387, CVE-2019-12855, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2020-10108, CVE-2020-10109, CVE-2018-20786, and CVE-2019-20079.
Ubuntu 16.04 packages	4.4.0-174-generic	4.4.0-176-generic	Updated worker node images with package updates for CVE-2020-10531, CVE-2020-2732, CVE-2017-11109, CVE-2017-6349, and CVE-2017-6350.

Change log for 1.16.8_1526, released 16 March 2020

The following table shows the changes that are in the master and worker node update 1.16.8_1526. Master patch updates are applied automatically. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node. For more information, see Update types.

Changes since version 1.16.7_1525
Component	Location	Previous	Current	Description
Cluster health image	Master	N/A	N/A	Cluster health status now includes links to IBM Cloud documentation.
IBM Cloud Provider	Master	v1.16.7-170	v1.16.8-192	Updated to support the Kubernetes 1.16.8 release and to use `Go` version 1.13.8. Fixed VPC load balancer error message to use the current IBM Cloud Kubernetes Service plug-in CLI syntax.
Kubernetes	Both	v1.16.7	v1.16.8	See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider	Master	169	177	Version 2.0 network load balancers (NLB) were updated to fix problems with long-lived network connections to endpoints that failed readiness probes.
Operator Lifecycle Manager Catalog	Master	v1.5.9	v1.5.11	See the Operator Lifecycle Manager Catalog release notes.
Ubuntu 18.04 packages	Worker	N/A	N/A	Updated worker node images with package updates for CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-19923, CVE-2019-19924, CVE-2019-19925, CVE-2019-19926, CVE-2019-19959, and CVE-2019-20218.
Ubuntu 16.04 packages	Worker	N/A	N/A	Updated worker node images with package updates for CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-19926, and CVE-2019-20218.

Change log for worker node fix pack 1.16.7_1525, released 2 March 2020

The following table shows the changes that are in the worker node fix pack 1.16.7_1525. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.16.7_1524
Component	Previous	Current	Description
GPU worker node provisioning	N/A	N/A	Fixed bug where new GPU worker nodes could not automatically join clusters that run Kubernetes version 1.16 or 1.17.
Ubuntu 18.04 packages	4.15.0-76-generic	4.15.0-88-generic	Updated worker node images with package updates for CVE-2019-5108, CVE-2019-20096, CVE-2019-18885, CVE-2019-19082, CVE-2019-19078, CVE-2019-19332, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, and CVE-2016-9843.
Ubuntu 16.04 packages	4.4.0-173-generic	4.4.0-174-generic	Updated worker node images with kernel and package updates for CVE-2019-20096, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, and CVE-2016-9843.

Change log for fix pack 1.16.7_1524, released 17 February 2020

The following table shows the changes that are in the master and worker node fix pack update 1.16.7_1524. Master patch updates are applied automatically. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node. For more information, see Update types.

Changes since version 1.16.5_1523
Component	Location	Previous	Current	Description
containerd	Worker	v1.3.2	v1.3.3	See containerd release notes. Update resolves CVE-2019-19921, CVE-2019-16884, CVE-2020-0601, CVE-2020-7919, and CVE-2019-11253.
CoreDNS	Master	1.6.6	1.6.7	See the CoreDNS release notes.
GPU device plug-in and installer	Master	da19df3	49979f5	Image updated for CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2019-5188, CVE-2018-16888, CVE-2019-20386, CVE-2019-3843, CVE-2019-3844 and CVE-2020-1712.
IBM Cloud File Storage for Classic plug-in and monitor	Master	357	358	Image updated for CVE-2019-5188.
IBM Cloud Provider	Master	v1.16.5-148	v1.16.7-170	Updated to support the Kubernetes 1.16.7 release and to use `Go` version 1.13.6 and `calicoctl` version 3.9.5.
Kubernetes	Both	v1.16.5	v1.16.7	See the Kubernetes release notes. The master update resolves CVE-2019-11254 and CVE-2020-8552 (see the IBM security bulletin), and the worker node update resolves CVE-2020-8551 (see the IBM security bulletin).
Kubernetes Dashboard	Master	v2.0.0-rc2	v2.0.0-rc5	See the Kubernetes Dashboard release notes.
Kubernetes Dashboard Metrics Scraper	Master	v1.0.2	v1.0.3	See the Kubernetes Dashboard metrics scraper release notes.
OpenVPN server	Master	N/A	N/A	OpenVPN server is now restarted during cluster master refresh.
Operator Lifecycle Manager	Master	0.13.0	0.14.1	See the Operator Lifecycle Manager release notes.
Operator Lifecycle Manager Catalog	Master	v1.5.6	v1.5.9	See the Operator Lifecycle Manager Catalog release notes.
Ubuntu 18.04 packages	Worker	N/A	N/A	Updated worker node images with package updates for CVE-2019-19956, CVE-2020-7595, CVE-2019-18634, CVE-2019-3843, CVE-2019-3844, CVE-2019-20386, and CVE-2020-1712.
Ubuntu 16.04 packages	Worker	N/A	N/A	Updated worker node images with package updates for CVE-2019-19956, CVE-2020-7595, CVE-2019-18634, CVE-2018-16888, CVE-2019-20386, andCVE-2020-1712.

Change log for worker node fix pack 1.16.5_1523, released 3 February 2020

The following table shows the changes that are in the worker node fix pack 1.16.5_1523.

Changes since version 1.16.5_1522
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-74-generic	4.15.0-76-generic	Updated worker node images with kernel and package updates for CVE-2019-19906, CVE-2019-5188, CVE-2019-20367, CVE-2020-7053, CVE-2019-14615, CVE-2019-15796, CVE-2019-15795, CVE-2017-16808, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2018-19519, CVE-2019-1010220, CVE-2019-15166, and CVE-2019-15167.
Ubuntu 16.04 packages	4.4.0-171-generic	4.4.0-173-generic	Updated worker node images with package updates for CVE-2019-19906, CVE-2019-5188, CVE-2019-20367, CVE-2019-14615, CVE-2019-18885, CVE-2019-19332, CVE-2019-19062, CVE-2019-15796, CVE-2019-15795, CVE-2017-16808, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2018-19519, CVE-2019-1010220, CVE-2019-15166, CVE-2019-15167, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, and CVE-2016-9843.

Change log for 1.16.5_1522, released 20 January 2020

The following table shows the changes that are in the master and worker node patch update 1.16.5_1522. Master patch updates are applied automatically. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node. For more information, see Update types.

Changes since version 1.16.3_1521
Component	Previous	Current	Description
Calico	v3.9.3	v3.9.5	See the Calico release notes.
Cluster master HA Proxy	1.8.21-alpine	1.8.23-alpine	See the HAProxy release notes. Update resolves CVE-2019-1551.
CoreDNS	1.6.2	1.6.6	See the CoreDNS release notes. Update resolves CVE-2019-19794.
etcd	v3.3.17	v3.3.18	See the etcd release notes. Update resolves CVE-2019-1551.
Gateway-enabled cluster controller	1032	1045	Updated image for CVE-2019-1551.
GPU device plug-in and installer	f2e7bd7	da19df3	Updated image for CVE-2019-13627 and CVE-2019-1551. Updated the GPU drivers to version 440.44.
IBM Calico extension	130	258	Updated image for CVE-2019-1551.
IBM Cloud File Storage for Classic plug-in and monitor	354	357	Added the following storage classes: `ibmc-file-bronze-gid`, `ibmc-file-silver-gid`, and `ibmc-file-gold-gid`. Fixed bugs in support of non-root user access to an NFS file share. Resolved CVE-2019-1551.
IBM Cloud Provider	v1.16.3-115	v1.16.5-148	Updated to support the Kubernetes 1.16.5 release.
Key Management Service provider	270	277	Updated the IBM Key Protect Go client.
Kubernetes	v1.16.3	v1.16.5	See the Kubernetes release notes.
Kubernetes Dashboard	v2.0.0-beta8	v2.0.0-rc2	See the Kubernetes Dashboard release notes.
Kubernetes Metrics Server	N/A	N/A	Increased the `metrics-server` container's base CPU and memory to improve availability of the metrics server API service.
Load balancer and load balancer monitor for IBM Cloud Provider	159	169	Updated image for CVE-2019-1551.
OpenVPN server	2.4.6-r3-IKS-121	2.4.6-r3-IKS-131	Updated image for CVE-2019-1551.
Operator Lifecycle Manager Catalog	v1.5.4	v1.5.6	See the Operator Lifecycle Manager Catalog release notes.
Ubuntu 18.04 packages	4.15.0-72-generic	4.15.0-74-generic	Updated worker node images with package updates for CVE-2019-13627, CVE-2019-14901, CVE-2019-14896, CVE-2019-14897, CVE-2019-14895, CVE-2019-18660, CVE-2019-19083, and CVE-2019-17006.
Ubuntu 16.04 packages	4.4.0-170-generic	4.4.0-171-generic	Updated worker node images with package updates for CVE-2019-13627, CVE-2019-14901, CVE-2019-14896, CVE-2019-14897, CVE-2019-14895, CVE-2019-18660, and CVE-2018-12327.

Change log for worker node fix pack 1.16.3_1521, released 23 December 2019

The following table shows the changes that are in the worker node fix pack 1.16.3_1521.

Changes since version 1.16.3_1519
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, CVE-2019-19604, CVE-2019-15165, and CVE-2019-17007.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, CVE-2019-19604, and CVE-2019-15165.

Change log for master fix pack 1.16.3_1520, released 17 December 2019

The following table shows the changes that are in the master fix pack 1.16.3_1520.

Changes since version 1.16.3_1519
Component	Previous	Current	Description
Gateway-enabled cluster controller	924	1032	Support for Adding classic infrastructure servers to gateway-enabled classic clusters is now generally available (GA). In addition, the controller is updated to use Alpine base image version 3.10 and to use Go version 1.12.11.
IBM Calico extension	N/A	130	New!: Added a Calico node `init` container that creates Calico private host endpoints for worker nodes.
IBM Cloud File Storage for Classic plug-in and monitor	353	354	Updated to support non-root user access to an NFS file share by allocating a group ID (GID) in the storage class.
IBM Cloud Provider	v1.16.3-94	v1.16.3-115	Updated version 1.0 and 2.0 network load balancers (NLBs) to prefer scheduling NLB pods on worker nodes that don't currently run any NLB pods. In addition, the Virtual Private Cloud (VPC) load balancer plug-in is updated to use Go version 1.12.11.
Key Management Service provider	254	270	Improves performance of secret management by minimizing the number of data encryption keys (DEKs) that are used to unwrap secrets in the cluster. In addition, the IBM Key Protect Go client is updated.
Kubernetes add-on resizer	1.8.5	1.8.7	See the Kubernetes add-on resizer release notes.
Kubernetes Metrics Server	N/A	N/A	The `nanny` container is fixed (see Kubernetes add-on resizer component) and added back to the `metrics-server` pod, which removes the Kubernetes 1.16 limitation to Adjusting cluster metrics provider resources.
Kubernetes Dashboard	v2.0.0-beta6	v2.0.0-beta8	See the Kubernetes Dashboard release notes.
Operator Lifecycle Manager Catalog	v1.4.0	v1.5.4	See the Operator Lifecycle Manager Catalog release notes.
Operator Lifecycle Manager	0.12.0	0.13.0	See the Operator Lifecycle Manager release notes.

Change log for worker node fix pack 1.16.3_1519, released 9 December 2019

The following table shows the changes that are in the worker node fix pack 1.16.3_1519.

Changes since version 1.16.3_1518
Component	Previous	Current	Description
containerd	v1.3.1	v1.3.2	See the containerd release notes.
Ubuntu 16.04 kernel and packages	4.4.0-169-generic	4.4.0-170-generic	Updated worker node images with kernel and package updates for CVE-2018-20784, CVE-2019-16168, and CVE-2019-5827.
Ubuntu 18.04 kernel and packages	4.15.0-70-generic	4.15.0-72-generic	Updated worker node images with a kernel and package updates for CVE-2019-11745, CVE-2019-16168, CVE-2019-19330, and CVE-2019-5827.

Change log for worker node fix pack 1.16.3_1518, released 25 November 2019

The following table shows the changes that are in the worker node fix pack 1.16.3_1518.

Changes since version 1.16.2_1515
Component	Previous	Current	Description
containerd	v1.3.0	v1.3.1	See the containerd release notes. Update resolves CVE-2019-16884 and CVE-2019-17596.
Kubernetes	v1.16.2	v1.16.3	See the Kubernetes release notes.
Ubuntu 16.04 kernel and packages	4.4.0-166-generic	4.4.0-169-generic	Updated worker node images with kernel and package updates for CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15098, CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17056, and CVE-2019-17666.
Ubuntu 18.04 kernel and packages	4.15.0-66-generic	4.15.0-70-generic	Updated worker node images with a kernel fix for unexpected configure fair group scheduler (CFS) throttling. The kernel and package updates resolve CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15098, CVE-2019-17666, and CVE-2019-6477.

Change log for master fix pack 1.16.3_1518, released 21 November 2019

The following table shows the changes that are in the master fix pack 1.16.3_1518.

Changes since version 1.16.2_1515
Component	Previous	Current	Description
Calico	v3.9.2	v3.9.3	See the Calico release notes. Update resolves CVE-2019-1547, CVE-2019-1549, CVE-2019-1563, CVE-2019-5094, and DSA-4539-3.
GPU device plug-in and installer	9cd3df7	f2e7bd7	Updated image for CVE-2019-17596. Updated the GPU drivers to version 440.31.
IBM Cloud File Storage for Classic plug-in and monitor	351	353	Updated to use `Go` version 1.12.11.
IBM Cloud Provider	v1.16.2-77	v1.16.3-94	Updated to support the Kubernetes 1.16.3 release. `calicoctl` version is updated to v3.9.3.
Key Management Service provider	237	254	Updated to use `Go` version 1.12.13.
Kubernetes	v1.16.2	v1.16.3	See the Kubernetes release notes.
Kubernetes Dashboard	v2.0.0-beta5	v2.0.0-beta6	See the Kubernetes Dashboard release notes.

Change log for worker node fix pack 1.16.2_1515, released 11 November 2019

The following table shows the changes that are in the worker node fix pack 1.16.2_1515.

Changes since version 1.16.2_1514
Component	Previous	Current	Description
`kubelet` configuration	N/A	N/A	Updated the `--pod-max-pids` option and the `pid` resource under the `--kube-reserved` and `--system-reserved` options to scale the available and reserved PIDs based on worker node flavor.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-14866, CVE-2019-15790, CVE-2019-18218, and CVE-2019-18277.
Ubuntu 18.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-12290, CVE-2019-14866, CVE-2019-15790, CVE-2019-18218, CVE-2019-18224, and CVE-2019-18277.

Change log for 1.16.2_1514, released 4 November 2019

The following tables show the changes that are in the patch 1.16.2_1514. If you update to this version from an earlier version, you choose when to update your cluster master and worker nodes. For more information, see Update types and Version 1.16.

Master patch

Master patch: Changes since version 1.15.5_1520
Component	Previous	Current	Description
Calico	v3.8.2	v3.9.2	See the Calico release notes.
CoreDNS	1.3.1	1.6.2	See the CoreDNS release notes. This update includes the following configuration changes. - CoreDNS now runs `3` replica pods by default, and the pods prefer to schedule across worker nodes and zones to improve cluster DNS availability. If you update your cluster to version 1.16 from an earlier version, you can configure the CoreDNS autoscaler to use a minimum of `3` pods. CoreDNS caching is updated to better support older DNS clients. If you disabled the CoreDNS `cache` plug-in, you can now re-enable the plug-in. The CoreDNS deployment is now configured to check readiness by using the `ready` plug-in. CoreDNS version 1.6 no longer supports the `proxy` plug-in, which is replaced by the `forward` plug-in. In addition, the CoreDNS `kubernetes` plug-in no longer supports the `resyncperiod` option and ignores the `upstream` option.
IBM Cloud File Storage for Classic plug-in and monitor	350	351	Updated to use the `distroless/static` base image and to use `Go` version 1.12.10.
Kubernetes	v1.15.5	v1.16.2	See the Kubernetes release notes.
Kubernetes configuration	N/A	N/A	Kubernetes service account token volume projection is enabled and issues tokens that use `https://kubernetes.default.svc` as the default API audience.
Kubernetes admission controllers configuration	N/A	N/A	The `RuntimeClass` admission controller is disabled to align with the `RuntimeClass` feature gate, which was disabled in IBM Cloud Kubernetes Service version 1.14.
Kubernetes Dashboard	v1.10.1	v2.0.0-beta5	See the Kubernetes Dashboard release notes. Unlike the previous version, the new Kubernetes dashboard version works with the `metrics-server` to display metrics.
Kubernetes Dashboard metrics scraper	N/A	v1.0.2	See the Kubernetes Dashboard metrics scraper release notes.
Kubernetes DNS autoscaler	1.6.0	1.7.1	See the Kubernetes DNS autoscaler release notes.
Operator Lifecycle Manager Catalog	N/A	v1.4.0	See the Operator Lifecycle Manager Catalog release notes.
Operator Lifecycle Manager	N/A	0.12.0	See the Operator Lifecycle Manager release notes.

Worker node patch

Worker node patch: Changes since version 1.15.5_1521
Component	Previous	Current	Description
containerd	v1.2.10	v1.3.0	See the containerd release notes. The containerd configuration now sets `stream_idle_timeout` to `30m`, lowered from `4h`. This `stream_idle_timeout` configuration is the maximum time that a streaming connection such as `kubectl exec` can be idle before the connection is closed. Also, the container runtime type is updated to `io.containerd.runc.v2`.
`kubelet` configuration	N/A	N/A	Updated the `--pod-max-pids` option and the `pid` resource under the `--kube-reserved` and `--system-reserved` options to scale the available and reserved PIDs based on worker node flavor.
Kubernetes	v1.15.5	v1.16.2	See the Kubernetes release notes.