Kubernetes version 1.20 change log

Version 1.20 is unsupported. You can review the following archive of 1.20 change logs.

Overview

Unless otherwise noted in the change logs, the IBM Cloud Kubernetes Service provider version enables Kubernetes APIs and features that are at beta. Kubernetes alpha features, which are subject to change, are disabled.

For more information about major, minor, and patch versions and preparation actions between minor versions, see Kubernetes versions.

Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect IBM Cloud Kubernetes Service. You can filter the results to view only Kubernetes Cluster security bulletins that are relevant to IBM Cloud Kubernetes Service. Change log entries that address other security vulnerabilities but don't also refer to an IBM security bulletin are for vulnerabilities that are not known to affect IBM Cloud Kubernetes Service in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.

Some change logs are for worker node fix packs, and apply only to worker nodes. You must apply these patches to ensure security compliance for your worker nodes. These worker node fix packs can be at a higher version than the master because some build fix packs are specific to worker nodes. Other change logs are for master fix packs, and apply only to the cluster master. Master fix packs might not be automatically applied. You can choose to apply them manually. For more information about patch types, see Update types.

Version 1.20 change log

Kubernetes version 1.20 is unsupported as of 19 June 2022. Update your cluster to at least version 1.21 as soon as possible.

Change log for worker node fix pack 1.20.15_1583, released 7 June 2022

The following table shows the changes that are in the worker node fix pack 1.20.15_1583. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.15_1581
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-177	4.15.0-180	Worker node kernel & package updates for CVE-2019-13050, CVE-2022-1664, CVE-2022-29581.

Change log for master fix pack 1.20.15_1582, released 3 June 2022

The following table shows the changes that are in the master fix pack 1.20.15_1582. Master patch updates are applied automatically.

Changes since version 1.20.15_1578
Component	Previous	Current	Description
Cluster health image	v1.3.6	v1.3.7	Updated Go to version 1.17.10 and also updated the dependencies. Update registry base image version to `104`
GPU device plug-in and installer	9485e14	382ada9	Updated `Go` to version `1.17.9`
IBM Calico extension	954	980	Updated to use `Go` version `1.17.10`. Updated minimal UBI to version `8.5`.
IBM Cloud Controller Manager	v1.20.15-9	v1.20.15-11	Build changes for new key.
IBM Cloud File Storage for Classic plug-in and monitor	408	410	Updated universal base image (UBI) to version `8.6-751` to resolve CVEs.
IBM Cloud RBAC Operator	8c8c82b	8c96932	Updated `Go` to version `1.18.1`
Key Management Service provider	v2.5.4	v2.5.5	Updated `Go` to version `1.17.10` and updated the golang dependencies.
Kubernetes add-on resizer	1.8.13	1.8.14	See the Kubernetes add-on resizer release notes.
Kubernetes Dashboard	v2.3.1	v2.3.1	The default Kubernetes Dashboard settings found in the `kubernetes-dashboard-settings` config map in the `kube-system` namespace have been updated to set `resourceAutoRefreshTimeInterval` to `60`. This default change is only applied to new clusters. The previous default value was `5`. If your cluster has Kubernetes Dashboard performance problems, see the steps for changing the auto refresh time interval.
Load balancer and load balancer monitor for IBM Cloud Provider	1916	1998	Updated `Go` to version `1.17.10` and updated dependencies.

Change log for worker node fix pack 1.20.15_1581, released 23 May 2022

The following table shows the changes that are in the worker node fix pack 1.20.15_1581. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.15_1580
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-176	4.15.0-177	Worker node kernel & package updates for CVE-2019-20838, CVE-2020-14155, CVE-2020-25648, CVE-2020-35512, CVE-2021-26401, CVE-2022-0001, CVE-2022-0934, CVE-2022-26490, CVE-2022-27223, CVE-2022-27781, CVE-2022-27782, CVE-2022-28657, CVE-2022-29155, CVE-2022-29824, CVE-2017-9525, CVE-2022-28654, CVE-2022-28656, CVE-2022-28655, CVE-2022-28652, CVE-2022-1242, CVE-2022-28658, CVE-2021-3899.
HA proxy	36b0307	468c09	CVE-2021-3634.

Change log for worker node fix pack 1.20.15_1580, released 09 May 2022

The following table shows the changes that are in the worker node fix pack 1.20.15_1580. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.15_1579
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Worker node package updates for CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087, CVE-2022-1292, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-29799, CVE-2022-29800.
Kubernetes	N/A	N/A	N/A
Haproxy	f53b22	36b030	CVE-2022-1271, CVE-2022-1154, CVE-2018-25032.

Change log for master fix pack 1.20.15_1578, released 26 April 2022

The following table shows the changes that are in the master fix pack 1.20.15_1578. Master patch updates are applied automatically.

Changes since version 1.20.15_1576
Component	Previous	Current	Description
Cluster health image	v1.3.5	v1.3.6	Updated `Go` to version `1.17.9` and also updated the dependencies. Update `registry base image` version to `103`.
Gateway-enabled cluster controller	1669	1680	Updated metadata for a rotated key.
GPU device plug-in and installer	13677d2	9485e14	Updated Drivers to `470.103.01`. Updated metadata for a rotated key.
IBM Calico extension	950	954	Updated to latest UBI-minimal image to resolve CVE-2021-3999, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2021-23177, and CVE-2021-31566.
IBM Cloud Controller Manager	v1.20.15-6	v1.20.15-9	Updated `vpcctl` to the `3003` binary image.
IBM Cloud File Storage for Classic plug-in and monitor	407	408	Fixed CVE-2022-0778.
IBM Cloud RBAC Operator	6c43ef1	8c8c82b	Updated `Go` to version `1.17.8`
Key Management Service provider	v2.5.3	v2.5.4	Moved to a different base image, version `102`, to reduce CVE footprint. Resolved CVE-2022-0778.
Kubernetes NodeLocal DNS cache	1.21.3	1.21.4	See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and Load balancer monitor for IBM Cloud Provider	1899	1916	Updated the image to resolve CVEs.
OpenVPN client	2.5.4-r0-IKS-579	2.5.6-r0-IKS-592	Upgrade openvpn to version `2.5.6-r0`.
OpenVPN server	2.5.4-r0-IKS-578	2.5.6-r0-IKS-591	Upgrade openvpn to version `2.5.6-r0`.

Change log for worker node fix pack 1.20.15_1579, released 25 April 2022

Changes since version 1.20.15_1577
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-175-generic	4.15.0-176-generic	Kernel and package updates for CVE-2018-16301, CVE-2019-18276, CVE-2020-8037, CVE-2021-31870, CVE-2021-31871, CVE-2021-31872, CVE-2021-31873, CVE-2021-43975, CVE-2022-1271, CVE-2022-24765.

Change log for worker node fix pack 1.20.15_1577, released 11 April 2022

The following table shows the changes that are in the worker node fix pack 1.20.15_1577. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.15_1575
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-173-generic	4.15.0-175-generic	Kernel and package updates for CVE-2018-25032 CVE-2021-3426 CVE-2021-4189 CVE-2022-0391 CVE-2022-21712 CVE-2022-21716 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-27666.

Change log for master fix pack 1.20.15_1576, released 6 April 2022

Changes since version 1.20.15_1574
Component	Previous	Current	Description
Load balancer and load balancer monitor for IBM Cloud Provider	1865	1899	Revert setting gratuitous ARP on LBv1.

Change log for master fix pack 1.20.15_1574, released 30 March 2022

Changes since version 1.20.15_1571
Component	Previous	Current	Description
Cluster health image	v1.3.3	v1.3.5	Updated image to fix CVEs CVE-2021-3999, CVE-2022-23218, CVE-2022-23219. Updated golang dependencies.
Gateway-enabled cluster controller	1653	1669	Updated to use `Go` version `1.17.8`.
GPU device plug-in and installer	d7daae6	13677d2	Updated GPU images to resolve CVEs.
IBM Calico extension	929	950	Updated to use `Go` version `1.17.8`. Updated universal base image (UBI) to resolve CVEs.
IBM Cloud File Storage for Classic plug-in and monitor	405	407	Updated `Go` to version `1.16.14`. Updated `UBI` image to version `8.5-240`.
IBM Cloud RBAC Operator	0fc9949	6c43ef1	Upgraded `Go` packages to resolve vulnerabilities
Key Management Service provider	v2.4.3	v2.5.3	Updated to use `Go` version `1.17.8`. Updated golang dependencies. Fixed CVE CVE-2022-24407
Load balancer and Load balancer monitor for IBM Cloud Provider	1747	1865	Updated the image to resolve CVEs. Updated to use `Go` version `1.17.8`. Set gratuitous ARP at the correct time on LBv1.
OpenVPN client	2.5.4-r0-IKS-556	2.5.4-r0-IKS-579	Updated `Go` to version `1.16.15`.
OpenVPN server	2.5.4-r0-IKS-555	2.5.4-r0-IKS-578	Updated `Go` to version `1.16.15`.
Operator Lifecycle Manager	0.16.1-IKS-15	0.16.1-IKS-16	Resolve CVE-2022-0778.

Change log for worker node fix pack 1.20.15_1575, released 28 March 2022

Changes since version 1.20.15_1573
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-171-generic	4.15.0-173-generic	Kernel and package updates for CVE-2021-20193, CVE-2021-25220, CVE-2021-3506, CVE-2022-0435, CVE-2022-0492, CVE-2022-0778, CVE-2022-0847, CVE-2022-23308.
HA proxy	15198f	b40c07	CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-3999, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2021-23177, CVE-2021-31566.
Kubernetes	N/A	N/A	N/A

Change log for worker node fix pack 1.20.15_1573, released 14 March 2022

Changes since version 1.20.15_1572
Component	Previous	Current	Description
Containerd	v1.4.12	v1.4.13	See the change log and the security bulletin.
Ubuntu 18.04 packages	4.15.0-169-generic	4.15.0-171-generic	Kernel and package updates for CVE-2016-10228, CVE-2019-25013, CVE-2020-27618, CVE-2020-29562, CVE-2020-6096, CVE-2021-3326, CVE-2021-35942, CVE-2021-3999, CVE-2022-0001, CVE-2022-23218, CVE-2022-23219, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315.

Change log for master fix pack 1.20.15_1571, released 3 March 2022

Changes since version 1.20.15_1568
Component	Previous	Current	Description
Cluster health image	v1.2.21	v1.3.3	Updated `golang.org/x/crypto` to `v0.0.0-20220214200702-86341886e292`. Adds fix for CVE-2021-43565. Adds Golang dependency updates.
Gateway-enabled cluster controller	1586	1653	Updated to use `Go` version `1.17.7` and updated `Go` modules to fix CVEs.
GPU device plug-in and installer	eefc4ae	d7daae6	Updated GPU images to resolve CVEs.
IBM Calico extension	923	929	Updated universal base image (UBI) to the `8.5-230` version to resolve CVEs. Updated to use `Go` version `1.16.13`.
IBM Cloud Controller Manager	v1.20.15-1	v1.20.15-4	Adds changes to the renovate rules.
IBM Cloud File Storage for Classic plug-in and monitor	404	405	Fix for CVE-2021-3538 and adds dependency updates.
Key Management Service provider	v2.3.13	v2.4.3	Updated `golang.org/x/crypto` to `v0.0.0-20220214200702-86341886e292`. Adds fix for CVE-2021-43565. Adds Golang dependency updates.

Change log for worker node fix pack 1.20.15_1572, released 28 February 2022

Changes since version 1.20.15_1570
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-167-generic	4.15.0-169-generic	Kernel and package updates for CVE-2021-4083, CVE-2021-4155, CVE-2021-45960, CVE-2021-46143, CVE-2022-0330, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-22942, CVE-2022-23852, CVE-2022-23990, CVE-2022-24407, CVE-2022-25235, CVE-2022-25236.
HA proxy	f6a2b3	15198fb	Contains fixes for CVE-2022-24407.

Change log for worker node fix pack 1.20.15_1570, released 14 February 2022

Changes since version 1.20.15_1569
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	N/A
Kubernetes	N/A	N/A	N/A
HA proxy	d38fa1	f6a2b3	CVE-2021-3521 CVE-2021-4122.

Change log for worker node fix pack 1.20.15_1569, released 31 January 2022

Changes since version 1.20.13_1567
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2018-7169, CVE-2021-3984, CVE-2021-4019, CVE-2021-4034, CVE-2021-4069.
Kubernetes	1.20.13	1.20.15	For more information, see the change log.

Change log for master fix pack 1.20.15_1568, released 26 January 2022

Changes since version 1.20.13_1563
Component	Previous	Current	Description
Calico	N/A	N/A	Changed to improve Calico availability during updates.
Cluster health image	v1.2.20	v1.2.21	Updated to use `Go` version `1.17.5`, updated Go dependencies and golangci-lint
GPU device plug-in and installer	cc634b2	9be025c	Updated universal base image (UBI) to the `8.5-218` version to resolve CVEs. Updated to use `Go` version `1.16.13`.
IBM Calico extension	900	923	Updated universal base image (UBI) to the `8.5-218` version to resolve CVEs. Updated to use `Go` version `1.16.13`.
IBM Cloud Controller Manager	v1.20.13-4	v1.20.15-1	Updated to support the Kubernetes 1.20.15 release.
IBM Cloud File Storage for Classic plug-in and monitor	402	404	Updated universal base image (UBI) to the `8.5-218` version to resolve CVEs. Updated to use `Go` version `1.16.13`.
IBM Cloud RBAC Operator	3430e03	0fc9949	Updated universal base image (UBI) to the `8.5-218` version to resolve CVEs. Updated to use `Go` version `1.16.13`.
Key Management Service provider	v2.3.12	v2.3.13	Updated `Go` dependencies and golangci-lint
Kubernetes	1.20.13	1.20.15	Changed the duration of the Kubernetes API server certificate from 825 days to 730 days. Changed the duration of the cluster CA certificate from 30 years to 10 years. See the Kubernetes release notes.
Kubernetes Metrics Server	v0.4.4	v0.4.5	Metrics server now dynamically reloads `NannyConfiguration` updates. See the Kubernetes Metrics Server release notes.
Kubernetes NodeLocal DNS cache	1.21.1	1.21.3	See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and load balancer monitor for IBM Cloud Provider	1659	1747	Updated the Alpine base image to the `3.15` version to resolve CVEs. Updated to use `Go` version `1.17.6`.
OpenVPN client	2.4.6-r3-IKS-463	2.5.4-r0-IKS-556	Update base image to alpine `3.15` to address CVEs, no longer set the --compress config option, updated scripts
OpenVPN server	2.4.6-r3-IKS-462	2.5.4-r0-IKS-555	Update base image to alpine `3.15` to address CVEs, no longer set the --compress config option, updated scripts

Change log for worker node fix pack 1.20.13_1567, released 18 January 2022

Changes since version 1.20.13_1566
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-163-generic	4.15.0-166-generic	Kernel and package updates for CVE-2018-25020 and CVE-2021-4002.
Containerd	v1.5.8	v1.5.9	See the change log.

Change log for worker node fix pack 1.20.13_1566, released 4 January 2022

The following table shows the changes that are in the worker node fix pack patch update 1.20.13_1566. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.13_1564
Component	Previous	Current	Description
HA proxy	3b8663	d38fa1	Contains fixes for CVE-2021-3712.
Ubuntu 18.04 packages	N/A	N/A	Updated worker node image packages for CVE-2019-19449, CVE-2020-16592, CVE-2020-21913, CVE-2020-27781, CVE-2020-36322, CVE-2020-36385, CVE-2021-25219, CVE-2021-28831, CVE-2021-28950, CVE-2021-3487, CVE-2021-3524, CVE-2021-3531, CVE-2021-3733, CVE-2021-3737, CVE-2021-3759, CVE-2021-3778, CVE-2021-3796, CVE-2021-3800, CVE-2021-38199, CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-40490, CVE-2021-42374, CVE-2021-42378, CVE-2021-42384, and CVE-2021-43527.

Change log for master fix pack 1.20.13_1563, released 7 December 2021

The following table shows the changes that are in the master fix pack update 1.20.13_1563. Master patch updates are applied automatically.

Changes since version 1.20.12_1561
Component	Previous	Current	Description
Calico	v3.17.5	v3.17.6	See the Calico release notes.
Cluster health image	v1.2.18	v1.2.20	Updated universal base image (UBI) to the latest `8.4` version to resolve CVEs. Updated to use `Go` version `1.16.10`.
CoreDNS	1.8.4	1.8.6	See the CoreDNS release notes.
Gateway-enabled cluster controller	1567	1586	Updated Alpine base image to the latest `3.14` version to resolve CVEs. Updated to use `Go` version `1.16.10`.
GPU device plug-in and installer	7fd867d	c9bfc8c	Updated universal base image (UBI) to the `8.5-204` version to resolve CVEs. Updated to use `Go` version `1.16.10`.
IBM Calico extension	864	900	Updated universal base image (UBI) to the `8.5-204` version to resolve CVEs. Updated to use `Go` version `1.16.10`.
IBM Cloud Controller Manager	v1.20.12-3	v1.20.13-4	Updated to support the Kubernetes `1.20.13` release and to use `calicoctl` version `3.17.6`.
IBM Cloud File Storage for Classic plug-in and monitor	401	402	Updated universal base image (UBI) to the `8.5-204` version to resolve CVEs. Updated to use `Go` version `1.16.10`.
IBM Cloud RBAC Operator	4ca5637	3430e03	Updated universal base image (UBI) to the latest `8.5` version to resolve CVEs. Updated to use `Go` version `1.16.10`.
Key Management Service provider	v2.3.10	v2.3.12	Updated universal base image (UBI) to the latest `8.4` version to resolve CVEs. Updated to use `Go` version `1.16.10`.
Kubernetes	v1.20.12	v1.20.13	See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache	1.17.3	1.21.1	See the Kubernetes NodeLocal DNS cache release notes. Increased memory resource requests from `8Mi` to `10Mi` to better align with normal resource utilization.
Load balancer and load balancer monitor for IBM Cloud Provider	1590	1659	Updated Alpine base image to the latest `3.14` version to resolve CVEs. Updated to use `Go` version `1.16.10`.
Operator Lifecycle Manager	0.16.1-IKS-14	0.16.1-IKS-15	Updated image for CVE-2021-42374, CVE-2021-42375, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, and CVE-2021-42386.

Change log for worker node fix pack 1.20.13_1564, released 6 December 2021

The following table shows the changes that are in the worker node fix pack patch update 1.20.13_1564. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.12_1562
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-162	4.15.0-163	Updated worker node images and kernel with package updates. Contains fixes for CVE-2021-43527
Kubernetes	1.20.12	1.20.13	See the change log
Containerd	v1.4.11	v1.4.12	See the change log and the security bulletin.

Change log for worker node fix pack 1.20.12_1562, released 22 November 2021

The following table shows the changes that are in the worker node fix pack patch update 1.20.12_1562. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.11_1560
Component	Previous	Current	Description
Kubernetes	1.20.11	1.20.12	For more information, see the change log.
HA proxy	07f1e9e	3b8663	Contains fixes for CVE-2021-20231, CVE-2021-20232, CVE-2021-3580, CVE-2021-22946, CVE-2021-22947, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2019-20838, CVE-2020-14155, CVE-2018-20673, CVE-2021-42574, CVE-2019-17594, CVE-2019-17595, CVE-2020-12762, CVE-2020-16135, CVE-2021-3445, CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087, CVE-2021-20266, CVE-2019-18218, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645, CVE-2021-33574, CVE-2021-35942, CVE-2021-33560, CVE-2019-13750, CVE-2019-13751, CVE-2019-19603, CVE-2019-5827, CVE-2020-13435, CVE-2020-24370, CVE-2021-28153, CVE-2021-3800, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, andCVE-2021-3200
Ubuntu 18.04 packages	4.15.0-161	4.15.0-162	Updated worker node images and kernel with package fixes forCVE-2019-19449, CVE-2020-36322, CVE-2020-36385, CVE-2021-28950, CVE-2021-3759, CVE-2021-38199, CVE-2021-3903, CVE-2021-3927, and CVE-2021-3928.

Change log for master fix pack 1.20.12_1561, released 17 November 2021

The following table shows the changes that are in the master fix pack patch update 1.20.11_1561. Master patch updates are applied automatically.

Changes since version 1.20.11_1558
Component	Previous	Current	Description
Cluster health image	v1.2.16	v1.2.18	Updated `Go` module dependencies and to use `Go` version `1.16.9`. Updated image for CVE-2021-22946, CVE-2021-22947, CVE-2021-33928, CVE-2021-33929 and CVE-2021-33930.
etcd	v3.4.17	v3.4.18	See the etcd release notes.
Gateway-enabled cluster controller	1510	1567	Updated to use `Go` version `1.16.9`.
GPU device plug-in and installer	58d7589	7fd867d	Updated image for CVE-2021-36222, CVE-2021-37750, CVE-2021-22922, CVE-2021-22923 and CVE-2021-22924.
Kubernetes add-on resizer	1.8.12	1.8.13	See the Kubernetes add-on resizer release notes.
IBM Cloud Controller Manager	v1.20.11-2	v1.20.12-3	Updated to support the Kubernetes `1.20.12` release. Updated image for DLA-2797-1.
IBM Cloud RBAC Operator	e3cb629	4ca5637	Updated universal base image (UBI) to the latest `8.4` version to resolve CVEs.
Key Management Service provider	v2.3.8	v2.3.10	Updated `Go` module dependencies and to use `Go` version `1.16.9`. Updated image for CVE-2021-22946.
Kubernetes	v1.20.11	v1.20.12	See the Kubernetes release notes.
Load balancer and load balancer monitor for IBM Cloud Provider	1547	1590	Updated to use `Go` version `1.16.9`.
OpenVPN client	2.4.6-r3-IKS-386	2.4.6-r3-IKS-463	Updated image to implement additional IBM security controls.
OpenVPN server	2.4.6-r3-IKS-385	2.4.6-r3-IKS-462	Updated image to implement additional IBM security controls.

Change log for worker node fix pack 1.20.11_1560, released 10 November 2021

The following table shows the changes that are in the worker node fix pack patch update 1.20.11_1560. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.11_1559
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Updated worker node image packages for CVE-2020-16592, CVE-2020-27781, CVE-2021-25219, CVE-2021-3487, CVE-2021-3524, CVE-2021-3531, and CVE-2021-40490.

Change log for master fix pack 1.20.11_1558, released 29 October 2021

The following table shows the changes that are in the master fix pack patch update 1.20.11_1558. Master patch updates are applied automatically.

Changes since version 1.20.11_1553
Component	Previous	Current	Description
Cluster health image	v1.2.15	v1.2.16	Move from dependency `form3tech-oss/jwt-go` to `golang-jwt/jwt` since the former is no longer maintained. Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs: CVE-2021-36222, CVE-2021-37750, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924
etcd	v3.4.16	v3.4.17	See the etcd release notes.
IBM Calico extension	763	864	Updated to use Go version 1.16.9. Updated universal base image (UBI) to resolve CVEs.
IBM Cloud Controller Manager	v1.20.11-1	v1.20.11-2	Updated to ignore VPC load balancer (LB) state when a LB delete is requested.
IBM Cloud File Storage for Classic plug-in and monitor	400	401	Updated universal base image (UBI) to the latest 8.4-210 version
Key Management Service provider	v2.3.7	v2.3.8	Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs: CVE-2021-36222, CVE-2021-37750, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924

Change log for worker node fix pack 1.20.11_1559, released 25 October 2021

The following table shows the changes that are in the worker node fix pack patch update 1.20.11_1559. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.11_1555
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Updated worker node images with package updates. Contains fix for cloud-init performance problem.
Worker-pool taint automation	N/A	N/A	Fixes known issue related to worker-pool taint automation that prevents workers from getting providerID.

Change log for worker node fix pack 1.20.11_1555, released 11 October 2021

The following table shows the changes that are in the worker node fix pack patch update 1.20.11_1555. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.11_1554
Component	Previous	Current	Description
Containerd	v1.4.9	v1.4.11	See the security bulletin and the change logs.
Ubuntu 18.04 packages	4.15.0-158	4.15.0-159	Updated worker node images and kernel with package updates CVE-2021-3778 and CVE-2021-3796.

Change log for master fix pack 1.20.11_1553, released 28 September 2021

The following table shows the changes that are in the master fix pack patch update 1.21.1_1553. Master patch updates are applied automatically.

Changes since version 1.20.10_1550
Component	Previous	Current	Description
Calico	v3.17.4	v3.17.5	See the Calico release notes. Increased liveness and readiness probe timeouts to 10 seconds.
CoreDNS	1.8.0	1.8.4	See the CoreDNS release notes.
Gateway-enabled cluster controller	1444	1510	Updated image for CVE-2021-3711 and CVE-2021-3712.
GPU device plug-in and installer	8c8bcdf	58d7589	Updated to use `Go` version `1.16.7`.
IBM Cloud Controller Manager	v1.20.10-1	v1.20.11-1	Updated to support the Kubernetes `1.20.11` release. Fixed a bug that may cause node initialization to fail when a new node reuses the name of a deleted node.
IBM Cloud RBAC Operator	945df65	e3cb629	Updated to use `Go` version `1.16.7`.
IBM Cloud File Storage for Classic plug-in and monitor	398	400	Updated to use `Go` version `1.16.7`. Updated universal base image (UBI) to the latest `8.4-208` version to resolve CVEs.
Kubernetes	v1.20.10	v1.20.11	See the Kubernetes release notes.
Kubernetes API server auditing configuration	N/A	N/A	Updated to support `verbose` Kubernetes API server auditing.
Kubernetes NodeLocal DNS cache	N/A	N/A	Increased memory resource requests from `5Mi` to `8Mi` to better align with normal resource utilization.
Load balancer and load balancer monitor for IBM Cloud Provider	1510	1547	Updated image for CVE-2021-3711 and CVE-2021-3712.
Operator Lifecycle Manager	0.16.1-IKS-12	0.16.1-IKS-14	Updated image for CVE-2021-3711 and CVE-2021-3712.

Change log for worker node fix pack 1.20.11_1554, released 27 September 2021

The following table shows the changes that are in the worker node fix pack patch update 1.20.11_1554. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.10_1552
Component	Previous	Current	Description
Disk identification	N/A	N/A	Enhanced the disk identification logic to handle the case of 2+ partitions.
HA proxy	9c98dc5	07f1e9	Updated image with fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-36222, and CVE-2021-37750.
Kubernetes	1.20.10	1.20.11	For more information, see the change logs. This update resolves CVE-2021-25741. For more information, see the IBM security bulletin).
Ubuntu 18.04 packages	4.15.0-156	4.15.0-158	Updated worker node images and kernel with package updates CVE-2021-22946, CVE-2021-22947, CVE-2021-33560, CVE-2021-3709, CVE-2021-3710, CVE-2021-40330, CVE-2021-40528, and CVE-2021-41072.

Change log for worker node fix pack 1.20.10_1552, released 13 September 2021

The following table shows the changes that are in the worker node fix pack patch update 1.20.10_1552. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.10_1551
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-154	4.15.0-156	Updated worker node images and kernel with package updates for CVE-2021-3653, CVE-2021-3656, CVE-2021-38185, CVE-2021-40153.

Change log for worker node fix pack 1.20.10_1551, released 30 August 2021

The following table shows the changes that are in the worker node fix pack patch update 1.20.10_1551. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.9_1549
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-153	4.15.0-154	Updated worker node images and kernel with package updates for CVE-2021-3711 and CVE-2021-3712.

Change log for master fix pack 1.20.10_1550 released 25 August 2021

The following table shows the changes that are in the master fix pack patch update 1.20.10_1550. Master patch updates are applied automatically.

Changes since version 1.20.9_1547
Component	Previous	Current	Description
Calico	N/A	N/A	Updated the rolling update configuration for the `calico-node` daemonset in the `kube-system` namespace. The configuration is now the same regardless of the number of cluster worker nodes.
Cluster health image	v1.2.14	v1.2.15	Updated to use `Go` version `1.15.15`. Updated universal base image (UBI) to the latest `8.4` version to resolve CVEs.
Gateway-enabled cluster controller	1348	1444	Updated image for CVE-2021-36159.
GPU device plug-in and installer	483ccc2	8c8bcdf	Updated to use `Go` version `1.16.6`.
IBM Calico extension	747	763	Updated to use `Go` version `1.16.6`. Updated universal base image (UBI) to the latest `8.4-205` version to resolve CVEs.
IBM Cloud Controller Manager	v1.20.9-1	v1.20.10-1	Updated to support the Kubernetes `1.20.10` release and to use `Go` version `1.15.15`.
IBM Cloud File Storage for Classic plug-in and monitor	395	398	Updated to use `Go` version `1.16.6`. Updated image for CVE-2021-33910.
Key Management Service provider	v2.3.6	v2.3.7	Updated to use `Go` version `1.15.15`. Updated UBI to the latest `8.4` version to resolve CVEs.
Kubernetes	v1.20.9	v1.20.10	See the Kubernetes release notes.
Kubernetes Dashboard	v2.1.0	v2.3.1	See the Kubernetes Dashboard release notes.
Kubernetes Dashboard metrics scraper	v1.0.6	v1.0.7	See the Kubernetes Dashboard metrics scraper release notes.
Kubernetes DNS autoscaler	1.8.3	1.8.4	See the Kubernetes DNS autoscaler release notes.
Load balancer and load balancer monitor for IBM Cloud Provider	1328	1510	Updated image for CVE-2020-27780.
Operator Lifecycle Manager	0.16.1-IKS-10	0.16.1-IKS-12	Updated image for CVE-2021-36159.

Change log for worker node fix pack 1.20.9_1549, released 16 August 2021

The following table shows the changes that are in the worker node fix pack patch update 1.20.9_1549. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.9_1548
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-151	4.15.0-153	N/A
HA proxy	68e6b3	9c98dc	Updated image with fixes for CVE-2021-27218.

Change log for worker node fix pack 1.20.9_1548, released 02 August 2021

The following table shows the changes that are in the worker node fix pack patch update 1.20.9_1548. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.8_1546
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-147	4.15.0-151	Updated worker node images & Kernel with package updates: CVE-2020-13529, CVE-2021-22898, CVE-2021-22924 CVE-2021-22925, CVE-2021-33200, CVE-2021-33909, and CVE-2021-33910.
HA proxy	aae810	68e6b3	Updated image with fixes for CVE-2021-33910.
Registry endpoints	Added zonal public registry endpoints for clusters with both private and public service endpoints enabled.
Read only disk self healing	For VPC Gen2 workers. Added automation to recover from disks going read only.
Containerd	v1.4.6	v1.4.8	For more information, see the change logs. The update resolves CVE-2021-32760 (see the IBM security bulletin).
Kubernetes	v1.20.8	v1.20.9	See the Kubernetes release notes.

Change log for master fix pack 1.20.9_1547, released 27 July 2021

The following table shows the changes that are in the master fix pack patch update 1.20.9_1547. Master patch updates are applied automatically.

Changes since version 1.20.8_1544
Component	Previous	Current	Description
Cluster health image	v1.2.13	v1.2.14	Updated universal base image (UBI) to the latest version to resolve CVEs.
etcd	v3.4.14	v3.4.16	See the etcd release notes.
GPU device plug-in and installer	772e15f	483ccc2	Updated image for CVE-2021-20271, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541 and CVE-2021-3520.
IBM Calico extension	730	747	Updated universal base image (UBI) to version `8.4-205` to resolve CVEs.
IBM Cloud Controller Manager	v1.20.8-2	v1.20.9-1	Updated to support the Kubernetes `1.20.9` release and to use Go version `1.15.14`.
IBM Cloud File Storage for Classic plug-in and monitor	394	395	Updated universal base image (UBI) to version `8.4-205` to resolve CVEs.
IBM Cloud RBAC Operator	b68ea92	945df65	Updated image for CVE-2021-33194.
Key Management Service provider	v2.3.5	v2.3.6	Updated universal base image (UBI) to the latest version to resolve CVEs.
Kubernetes	v1.20.8	v1.20.9	See the Kubernetes release notes.

Change log for worker node fix pack 1.20.8_1546, released 19 July 2021

The following table shows the changes that are in the worker node fix pack 1.20.8_1546. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.8_1545
Component	Previous	Current	Description
Ubuntu 16.04 packages	N/A	N/A	Updated worker node images with kernel package updates.
Ubuntu 18.04 packages	N/A	N/A	Updated worker node images with kernel package updates.

Change log for worker node fix pack 1.20.8_1545, released 6 July 2021

The following table shows the changes that are in the worker node fix pack 1.20.8_1545. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.7_1543
Component	Previous	Current	Description
HA proxy	700dc6	aae810	Updated image with fixes for CVE-2021-3520, CVE-2021-20271, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, and CVE-2021-3541.
Kubernetes	v1.20.7	v1.20.8	See the Kubernetes release notes.
Ubuntu 18.04 packages	4.15.0.144	4.15.0.147	Updated worker node images with kernel package updates for CVE-2021-23133, CVE-2021-3444, and CVE-2021-3600.

Change log for master fix pack 1.20.8_1544, released 28 June 2021

The following table shows the changes that are in the master fix pack patch update 1.20.8_1544. Master patch updates are applied automatically.

Changes since version 1.20.7_1540
Component	Previous	Current	Description
Calico	v3.17.3	v3.17.4	See the Calico release notes.
Cluster health image	v1.2.12	v1.2.13	Updated to use `Go` version `1.15.12`. Updated image for CVE-2021-33194.
Gateway-enabled cluster controller	1352	1348	Updated to run as a non-root user by default, with privileged escalation as needed.
GPU device plug-in and installer	9a5e70b	772e15f	Updated to use `Go` version `1.15.12`. Updated universal base image (UBI) to version 8.4 to resolve CVEs. Updated the GPU drivers to version 460.73.01.
IBM Calico extension	689	730	Updated to use `Go` version `1.16.15`. Updated minimal UBI to version 8.4 to resolve CVEs.
IBM Cloud Controller Manager	v1.20.7-3	v1.20.8-2	Updated to support the Kubernetes `1.20.8` release and to use `Go` version `1.15.13`. Updated `Go` dependencies to resolve CVEs. Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic plug-in and monitor	392	394	Updated to use `Go` version `1.15.12`. Updated UBI to version `8.4` to resolve CVEs.
IBM Cloud RBAC Operator	63cd064	b68ea92	Updated to use `Go` version `1.16.4`. Updated UBI to version `8.4` to resolve CVEs.
Key Management Service provider	v2.3.4	v2.3.5	Updated to use `Go` version `1.15.12`. Updated image for CVE-2021-33194.
Kubernetes	v1.20.7	v1.20.8	See the Kubernetes release notes.
Portieris admission controller	v0.10.2	v0.10.3	See the Portieris admission controller release notes.

Change log for worker node fix pack 1.20.7_1543, released 22 June 2021

The following table shows the changes that are in the worker node fix pack 1.20.7_1543. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.7_1542
Component	Previous	Current	Description
HA proxy	26c5cc	d3dc33	Updated image with fixes for CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2019-2708, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2021-27219, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2017-14502, CVE-2020-8927 and CVE-2020-28196.
IBM Cloud Container Registry	N/A	N/A	Added private-only registry support for `ca.icr.io`, `br.icr.io` and `jp2.icr.io`.
Ubuntu 18.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2017-8779, CVE-2017-8872, CVE-2018-16869, CVE-2019-20388, CVE-2020-24977, CVE-2021-3516, CVE-2021-3517 CVE-2021-3518, CVE-2021-3537, CVE-2021-3580.

Change log for worker node fix pack 1.20.7_1542, released 7 June 2021

The following table shows the changes that are in the worker node fix pack 1.20.7_1542. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.7_1541
Component	Previous	Current	Description
HA proxy	26c5cc	700dc6	Updated the image for CVE-2021-27219.
TCP `keepalive` optimization for VPC	N/A	N/A	Set the `net.ipv4.tcp_keepalive_time` setting to 180 seconds for compatibility with VPC gateways.
Ubuntu 18.04 packages	4.15.0-143	4.15.0-144	Updated worker node images with kernel package updates for CVE-2021-25217, CVE-2021-31535, CVE-2021-32547, CVE-2021-32552, CVE-2021-32556, CVE-2021-32557, CVE-2021-3448, and CVE-2021-3520.

Change log for worker node fix pack 1.20.7_1541, released 24 May 2021

The following table shows the changes that are in the worker node fix pack 1.20.7_1541. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.6_1539
Component	Previous	Current	Description
Containerd	v1.4.5	v1.4.6	See the containerd release notes. The update resolves CVE-2021-30465 (see the IBM security bulletin).
HA proxy	e0fa2f	26c5cc	Updated image with fixes for CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2019-18276, CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-28196, CVE-2019-2708, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, and CVE-2020-8927.
Kubernetes	v1.20.6	v1.20.7	See the Kubernetes release notes.
Ubuntu 18.04 packages	4.15.0-142	4.15.0-143	Updated worker node images with kernel package updates for CVE-2021-28688, CVE-2021-20292, CVE-2021-29264, CVE-2021-29265, and CVE-2021-29650.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2009-5155 and CVE-2020-6096.

Change log for master fix pack 1.20.7_1540, released 24 May 2021

The following table shows the changes that are in the master fix pack patch update 1.20.7_1540. Master patch updates are applied automatically.

Changes since version 1.20.6_1538
Component	Previous	Current	Description
Cluster health image	v1.2.11	v1.2.12	Improved the add-on status information that is displayed when errors occur. Updated image to implement additional IBM security controls and for CVE-2020-26160, CVE-2020-28483 and CVE-2021-20305.
CoreDNS	1.8.3	1.8.0	See the CoreDNS release notes.
IBM Calico extension	661	689	Updated to use `Go` version 1.15.12.
IBM Cloud Controller Manager	v1.20.6-2	v1.20.7-3	Updated to support the Kubernetes 1.20.7 release and to use `Go` version 1.15.12.
IBM Cloud File Storage for Classic plug-in and monitor	390	392	Improved the prerequisite validation logic for provisioning persistent volume claims (PVCs). Updated image to implement additional IBM security controls and for CVE-2021-20305.
IBM Cloud RBAC Operator	b6a694b	63cd064	Updated image to implement additional IBM security controls and for CVE-2020-28483.
Key Management Service provider	v2.3.3	v2.3.4	Updated image to implement additional IBM security controls and for CVE-2020-28483 and CVE-2020-26160.
Kubernetes	v1.20.6	v1.20.7	See the Kubernetes release notes. The update resolves CVE-2020-8562 (see the IBM security bulletin) and CVE-2021-25737 (see the IBM security bulletin).
Kubernetes add-on resizer	1.8.11	1.8.12	See the Kubernetes add-on resizer release notes.
Kubernetes Metrics Server	v0.4.2	v0.4.4	See the Kubernetes Metrics Server release notes.
Operator Lifecycle Manager	0.16.1-IKS-9	0.16.1-IKS-10	Fixed a bug that was caused by a missing `/bin/cpb` binary file.
Portieris admission controller	v0.10.1	v0.10.2	See the Portieris admission controller release notes.

Change log for worker node fix pack 1.20.6_1539, released 10 May 2021

The following table shows the changes that are in the worker node fix pack 1.20.6_1539. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.6_1537
Component	Previous	Current	Description
Ubuntu 18.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2020-27350, CVE-2020-3810, CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216.

Change log for master fix pack 1.20.6_1538, released 4 May 2021

The following table shows the changes that are in the master fix pack patch update 1.20.6_1538. Master patch updates are applied automatically.

Changes since version 1.20.6_1536
Component	Previous	Current	Description
IBM Calico extension	618	661	Updated to use `Go` version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2020-14391, CVE-2020-25661 and CVE-2020-25662.
Gateway-enabled cluster controller	1322	1352	Updated to use `Go` version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450.
IBM Cloud Controller Manager	v1.20.6-1	v1.20.6-2	Updated to support VPC private network load balancers.
Load balancer and load balancer monitor for IBM Cloud Provider	1274	1328	Updated to use `Go` version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450.

Change log for master fix pack 1.20.6_1536, released 27 April 2021

The following table shows the changes that are in the master fix pack patch update 1.20.6_1536. Master patch updates are applied automatically.

Changes since version 1.20.5_1533
Component	Previous	Current	Description
Cluster health image	v1.2.9	v1.2.11	Updated to use `Go` version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
GPU device plug-in and installer	b9ec8af	9a5e70b	Updated image for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
IBM Cloud Controller Manager	v1.20.5-1	v1.20.6-1	Updated to support the Kubernetes 1.20.6 release and to use `Go` version 1.15.10.
IBM Cloud File Storage for Classic plug-in and monitor	389	390	Updated to use `Go` version 1.15.9 and for CVE-2020-28851 and CVE-2021-3121.
IBM Cloud RBAC Operator	3dd6bbc	b6a694b	Updated image for CVE-2021-3449 and CVE-2021-3450.
Key Management Service provider	v2.3.0	v2.3.3	Updated to use `Go` version 1.15.11 and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
Kubernetes	v1.20.5	v1.20.6	See the Kubernetes release notes. The update resolves CVE-2021-25735 (see the IBM security bulletin).
Kubernetes NodeLocal DNS cache	1.17.1	1.17.3	See the Kubernetes NodeLocal DNS cache release notes.
OpenVPN client	2.4.6-r3-IKS-301	2.4.6-r3-IKS-386	Updated image to implement additional IBM security controls.
OpenVPN server	2.4.6-r3-IKS-301	2.4.6-r3-IKS-385	Updated image to implement additional IBM security controls.
Operator Lifecycle Manager	0.16.1-IKS-5	0.16.1-IKS-9	Updated image for CVE-2021-3449, CVE-2021-3450, and CVE-2021-30139.

Change log for worker node fix pack 1.20.6_1537, released 26 April 2021

The following table shows the changes that are in the worker node fix pack 1.20.6_1537. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.5_1535
Component	Previous	Current	Description
HA proxy	a3b1ff	e0fa2f	The update addresses CVE-2021-20305.
Ubuntu 18.04 packages	N/A	N/A	Added resiliency to `systemd` units to prevent failures situations where the worker nodes are overused. Updated worker node images with kernel and package updates for CVE-2018-13095, CVE-2021-20305, CVE-2021-29154, and CVE-2021-3348.
Ubuntu 16.04 packages	4.4.0-206	4.4.0-210	Updated worker node images with kernel and package updates for [CVE-2015-1350, CVE-2017-15107, CVE-2017-5967, CVE-2018-13095, CVE-2018-5953, CVE-2019-14513, CVE-2019-16231, CVE-2019-16232, CVE-2019-19061, CVE-2021-20305, and CVE-2021-29154.

Change log for worker node fix pack 1.20.5_1535, released 12 April 2021

The following table shows the changes that are in the worker node fix pack 1.20.5_1535. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.5_1534
Component	Previous	Current	Description
HA proxy	9b2dca	a3b1ff	The update addresses CVE-2021-3449 and CVE-2021-3450.
Ubuntu 18.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2021-22876.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node images with package updates for CVE-2021-22876.

Change log for master fix pack 1.20.5_1533, released 30 March 2021

The following table shows the changes that are in the master fix pack patch update 1.20.5_1533. Master patch updates are applied automatically.

Changes since version 1.20.4_1531
Component	Previous	Current	Description
Activity Tracker event	N/A	N/A	Now, the `containers-kubernetes.version.update` event is sent to Activity Tracker when a master fix pack update is initiated for a cluster.
Cluster health image	v1.2.8	v1.2.9	Updated image for CVE-2020-28851.
CoreDNS	1.8.0	1.8.3	See the CoreDNS release notes.
Gateway-enabled cluster controller	1232	1322	Updated to use `Go` version 1.15.10 and for CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841.
GPU device plug-in and installer	1c41e4b	b9ec8af	Updated image for CVE-2021-27919, CVE-2020-28851, and CVE-2020-28852.
IBM Cloud Controller Manager	v1.20.4-4	v1.20.5-1	Updated to support the Kubernetes 1.20.5 release. Fixed a bug that prevented VPC load balancers from supporting more than 50 subnets in an account.
IBM Cloud File Storage for Classic plug-in and monitor	388	389	Updated to use `Go` version 1.15.8.
IBM Cloud RBAC Operator	86de2b7	3dd6bbc	Updated image for CVE-2020-28851.
Kubernetes	v1.20.4	v1.20.5	See the Kubernetes release notes.
Kubernetes NodeLocal DNS cache	1.16.0	1.17.1	See the Kubernetes NodeLocal DNS cache release notes.

Change log for worker node fix pack 1.20.5_1534, released 29 March 2021

The following table shows the changes that are in the worker node fix pack 1.20.5_1534. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.4_1532
Component	Previous	Current	Description
Ubuntu 18.04 packages	4.15.0-136-generic	4.15.0-140-generic	Updated worker node images with kernel and package updates for CVE-2020-27170, CVE-2020-27171, CVE-2021-27363, CVE-2021-27365, CVE-2021-28153, and CVE-2021-3449.
Ubuntu 16.04 packages	4.4.0-203-generic	4.4.0-206-generic	Updated worker node images with kernel and package updates for CVE-2021-27363, CVE-2021-27365, and CVE-2021-28153.

Change log for worker node fix pack 1.20.4_1532, released 12 March 2021

The following table shows the changes that are in the worker node fix pack 1.20.4_1532. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.4_1531
Component	Previous	Current	Description
Containerd	v1.4.3	v1.4.4	See the containerd release notes. The update resolves CVE-2021-21334 (see the IBM security bulletin).
Ubuntu 18.04 packages	N/A	N/A	Updated worker node image with package updates for CVE-2021-21300, CVE-2021-24031, CVE-2021-24032, CVE-2021-27218, and CVE-2021-27219.
Ubuntu 16.04 packages	N/A	N/A	Updated worker node image with package updates for{: external}, CVE-2021-21300, CVE-2021-27218, CVE-2021-27219, and CVE-2021-3177.

Change log for worker node fix pack 1.20.4_1531, released 1 March 2021

The following table shows the changes that are in the worker node fix pack 1.20.4_1531. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 1.20.2_1527
Component	Previous	Current	Description
Kubernetes	v1.20.2	v1.20.4	See the Kubernetes release notes.
Ubuntu 18.04 packages	4.15.0-135-generic	4.15.0-136-generic	Updated worker node image with package updates for CVE-2020-27619, CVE-2020-29372, CVE-2020-29374, CVE-2020-8625, CVE-2021-23840, CVE-2021-23841, CVE-2021-26937, CVE-2021-27212, and CVE-2021-3177.
Ubuntu 16.04 packages	4.4.0-201-generic	4.4.0-203-generic	Updated worker node image with package updates for CVE-2020-27619, CVE-2020-29372, CVE-2020-29374, CVE-2020-8625, CVE-2021-23840, CVE-2021-23841, CVE-2021-26937, CVE-2021-27212, and CVE-2021-3177.

Change log for master fix pack 1.20.4_1531, released 27 February 2021

The following table shows the changes that are in the master fix pack patch update 1.20.4_1531. Master patch updates are applied automatically.

Changes since version 1.20.4_1530.
Component	Previous	Current	Description
Calico	v3.17.2	v3.17.3	See the Calico release notes.
IBM Cloud Controller Manager	v1.20.4-2	v1.20.4-4	Updated to use `calicoctl` version 3.17.3.
Load balancer and load balancer monitor for IBM Cloud Provider	1165	1274	Fixed a bug that might cause version 2.0 network load balancers (NLBs) to crash and restart on load balancer updates.

Change log for master fix pack 1.20.4_1530, released 22 February 2021

The following table shows the changes that are in the master fix pack patch update 1.20.4_1530. Master patch updates are applied automatically.

Changes since version 1.20.2_1528.
Component	Previous	Current	Description
IBM Cloud Controller Manager	v1.20.2-15	v1.20.4-2	Updated to support the Kubernetes 1.20.4 release and to use `Go` version 1.15.8. Updated image to implement additional IBM security controls.
Key Management Service provider	v2.2.4	v2.3.0	Updated to use `Go` version 1.15.7. Updated image to implement additional IBM security controls.
Kubernetes	v1.20.2	v1.20.4	See the Kubernetes release notes.
Operator Lifecycle Manager	0.16.1-IKS-3	0.16.1-IKS-5	Updated image for CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841.

Change log for 1.20.2_1528 (master) and 1.20.2_1527 (worker node), released 17 February 2021

The following table shows the changes that are in the version updates for 1.20.2_1528 master fix pack and 1.20.2_1527 worker node fix pack.

Changes since version 1.19.7_1532 (master) and 1.19.7_1535 (worker node).
Component	Previous	Current	Description
Calico	v3.16.5	v3.17.2	See the Calico release notes.
Cluster health image	v1.2.6	v1.2.8	Updated to use `Go` version 1.15.7. Updated image to implement additional IBM security controls.
Gateway-enabled cluster controller	1195	1232	Updated to use `Go` version 1.15.7.
GPU device plug-in and installer	af5a6cb	1c41e4b	Updated to support the Kubernetes 1.20 release.
IBM Calico extension	567	618	Updated to use `Go` version 1.15.7.
IBM Cloud Controller Manager	v1.19.7-4	v1.20.2-15	Updated to: Support the Kubernetes 1.20.2 release. Use `calicoctl` version 3.17.2. Implement additional IBM security controls. Address DLA-2509-1. Make version 1.0 and 2.0 network load balancers (NLBs) to run as a non-root user by default, with privileged escalation as needed.
IBM Cloud File Storage for Classic plug-in and monitor	385	388	Improved the retry logic for provisioning persistent volume claims (PVCs).
IBM Cloud RBAC Operator	f859228	86de2b7	Updated to use `Go` version 1.15.7.
Key Management Service provider	v2.2.3	v2.2.4	Updated image to implement additional IBM security controls.
Kubernetes	v1.19.7	v1.20.2	See the Kubernetes release notes.
Kubernetes configuration	N/A	N/A	Updated the feature gate configuration.
Kubernetes CSI snapshotter CRDs	N/A	v3.0.2	See the Kubernetes container storage interface (CSI) snapshotter release notes.
Kubernetes Dashboard	v2.0.5	v2.1.0	See the Kubernetes Dashboard release notes.
Kubernetes Dashboard metrics scraper configuration	N/A	N/A	Default Kubernetes network policy added to block most pods from accessing the Kubernetes Dashboard metrics.
Kubernetes Metrics Server	v0.3.7	v0.4.2	See the Kubernetes Metrics Server release notes.
Kubernetes NodeLocal DNS cache	1.15.14	1.16.0	See the Kubernetes NodeLocal DNS cache release notes.
Load balancer and load balancer monitor for IBM Cloud Provider	1078	1165	Updated to run as a non-root user by default, with privileged escalation as needed. Updated to use `Go` version 1.15.7.