Added PPP loadable modules back, which were removed in
cos-77-12371-1072-0.
Moved Docker's "registry-mirrors" configuration to the dockerd command
line to address Kubernetes cluster provisioning errors.
cos-77-12371-1086-0
Date: Oct 08, 2020
Moved the configuration of Docker's "registry-mirrors" option from the
dockerd command line to /etc/docker/daemon.json. This should allow users
to configure a custom registry mirror, which can be useful when responding
to recent Docker Hub free tier changes.
Fixed CVE-2020-15157 in containerd.
cos-77-12371-1079-0
Date: Sep 05, 2020
Fixed Linux kernel vulnerability CVE-2020-14386 by fixing an integer
overflow issue in tpacket_rcv.
cos-77-12371-1073-0
Date: Aug 21, 2020
Enabled utmp in systemd to allow creation of utmp files.
cos-77-12371-1072-0
Date: Aug 10, 2020
Disabled CONFIG_PPP to mitigate Linux Kernel CVE-2020-14416.
Fixed CVE-2020-15705 in grub.
cos-77-12371-1064-0
Date: July 30, 2020
Removed the metrics daemon to address an issue where it would
periodically cause CPU usage spikes in some cases.
cos-77-12371-326-0
Date: July 13, 2020
Added rsync back into the image, which was removed in
cos-dev-77-12293-0-0.
Mount /var/lib/containerd with exec option.
Moved Kernel source to cos.googlesource.com.
Fixed CVE-2019-9169.
cos-77-12371-296-0
Date: June 16, 2020
Updated toolbox base container image to include security patches.
cos-77-12371-274-0
Date: May 26, 2020
Fixed a few OS Login CVEs: CVE-2020-8903, CVE-2020-8907, CVE-2020-8933.
cos-77-12371-273-0
Date: May 21, 2020
Fixed a Stackdriver Monitoring agent bug where not all mounted disk partitions has their usage reported.
cos-77-12371-251-0
Date: Apr 29, 2020
Fixed a kernel bug where eBPF programs can cause softlockups.
cos-77-12371-233-0
Date: Apr 29, 2020
Disabled `accept_ra` on all interfaces by default.
cos-77-12371-227-0
Date: Apr 05, 2020
Upgraded the Linux kernel to v4.19.112.
Backported systemd patch ba0d56f55 to address an issue that resulted in
leaked mount units.
cos-77-12371-208-0
Date: Mar 17, 2020
Enabled NETFILTER_XT_MATCH_SOCKET.
Fixed a bug where DHCP is not started after link flaps.
Removed size limit on /etc/ to fix cluster creation failure because of large number of addons.
Upgraded the Linux kernel to v4.19.109.
cos-77-12371-183-0
Date: Feb 21, 2020
Upgraded the Linux kernel to v4.19.104.
Fixed TCP empty skb at the tail of the write queue bug in kernel.
cos-77-12371-175-0
Date: Feb 12, 2020
Enabled some QoS and Fair Queuing options in the Linux kernel.
Upgraded the Linux kernel to v4.19.102.
Upgraded runc to 1.0.0-rc10. This resolves CVE-2019-19921.
cos-77-12371-141-0
Date: Jan 07, 2020
Backported fix for Linux kernel CVE-2019-19072.
Fixed CFS quota throttling issue.
Upgraded the Linux kernel to v4.19.91.
cos-77-12371-114-0
Date: Oct 31, 2019
Increased sysctl net.ipv4.tcp_limit_output_bytes to 1048576.
Fixed the problem of spawning 8 runc state process for every exec on
containerd. This was leading to high cpu utilization.
Fixed the unnecessary creation of two separate test slices (resulting
in 4 systemd log messages total + runtime overhead) for every runc
execution.
Fixed an issue in runc that resulted in unnecessary CPU consumption.
Upgraded the Linux kernel to v4.19.80.
Fixed a performance regression in completely fair scheduler (CFS).
cos-77-12371-89-0
Date: Oct 9, 2019
Upgraded the Linux kernel to 4.19.76.
Backported a kernel patch to ensure the cfs cgroup quota/period ratio
always stays the same. This addresses a Kubernetes issue where the pod
cgroup could be changed into an inconsistent state.
Backported a kernel patch to fix performance regression in wbt
scale_up/scale_down.
cos-77-12371-76-0 (vs Milestone 73)
Date: Sep 27, 2019
New features
Enabled Shielded VM by default. Secure boot is not enabled by
default.
Enabled cgroup v2 hybrid mode in systemd.
Added support for the virtio balloon driver.
Added the node-problem-detector package.
Added the conntrack-tools package.
Added the xfsprogs package.
Package updates
Upgraded systemd to version 239.
Upgraded the Linux kernel to version 4.19.
Upgraded Docker to version 19.03.
Upgraded Kubelet to version 1.15.
Upgraded the compute-image-packages to version 20190304.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-02 UTC."],[[["This image family, cos-77-lts, was deprecated after January 11, 2021, and runs on Linux kernel 4.19.112, Kubernetes v1.15.3, and Docker v19.03.1."],["Multiple security vulnerabilities, identified as CVEs, have been addressed within the Linux kernel and containerd components over various updates."],["There have been various fixes to address issues regarding Docker's \"registry-mirrors\" configuration, as well as performance and stability enhancements related to resource management and network."],["Several updates focused on upgrading the Linux kernel to address bugs, add features, and enhance performance in the areas of scheduling, quotas, and overall system stability."],["The cos-77-lts image family has undergone significant package upgrades over time, including systemd, Docker, Kubelet, openssl, and openssh, with the kernel compiler also being switched from gcc to clang."]]],[]]
