Google Distributed Cloud air-gapped 1.13.5 release notes

November 7, 2024

---

---

To take advantage of the bug and security vulnerability fixes, you must upgrade all nodes with each release.

The following security vulnerabilities are fixed:

• CVE-2016-1585
• CVE-2021-46926
• CVE-2021-47188
• CVE-2022-48791
• CVE-2022-48863
• CVE-2023-27043
• CVE-2023-52760
• CVE-2024-20505
• CVE-2024-20506
• CVE-2024-2201
• CVE-2024-6232
• CVE-2024-6345
• CVE-2024-6923
• CVE-2024-7006
• CVE-2024-7592
• CVE-2024-8088
• CVE-2024-8096
• CVE-2024-23984
• CVE-2024-24860
• CVE-2024-24968
• CVE-2024-26677
• CVE-2024-26787
• CVE-2024-26830
• CVE-2024-26921
• CVE-2024-26929
• CVE-2024-27012
• CVE-2024-36901
• CVE-2024-38570
• CVE-2024-39484
• CVE-2024-39494
• CVE-2024-41957
• CVE-2024-42160
• CVE-2024-42228
• CVE-2024-43374
• CVE-2024-45490
• CVE-2024-45491
• CVE-2024-45492

---

To take advantage of the bug and security vulnerability fixes, you must upgrade all nodes with each release.

The following security vulnerabilities are fixed:

• CVE-2020-36558
• CVE-2021-35937
• CVE-2021-35938
• CVE-2021-35939
• CVE-2022-1158
• CVE-2022-2503
• CVE-2022-2639
• CVE-2022-2873
• CVE-2022-2964
• CVE-2022-3564
• CVE-2022-4269
• CVE-2022-4378
• CVE-2022-36879
• CVE-2022-39188
• CVE-2022-40897
• CVE-2022-41222
• CVE-2022-42896
• CVE-2022-45884
• CVE-2022-45886
• CVE-2022-45919
• CVE-2022-48624
• CVE-2023-0266
• CVE-2023-1095
• CVE-2023-1206
• CVE-2023-0461
• CVE-2023-0590
• CVE-2024-6345
• CVE-2024-32487
• CVE-2024-42472

---

Billing:

• The upgrade fails on atat-webhooks add-on.

Block storage:

• The storage virtual machine is not created.

• The storage intercluster networks fail to reconcile.

Cluster management:

• The user cluster worker node pool creation fails.

Networking:

• The cluster mesh is not configured with zonal information, which impacts internal load balancer connectivity.

Operating System:

• The node cannot be SSHed to.

Physical servers:

• Secure erase fails without a license.

Upgrade:

• The system-dashboards addon installation fails.

• The NodeUpgradeTask custom resource is stuck at the NodeOSInPlaceUpgradePostProcessingCompleted condition.

• Image-distribution fails during an upgrade.

• The platform-obs-obs-system or platform-obs namespaces get stuck in the terminating state during an upgrade.

• The NodeUpgradeTask custom resource is stuck at the NodeBIOSFirmwareUpgradeCompleted condition.

• The cluster upgrade is blocked due to a node failing to enter maintenance mode.

Virtual Machines:

• Virtual machines in projects with names exceeding 45 characters remain in a stopped state.

• The GPU allocation is missing on the service cluster.

---

Artifact Registry:

• Fixed the root admin cluster creation operation from failing if there is a long list of servers when bootstrapping

Block storage:

• Fixed the IPsec configuration errors.

---

Version updates:

• The Google Distributed Cloud for bare metal version is updated to 1.29.600-gke.108 to apply the latest security patches and important updates.
  
  See the Google Distributed Cloud for bare metal 1.29.600-gke.108 release notes for details.