v1.28.X

Upgrade Notice

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Release v1.28.2+k3s1

This release updates Kubernetes to v1.28.2, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.28.1+k3s1:

• Update channel for version v1.28 (#8305)
• Bump kine to v0.10.3 (#8323)
• Update to v1.28.2 and go v1.20.8 (#8364)
  • Bump embedded containerd to v1.7.6
  • Bump embedded stargz-snapshotter plugin to latest
  • Fixed intermittent drone CI failures due to race conditions in test environment setup scripts
  • Fixed CI failures due to changes to api discovery changes in Kubernetes 1.28

Release v1.28.1+k3s1

This release is K3S’s first in the v1.28 line. This release updates Kubernetes to v1.28.1.

IMPORTANT

This release includes remediation for CVE-2023-32187, a potential Denial of Service attack vector on K3s servers. See https://github.com/k3s-io/k3s/security/advisories/GHSA-m4hf-6vgr-75r2 for more information, including documentation on changes in behavior that harden clusters against this vulnerability.

Critical Regression

Kubernetes v1.28 contains a critical regression (kubernetes/kubernetes#120247) that causes init containers to run at the same time as app containers following a restart of the node. This issue will be fixed in v1.28.2. We do not recommend using K3s v1.28 at this time if your application depends on init containers.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.27.5+k3s1:

• Update to v1.28.1 (#8239)
• CLI Removal for v1.28.0 (#8203)
• Secrets Encryption V3 (#8111)
• Add new CLI flag to disable TLS SAN CN filtering (#8252)
  • Added a new --tls-san-security option.
• Add RWMutex to address controller (#8268)