Releases: microsoft/azurelinux
2.0.20240609
Generic Kernel version-release: kernel-5.15.158.2-1
Added azl-compliance package.
Added tzdata dependency for php-pecl-zip.
Added back-compat symlink for docker-proxy to moby-engine.
Added fix for cloud-init growpart to selinux-policy.
Added patch for kubevirt CVE-2024-24786.
Added patch for pytorch CVE-2024-27318.
Added patch for ruby CVE-2024-35176.
Added patch for rubygem-rexml CVE-2024-35176.
Added patch in cri-o for CVE-2024-21626.
Added patch to moby-engine to address CVE-2023-44487.
Added patch to nodejs18 to address CVE-2023-21100.
Added patch to add network interface renaming support for CAPM3 Met.
Added stable release maintainers to CODEOWNERS.
Addressed graphviz CVE-2023-46045 & CVE-2020-18032.
Addressed hvloader openssl related CVEs (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).
Addressed reaper CVE-2024-4068.
Addressed hyperv-daemons CVE-2024-26951, CVE-2024-26961, CVE-2024-26965, CVE-2024-26966, CVE-2024-26973, CVE-2024-26977, CVE-2024-26984, CVE-2024-26993, CVE-2024-27000, CVE-2024-27018, CVE-2024-35848, CVE-2024-35912, CVE-2024-36008, CVE-2023-3269, CVE-2023-3338, CVE-2023-33951, CVE-2023-33952, CVE-2023-35826.
Addressed kernel CVE-2022-38096, CVE-2023-47233, CVE-2023-52827, CVE-2024-25739, CVE-2024-26900, CVE-2024-26902, CVE-2024-26929, CVE-2024-26934, CVE-2024-26949, CVE-2024-26952, CVE-2024-26979, CVE-2024-27013, CVE-2024-27015, CVE-2024-27016, CVE-2024-27018, CVE-2024-27019, CVE-2024-27020, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35990, CVE-2024-35997, CVE-2024-36008, CVE-2023-52447, CVE-2024-21803, CVE-2024-26587, CVE-2024-26588.
Attached EOL manifest to base containers as well.
Built redis with BUILD_TLS=yes.
CVE-2022-34169: docbook-style-xsl - upgraded embedded xalan jar from 2.7.2 to 2.7.3.
Enabled KNI module in DPDK build.
Fixed ceph CVE-2023-43040.
Fixed dhcp CVE-2022-38177, CVE-2022-38178, CVE-2022-2795 for bind.
Fixed fluent-bit CVE-2024-34250.
Fixed Fluent-bit issues #8198 and #8025.
Fixed glibc nscd breakage and patched CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602.
Fixed kubernetes missing autopatch for CVE-2023-5408.
Fixed moby-compose CVE-2024-24786, CVE-2024-23650, CVE-2023-2253.
Fixed openssl CVE-2023-50782 affecting python-cryptography.
Fixed openssl to only free buffers when done.
Fixed prometheus-adapter CVE-2024-24786.
Fixed python-jinja2 for CVE-2024-34064.
Fixed pytorch CVE-2024-31584.
Fixed CVE-2023-45288 in multiple packages.
Fixed CVE-2023-48795 in moby-compose by patching vendor packages.
Fixed CVE-2024-3154 in package cri-o.
Fixed CVE-2024-34459 for libxml2.
Fixed epoch matching in 'InstallPackageRegex'.
Fixed Kubernetes missing auto patch.
Fixed Perl automatic requires and provides.
Fixed Ptest zchunk.
Mitigated libdwarf CVE-2024-2002.
Moved nmi from SPEC to SPEC-EXTENDED.
Moved src tarballs to AME - mariner 2.0.
Patched apparmor for CVE-2024-31755.
Patched bluez for CVE-2023-50229.
Patched ceph for multiple CVEs.
Patched coredns cache plugin to address CVE-2024-0874.
Patched cups CVE-2022-26691.
Patched dhcp for CVE-2023-2828.
Patched frr CVE-2024-27913 and CVE-2024-34088.
Patched libvirt for CVE-2024-4418.
Patched python-requests CVE-2024-35195.
Patched python-tqdm CVE-2024-34062.
Patched python-werkzeug CVE-2024-34069.
Patched ruby CVE-2024-27282.
Patched CVE-2024-26147 for cert-manager.
Re-fixed telegraf CVE-2024-28110.
Refactored Golden Container main.
Removed newly added explicit version dependencies in gdal and netcdf.
Resolved hvloader CVEs in edk2's bundled openssl.
Resolved telegraf CVE-2024-27289.
Resolved overflow warnings from installutils.go:ProvisionUserSSHCerts.
Resolved regressed ansible CVE-2023-5764.
Tuned some kernel configs for aarch64.
Updated facter version to support Mariner.
Updated kernel-mos to 5.15.158.2.
Updated python h5py to fix build break caused by recent HDF5 update.
Updated and corrected ruby CVE-2024035176.patch.
Updated OpenSSL version in python-cryptography to fix CVE-2023-50782.
Upgraded azcopy to 10.24.0 to fix multiple security issues.
Upgraded azl-compliance to version 1.0.2.
Upgraded clamav to 1.0.6.
Upgraded cri-o to v1.22.3 to resolve regressed CVE-2022-0811.
Upgraded cri-tools to 1.29.0 CVE-2023-45142.
Upgraded fluent-bit to 2.2.3 to fix CVE-2024-4323.
Upgraded git to 2.39.4 Fix CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465.
Upgraded hdf5 to 1.14.4. to fix several CVEs.
Upgraded httpd to fix CVE-2024-27316, CVE-2023-38709, and CVE-2024-24795.
Upgraded iperf3 3.14 -> 3.17 to address CVE-2024-26306.
Upgraded kata(-cc) to LSG release v2405.9.2.
Upgraded kernel to 5.15.158.2.
Upgraded msft-golang 1.22.2 -> 1.22.3 to address CVE-2024-24787 & CVE-2024-24788.
Upgraded net-snmp to 5.9.4 Fixes for CVE-2022-44792 and CVE-2022-44793.
Upgraded nodejs18 to 18.20.2 address CVEs.
Upgraded openvswitch to 2.17.9 to fix CVE-2023-5366 and CVE-2023-3966.
Upgraded php to 8.1.28 to fix CVE-2024-2756, CVE-2024-3096.
Upgraded postgresql to 14.12 CVE-2024-4317.
Upgraded rubygem-rexml to 3.2.7 to resolve CVE-2024-35176.
Upgraded zeromq to 4.3.5.
Upgraded Kata to 3.2.0.azl1.
Used legacy builder for distroless golden containers.
3.0.20240524
This is the preview release for 3.0.20240524
2.0.20240425
Add configurability in systemd to control default value of UseDomains parameter
Add image-id file in etc dir to support off-cycle container and image upgrades
Bump golang.org/x/net from 0.18.0 to 0.23.0 in /toolkit/tools
Cherry-pick delta for Overlay Dracut Module from 3.0-dev to main.
Downgrade cloud-init to 23.3 via epoch. (New version is 1:23.3-2)
Enable CONFIG_NFT_OBJREF
Fix CVE-2024-22189 in coredns by patching vendored package quic-go
Fix CVE-2024-28085 in util-linux by backporting the patch
Fix extended build breaks for libotr, gupnp, samba
Fix openssl unconstrained session cache growth in TLSv1.3
Fix the date in logs
Fixed setting of the ToolkitVersion variable for our Go tools.
Moved distroless cert dependencies out of the meta package distroless-packages.
Patch Perl for CVE-2023-47100, CVE-2023-31484, CVE-2023-31486
Patch cri-o to fix CVE-2021-3602, CVE-2022-27651, CVE-2022-2995, CVE-2023-42821
Patch cups for CVE-2023-4504, CVE-2023-32324 and CVE-2023-34241
Patch kubernetes for CVE-2023-5408
Patch less for cve-2024-32487
Patch libreswan for cve-2024-3652
Patch libvirt for CVE-2024-2494
Patch nodejs to fix CVE-2024-27983
Patch pytorch for CVE-2024-27319, CVE-2024-31580 CVE-2024-31583
Patch ruby for CVE-2024-27280 and CVE-2024-27281
Patch terraform for CVE-2024-3817 vendored go-getter
Remove Kernel Required Configs Check
Remove nodejs(16) as it's End of Life
Remove obsolete build dependency from moby-containerd-cc
Update selinux-policy to add checkpoint restore for getty.
Update sos to copy kernel config and vmcore
Upgrade ca-certificates Msft cert change
Upgrade conmon to 2.1.2 to fix CVE-2022-1708
Upgrade cri-o to 1.21.7 for CVE-2022-0811, add patch for CVE-2022-1708
Upgrade dhcp to 4.4.3 to fix CVE-2022-2928 and CVE-2022-2929
Upgrade fluent-bit to 2.2.2 to fix CVE-2024-23722
Upgrade git-lfs from 3.4.1 -> 3.5.1 to address CVE-2023-39325 & CVE-2023-45288
Upgrade git-lfs to 3.4.1 to fix multiple CVEs
Upgrade moby-engine & moby-cli from 20.10.27 -> 24.0.9
Upgrade msft-golang from 1.21.8 -> 1.22.2
Upgrade opa to 0.63.0 to fix CVE-2023-45142
Upgrade packer to 1.10.1 to address CVE-2023-49569
Upgrade skopeo from 0.14.1 -> 0.14.2 to include Docker Daemon fix
Upgrade telegraf to 1.29.4 to fix CVE-2023-50658
[kata-cc] kata-packages-uvm: add cifs-utils as dependency
[kata-cc] kernel-uvm: enable CIFS modules
2.0.20240403
Add patch for cloud-init pkg install error
Add patch to limit pytest-mypy-plugins version for python-attrs test
Disabled experimental c-ares module from python-gevent (also fixes CVE-2021-22931)
Enabled ccache and artifact suffixes for fast-track PR check
Exclude overlayfs module from main dracut package.
Explicitly add libgcc as a requires to distroless base
Fix imagegen tools (toolkit) to Write fstab file in correct order.
Fix kata-containers to use system OpenSSL
Fix kata-containers-cc to fix macro expansion (use grub2-rpm-macros)
Fix kata-containers-cc virtiofsd dependency
Fix mariner_2_initrd_use_suffix kdump.conf option
Fix moby-compose license for ASL 2.0
Fix msft-golang to include go.env in GOROOT
Fix python-prettytables ptest.
Fix python-remoto ptest
Fix toolchain rebuilds for delta builds.
Force systemd coredump to use LZ4 compression
Limited cascading rebuilds for the fast-track PR check to 1.
Modify cython to skip long tests.
Patch CVE-2023-52160 for wpa_supplicant
Patch libtiff to fix CVE-2023-52356
Patch PAM to fix CVE-2024-22365
Patch azure-iot-sdk-c to address CVE-2024-25110 and CVE-2024-27099 - bran
Patch clamav to fix CVE-2024-20328
Patch expat to fix CVE-2023-52426
Patch kubervirt for CVE-2022-41723
Patch less to fix CVE-2022-48624
Patch libvirt to fix CVE-2024-1441 and CVE-2024-2496
Patch nodejs18 to fix CVE-2024-22025 (NOTE: nodejs[16] is end of life and will be removed from build at next monthly update)
Patch open-vm-tools to address CVE-2023-34058 & CVE-2023-34059
Patch to package qt5-qtbase to address CVE-2022-25643
Patch unixODBC to fix CVE-2024-1013
Patch xorg-x11-server to fix CVE-2023-5574, CVE-2023-5367 & CVE-2023-5380, CVE-2023-6816, CVE-2024-21885
Removed the runOnHost flag to fix the fast-track PR check pipelines.
Switch qemu-guest base image to kernel instead of kernel-hci
Update expat changelog
Update guava to 32.1.3 in Javapackages-bootstrap
Update toolchain container bootstrap to 2.0.20240123
Upgrade Kernel to 5.15.153.1 to address kernel CVE-2014-3185, CVE-2015-5157, CVE-2022-2585, CVE-2022-2586, CVE-2022-2588,CVE-2022-2602, CVE-2023-5090, CVE-2023-5633, CVE-2023-6040, CVE-2023-6200, CVE-2023-6560, CVE-2023-35827, CVE-2023-46838, CVE-2023-52429, CVE-2023-50431, CVE-2023-52434, CVE-2023-52435, CVE-2024-0340, CVE-2024-0562, CVE-2024-0646, CVE-2024-0775, CVE-2024-1086, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851
Upgrade ansible to 2.14.4 fix CVE-2024-0690
Upgrade ca-certificates Msft cert change
Upgrade emacs to 29.3 to fix CVE-2024-30202, CVE-2024-30204, CVE-2024-30205
Upgrade expat to 2.6.2 CVE-2023-52425 and CVE-2024-28757
Upgrade helm to 3.14.2 CVE-2024-26147
Upgrade libreswan to 4.14
Upgrade msft-golang to 1.21.8 to fix CVEs
Upgrade nmi to 1.8.17 CVE-2022-41717, CVE-2022-23551
Upgrade node-problem-detector to version v0.8.17 and patch CVE-2024-24786
Upgrade python to 3.9.19: address CVE-2023-6597 and other security concerns
Upgrade zstd to 1.5.4 CVE-2022-4899
Upgrade etcd to version 3.5.12.
Patch gnutls to fix CVE-2024-0567
Patch telegraf for CVE-2024-27304 and CVE-2024-28110
Kata: Release v3.2.0.azl0 for both vanilla and CC based on aligned sources
Kata: upgrade kernel-uvm and kata-conatainers-cc for LSG release v2402.26.1
3.0.20240401 Preview
This is the preview release for 3.0.20240401
2.0.20240301
Add golden containers src artifacts (#7664)
Fixed CVE-2023-42282 in nodejs. (#8159)
Patch CVE-2024-22667 in vim (#8147)
Patch CVE-2024-24806 in libuv (#8148)
Patch CVE-2024-24806 in nodejs18 (#8164)
Updates containers source for marinara updates (#8154)
Upgrade bind to 9.16.48 Fix CVE-2023-50387 (#8167)
Upgrade dnsmasq to 2.90 Fix CVE-2023-50387 (#8150)
Upgrade libgit2 to Version 1.6.5 to address CVE-2024-24575 (#8092)
Upgrade moby-compose to version 2.17.3 to address multiple CVEs (#8091)
Upgrade postgresql to version14.11 to fix CVE-2024-0985 (#8161)
Upgrade unbound to 1.19.1 Fix CVE-2023-50387 (#8170)
2.0.20240223
Add cleanup script to base images
Add container images source files to 2.0
Add dracut sub-package overlayfs.
Add epoch to libdwarf spec to fix versioning order
Add memcached container files
Add missing commit subject to patch 27 for kernel-hci
Add mysql user with package install
Add package nss-mdns v0.15.1
Add patch for azure-iot-sdk-c CVE-2024-21646
Add shadow-utils as a hard dependency for mysql package
Add sshkeys to user config
Add support for multiple cache inputs
Add upstream patch to kubevirt to force hp-volume- pod to respect blockdevices (IcM 467224770)
Added a cross-compilation subpackage for aarch64 into gcc.
Added cross-compilation binutils and kernel-headers.
Added initial doc about reading error logs.
Allow dracut info logs to be visible for baremetal base image
Backport Nvidia net/mlx5 patches to support 100G BOM in kernel-hci
Bump golang.org/x/crypto from 0.15.0 to 0.17.0 in /toolkit/tools
Enable Broadcom MPI3 Storage Controller Device Driver
Enable CONFIG_X86_IOPL_IOPERM
Fix a bug if condition to not skip processing sshkeys when sshkeypaths is empty
Fix cloud-init's ptest by by pinning pyest to 8.0.0
Fix mariadb install post script
Fix missing nobody user/group for nfs squash
Fix pytest version for python-virtualenv
Fix python urllib3 test
Fix runtime dependency for python3-virtualenv
Fix the change logs to keep correct published order
Fixed cloud-init tests.
Fixed merge leftovers in a coredns patch.
Image Customizer: Ensure ext4 formatting is consistent across build hosts
Image Customizer: Fix special directories and partition customization.
Image Customizer: Make either one of split partitions format and output image format required
Image Customizer: Use safeloopback.Loopback instead of ImageConnection for split partitions
Image Customizer: remove adduser-config.yaml file as it contains password field
Improved toolkit download handling (Specialcased 5XX errors during package downloads.
Introduce Rust virtiofsd package
Kata-CC: Enforce a restrictive pod security policy
Kata-CC: Upgrade to 0.6.3
Kata-cc: remove kernel-uvm-cvm references
Making GitHub Actions' permissions explicit.
Move hiera from Extended to Core
Patch CVE-2021-44716 in jx, cf-cli, keda, csi-driver-lvm, moby-cli,kube-vip-cloud-provider, node-problem-detector,git-lfs, local-path-provisioner, prometheus-node-exporter, rook, cri-tools, flannel, libcontainers-common, application-gateway-kubernetes-ingress
Patch CVE-2022-21698 in application-gateway-kubernetes-ingress, node-problem-detector, moby-buildx, moby-cli, moby-engine, nmi, local-path-provisioner, rook, prometheus-node-exporter, prometheus-process-exporter, kube-vip-cloud-provider
Patch CVE-2022-21698 in keda
Patch CVE-2023-44487 in jx, nginx, cf-cli, moby-containerd-cc, kubevirt, prometheus-node-exporter, keda, git-lfs, vitess, local-path-provisioner
Patch CVE-2023-50711 in cloud-hypervisor
Patch CVE-2024-21626 by patching vendored runc in kubernetes, kubevirt, cri-tools
Patch moby-engine CVEs: 2024-23651 and 2024-23652.
Patch coredns CVE-2023-44487 by patching vendor tar
Patch cve-2022-21698 in kube-vip-cloud-provider
Patch cve-2022-21698 in local-path-provisioner
Patch erlang for CVE-2023-48795
Patch openssl with null checks against ContentInfo
Patch python-jinja2 for CVE-2024-22195
Patch vendored go module quic-go for package coredns to address CVE-2023-49295
Patched CVE-2021-38593 in qt5-qtbase.
Remove /etc/host.conf from filesystem
Remove spec and references of kernel-uvm-cvm
Removed extra double quote in the toolkit.
Set ownership of virtiofsd package to Kata team
Shift user/group creation earlier in image build for rootfs image types
Sort, reorder and color build summary output
Split failing and passing tests in the summary.
Update dracut to allow supressing user confirmation prompt when the liveos overlay is backed by memory.
Upgrade golang to version 1.20.10 -> 1.21.6
Upgrade ca-certificates Msft cert change
Upgrade cloud-init to v23.4.1 and add patch to retain exit code for recoverable errors
Upgrade helm to version 3.13.2 -> 3.14.0 to address CVE-2023-44487
Upgrade kernel to 5.15.148.2 to CVE-2014-0069, CVE-2013-6381, CVE-2022-48619, CVE-2023-6531, CVE-2023-6546, CVE-2023-6622, CVE-2023-6817, CVE-2023-6915, CVE-2023-7192, CVE-2023-6931, CVE-2023-6932, CVE-2023-46343, CVE-2023-46862, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2024-0607, CVE-2024-0639, CVE-2024-0641, CVE-2024-22705
Upgrade kernel-mos to 5.15.148.1
Upgrade lz4 to 1.9.4-1 to fix CVE-2021-3520
Upgrade msft-golang to version 1.20.11 -> 1.21.6
Upgrade sos to 4.6.1
Upgrade sriov-network-device-pluginfrom from 3.5.1 to 3.6.2
Upgrade tzdata to 2024a upgrade to version 2024a
Upgrade version skopeo from 1.13.3 -> 1.14.1 to address GHSA-jq35-85cj-fj4p
Upgrade NVIDIA/CUDA Driver to 535.129.03
Use main kernel for baremetal base image
2.0.20240123
This release reverts a change to the filesystem package which caused the use of "localhost" to return "::1" in some situations. Rather than fix the issue, we reverted the change.
2.0.20240117
Add DAILY_BUILD_REPO argument to support local developer builds with daily builds
Add patches for CVE-2023-48795
Containerized-Rpmbuild: Make tools only for build mode
Disable flaky test failures in python-gevent
Fix Skip Dracut Module and Mariner.cfg Update with no Verity Cfg.
Fix fluent-bit CVE-2023-52284
Fix postfix CVE-2023-51764
Fix reaper CVE-2023-26159
Fix sqlite CVE-2023-7104
Image Customizer: Resolves bug with SSH public key paths - support for relative path
Patch moby-cli for CVE-2023-48795
Patch qt5-qtbase for CVE-2023-51714
Remove -fvisibility=hidden build param
Remove CPython from %check pip3 install in cytools
Toolkit: fix worker chroot progress
Upgrade Kernel to version 5.15.145.2 for CVE-2023-6546
Upgrade and move libdwarf from extended to core
Upgrade kernel-mos to 5.15.145.2
Upgrade kured to 1.14.2 for vendored go CVE-2023-39325
Upgrade packer to 1.8.7 for CVE-2023-45286
Upgrade sudo to 1.9.15p5 for CVE-2023-42465
Workflows: bump setup-go to v5
2.0.20240112
Add /etc/host.conf with multi on
Add Backport for installonlypkgs to tdnf for Mariner 2.0
Add Initial Mariner OS Modifier (EMU) Files
Add Kata meta-package
Add grub2-mkconfig macros to initramfs postrans generation
Add moreutils package to mariner
Add package perl-Time-Duration to mariner
Add patch to netplan to force bring up devices with no IP addresses
Add quotatool package to Mariner
Add scriptlet to workaround rpm transaction limitation to update /media symlink to directory
Add support for squashfs image format
Add upstream patch to fix python-virtualenv test config
Add upstream patch, pin test dependency versions to fix python-daemon ptests
Added disable-newgroup-query-when-netgroup-base-is-not-set.patch
Address hyperv-daemon CVE-2023-6111 and CVE-2023-5972
Aligned Go package names with other ones for ccachemanager and azureblobstorage.
Bump gevent version to 21.1.2, add fix for CVE-2020-22217
Changed tools so only non-test package builds produce SRPMs
CodeQL Mariner toolkit
Create sources_dir correctly for containerized-rpmbuild
Disable faulty test_is_writable for python-distlib
Enable SELinux labelling for targzip rootFS image formats
Fix CVE-2020-8694, CVE-2020-8695 and CVE-2020-12912
Fix backtrace parsing in ocaml-ounit
Fix clamav reset of user and group on package update
Fix test runner invocation in future
Fix wget package tests by adding missing test dep
Image Customizer: Add support for kernel command-line
Image Customizer: Fix ext4 formatting
Image Customizer: Refresh initrd when partitions are customized
Image Customizer: Support for partition extraction - raw, raw-zstd
Image Customizer: initial dm-verity enablement by nbd.
Kata-CC: UVM - Enable extended attributes for tmpfs
Kata-containers-cc: add virtiofsd as a requirement
Kata-containers: drop qemu-kvm-core dependency
Move cpp-hocon from extended to core
Move docbook2X package from Extended to Core
Move package catch1 from extended to core
Move package leatherman from extended to core
Move package perl-Class-Accessor from extended to core
Move package perl-Devel-CheckBin from extended to core
Move package perl-IPC-Run from Extended to Core
Move package perl-Sub-Name from Extended to core
Move perl-IO-String from extended to core
Move ruby-augeas from Extended to Core
Move rubygem-deep_merge from Extended to Core
Move rubygem-hocon from Extended to Core
Move rubygem-puppet-resource_api from Extended to Core
Move rubygem-thor from extended to core
Overwrite timestamp logs on different builds
Patch CVE-2023-45866 in bluez
Patch CVE-2023-46218 mysql
Patch CVE-2023-49083 in python-cryptography
Patch OpenSSH to fix CVE-2023-51384 and CVE-2023-51385
Patch fluent-bit for CVE-2023-48105
Patch otel grpc to address CVE-2023-47108
Patch strongSwan for CVE-2023-41913
Patche AppArmor for CVE-2023-50471 and CVE-2023-50472
Patches xorg-x11-server for CVE-2023-6377 and CVE-2023-6478
Preserve yum backend on tdnf package upgrade
Revert "toolkit image build: Fix make error for config files outside …
Set OOMScoreAdjust to -999 for containerd
Set OOMScoreAdjust to -999 for containerd-cc
Skip mypy tests in python-attrs
Sudo ldap netgroup_query bug fix patch
Switched to using Mariner's python-junit-xml.
Switching to using Mariner's version of Python's junit_xml module for test verification
Update ca-certificates-base
Update edk2 to address excessively long DH keys in the vendored source
Update postgresql to v14.10 to fix CVE-2023-5868, CVE-2023-5869 and CVE-2023-5870
Upgrade Ansible to v2.14.12 to fix CVE-2023-5764
Upgrade Kernel to version 5.15.139.1 to fix CVE-2023-1193, CVE-2023-1194
Upgrade Telegraf to 1.28.5
Upgrade curl to 8.5.0 for CVE-2023-46219
Upgrade dbus to v1.15.6 to fix CVE-2023-34969
Upgrade fish to 3.6.2 for CVE-2023-49284
Upgrade helm to version 3.13.2
Upgrade kubernetes to 1.28.4 to fix CVE 2023 5528
Upgrade libgcrypt to 1.10.3
Upgrade libssh to v0.10.6 to fix CVE-2023-48795
Upgrade vim to 9.0.2121 Fix CVE-2023-48706
Zwan/libpcap static