Anthos clusters on VMware 1.14.5-gke.41 is now available. To upgrade, see

## Feature Anthos clusters on VMware 1.14.5-gke.41 is now available. To upgrade, see[Upgrading Anthos clusters on VMware. Anthos clusters on VMware](https://cloud.google.com/anthos/clusters/docs/on-prem/1.14/how-to/upgrading)1.14.5-gke.41 runs on Kubernetes 1.25.8-gke.1500. The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13. ## Feature The component access service account key for an admin cluster using a private registry can be updated in 1.14.5 and later. See [Rotating service account keys](https://cloud.google.com/anthos/clusters/docs/on-prem/1.14/how-to/rotating-service-account-keys)for details. ## Fix The following issues are fixed in 1.14.5-gke.41: * Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#kind-cluster-pulls-container-images-from-docker.io)where the kind cluster downloads container images from[docker.io](http://docker.io). These container images are now preloaded in the kind cluster container image. * Fixed a bug where disks may be out of order in the first boot, causing node bootstrap failure. * Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#nodes-fail-to-register-if-configured-hostname-contains-a-period)where node ID verification failed to handle hostnames with dots. * Fixed an issue where gcloud fails to update the platform when the`required-platform-version` is already the current platform version. * Fixed the Anthos Config Management `gcloud` issue that the policy controller state might be falsely reported as pending. * Fixed continuously increasing memory usage of the logging agent`stackdriver-log-forwarder`. * Fixed the wrong admin cluster resource link annotation key that can cause the cluster to be enrolled in the Anthos On-Prem API again by mistake. * Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#unsuccessful-failover-on-ha-controlplane-v2-user-cluster-and-admin-cluster-when-the-network-filters-out-duplicate-garp-requests)where some cluster nodes couldn't access the HA control plane when the underlying network performs ARP suppression. * Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#vsphere-csi-secret-is-not-updated-after-gkectl-update-credentials-vsphere---admin-cluster)where `vsphere-csi-secret` is not updated during `gkectl update credentials vsphere` for admin cluster ## Fix The following vulnerabilities are fixed in 1.14.5-gke.41 * **High-severity container vulnerabilities:** * [CVE-2023-0286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286) * [CVE-2022-4450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450) * [CVE-2023-0215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215) * **Container-optimized OS vulnerabilities:** * [CVE-2023-2235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2235) * [CVE-2023-28840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840) * [CVE-2023-2248](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2248) * [CVE-2023-1872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1872) * [CVE-2023-27534](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534) ## Feature Anthos clusters on VMware 1.13.9-gke.29 is now available. To upgrade, see[Upgrading Anthos clusters on VMware. Anthos clusters on VMware](https://cloud.google.com/anthos/clusters/docs/on-prem/1.13/how-to/upgrading)1.13.9-gke.29 runs on Kubernetes 1.24.11-gke.1200. The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13. ## Fix The following issues are fixed in 1.13.9-gke.29: * Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#kind-cluster-pulls-container-images-from-docker.io)where the kind cluster downloads container images from[docker.io](http://docker.io). These container images are now preloaded in the kind cluster container image. * Fixed the issue where `gkectl` failed to limit the time window for`journalctl` commands running on the cluster nodes when you take a cluster snapshot with the `--log-since` flag. * Fixed an issue where gcloud fails to update the platform when the`required-platform-version` is already the current platform version. * Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#nodes-fail-to-register-if-configured-hostname-contains-a-period)where nodes fail to register if the configured hostname contains a period. * Fixed the wrong admin cluster resource link annotation key that can cause the cluster to be enrolled again by mistake. ## Fix The following high-severity container vulnerabilities are fixed in 1.13.9-gke.29: * [CVE-2023-27561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561) * [CVE-2023-29013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29013)