Anthos clusters on VMware 1.14.5-gke.41 is now available. To upgrade, see
Share
Services
## Feature
Anthos clusters on VMware 1.14.5-gke.41 is now available. To upgrade, see[Upgrading Anthos clusters on VMware. Anthos clusters on VMware](https://cloud.google.com/anthos/clusters/docs/on-prem/1.14/how-to/upgrading)1.14.5-gke.41 runs on Kubernetes 1.25.8-gke.1500.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.
## Feature
The component access service account key for an admin cluster using a private registry can be updated in 1.14.5 and later. See
[Rotating service account keys](https://cloud.google.com/anthos/clusters/docs/on-prem/1.14/how-to/rotating-service-account-keys)for details.
## Fix
The following issues are fixed in 1.14.5-gke.41:
* Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#kind-cluster-pulls-container-images-from-docker.io)where the kind cluster downloads container images from[docker.io](http://docker.io). These container images are now preloaded in the kind cluster container image.
* Fixed a bug where disks may be out of order in the first boot, causing node bootstrap failure.
* Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#nodes-fail-to-register-if-configured-hostname-contains-a-period)where node ID verification failed to handle hostnames with dots.
* Fixed an issue where gcloud fails to update the platform when the`required-platform-version` is already the current platform version.
* Fixed the Anthos Config Management `gcloud` issue that the policy controller state might be falsely reported as pending.
* Fixed continuously increasing memory usage of the logging agent`stackdriver-log-forwarder`.
* Fixed the wrong admin cluster resource link annotation key that can cause the cluster to be enrolled in the Anthos On-Prem API again by mistake.
* Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#unsuccessful-failover-on-ha-controlplane-v2-user-cluster-and-admin-cluster-when-the-network-filters-out-duplicate-garp-requests)where some cluster nodes couldn't access the HA control plane when the underlying network performs ARP suppression.
* Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#vsphere-csi-secret-is-not-updated-after-gkectl-update-credentials-vsphere---admin-cluster)where `vsphere-csi-secret` is not updated during `gkectl update credentials vsphere` for admin cluster
## Fix
The following vulnerabilities are fixed in 1.14.5-gke.41
* **High-severity container vulnerabilities:**
* [CVE-2023-0286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286)
* [CVE-2022-4450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450)
* [CVE-2023-0215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215)
* **Container-optimized OS vulnerabilities:**
* [CVE-2023-2235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2235)
* [CVE-2023-28840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840)
* [CVE-2023-2248](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2248)
* [CVE-2023-1872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1872)
* [CVE-2023-27534](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534)
## Feature
Anthos clusters on VMware 1.13.9-gke.29 is now available. To upgrade, see[Upgrading Anthos clusters on VMware. Anthos clusters on VMware](https://cloud.google.com/anthos/clusters/docs/on-prem/1.13/how-to/upgrading)1.13.9-gke.29 runs on Kubernetes 1.24.11-gke.1200.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.
## Fix
The following issues are fixed in 1.13.9-gke.29:
* Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#kind-cluster-pulls-container-images-from-docker.io)where the kind cluster downloads container images from[docker.io](http://docker.io). These container images are now preloaded in the kind cluster container image.
* Fixed the issue where `gkectl` failed to limit the time window for`journalctl` commands running on the cluster nodes when you take a cluster snapshot with the `--log-since` flag.
* Fixed an issue where gcloud fails to update the platform when the`required-platform-version` is already the current platform version.
* Fixed a[known issue](https://cloud.google.com/anthos/clusters/docs/on-prem/latest/known-issues#nodes-fail-to-register-if-configured-hostname-contains-a-period)where nodes fail to register if the configured hostname contains a period.
* Fixed the wrong admin cluster resource link annotation key that can cause the cluster to be enrolled again by mistake.
## Fix
The following high-severity container vulnerabilities are fixed in 1.13.9-gke.29:
* [CVE-2023-27561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561)
* [CVE-2023-29013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29013)
What else is happening at Google Cloud Platform?
New Dataproc on Compute Engine subminor image versions 2.0.100-debian10, 2.0.100-rocky8, 2.0.100-ubuntu18
about 20 hours ago
Services
Share
Identity-Aware Proxy (IAP) now supports Workforce Identity Federation for application access
about 22 hours ago
Services
Share
A weekly digest of client library updates from across the Cloud SDK
about 23 hours ago
Services
Share
A weekly digest of client library updates from across the Cloud SDK
about 23 hours ago
Services
Share
Read update
Services
Share