Anthos clusters on bare metal 1.16.2 is now available for download
Share
Services
## Feature
### Release 1.16.2
Anthos clusters on bare metal 1.16.2 is now available for [download](https://cloud.google.com/anthos/clusters/docs/bare-metal/1.16/downloads). To upgrade, see [Upgrading Anthos on bare metal](https://cloud.google.com/anthos/clusters/docs/bare-metal/1.16/how-to/upgrade). Anthos clusters on bare metal 1.16.2 runs on Kubernetes 1.27.
## Change
**Functionality changes:**
* Increased the certificate time to live (TTL) for `metrics-providers-ca` and `stackdriver-prometheus-scrape` for third-party monitoring.
* Removed hardcoded timeout value for the `bmctl backup` operation.
## Fix
**Fixes:**
* Fixed the `spec.featureGates.annotationBasedApplicationMetrics` feature gate in the stackdriver custom resource to enable collection of annotation-based workload metrics. This function is broken in Anthos clusters on bare metal versions 1.16.0 and 1.16.1.
* Fixed a memory leak in Dataplane V2.
* Fixed an issue where garbage collection deleted Source Network Address Translation (SNAT) entries for long-lived egress NAT connections, causing connection resets.
* Fixed an issue that caused file and directory permissions to be set incorrectly after backing up and restoring a cluster.
* Added direct dependencies on systemd, containerd, and kubelet over their mount point folders in `/var/lib/`.
* Fixed an issue where etcd blocked upgrades due to an incorrect initial-cluster-state.
* Fixed an issue that blocked upgrades to version 1.16 for clusters that have secure computing mode (`seccomp`) disabled.
## Fix
The following container image security vulnerabilities have been fixed in release 1.16.2:
* High-severity container vulnerabilities:
* [CVE-2019-11253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253)
* [CVE-2020-7919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919)
* [CVE-2020-8558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558)
* [CVE-2020-9283](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283)
* [CVE-2021-25741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25741)
* [CVE-2021-27918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27918)
* [CVE-2022-39189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39189)
* [CVE-2022-41721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41721)
* [CVE-2023-1380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1380)
* [CVE-2023-2007](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2007)
* [CVE-2023-2124](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2124)
* [CVE-2023-3090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090)
* [CVE-2023-3111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3111)
* [CVE-2023-3268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3268)
* [CVE-2023-3390](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390)
* [CVE-2023-3609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3609)
* [CVE-2023-3611](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3611)
* [CVE-2023-3776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3776)
* [CVE-2023-4128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4128)
* [CVE-2023-4206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4206)
* [CVE-2023-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4207)
* [CVE-2023-4208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4208)
* [CVE-2023-21255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21255)
* [CVE-2023-28840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840)
* [CVE-2023-34319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34319)
* [CVE-2023-35001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001)
* [CVE-2023-35788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788)
* [CVE-2023-40283](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40283)
* [GHSA-74fp-r6jw-h4mp](https://github.com/advisories/GHSA-74fp-r6jw-h4mp)
* Medium-severity container vulnerabilities:
* [CVE-2019-11250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11250)
* [CVE-2019-11251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11251)
* [CVE-2019-11254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11254)
* [CVE-2020-8554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8554)
* [CVE-2020-8555](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8555)
* [CVE-2020-8561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8561)
* [CVE-2020-8564](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8564)
* [CVE-2020-8911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8911)
* [CVE-2020-14040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040)
* [CVE-2020-21047](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21047)
* [CVE-2021-3114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3114)
* [CVE-2021-25735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25735)
* [CVE-2022-2582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2582)
* [CVE-2022-4269](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4269)
* [CVE-2022-40982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982)
* [CVE-2022-46146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146)
* [CVE-2023-1206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1206)
* [CVE-2023-2002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2002)
* [CVE-2023-2269](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2269)
* [CVE-2023-3212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3212)
* [CVE-2023-3338](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3338)
* [CVE-2023-3863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3863)
* [CVE-2023-4132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4132)
* [CVE-2023-4194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4194)
* [CVE-2023-4273](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4273)
* [CVE-2023-20569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569)
* [CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593)
* [CVE-2023-28841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841)
* [CVE-2023-28842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842)
* [CVE-2023-31084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31084)
* [CVE-2023-40577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40577)
* [CVE-2023-41333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41333)
* [GHSA-2w8w-qhg4-f78j](https://github.com/advisories/GHSA-2w8w-qhg4-f78j)
* [GHSA-76wf-9vgp-pj7w](https://github.com/advisories/GHSA-76wf-9vgp-pj7w)
* [GHSA-rm8v-mxj3-5rmq](https://github.com/advisories/GHSA-rm8v-mxj3-5rmq)
* Low-severity container vulnerabilities:
* [CVE-2020-8562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8562)
* [CVE-2020-8912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8912)
* [CVE-2021-25740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25740)
* [CVE-2021-32292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32292)
* [CVE-2022-45886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886)
* [CVE-2022-45887](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45887)
* [CVE-2022-45919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919)
* [CVE-2022-48554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48554)
* [CVE-2023-2156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2156)
* [CVE-2023-2898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2898)
* [CVE-2023-3141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3141)
* [CVE-2023-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3389)
* [CVE-2023-3610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3610)
* [CVE-2023-3777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3777)
* [CVE-2023-4004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4004)
* [CVE-2023-4147](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4147)
* [CVE-2023-21400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21400)
* [CVE-2023-31248](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248)
* [CVE-2023-34242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34242)
* [CVE-2023-34256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34256)
* [CVE-2023-35823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35823)
* [CVE-2023-35824](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35824)
* [CVE-2023-35828](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35828)
* [CVE-2023-35829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35829)
* [CVE-2023-41332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41332)
* [GHSA-qq97-vm5h-rrhg](https://github.com/advisories/GHSA-qq97-vm5h-rrhg)
## Issue
**Known issues:**
For information about the latest known issues, see [Anthos clusters on bare metal known issues](https://cloud.google.com/anthos/clusters/docs/bare-metal/1.16/troubleshooting/known-issues) in the Troubleshooting section.