GKE on Bare Metal 1.28.100-gke.146 is now available for download

## Feature ### Release 1.28.100-gke.146 GKE on Bare Metal 1.28.100-gke.146 is now available for [download](https://cloud.google.com/anthos/clusters/docs/bare-metal/1.28/downloads). To upgrade, see [Upgrade clusters](https://cloud.google.com/anthos/clusters/docs/bare-metal/1.28/how-to/upgrade). GKE on Bare Metal 1.28.100-gke.146 runs on Kubernetes 1.28. ## Security ### Security bulletin (all minor versions) A security vulnerability, [CVE-2024-21626](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21626), has been discovered in `runc` where a user with permission to create Pods might be able to gain full access to the node filesystem. For instructions and more details, see the [GCP-2024-005](https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2024-005) security bulletin. ## Fix **Fixes:** Fixed a rootless permission issue on file `/var/lib/audit.log` in 1.28.100, which might block control plane node upgrades. The following container image security vulnerabilities have been fixed in 1.28.100-gke.146: * Critical container vulnerabilities: * [CVE-2023-39320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39320) * High-severity container vulnerabilities: * [CVE-2021-41617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617) * [CVE-2023-5869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5869) * [CVE-2023-27533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533) * [CVE-2023-29491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491) * [CVE-2023-39321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321) * [CVE-2023-39322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322) * [CVE-2023-39417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39417) * Medium-severity container vulnerabilities: * [CVE-2023-5156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5156) * [CVE-2023-5868](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5868) * [CVE-2023-5870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5870) * [CVE-2023-25165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25165) * [CVE-2023-27535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535) * [CVE-2023-27536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536) * [CVE-2023-27538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538) * [CVE-2023-28321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321) * [CVE-2023-36054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054) * [CVE-2023-51385](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385) * [GHSA-rm8v-mxj3-5rmq](https://github.com/advisories/GHSA-rm8v-mxj3-5rmq) * Low-severity container vulnerabilities: * [CVE-2022-48522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48522) * [CVE-2023-4527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4527) * [CVE-2023-4911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911) * [CVE-2023-27534](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534) * [CVE-2023-28322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322) * [CVE-2023-38545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545) * [CVE-2023-38546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546) ## Issue **Known issues:** For information about the latest known issues, see [GKE on Bare Metal known issues](https://cloud.google.com/anthos/clusters/docs/bare-metal/1.28/troubleshooting/known-issues) in the Troubleshooting section.